ACCA F8 Audit Summary Revision Notes 2017 PDF

REVISION NOTES-F8 (December 2016) Assurance The practitioner examines the subject matter made available by the responsible party, matches it to the suitable criteria using evidence and reports to the intended users. Elements of an assurance engagement 1. An assurance engagement will require a three-party relationship comprising of: a) The intended user who is the person who requires the assurance report. b) The responsible party, which is the organisation responsible for preparing the subject matter to be reviewed. c) The practitioner (i.e. an accountant) who is the professional who will review the subject matter and provide the assurance. 2. A second element which is required for an assurance engagement is suitable subject matter. The subject matter is the data which the responsible party has prepared and which requires verification. 3. Thirdly this subject matter is then evaluated or assessed against suitable criteria in order for it to be assessed and an opinion provided. 4. Fourth, the practitioner must ensure that they have gathered sufficient appropriate evidence in order to give the required level of assurance. 5. Last, an assurance report provides the opinion which is given by the practitioner to the intended user Dynamic Publishers 1 Types of assurance assignments Reasonable assurance Limited assurance Example: External Audit Example: Review of financial statements High level of assurance but NOT absolute or 100% Moderate level of assurance A high but not absolute level of assurance is The practitioner gathers sufficient evidence to be provided, this is known as reasonable assurance. satisfied that the subject matter is plausible; in this case negative assurance is given whereby the practitioner confirms that nothing has come to their attention which indicates that the subject matter contains material misstatements. More testing (Analytical tests, test of controls and Lesser testing-focus on obvious errors only substantive testing) (Analytical testing and Enquiry) Going concern review carried out No going concern review The procedures undertaken are not nearly as comprehensive as those in an audit, with procedures such as analytical review and enquiry used extensively. In addition, the practitioner does not need to comply with ISAs as these only relate to external audits. Positive conclusion- Wording: Negative conclusion-Wording: ‘in our opinion the financial statements give (or do “nothing has come to light to suggest errors or problems not give) a true and fair view of the state of the exist’' company’s affairs’. The assurance is therefore given on the absence of any indication to the contrary. Review engagements are often undertaken as an alternative to an audit, and involve a practitioner reviewing financial data, such as six-monthly figures. This would involve the practitioner undertaking procedures to state whether anything has come to their attention which causes the practitioner to believe that the financial data is not in accordance with the financial reporting framework. Dynamic Publishers 2 Assignments were no assurance is given 1. Agreed-upon procedures : A report on factual findings is given but no assurance expressed. Users must judge for themselves and drawn their own conclusions 2. Compilation engagement: Users of the compiled information gain benefit from the accountant’s involvement but no assurance is expressed. It is used to collect, classify and summarise financial information. It means to present data in a manageable and understandable form. External audit It is a review and assessment of the financial records to form an overall conclusion as to whether: - The financial statements have been prepared using acceptable accounting policies, which have been consistently applied. - The financial statements comply with all the relevant regulations and statutory requirements. - Adequate disclosure of all material matters relevant to the proper presentation of financial information has been made. Objective of external audit engagements: “Opinion”: The auditor’s report contains a clear written expression of opinion on the financial statements. General principles of external audit engagements According to the International Standards on Auditing, the general principles of an audit are: 1. Compliance with Code of Ethics (IFAC’s) 2. Performance of an audit in accordance with ISAs 3. Audit with professional skepticism 4. Professional judgment 5. Sufficient appropriate audit evidence True and Fair presentation Financial statements are produced by management which give a true and fair view of the entity’s results. The auditor in reviewing these financial statements gives an opinion on the truth and fairness of them. Although there is no definition in the International Standards on Auditing of true and fair it is generally considered to have the following meaning: True – Information is factual and conforms with reality in that there are no factual errors. In addition it is assumed that to be true it must comply with accounting standards and any relevant legislation. Lastly true includes data being correctly transferred from accounting records to the financial statements. Fair – Information is clear, impartial and unbiased, and also reflects plainly the commercial substance of the transactions of the entity. Dynamic Publishers 3 Inherent Limitations of audit/ Reasons why absolute assurance cannot be given 1. Sampling – it is not practical for an auditor to test 100% of transactions and so they have to apply sampling methodologies in selecting balances/transactions to test. Therefore, there could be an error in an item not selected for testing by the auditor. 2. Subjectivity – financial statements include judgmental and subjective areas and therefore the auditor is required to use their judgment in assessing whether the financial statements are true and fair. 3. Inherent limitations of internal control systems – an internal control system is operated by people and hence is liable to human error. In addition, there is the possibility of controls override by management and of collusion and fraud. It is impossible to remove all of these inherent limitations and as the auditor relies on the internal control systems, this can reduce the usefulness of the audit. 4. Evidence is persuasive not conclusive – the opinion is based on audit evidence gathered; however, while this evidence can indicate possible issues affecting the audit opinion, evidence involves estimates and judgments and hence does not give a definite conclusion. 5. Even if everything reported on was examined and found to be satisfactory, there may be other items which should have been included– the completeness problem. 6. Auditors plan their work to detect material errors and frauds only – so small frauds (or large frauds split into many small amounts) may go unnoticed. An external audit has a number of other issues which reduce its usefulness 1. Audit report format – the format of the opinion is determined by International Standards on Auditing. However, the terminology used is not usually understood by non-accountants. This means that users may not actually understand the audit opinion given. 2. Historic information – the audit report is often issued some time after the year end, and so the financial information can be quite different to the current position. In the current marketplace where companies’ financial positions can change quite quickly, the audit opinion may no longer be relevant as it is out of date. 3. Auditors need to understand their clients in great depth if they are to understand how fraud could be carried out and hidden. However, auditors cannot become too close to their clients or their independence will be called into question. 4. Where auditors spot errors or fraud, their primary legal responsibility is to report this to management. Any external reporting is hampered by rules on confidentiality.. Dynamic Publishers 4 The auditor’s duties Fundamental duties are to: - form an opinion on whether the financial statements give a true and fair view and are prepared in accordance with applicable reporting framework - issue an audit report. Duty to check and ensure: Adequate accounting records, Compliance with legislation, Truth and fairness, Adequacy of financial statements disclosures The auditor’s rights 1. Right of access at all times to the company’s books, accounts and vouchers. 2. Right to require from an officer of the company such information or explanations as they think necessary for the performance of their duties as auditors. 3. Right to receive all communications relating to written resolutions. 4. Right to receive all notices of, and other communications relating to, any general meeting which a member of the company is entitled to receive. 5. Right to attend any general meeting of the company. 6. Right to be heard at any general meeting which an auditor attends on any part of the business of the meeting which concerns them as auditor. Appointment of auditors Only a member of a recognised supervisory body is eligible to be appointed as an auditor. The person to be appointed as the auditor is required to hold a professional accountancy qualification. 