ACCA AA (F8) Course Notes PDF

AA Course notes Syllabus A: AUDIT FRAMEWORK AND REGULATION 3 Syllabus A1: The concept of audit and other assurance engagements 3 Syllabus A2: External audits 13 Syllabus A3: Corporate Governance 25 Syllabus A4: Professional ethics and ACCA’s Code of Ethics and Conduct 40 Syllabus B: PLANNING AND RISK ASSESSMENT 54 Syllabus B1: Obtaining and accepting audit engagements 54 Syllabus B2: Objective and general principles 73 Syllabus B3: Assessing audit risks 77 Syllabus B4: Understanding the entity and its environment 89 Syllabus B5: Fraud, laws and regulations 97 Syllabus B6: Audit planning and documentation 101 Syllabus C: INTERNAL CONTROL 115 Syllabus C1: Internal control systems 115 Syllabus C2: The use and evaluation of internal control systems by auditors 121 Syllabus C3: Tests of control 126 Syllabus C4: Communication on internal control 144 Syllabus C5: IA and governance, and the differences between external and internal audit 149 Syllabus C6: The scope of the internal audit function, outsourcing and internal audit Syllabus D: AUDIT EVIDENCE 167 Syllabus D1: Financial statement assertions and audit evidence 167 Syllabus D2: Audit procedures 176 Syllabus D3: Audit sampling and other means of testing 183 Syllabus D4: The audit of specific items 188 Syllabus D5: Computer-assisted audit techniques 222 Syllabus D6: The work of others 225 Syllabus D7: Not-for-profit organisations 230 Syllabus E: REVIEW AND REPORTING 2 157 231 Syllabus E1: Subsequent events 231 Syllabus E2: Going concern 236 Syllabus E3: Written representations 242 Syllabus E4: Audit finalisation and the final review 246 Syllabus E5: Independent Auditor's reports 250 aCOWtancy.com Syllabus A: AUDIT FRAMEWORK AND REGULATION Syllabus A1: The concept of audit and other assurance engagements Syllabus A1a) Identify and describe the objective and general principles of external audit engagements. General Principles The objective of an Audit The Auditor must state an opinion as to whether the financial statements… 1. Give a true and fair view 2. The accounting records are accurate and complete 3. Are prepared in accordance with an applicable financial reporting framework in all material respects General Principles for the auditor to follow 1. Compliance with applicable ethical principles (such as the ACCA’s Rules of Professional Conduct) 2. Compliance with International Standards on Auditing 3. Keeping an attitude of professional scepticism when planning and performing the audit (i.e. don’t accept on face value – get evidence) 3 aCOWtancy.com Syllabus A1b: Explain the nature and development of audit and other assurance engagements. Development of audit and other assurance engagements The accounting and auditing professions have been under the public spotlight, and as a result of certain events, many changes have occurred in relation to audit and assurance engagements. ENRON Scandal In 2000, Enron, a US energy company, deceived investors by fraudulently overstating profitability. Its auditor, Arthur Andersen, was shown to have lacked objectivity in evaluating Enron's accounting methods. Other companies that were also involved in corporate frauds included WorldCom, Parmalat, Cable & Wireless and Xerox. The result of these frauds was a lack of confidence in the way companies were run and audited. In the USA, this resulted in the Sarbanes-Oxley Act 2002. Lehman Brothers Scandal In September 2008 Lehman Brothers, a global financial services firm, filed for bankruptcy in the US triggering a severe world-wide financial crisis. Lehman lent money to people on low incomes or with poor credit histories. 4 aCOWtancy.com Following the collapse of Lehman Brothers, other banks failed worldwide and many needed government support to continue. In light of this global financial crisis, regulators have been considering the effectiveness of the audit and the auditor’s role in helping to prevent corporate and financial institution collapses. One important area being focused on is the importance of professional scepticism for audit quality. 5 aCOWtancy.com Syllabus A1c: Discuss the concepts of accountability, stewardship and agency. Accountability, Stewardship and Agency 1. Accountability Accountability means holding those in charge accountable for their actions. In the context of a company, it means holding the directors who manage the company responsible for explaining their actions to the shareholders who own the company. 2. Stewardship Stewardship is when a person is responsible for taking care of something on behalf of another. This is known as a ‘Fiduciary Relationship’ and exists between directors and shareholders as directors are responsible for the management of the shareholders property. 3. Agency Agency is where an agent acts on behalf of a principle to perform tasks for them. In the context of a company, the directors are the agents of the shareholders (principles) who entrust them to manage the running of the business. This separation of ownership and management is often referred to as the ‘Agency Problem’. Syllabus A1d: Define and provide the objectives of an assurance engagement. Objectives of an Assurance Engagements To provide assurance from an independent source that the subject matter agrees with set criteria 6 aCOWtancy.com Syllabus A1e) Explain the five elements of an assurance engagement. 5 Elements of Assurance engagements Every assurance project needs 3 users, some subject matter, judged against some criteria by gathering evidence, to then be reported on 5 Elements of Assurance engagements are: 1. 