1. Appointed by shareholders 2. Appointment runs from the end of the Annual General Meeting (AGM) until the end of the next AGM. 3. On appointment , need to get ‘clearance’ from outgoing auditor For entities in which a share is owned by the state, the auditor is appointed by the Secretary of State or Ministry of Finance (or a person authorised by the Ministry of Finance) Removal of auditors 1. RESIGNATION: Sometimes it is necessary for the auditors to resign. If an auditor resigns, they should do so in writing and they may wish to speak to the shareholders to explain their reasons 2. FORCED REMOVAL: Sometimes, the Board of Directors or some shareholders may wish to remove the auditors. A General Meeting must be called so that the shareholders can vote on the proposal (via an ordinary resolution). Dynamic Publishers 5 3. AUDITORS DO NOT WISHTO SEEK REAPPOINTMENT: Sometimes the auditors finish the annual audit and decide they do not wish to audit the company in future years. As such,when the board asks them to accept nomination for the following year, the auditors should politely decline and issue a Statement of Circumstances. Key points  Directors cannot remove the auditors themselves.  Auditors Can be removed by a simple majority at a general meeting.  The auditors should be given notice of such a meeting  They are allowed to speak at the general meeting  Deposit at the company’s registered office a statement of the circumstances connected with the removal/resignation or a statement that there are no such circumstances. They can request an Extraordinary General Meeting (EGM) of the company to explain the circumstances of the resignation. Audit exemption for small companies The main reasons for exempting small companies are: - for owner-managed companies, those receiving the audit report are those running the company (and hence preparing the accounts!) - the advice/value which accountants can add to a small company is more likely to concern other services, such as accounting and tax, rather than audit and which may also give rise to a conflict of interest under the ethics rules - the impact of misstatements in the accounts of small companies is unlikely to be material to the wider economy - it may also not be cost beneficial for the small entities. Attempt questions to check your understanding: June 2015-Q5c Dynamic Publishers 6 Client acceptance/continuance Steps before accepting an audit client Outgoing auditor- Professional Client- related issues Practitioner-related issues ( etiquette letter Audit firm) The auditor should communicate 1.Formalities(of removal of outgoing 1.Any issues which might with the outgoing auditor the auditor fulfilled) arise which could threaten client to assess if there are any compliance with ACCA’s Code ethical or professional reasons 2.Reputation and integrity of the client’s of Ethics and Conduct or any why they should not accept management assessed- If necessary, the local legislation, including appointment. firm may want to obtain references if they independence and conflict of do not formally know the directors interest with existing clients. They should obtain permission If issues arise, then their from the client’s management to 3. Consider the level of risk attached to the significance must be contact the outgoing auditor; if audit whether this is acceptable to the considered. this is not given, then the firm. As part of this, they should consider engagement should be refused. whether the expected audit fee is adequate 2.Whether they are in relation to the risk auditing the client competent to perform the The previous auditor must obtain work and whether they permission from the client’s would have appropriate management to respond; if not Client screening resources( especially human given, then the auditor should resource and time!) available, refuse the engagement. The purpose of client screening procedures as well as any specialist skills is to determine whether the prospective or knowledge required for client is suitable for the firm. the audit The firm should evaluate the potential risk to the firm of acceptance. When a client is deemed to represent a high audit risk to the firm, the firm should carefully consider the implications arising should it fail in meeting its objective of giving an accurate audit opinion. If the firm is not confident that the benefit to be derived from accepting the appointment outweighs the potential risks (including financial and reputational risk of being sued), then the firm should decline the appointment. Factors to consider: - The state of the economic sector in which the client operates (a depressed sector may indicate risk). Dynamic Publishers 7 - The client’s previous audit history (frequent changes of auditors, and/or qualified reports, are obviously bad news). - The experience and qualifications of the company’s management and their attitude towards controls. - The current operating and financial position of the company. - Directors’ understanding of External Auditor’s role and their own responsibilities - The accounting policies used - Evidence of client involvement in fraudulent or illegal activities. - Management permission or refusal to allow auditors to examine significant documents, such as the minutes of directors’ meetings. Preconditions for an audit ISA 210 Agreeing the Terms of Audit Engagements provides guidance to auditors on the steps they should take in accepting a new audit or continuing on an existing audit engagement. It sets out a number of processes that the auditor should perform including agreeing whether the preconditions are present, agreement of audit terms in an engagement letter, recurring audits and changes in engagement terms. To assess whether the preconditions for an audit are present the auditor must 1. determine whether the financial reporting framework to be applied in the preparation of the financial statements is acceptable. 2. assess the nature of the entity, the nature and purpose of the financial statements and whether law or regulations prescribes the applicable reporting framework. 3. obtain the agreement of management that it acknowledges and understands its responsibility for the following:  Preparation of the financial statements in accordance with the applicable financial reporting framework  For internal controls  To provide the auditor with access to all relevant information for the preparation of the financial statements Dynamic Publishers 8 Agreeing the terms of engagement Engagement letter ( compulsory for every new engagement ; sent before the audit starts) Purpose of an engagement letter An engagement letter provides a written agreement of the terms of the audit engagement between the auditor and management or those charged with governance. It confirms that there is a common understanding between the auditor and management, or those charged with governance, of the terms of the audit engagement helps to avoid misunderstandings with respect to the audit. Contents of an engagement letter Matters to be included in an audit engagement letter: – The objective and scope of the audit; – The responsibilities of the auditor; – The responsibilities of management; – Identification of the financial reporting framework for the preparation of the financial statements; – Expected form and content of any reports to be issued; – Elaboration of the scope of the audit with reference to legislation; – The form of any other communication of results of the audit engagement; – The fact that some material misstatements may not be detected; – Arrangements regarding the planning and performance of the audit, including the composition of the audit team; – The expectation that management will provide written representations; – The basis on which fees are computed and any billing arrangements; – A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms of the engagement; – Arrangements concerning the involvement of internal auditors and other staff of the entity; – Any obligations to provide audit working papers to other parties; – Any restriction on the auditor’s liability; – Arrangements to make available draft financial statements and any other information; – Arrangements to inform the auditor of facts which might affect the financial statements, of which management may become aware during the period from the date of the auditor’s report to the date the financial statements are issued. Dynamic Publishers 9 Changes to engagement letters Engagement letters for recurring/existing clients should be revised if any of the following factors are present: - Any indication that the entity misunderstands the objective and scope of the audit, as this misunderstanding would need to be clarified. - Any revised or special terms of the audit engagement, as these would require inclusion in the engagement letter. - A recent change of senior management or significant change in ownership. The letter is signed by a director on behalf of those charged with governance; if there have been significant changes in management they need to be made aware of what the audit engagement letter includes. - A significant change in nature or size of the entity’s business. The approach taken by the auditor may need to change to reflect the change in the entity and this should be clarified in the engagement letter. - A change in legal or regulatory requirements. The engagement letter is a contract; hence if legal or regulatory changes occur, then the contract could be out of date. - A change in the financial reporting framework adopted in the preparation of the financial statements. The engagement letter clarifies the role of auditors and those charged with governance, it identifies the reporting framework of the financial statements and if this changes, then the letter requires updating. - A change in other reporting requirements. Other reporting requirements may be stipulated in the engagement letter; hence if these change, the letter should be updated. What if management refuses to sign the engagement letter? 1. Identify the reason. Discuss the matter with the directors in an attempt to reach a suitable compromise. 2. Try to reach a suitable compromise keeping in mind your duties and responsibilities 3. Refuse the engagement if matter still not resolved Attempt questions to check your understanding: Sept/Dec Hybrid 2015-Q2 a,b Dec 2013-Q4a,b Dynamic Publishers 10 Audit planning ( Audit Strategy and Audit Plan) Importance of audit planning 1. It helps the auditor to devote appropriate attention to important areas of the audit. 2. It helps the auditor to identify and resolve potential problems on a timely basis. 3. It helps the auditor to properly organise and manage the audit engagement so that it is performed in an effective and efficient manner. 4. It assists in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks and the proper assignment of work to them. 5. It facilitates the direction and supervision of engagement team members and the review of their work. 6. It assists, where applicable, in the coordination of work done by experts Audit Strategy: An audit strategy sets the scope, timing and direction of the audit and guides the development of the more detailed audit plan. Audit plan: Once the overall strategy has been planned, detailed consideration can be given to each individual audit objective and how it can be best met. A.UNDERSTANDING THE CLIENT/ KNOWLEDGE OF THE BUSINESS The auditor obtains an understanding of the entity, its control environment and its detailed internal controls:  to identify and assess the risks of material misstatements in the financial statements and to provide a basis for designing and implementing responses to these risks  to determine the extent to which the auditor would rely on the internal control system.  to assess whether the team is competent to perform the audit  To understand relevant law and regulations impacting the entity  To consider the reliability of various evidence sources. Understanding to be gained about Understanding can be gained from - Industry, regulatory and other external factors( Prior year financial statements: Provides for example financial reporting framework, laws information in relation to the size of the client and regulations, stakeholders, economic as well as the key accounting policies, disclosure notes and whether the audit conditions like volatility of exchange rates, opinion was modified or not. competition, level of technology Discussions with the previous auditors/access - Nature of entity and accounting policies ( legal to their files: Provides information on key structure, ownership and governance, main issues identified during the prior year audit as sources of finance) well as the audit approach adopted. - Objectives…strategies…related business risks! Dynamic Publishers 11 Prior year report to management: If this can be obtained from the previous auditors or - Measurement and review of Financial from management, it can provide information performance ( measures important to the client, on the internal control deficiencies noted last KPIs, budgets, targets) year. If these have not been rectified by management, then they could arise in the - Internal control (gain an understanding about the current year audit as well and may impact the design and implementation of internal controls) audit approach. Miscellaneous The client ‘s accounting systems notes/procedural manuals: Provides Identification of issues that arose in the prior year audit and information on how each of the key how these were resolved. Also whether any points brought accounting systems operates and this will be used to identify areas of potential control risk forward was noted for consideration for this year’s audit. and help determine the audit approach. Internal control deficiencies noted in the prior year; if these Discussions with management: Provides have not been rectified by management then they could arise information in relation to the business, any in the current year audit as well important issues which have arisen or changes to accounting policies from the prior year. Significant changes in the entity as compared to prior years. Review of board minutes: Provides an Is the company using e-commerce? overview of key issues which have arisen during the year and how those charged with governance have addressed them. Current year budgets and management accounts: Provides relevant financial information for the year to date. It will help the auditor during the planning stage for preliminary analytical review and risk identification. The client’s website: Recent press releases from the company may provide background on the business during the year as this will help in identifying the key audit risks. Financial statements of competitors: This will provide information about the client ‘s competitors, in relation to their financial results and their accounting policies. This will be important in assessing the client’s performance in the year and also when undertaking the going concern review. Dynamic Publishers 12 Important: Risks in companies using e-commerce -loss of transaction integrity -security risk e.g. virus attacks -adoption of improper accounting policies e.g.improper revenue recognition -non- compliance with tax and legal requirements -failure to ensure that e-commerce contracts are binding in a court of law -over reliance on e-commerce -systems and infrastructure crashes B. AUDIT RISK and Risk Response Importance of risk assessment 1. Assessing engagement risks at the planning stage, this will ensure that attention is focused early on the areas most likely to cause material misstatements. 2. It will help the auditor to fully understand the entity, which is vital for an effective audit. 3. Any unusual transactions or balances would also be identified early, so that these could be addressed in a timely manner. 4. Assessing risks early should also result in an efficient audit. The team will only focus their time and effort on key areas as opposed to balances or transactions that might be immaterial or unlikely to contain errors. 5. In addition assessing risk early should ensure that the most appropriate team is selected with more experienced staff allocated to higher risk audits and high risk balances. 6. A thorough risk analysis should ultimately reduce the risk of an inappropriate audit opinion being given. 7. It should enable the auditor to have a good understanding of the risks of fraud, money laundering, etc. 8. Assessing risk should enable the auditor to assess whether the client is a going concern. Dynamic Publishers 13 Audit Risk Auditors use the audit risk model to direct audit resources to the performance of additional substantive procedures in areas of the financial statement where audit risk is deemed to be high. The formula for the audit risk model is: Audit Risk = Risk of material misstatement in the financial statements x Detection Risk Audit Risk Explained Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of two main components being the risks of material misstatement and detection risk. Risk of material misstatement is made up of two components, inherent risk and control risk. Risk of material misstatement in the financial statements explained Risk of material misstatement is made up of a further two components, inherent risk and control risk. Inherent risk Inherent risk: Definition: The susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Inherent risk describes something about the nature of a business or its transactions that make it particularly susceptible to material misstatements. Inherent risk is affected by the nature of an entity and factors which can result in an increase include: – Changes in the industry it operates in. – Operations that are subject to a high degree of regulation. – Going concern and liquidity issues including loss of significant customers. – Developing or offering new products or services, or moving into new lines of business. – Expanding into new locations. – Application of new accounting standards. – Accounting measurements that involve complex processes. – Events or transactions that involve significant accounting estimates. – Pending litigation and contingent liabilities. Dynamic Publishers 14 Control risk Definition: The risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. It is the risk that an organisation’s internal control systems do not adequately protect the organization either because they have not been adequately designed and / or implemented. The following factors can result in an increase in control risk: – Lack of personnel with appropriate accounting and financial reporting skills. – Changes in key personnel including departure of key management. – Deficiencies in internal control, especially those not addressed by management. – Changes in the information technology (IT) environment. – Installation of significant new IT systems related to financial reporting. It is important to