3 Parties - users (Public, Client, Auditor) 2. The Subject Matter 3. Criteria to judge reliability and accuracy (e.g. IFRS) 4. Sufficient Evidence to make an opinion 5. A written report Every assurance project needs: 3 users The intended user - the person who wants the report The responsible party - the person who provides the subject matter The Practitioner - the person who reviews the subject matter and provides assurance Subject matter The material provided by the responsible party, which needs assurance on Criteria This is so the subject matter can be assessed Evidence This is obtained by the practitioner so to give assurance Report This is given to the intended user and the responsible party from the practitioner 7 aCOWtancy.com Syllabus A1f) Describe the types of assurance engagement Types of assurance engagement An assurance engagement is when a professional examines information for which another party is responsible for Assurance engagements are: External Audits An Auditor states an opinion as to whether the financial statements Give a true and fair view. An Auditor examining financial statements prepared by a board of directors to express an opinion as to whether they comply with accounting standards. Review engagements The auditor reviews the financial statements using less evidence than required by an audit The report will be to the body that commissioned the review e.g. Bank, Directors. Types of Review engagements: Risk assessment reports Review of internal controls System reliability reports Value for money reviews Social and environmental reports Remember they’re basically something that someone wants assurance over - so it might be you’re buying something and you want assurance you're paying a fair price We would call this a value for money review 8 aCOWtancy.com Assurance engagements will have: An engagement letter agreeing terms A decision on methods to gather and evaluate evidence to support a conclusion A type of report to be produced at the end of the engagement. External Audit It reports to shareholders that the financial statements provide a true and fair view. There are two types: Statutory Non - Statutory Statutory Audit This is when entities are required by law to have an audit All public and large companies are required to have one Other organisations such as Building Societies and certain charities must also Non Statutory Audit This is when there is no legal requirement. A small company for example may choose to be audited when not legally obliged. Reasons to undertake a non-statutory audit will include: 9 Providing assurance to the owners over financial results Making accounts more acceptable to Tax authorities Making a sale of the business easier Providing assurance to those financing the business e.g. Banks aCOWtancy.com Syllabus A1g) Explain the level of assurance provided by an external audit and other review engagements and the concept of true and fair presentation. Levels of Assurance Reasonable Assurance is where there is sufficient evidence that the subject matter agrees to certain criteria. True and Fair As we know, auditors are required to express an opinion as to whether the financial statements give a ‘true and fair’ view. The financial statements must reflect accurately the underlying accounting information, they must be clearly presented, free from material misstatement and provide an impartial unbiased report. Levels of Assurance Reasonable Assurance Engagement To carry out a reasonable assurance engagement, the practitioner gathers sufficient evidence to conclude that the subject matter agrees in all material respects to the agreed criteria. The assurance given is in the form of positive assurance. This means that in their opinion the subject has been prepared in accordance with the criteria required. To carry out such an engagement the information must have been prepared by another party, be identifiable and in a form that enables the auditor to gather evidence to form the opinion. 10 aCOWtancy.com Reasonable assurance engagements provide a high level of assurance An example of a reasonable assurance engagement is the external audit. Think about how the external audit fulfils all the criteria of a reasonable assurance engagement as outlined above. Limited Assurance Agreement Only necessary to gather enough evidence to be satisfied that the subject matter is plausible in the circumstances. In this case negative assurance is provided. Negative assurance is satisfaction that there is nothing to suggest that the subject has not been prepared in line with the relevant criteria. Limited assurance engagements provide a moderate level of assurance. An example of a limited assurance engagement is a review engagement. A review engagement is undertaken by an auditor using less evidence than required by an audit to review the financial statements. The auditor will state their opinion in the form of negative assurance i.e. that they are not aware that anything is materially misstated. This is not an audit. The report will not be to the shareholders but to the body that commissioned the review e.g. Bank, Directors. 11 aCOWtancy.com Remember! An Audit Report gives Positive Assurance A Review Engagement gives Negative Assurance Never Absolute Assurance Note that neither of the above are absolute assurance as the evidence is gathered on a test basis and there is judgement involved in the preparation of the information. Absolute assurance will never be provided by an assurance engagement whether audit or review. 