appreciate that the auditor has no control over the extent of either inherent or control risk; these are risks borne by the entity subject to audit. However, the auditor has to assess them in the process of determining the extent of the detailed substantive procedures to be carried out. Detection risk Explained Definition: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk is all down to the auditors and is the risk that the auditor’s procedures fail to detect a material misstatement. Detection risk is affected by sampling and non-sampling risk and factors which can result in an increase include: – Inadequate planning. – Inappropriate assignment of personnel to the engagement team. – Failing to apply professional scepticism. – Inadequate supervision and review of the audit work performed. – Incorrect sampling techniques performed. – Incorrect sample sizes Dynamic Publishers 15 Detection risk include sampling risk and non-sampling risk ( these are explained in detail with the topic of sampling- below is an overview). Sampling risk= sample is not representative of the population Non-sampling risk = auditor’s procedures or the conclusion reached are incorrect. Audit Risk = Inherent Risk x Control Risk x Detection risk Needs to be at High High Must be low! an acceptably low level The audit risk model used by auditors, dictates that for a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessment of the risk of material misstatement. For example, on an audit assignment where the risk of material misstatement has been assessed as high, in order to achieve a low level of audit risk, detection risk must be set as low. In such circumstances the auditor would need to direct an appropriate level of resources to the testing of the assertion in question. This will comprise adequate planning, proper assignment of personnel, the application of professional scepticism and supervision and review of the audit work performed. Analytical procedures Analytical procedure is an audit procedure which seeks to provide evidence as to the completeness, accuracy and validity of the information contained in the accounting records or in the financial statements. The procedure consists of the systematic study and comparison of relationships among elements of financial information and the investigation of significant fluctuations and variances from the expected relationship Steps involved in analytical procedures 1. Expectation:This step involves developing an expectation of what the financial information figures should be. This can be agreed through comparisons of financial information or considerations of relationships (ratio analysis). 2. Identification:This step involves identification of significant variations between the actual data with the expected data. Dynamic Publishers 16 3. Investigation of unusual variances: Once the variation has been computed, and if significant variations are found, the auditor would consult the management in order to establish explanations for the variations revealed. 4. Performance of alternate procedures: If the auditor or the management does not find the variation reasonable, then they investigate further and perform analytical procedures to satisfy themselves. When performing an analytical procedure, the auditor compares numbers, ratios or even non-financial information in order to identify unexpected trends or unexpected relationships,which may indicate the existence of errors. There are many different analytical procedures including the comparisons listed below  year on year (e.g. revenue this year compared to revenue last year);  to budget or forecast (e.g. actual purchases compared to budgeted purchases);  to predictions made by the auditors-proof in total (e.g. auditors calculation of depreciation compared to client’s calculation);  to industry information (e.g. client’s revenue compared to competitor’s revenue).  Comparison/analysis of relationships between different elements of the financial statements ( for example gross profit compared to sales)  Comparison of financial info with non-financial info ( for e.g. payroll expense matched to number of employees)  Nonfinancial information. For example, sales revenue for a client from the hotel industry might be based on available data as to room occupancy rates. Analytical Procedures at to assist the auditor in planning the nature, timing and extent of other audit the Planning stage procedures. Use at this stage should add to the firm’s understanding of the business and identify risk areas to which audit resources should be targeted. Analytical Procedures at at the detailed testing stage – in most instances analytical procedures should be substantive testing stage used in conjunction with tests of detail to achieve a particular audit objective in relation to specific financial statement assertions.. Analytical Procedures at At the final review stage the auditor must design and perform analytical the Review stage procedures that assist him when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity and that all of the audit objectives with regard to the financial statements have been met. Dynamic Publishers 17 Using Ratios In the Paper F8 exam you may be asked to compute and interpret the key ratios used in analytical procedures at both the audit planning stage and when collecting audit evidence. Ratios and comparisons can be used to identify where the accounts might be wrong, and where additional auditing effort should be spent. Calculating a ratio is easy, and usually is little more than dividing one number by another. Indeed, the calculations are so basic that they can be programmed into a spreadsheet. The real skill comes in interpreting the results and using that information to carry out a better audit. Saying that a ratio has increased because the top line in the calculation has increased (or the bottom line decreased) is rather pointless: this is simply translating the calculation into words. Gross Profit Margin = Gross profit/Sales Revenue x 100 Operating profit margin =Operating profit/Sales Revenue x 100 Return on capital employed = Operating profit/ Capital employed x 100 Current Ratio= Current Assets/Current Liabilities Quick ( or asset test) ratios =Current assets minus inventory/ current liabilities Inventory days =Inventory/Cost of sales x 365 Receivable days/ Receivables collection period =Trade receivables/Sales x 365 Trade payable Days/Payables payment period =Trade payables/Cost of sales x 365 Gearing =Long-term loan finance/ equity finance x 100 The gearing ratio can also be defined in other ways, particularly by comparing long-term loan finance to total finance. As gearing increases so does the risk that the interest can’t be paid. But it is difficult to define a ‘safe’ level of gearing. For example, a property company with properties leased to tenants will have fairly predictable rental income. Such a company can probably safely sustain substantial borrowings (though it could be in trouble if interest rates increased significantly). A company with volatile streams of income would have to keep its gearing lower as it must ensure that interest can be paid during the lean times. Interest cover = profit before interest/ interest Dynamic Publishers 18 Responses to Risk Having identified the audit risk candidates are often required to identify the relevant response to these risks. A common mistake made by candidates is to provide a response that management would adopt rather than the auditor. In the past exams, in relation to the risk of valuation of receivables if a company has a number of receivables who were struggling to pay, many candidates suggested that management needed to chase these outstanding customers. This is not a response that the auditor would adopt, as they would be focused on testing valuation through after date cash receipts or reviewing the aged receivables ledger. Auditor’s responses should focus on how the team will obtain evidence to reduce the risks identified to an acceptable level. Their objective is confirming whether the financial statement assertions have been adhered to, and whether the financial statements are true and fair. Responses are not as detailed as audit procedures; instead they relate to the approach the auditor will adopt to confirm whether the transactions or balances are materially misstated. ISA 330 lists the following overall responses that may be used by auditors in order to address the assessed risks of material misstatement at the financial statement level:  Emphasizing to the audit team the need to maintain professional scepticism.  Assigning more experienced staff, those with special skills, or using experts.  Providing more supervision.  Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed.  Making general changes to the nature, timing or extent of audit procedures Examples from past exams Audit Risk Audit Response The finance director Abrahams is planning to capitalize the full A breakdown of the development expenditure $2.2 million of development expenditure incurred. However in should be reviewed and tested in detail to order to be capitalized it must meet all of the criteria under ensure that only projects which meet the IAS 38 intangible Assets capitalization criteria are included as an intangible asset, with the balance being expensed. In September Abrahams Co introduced a new accounting The new system will need to be documented in system. This is a critical system for the accounts preparation full and testing should be performed over the and if there were any errors that occurred during the transfer of data from the old to the new changeover process, these could impact on the final amounts system. in the trial balance. Dynamic Publishers 19 C.MATERIALITY Definition: ‘Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.’ In assessing the level of materiality there are a number of areas that should be considered. Firstly the auditor must consider both the amount (quantity) and the nature (quality) of any misstatements, or a combination of both. The quantity of the misstatement refers to the relative size of it and the quality refers to an amount that might be low in value but due to its prominence could influence the user’s decision, for example, directors’ transactions. In assessing materiality the auditor must consider that a number of errors each with a low value may when aggregated amount to a material misstatement. The assessment of what is material is ultimately a matter of the auditor’s professional judgement, and it is affected by the auditor’s perception of the financial information needs of users of the financial statements and the perceived level of risk; the higher the risk, the lower the level of overall materiality. Materiality is often calculated using benchmarks such as 5% of profit before tax or 2% of total assets. These values are useful as a starting point for assessing materiality. Auditors need to establish the materiality level for the financial statements as a whole, as well as assess performance materiality levels, which are lower than the overall materiality. Performance materiality is normally set at a level lower than overall materiality. It is used for testing individual transactions, account balances and disclosures. The aim of performance materiality is to reduce the risk that the total of errors in balances, transactions and disclosures does not in total exceed overall materiality. Definition of performance materiality below: ‘Performance materiality means the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures.’ Material by size (importance depends on value)-Quantitative factors  1% of revenue;  2% of total assets;  10% of PBT. Dynamic Publishers 20 Material by nature Examples  Bank balances  Related party transactions ( including remuneration and personal expenses of directors)  Fraud/ Unlawful transactions (e.g. illegal payments)  -Violation of regulatory requirements  Incorrect selection or application of an accounting policy that has an immaterial effect on the current period but is likely to have a material effect on future periods  Failure to meet requirements of debt-covenants  Key Performance Indicators of the company (e.g. converting loss into profit) D.SCOPE.TIMING AND DIRECTION Scope Timing 1. Financial reporting framework for the financial Deadlines for: statements.  Final reporting 2. Are there industry specific or other special  Any interim report reporting requirements?  Meeting with Those charged with governance and 3. Are there other factors which influence the overall Management to discuss important matters of audit approach to the audit?  Reports to management  Multiple locations  Reports to those charged with governance.  Need of expert  Whether the entity has an internal audit The normal timetable for an audit includes: function, and if so, in which areas and to what - An interim visit, usually at least three- extent work of the function can be used. quarters of the way through the  Nature of business (considering need of accounting year specialized knowledge). - Attendance at inventory count  Effect of information technology on the audit - Year end confirmation letters - The final audit shortly after the accounting procedures year-end This pattern will often be modified to suit the needs of the particular business. Dynamic Publishers 21 Direction The ‘direction’ of the audit covers the overall approach and concerns such issues as: 1. Reliance on controls or a fully substantive approach. 2. Significant developments and changes in  Industry (e.g. regulations and reporting requirements)  Business (impact of IT, changes in processes, mergers, acquisitions)  Financial Reporting Framework  Others (e.g. legal environment) 3. With respect to risk  Identification of areas of financial statements where there is higher risk.  Impact of risk at financial statements level on direction, supervision and review. 4. With respect to materiality:; Setting materiality for planning purposes 5. With respect to Internal Controls  Internal control deficiencies identified in previous audits and actions to address them.  Appropriateness of design, implementation and operating effectiveness of internal control.  Whether it is more efficient to rely on internal control. Audit plan An audit plan converts the audit strategy into a more detailed plan and includes the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to reduce audit risk to a low level. Audit planning is a detailed recording of each procedure and process required to perform an audit. Once the overall strategy has been determined, the auditor should prepare a detailed plan of the areas determined in the audit strategy. Once the audit strategy has been decided, the next stage is to decide how it is going to be carried out; an audit plan is necessary. The audit plan contains the nature, timing and extent of the procedures to be performed. The audit plan covers:  Allocation of work and duties to the assistants  Allocation of time and cost  Formation of various teams  Audit tests/procedures  Data gathering techniques  Types of audit evidence desired The audit plan is developed in order to reduce audit risk to an acceptably low level. Dynamic Publishers 22 Interim vs Final Audit Interim Audit An interim audit refers to audit work that is conducted during the accounting year, at intervals, fixed or not. The audit of the remaining part of the year will be done at the end of the accounting year. The auditor uses the interim audit to carry out procedures which would be difficult to perform at the year end because of time pressure. There is no requirement to undertake an interim audit; factors to consider when deciding upon whether to have one include the size and complexity of the company along with the effectiveness of internal controls. Typical work carried out at the interim audit includes: - consideration of inherent risks facing the company. ( Risk would be initially considered at the planning stage, but is, in fact, reassessed at all audit stages.) - documenting and testing of internal controls - testing of profit and loss transactions for the year to date - identification of potential problems that may affect the final audit work. Final audit The final audit will take place after the year end and concludes with the auditor forming and expressing an opinion on the financial statements for the whole year subject to audit. It is important to note that the final opinion takes account of conclusions formed at both the interim and final audit. Typical work carried out at the final examination includes: - Follow up of items noted at the inventory count - Obtaining confirmations from third parties, such as bankers and lawyers - Analytical reviews of figures in the financial statements. - substantive procedures of account balances and transactions - Reviews of events after the reporting period - Consideration of the going concern status of the organisation. Advantages of interim audit a) The errors are discovered at early stage b) As the auditor visits the entity frequently, the chances of fraud being committed reduce. c) Fraud, if committed, will be discovered at an early stage, which results in minimising the loss due to the fraud. d) Most of the time, the audit staff is present at the client’s premises, which acts as a moral check and result in minimising the chances of errors or fraud. e) All the books and records of the client are always up-to-date. Dynamic Publishers 23 f) As the audit is started earlier, more time is available for a detailed checking of accounts and hence this allows for a comprehensive audit. g) An interim audit minimises the work and time involved in conducting the audit at the end of the year and therefore assures early completion of the audit reports. h) If the auditor plans to rely on the internal controls, some extensive testing may be done at the interim period only so that the workload at the end of the year will be reduced. Disadvantages of interim audit a) There is always a danger that the audited figures may be altered either innocently or fraudulently. That is why ISA 330 states that when audit evidence (relating to the operating effectiveness of internal controls or the financial statement assertions), is obtained during the interim period, additional audit evidence (relating to the effectiveness of internal controls or the financial statement assertions) must also be obtained for the remaining period. b) It is just a waste of time in small entities. c) The cost would be high. Attempt questions to check your understanding: Audit Risk March/June Hybrid 2016-Q6a,b Sept/Dec Hybrid 2015-Q4 June 2015-Q5b Dec 2014-Q2 June 2014-Q3a Dec 2013-Q1a,b,c June 2013-Q3 ( Ratios) Dec 2012-Q3a,b Dec 2010-Q3 ( Ratios) Planning-general Sept/Dec Hybrid 2015-Q2c Dynamic Publishers 24 Internal control Systems Internal controls: Internal control represents the system or policies and procedures implemented by an organization. Why does an auditor need to understand internal controls? Internal controls assure management of the accuracy of the financial statements, that the operations of the entity are conducted efficiently and that the entity has complied with all the laws and regulations which are applicable to the entity. The objectives of internal controls relevant to audit include: 1. Avoidance of fraud, errors, wastes and inefficiency 2. Maximum accuracy of all records, data and statements 3. Enables auditors to determine the degree of reliance they can place on the various systems. This will enable the auditors to assess the correctness, truth and fairness of the financial statements. 4. Informing management about weaknesses detected in internal controls so that corrective action can be taken. 5. Enabling planning of the audit 6. Understanding the components of internal control: While planning the audit, the auditor understands the various components of the internal control so as to: o identify the types of potential misstatements. o consider the factors that affect the risk of misstatement. o design effective substantive tests. Components of internal control systems (5 in total) Internal control components ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment considers the components of an entity’s internal control. It identifies the following components: 1. Control environment 2. Entity’s risk assessment process 3. Information system and communication 4. Control activities 5. Monitoring of controls Dynamic Publishers 25 1 Control environment The control environment sets the tone of an organisation, influencing the control consciousness of its people. It includes the attitudes, awareness, and actions of TCWG concerning the entity’s internal control and its importance in the entity. The control environment has many elements such as: a) Communication and enforcement of integrity and ethical values – essential elements which influence the effectiveness of the design, administration and monitoring of controls. b) Commitment to competence – management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge. c) Management’s philosophy and operating style – management’s approach to taking and managing business risks, and management’s attitudes and actions towards financial reporting, information processing and accounting functions and personnel. d) Organisational structure – the framework within which an entity’s activities for achieving its objectives are planned, executed, controlled and reviewed. e) Assignment of authority and responsibility – how authority and responsibility for operating activities are assigned and how reporting relationships and authorisation hierarchies are established. f) Human resources policies and practices – recruitment, orientation, training, evaluating, counselling, promoting, compensating and remedial actions. 2 Entity’s risk assessment For financial reporting purposes, the entity’s risk assessment process includes: process - how management identifies business risks relevant to the preparation of financial statements - how it estimates their significance - how it assesses the likelihood of their occurrence, and decides upon actions to respond to and manage them and the results thereof. 3 Information system, The information system relevant to financial reporting, which includes the (including the related accounting system, consists of the procedures and records designed and business processes, established to initiate, record, process, and report entity transactions (as well relevant to financial as events and conditions) and to maintain accountability for the related reporting), and assets, liabilities, and equity. communication 4 Control activities relevant Control activities are the policies and procedures which help ensure that to the audit management directives are carried out. Control activities, whether within information technology or manual systems, have various objectives and are applied at various organisational and functional levels. Dynamic Publishers 26 Examples of controls are: Segregation of duties :assignment of roles/responsibilities to different people, thereby reducing the risk of fraud and error occurring. The concept is that no individual person should be responsible for more than one of the following duties: (i) the authoristion of a transaction; (ii) the recording of the transaction in the accounting records; and (iii) the custody of the asset relating to the transaction. Information processing: computer controls including general IT controls, which cover a range of applications and support the overall IT environment and application controls which operate on a cycle/business process level ( details given separately) Authorisation: approval of transactions by a suitably responsible official to ensure transactions are genuine. Physical controls : restricting access to physical assets such as cash, inventory and plant and equipment, thereby reducing the risk of theft. Performance reviews : comparison or review of the performance of the business by looking at areas such as budget v actual results. Arithmetical controls: controls which check the arithmetical accuracy of accounting records. Account reconciliations : comparison of an account balance with another source; often this source is from a third party, such as the bank, with differences being investigated. 5 Monitoring of controls It is the process to assess the effectiveness of internal control performance over time. It involves assessing the effectiveness of controls on a timely basis and taking necessary remedial actions. Management accomplishes the monitoring of controls through ongoing activities, separate evaluations, or a combination of the two.. Dynamic Publishers 27 Computer Controls GENERAL CONTROLS(Apply to the whole system) Controls on the information system environment which ensure proper development of applications. Examples include  making regular back-ups of data and storing them off-site;  having an IT help-desk and IT training for staff;  keeping computers in locked rooms;  having a disaster recovery plan;  all computers have log in codes;  anti-virus software and firewalls;  segregation of duties between programmers and users.  review of the data center or information processing facility should cover the adequacy of air conditioning (temperature, humidity), power supply (uninterruptible power supplies, generators) and smoke detectors APPLICATION CONTROLS Application controls are those controls that relate to the transaction and standing data relating to a computer- based accounting system. They are specific to a given application and their objectives are to ensure the completeness and accuracy of the accounting records and the validity of entries made in those records. An effective computer-based system will ensure that there are adequate controls existing at the point of input, processing and output stages of the computer processing cycle and over standing data contained in master files. Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process of determining the risk of material misstatement in the audit client’s financial statements. Input controls Data input controls ensure the accuracy, completeness, and timeliness of data during its conversion from its original source into computer data, or entry into a computer application. Examples are given below: - Format checks: These ensure that information is input in the correct form. For example, the requirement that the date of a sales invoice be input in numeric format only – not numeric and alphanumeric. - Range /Reasonableness checks: These ensure that input data is rejected or highlighted if it is outside pre-set parameters.For example, where an entity rarely, if ever, makes bulk-buy purchases with a value in excess of $50,000, a purchase invoice with an input value in excess of $50,000 is rejected for review and follow-up. Dynamic Publishers 28 - Compatibility/dependence checks: These ensure that data input from two or more fields is compatible. For example, a sales invoice value should be compatible with the amount of sales tax charged on the invoice. - Exception checks: These ensure that an exception report is produced highlighting unusual situations that have arisen following the input of a specific item. For example, the carry forward of a negative value for inventory held. - Sequence checks: ensure that sequential input of documentation/data is maintained. These facilitate completeness of processing by ensuring that documents processed out of sequence are rejected. For example, where pre-numbered goods received notes are issued to acknowledge the receipt of goods into physical inventory, any input of notes out of sequence should be rejected. - Control totals: These also facilitate completeness of processing by ensure that pre-input, manually prepared control totals are compared to control totals input. For example, the total of all the invoices, such as the gross value, is manually calculated. The invoices are input, the system aggregates the total of the input invoices’ gross value and this is compared to the control total. This helps to ensure completeness and accuracy of input. - Existence checks : the system is set up so that