12 aCOWtancy.com Syllabus A2: External audits Syllabus A2a: Describe the regulatory environment within which statutory audits take place. Regulatory Environment for External Audits What are the general regulations surrounding external Audits, udder features? Provision of audit services is regulated by International Standards on Auditing (ISAs) as well as Codes of Ethics and Company Law. IFAC The International Federation of Accountants (IFAC) serves to strengthen the accountancy profession worldwide, to serve the public interest and promote adherence to high quality standards. IAASB The International Auditing and Assurance Standards Board (IAASB) is a subsidiary of IFAC and sets the International Standards on Auditing (ISAs) of which there are more than 30. The IAASB also sets quality control principles for all assurance engagements as well as standards for other types of assurance engagements ISAs These only apply to the audit of historical financial information Since 2005 all audits carried out under the laws of EU member states have to be conducted under ISAs. 13 aCOWtancy.com Note: If, in exceptional cases, the auditor departs from an ISA to achieve the overall aim of the audit, then this departure must be justified. The entire text of an ISA is needed to understand and apply the basic principles and essential procedures. Syllabus A2b: Discuss the reasons and mechanisms for the regulation of auditors Mechanisms for Regulating Auditors IFAC is basically just a group of accountancy bodies (including ACCA) - it has no legal standing Therefore, countries need to have regulations in place for regulating auditors (and implementing audit standards) National Regulatory bodies will enforce quality control of audit and inspect audit files. Self-regulation by the audit profession Normally an external auditor has to be a member of an appropriate ‘regulatory body’, such as the ACCA. Ok so what do these bodies do? Offer professional qualifications Provide evidence of technical competence (unless you're one of those idiot f8 students :P) Make sure the competence is maintained Make sure only ‘fit and proper’ persons, who act with professional integrity can be an auditor Make sure their members use appropriate technical standards (for example, ISAs) Monitor compliance by its members with the rules of the regulatory body 14 aCOWtancy.com Regulation by government The alternative is regulation by government. The government may establish rules and procedures to do all the work the regulatory bodies do now So which is best? Well, The US government has got involved over there They introduced the Sarbanes-Oxley Act of 2002. Similarly Canada with a national inspections unit And the EU commission recently stated… "Self-regulation is not sufficient to address the independence issue, both in terms of independence of statutory auditors from the audited entity, and in terms of independence of the supervisors of the auditors from the latter. "The crisis has also shown that self-regulation is not adequate when looking towards the future.” Leaving the profession to investigate and regulate itself could be seen as a conflict of interest, but equally it could be seen as being the most practical solution as they understand the situation better 15 aCOWtancy.com Syllabus A2c: Explain the statutory regulations governing the appointment, rights, removal and resignation of auditors Appointment of the Auditor The auditor must be sufficiently safe in their appointment to maintain independence from management. In order to be appointed as an auditor a person must be: 1. A member of a recognised Supervisory Body (RSB) such as ACCA. 2. Allowed by that body to act as an auditor Or 3. Be directly authorised by the state. Audit work may be undertaken by: an accountancy practice, sole practitioners, members of a Limited Liability Partnership or directors of an audit company. Anyone who can't be an auditor? The directors or secretary of the company Employees of the company Business partners or employees of the above 16 aCOWtancy.com And how are they appointed? The shareholders appoint the auditor. The appointment will be made at an AGM and run until the next AGM. If there is no AGM, the appointment will be automatic each year unless a shareholder objects. What are the Auditors Responsibilities when becoming appointed? Obtain clearance from the client to write to existing auditor (if denied the appointment should be declined) Write to the existing auditor requesting any reasons why the appointment should not be made And what rights does the auditor have when being appointed? 1. 2. 3. 4. Unfettered access to company’s books and records All explanations and information to be provided Notice of all general meetings Right to be heard at all such meetings on matters of concern to the auditor When isn't the auditor appointed by shareholders? First Appointment This is made by directors as normally the company won't have had an GM by then Casual Vacancy Such as when the current auditor resigns Normal re-appointment This is normally by shareholders at an AGM - but often it is simply automatic when no AGM is required by shareholders 17 aCOWtancy.com Syllabus A2c) Explain the statutory regulations governing the appointment, rights, removal and resignation of auditors Auditor Removal However, if doubts as to whether the auditor is able to carry out their duties exist, they can be removed. So what are the ways an Auditor can be removed? 1. By majority at a general meeting (but a specified notice period must be given of the resolution to prevent it being ‘sprung’ on the meeting) 2. The auditor may resign (but must submit a statement outlining the circumstances of their resignation) What do the Auditors have to do on Removal/Resignation They have 3 responsibilities as follows: 1. Deposit statement of circumstances connected with removal/resignation at the company’s registered office. 2. If there are no circumstances, a statement stating this. 3. Reply promptly to requests for clearance from new auditors. And what rights do they have when resigning? Just the 2 rights to remember here.. 1. To request an extraordinary general meeting to explain the circumstances of the resignation 2. To require company to circulate notice of circumstances relating to resignation 18 aCOWtancy.com Syllabus A2d) Explain the regulations governing the rights and duties of auditors Duties / Rights of the Auditor Duties of The Auditor These are to form an Opinion on: Do the financial statements provide a true and fair view? Are they prepared in accordance with applicable accounting standards? And to prepare and issue a report *Note that it is the management of the company who has responsibility of preparing the financial statements. The auditor does this by ensuring: 1. Proper accounting records are kept 2. The FS reflect the underlying accounting records. 3. If the auditor has not visited a branch, that branch has made proper returns. 4. All necessary information and explanations have been received. 5. Information issued with the financial statements is consistent with the financial statements. 6. If any information required by law is not in the financial statements, it is in the auditors’ report. 19 aCOWtancy.com Rights of the external auditor They have basically 5 rights - remember these for the exam my friend.. 1. The right of access to all accounting books and records at all times. 2. The right to all information and explanations (from management) necessary for the proper conduct of the audit. 3. The right to receive notice of all meetings of the shareholders (such as the annual general meeting) and to attend those meetings. 4. The right to speak at shareholders’ meetings on matters affecting the audit or the auditor. This can be important when the auditors are in disagreement with the directors of the client entity and are unable to communicate with the shareholders effectively by any other method. 5. If the company uses written resolutions, the auditors should have a right to receive a copy of all such resolutions. Syllabus A2e) Describe the limitations of external audits. Limitations of external audits Audits have many beneficial uses Benefits of Statutory Audits Investors are more able to rely on the information provide Management can verify that their systems are sound. Management are less likely to commit fraud The business more able to raise finance The auditor will highlight any deficiencies in their letter to management. There are drawbacks too however.. 20 aCOWtancy.com Problems Many businesses with a recent clean audit report have subsequently gone out of business. Not all transactions are checked. The opinion is based on evidence, often provided by management. Many controls can be overridden by management Where do we get the information from? To understand a client (new or old) Prior year audit file Identification of issues that arose in the prior year audit and how these were resolved. Also whether any points brought forward were noted for consideration for this year’s audit Prior year financial statements Provides information in relation to the size of the entity as well as the key accounting policies and disclosure notes Accounting systems notes Provides information on how each of the key accounting systems operates. Discussions with management Provides information in relation to any important issues which have arisen or changes to the company during the year Current year budgets and management Provides relevant financial information for the year to date 21 aCOWtancy.com Permanent audit file Provides information in relation to matters of continuing importance for the company and the audit team, such as statutory books information or important agreement Client website Recent press releases from the company may provide background on changes to the business during the year as this could lead to additional audit risks Prior year report to management Provides information on the internal control deficiencies noted in the prior year; if these have not been rectified by management then they could arise in the current year audit as well Financial statements of competitors This will provide information about competitors, in relation to their financial results and their accounting policies 22 aCOWtancy.com Syllabus A2f) Explain the development and status of International Standards on Auditing (ISAs). The development and status of ISAs Setting the Standards 1. IAASB reviews auditing developments and takes suggestions from interested parties. 2. Project task force appointed to work on the detail. 3. Consultation by meeting or consultation paper. 4. Draft standard produced and commented on by interested parties for a period of 120 days (Exposure period). 5. Project task force considers comments and amendments made if appropriate. 6. If changes significant there may be another exposure period. 7. Standard finalised and approved by meeting of IAASB at which there must be a minimum of 12 members. 23 aCOWtancy.com Syllabus A2g) Explain the relationship between International Standards on Auditing and national standards. The relationship between ISAa and national standards ISAs V Local Legislation IFAC is not able to enforce its standards. It is up to individual countries to implement the standards if they deem it appropriate. National Regulatory bodies will be charged with enforcing implementation of auditing standards, enforce quality control of audit and inspect audit files. Countries may do this by allowing the accountancy profession to implement the above, or set up an independent authority to do it. Countries also have the choice to set their own standards of implement or modify ISAs’ to suit their needs. 24 aCOWtancy.com Syllabus A3: Corporate Governance Syllabus A3a) Discuss the objectives, relevance and importance of corporate governance. Corporate Governance & Auditing Corporate governance is the system by which companies are directed and controlled It is concerned with matters such as directors responsibilities, the board of directors, the audit committee and relationship with external auditors. It ensures that companies are run in the interests of their shareholders and the wider community Poor Corporate Governance Many corporate failures have been blamed on poor corporate governance such as WorldCom and Enron. Poor controls allowed management to abuse their position either in the form of excessive executive pay or manipulation of results to the ultimate detriment of shareholders. Who is Responsible? The directors are responsible for implementing a sound system of governance. Auditors will have an interest also because poor governance makes it more likely that material errors exist in the firms’ financial statements. 25 aCOWtancy.com Responsibility of Auditors for reporting on Corporate Governance A statement regarding corporate governance included in the Annual Report is reviewed by the auditor and any inconsistencies highlighted as below: 1. An error in the financial statements The auditor will issue a qualified report if the directors refuse to amend the error 2. An error in the corporate governance statement The auditor will add an emphasis of matter paragraph to their report 26 aCOWtancy.com Syllabus A3b) Discuss the provisions of international codes of corporate governance (such as OECD) that are most relevant to auditors. International Codes of CG (OECD) The Organisation for Economic Co-operation and Development issued principles of Corporate Governance in 1999 These principles are intended to ‘improve the legal, institutional and regulatory framework for corporate governance’ and…. ‘to provide guidance and suggestions for stock exchanges, investors, corporations and other parties that have a role in the process of developing good corporate governance’ 6 Principles relevant to the Auditor 1. There should be a clear basis for an effective corporate governance framework This should ensure transparency and acceptance of responsibility of all parties involved. 2. Shareholders Rights should be upheld. Management of the company should recognise that they are agents of the shareholders and act in their interests at all times. 3. Shareholders should be treated equitably All shareholders whether institutional or minority should be treated in a fair and just manner. 4. Rights of Stakeholders should be recognised Co-operation between the organisation and stakeholders should be encouraged. 5. Timely and accurate disclosures should be made. All Material matters such as the financial situation, performance, ownership and governance of the company should be disclosed. 27 aCOWtancy.com 6. Duties of the board The strategic guidance of the company should be ensured by the corporate governance framework. The board should effectively monitor management and be accountable to the company and shareholders. Audit and OECD Principles The OECD principles state that an annual audit should be carried out by an independent, competent, qualified auditor to provide assurance to the board and to shareholders. The auditors are also under a duty of care to provide a competent service and are accountable to the shareholders. The Board and the OECD Principles The board have responsibility under the principles to: Review and guide corporate strategy e.g. risk policy, business plans, capital investment, mergers and acquisitions and setting performance objectives. Evaluate and monitor the effectiveness of corporate governance policy Appointment and monitoring of key executives Align executive and board remuneration in the long term interests of the company Monitor and manage the ‘agency problem’ Taking responsibility for the accounting and financial reporting system ensuring an appropriate system of control to manage risk is in place Ensure appropriate disclosures and communication 28 aCOWtancy.com Syllabus A3c) Describe good corporate governance requirements relating to directors’ responsibilities (e.g. for risk management and internal control) and the reporting responsibilities of auditors. A3d) Evaluate corporate governance deficiencies and provide recommendations to allow compliance with international codes of corporate governance. Good Corporate Governance This is good corporate governance regarding directors responsibilities Directors Responsibilities The directors are responsible for implementing a sound system of governance. (Auditors will have an interest in the standards of corporate governance at a firm because a poor system of governance will make it more likely that material errors exist in the firms’ financial statements) The Board Good corporate governance here includes.. Chairman and Chief Executive should be different people to prevent unfettered power Half of the board to be Non-Executive Directors (NEDs) There should be a rigorous and transparent nomination process. Directors should submit for re-election regularly Communication with Shareholders Board is responsible for ensuring satisfactory dialogue with shareholders. The AGM should be used to encourage communication with investors 29 aCOWtancy.com Remuneration Good corporate governance here includes.. 1. Excessive remuneration should be avoided 2. Linked to the performance of the corporation. 3. The directors should not be responsible for setting their own pay. 4. There should be a transparent procedure for setting directors remuneration Internal Controls Good corporate governance here includes.. 1. A sound system of internal controls should be maintained. 2. An audit committee should be established. 3. If no internal audit function, the need for one should be considered on an annual basis. Auditors requirements Explain responsibility of directors for preparing financial statements. Review and report on system of internal control. Has an Audit Committee with at least 3 non-executive directors been set up? Are Audit Committee terms of reference set out in writing and described