certain key data must be entered, such as supplier name, otherwise the invoice is rejected. This helps to ensure accuracy of input. - Check digit verification: Check digits are used to protect against the transposition of data i.e. errors arising due to accidental reversal of digits. This process uses algorithms to ensure that data input is accurate. - Document counts :the number of invoices to be input are counted, the invoices are then entered one by one, at the end the number of invoices input is checked against the document count. This helps to ensure completeness of input. - One for one checking: the invoices entered into the system are manually agreed back one by one to the original purchase invoices. This helps to ensure completeness and accuracy of input. Processing controls Processing controls exist to ensure that all data input is processed correctly and that data files are appropriately updated accurately in a timely manner. For example, the balance carried forward on the bank account in a company’s general (nominal) ledger. Other processing controls should include the subsequent processing of data rejected at the point of input, for example: - A computer produced print-out of rejected items. - Formal written instructions notifying data processing personnel of the procedures to follow with regard to rejected items. - Appropriate investigation/follow up with regard to rejected items. - Evidence that rejected errors have been corrected and re-input. Dynamic Publishers 29 Output controls Output controls exist to ensure that all data is processed and that output is distributed only to prescribed authorised users. While the degree of output controls will vary from one organisation to another (dependent on the confidentiality of the information and size of the organisation), common controls comprise: - Appropriate review and follow up of exception report information to ensure that there are no permanently outstanding exception items. - Careful scheduling of the processing of data to help facilitate the distribution of information to end users on a timely basis. - Ongoing monitoring by a responsible official, of the distribution of output, to ensure it is distributed in accordance with authorised policy. Term to remember: Standing Data Standing data is the information that is held on computer files for long-term use. It is called standing data as it tends to change less frequently than other data. Examples of standing data would be: the rate of sales tax to be applied to sales invoices; the hourly pay rate for a factory worker to be used when calculating payroll; employee bank account details. Master file controls The purpose of master file controls is to ensure the ongoing integrity of the standing data contained in the master files. It is vitally important that stringent ‘security’ controls should be exercised over all master files. These include: -appropriate use of passwords, to restrict access to master file data -the establishment of adequate procedures over the amendment of data, comprising appropriate segregation of duties, and authority to amend being restricted to appropriate responsible individuals -regular checking of master file data to authorised data, by an independent responsible official Limitations of internal control components The internal control system, even if well-designed and well-implemented, does not completely eliminate the possibility of fraud or error. No internal control system can be perfect due to its inherent limitations. - Controls are far more expensive compared to the benefits from the system. - Overriding of controls by the management. - Control systems are not geared up to cater to non-routine transactions. - Possibility of human error. - Possibility of fraud on account of collusion between employees. - Possibility that, with a change in conditions, a control may not be modified and therefore may become inadequate. - Obsolescence of controls. Dynamic Publishers 30 Responsibilities of various parties regarding ICS Management: design and implement and effective ICS. Check and ensure it is working effectively on a continuous basis BOD: ensure that an effective ICS is designed, implemented and monitored by the management. Ensure ICS are reviewed by internal and external auditors and their recommendations are implemented Auditors: review and report on ICS and recommend changes External auditor’s work regarding controls Document/Evaluate Narratives Narrative notes consist of a written description of the system; they would detail what occurs in the system at each stage and would include any controls which operate at each stage. Advantages of this method include: – They are simple to record; after discussion with staff members of Oregano, these discussions are easily written up as notes. – They can facilitate understanding by all members of the internal audit team, especially more junior members who might find alternative methods too complex. Disadvantages of this method include: – Narrative notes may prove to be too cumbersome, especially if the sales and distribution system is complex. – This method can make it more difficult to identify missing internal controls as the notes record the detail but do not identify control exceptions clearly. Flowcharts Flowcharts are a graphic illustration of the internal control system for the sales and despatch system. Lines usually demonstrate the sequence of events and standard symbols are used to signify controls or documents. Advantages of this method include: – It is easy to view the sales system in its entirety as it is all presented together in one diagram. – Due to the use of standard symbols for controls, they are easy to spot as are any missing controls. Information is presented in a logical sequence. – They ensure that a system is recorded in its entirety as all documents have to be traced from beginning to end. – Facilitates easy understanding of a system. – Facilitates the highlights of strengths and weaknesses of a system. Dynamic Publishers 31 – Serves as a permanent record of a system that can be subject to a minor amendment on a year-to-year basis. – They can be prepared quickly by staff with little experience. Disadvantages of this method include: – They can sometimes be difficult to amend, as any amendments may require the whole flowchart to be redrawn. – There is still the need for narrative notes to accompany the flowchart and hence it can be a time consuming method. – Not generally suitable for recording systems with numerous unusual transactions. – Only suitable for describing standard systems. – Major amendment is not normally possible without redrawing. – Time can be wasted by recording and checking areas that are of no audit significance. – They are not normally appropriate for recording systems where there are subsystems or subroutines. Questionnaires Internal control questionnaires are used to assess whether controls exist which meet specific objectives or prevent or detect errors and omissions. - ICQ( designed to ask if certain controls are present) - ICEQ (designed to ask if certain errors can be prevented-i.e. test the effectiveness of controls) An Internal Control Questionnaire (ICQ) normally comprises a checklist of standard controls that should exist in a specified functional area (for example sales and trade receivables or purchases and trade payables). Questions about the existence of specified controls are usually phrased to generate a ‘Yes’ or a ‘No’ answer, with an affirmative answer confirming the existence of the control and a negative answer indicating the absence of the control and a weakness in the system. A problem associated with ICQs is that whilst they do identify areas where controls appear to be weak, they do not provide evaluation of those weaknesses. For example, whilst a ‘No’ answer may indicate weakness in controls, it is possible that other controls in the system, of which the auditor is unaware, may compensate for the weakness. Internal Evaluation Questionnaires (ICEQs) provide an alternative and improved means of evaluating control systems, by asking key questions about those systems. Key questions are phrased such that answers in the positive should alert the auditor to the fact that there are deficiencies in the systems because systems objectives are not being met. ICEQs are usually designed to include a list of points that the auditor should consider before answering each key question. The auditor issues the questionnaires to the client, who in turn gets it filled by the appropriate employees. The feedback on the questionnaire enables the auditor to assess the inherent limitations in the design of the internal controls. Dynamic Publishers 32 The ICEQs contain detailed questions relating to the functioning of internal controls. They are to be answered by the clients. The answers to the questions are generally in a narrative form. Information relating to the following matters is included the ICQs and ICEQs: _ segregation and rotation of duties _ maintenance of records and documents _ accountability for, and safeguarding of assets _ procedure for authorisations The feedback received on the questionnaires will then be tested by the auditors and the weaknesses, if any, will be communicated in the form of a letter of weakness to the client. Advantages Questionnaires are quick to prepare, which means they are a cost effective method for recording the system. They ensure that all controls present within the system are considered and recorded; hence missing controls or deficiencies are clearly highlighted. Questionnaires are simple to complete and therefore any members of the team can complete them and they are easy to use and understand. Disadvantages It can be easy for the company to overstate the level of the controls present as they are asked a series of questions relating to potential controls. Without careful tailoring of the questionnaire to make it company specific, there is a risk that controls may be misunderstood and unusual controls missed. Test! Test of controls are performed to obtain audit evidence about 2 things: 1. Whether the ICS is designed suitably (to prevent, detect or correct material misstatements) 2. Whether the ICS are operating properly ( test of controls) Test of controls- examples  inspection of documents (e.g. authorizations)  enquiries about internal controls which leave no audit trail ( e.g. is the person who is SUPPOSED to perform the function actually performing it or is someone else is doing so)  Re-performance of control procedures ( e.g. reconciliations)  examination of evidence of management views(e.g. minutes of meetings)  Observation of controls  Using TEST DATA(CAATs) Dynamic Publishers 33 If controls appear strong, they are tested to ensure they operated as described throughout the year. If the results show they operated effectively, substantive testing may be reduced. Report control A letter on internal control (also referred to as a management letter or letter of weaknesses to weakness) is a letter usually forwarded by an auditor to the senior management of a management company. The letter should normally be forwarded immediately following the completion of the tests of control and before the commencement of substantive procedures. The letter contains weaknesses identified in the entity’s system of internal control as identified by the auditor when performing tests of control and the purpose of the letter is to bring these weaknesses to the attention of management. The weaknesses identified in the main body of the letter should be those which could lead to fraud or material error in or omission from the company’s financial statements, and will be classified as those relating to: (i) the design of the systems of accounting and internal control. (ii) the operation of the systems of accounting and internal control. For both categories the implication(s) of the weakness(es) should be identified, however minor control issues which the auditor would wish to bring to the attention of the company’s senior management should be included in an appendix to the letter of weakness or in a supplementary report. Examples of matters the external auditor should consider in determining whether a deficiency in internal controls is significant include: – The likelihood of the deficiencies leading to material misstatements in the financial statements in the future. – The susceptibility to loss or fraud of the related asset or liability, the subjectivity and complexity of determining estimated amounts. – The financial statement amounts exposed to the deficiencies. – The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to the deficiency or deficiencies. – The cause and frequency of the exceptions detected as a result of the deficiencies in the controls. Decide extent of Internal control over financial reporting strong- decrease substantive testing substantive testing Internal control over financial reporting weak- inccrease substantive testing Dynamic Publishers 34 The Sales System Control objectives for sales and despatch system - To ensure that orders are only accepted if goods are available to be processed for customers. - To ensure that all orders are recorded completely and accurately. - To ensure that goods are not supplied to poor credit risks. - To ensure that goods are despatched for all orders on a timely basis. - To ensure that goods are despatched correctly to customers and that they are of an adequate quality. - To ensure that all goods despatched are correctly invoiced. - To ensure completeness of income for goods despatched. - To ensure that sales discounts are only provided to valid customers. Sales order - All sales orders documented on a sequentially numbered multi-part SALES ORDER placed FORM. - Confirm from the customer ( preferably in writing except on telephonic sales, a verbal reconfirmation/ call recording should be acceptable) - Inventory check - One copy of the GDN is sent with the goods, one copy stays in the warehouse, stapled to the relevant sales order, and one copy is sent to the invoicing department. - New customer: credit checks, the obtaining of trade/bank references and the setting of appropriate credit limits for customers - Existing customer: credit limit check, Customer credit limits should be regularly reviewed and updated based on the level of sales transactions and credit risk - Any discounts committed to be authorized - Follow up on unfulfilled orders- On a regular basis, a sequence check of orders should be undertaken to identify any missing orders. - Automated environment: access to master file limited to authorized individuals only Goods - Sequentially pre-numbered Goods Dispatched Note dispatched - Matched to the sales order- Upon despatch, the GDN should be matched to the order; a to the regular review of unmatched orders should be undertaken to identify any unfulfilled orders. customer - Signed by the warehouse manager after quantity and quality checks - 3 copies( warehouse, customer, accounts/invoicing) - Customer should sign the copies to acknowledge receipt of goods Dynamic Publishers 35 Sales invoice - Sequentially pre-numbered invoices raised and - Matched to GDN entered in - 3 copies ( accounts/invoicing, customer, sales day book clerk if applicable) - Ensure the authorized price list is used to prepare the invoice the - Any discounts authorized accounting - Arithmetic checks on invoices system - Sequence check on GDNs to ensure all GDNs have been invoiced - Sequence check on Invoices to ensure all invoices have been entered in the accounting system - Customer statements should be sent monthly to ensure any errors and disputed invoices are quickly identified and resolved - The sales ledger control account should be reconciled on a monthly basis to the individual ledger to identify any errors. The reconciliations should be reviewed by a responsible official and they should evidence their review. Payment received from the customer Goods returned by the customer - Match payment to invoice - Sequentially pre-numbered credit note - Check validity of any settlement - Signed by the manager discounts availed by the customer - Matched to invoice - Segregation of duties: receiving - Prepare a report for reasons for returns and actions payment and recording taken by the management. - Encourage bank transfers - A Bank Reconciliation Statement should be prepared on a monthly basis Other Aged receivables report: prepare monthly and reviewed by a senior official controls Exceptions reports created and reviewed ( old receivables, credit limit exceeded etc.) Amendments to master file data should be restricted so that only senior officials can make changes. Attempt questions to check your understanding: Dec 2014-Q5a Dec 2013-Q3 Dynamic Publishers 36 The Purchase System The main objectives in purchase transactions are: – Procurement is made only when the requirements are genuine. – Purchases are made at the most optimum prices and terms. – Purchases meet the required quality standards and if substandard quality is accepted, must be at negotiated terms. – Payments are made according to agreed terms. – They are procured on time and the payments are made according to agreed terms. Purchase - Sequentially pre-numbered requisition - Authorized to ensure only those goods are ordered which are required - Monitor inventory level or Re-order level set - Inventory/ re-order level checked before raising the requisition to ensure only order when required. Purchase - Sequentially pre-numbered and matched to requisition order - Authorized supplier list used and updated annually (this should take into account the price of goods, their quality and the speed of delivery.) - Authorized - 3 copies ( supplier, order department, warehouse) - Follow up on order placed but not yet received ( exception reports can be created in a computerized environment) and sequence check can be performed for any unfulfilled orders Goods - Sequentially pre-numbered GRN received - Matched to purchase order - Signed by the warehouse manager after quantity and quality checks - 3 copies ( ordering department, warehouse for their records, account) Invoice - Match to GRN received - File in an order ( CANNOT be Sequentially pre-numbered) but should be numbered from supplier manually. This way, a sequence check can then be carried out to ensure all invoices have been entered in the day book/ledger. - Arithmetic checks - Entered in the ledger /day book on a daily basis-application controls( such as control total) should be applied to ensure completeness and accuracy over the input of purchase invoices. - Stamp ‘entered’ when recorded - Segregation of duties ( order placement, go

ACCA F8 Audit Summary Revision Notes 2017 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue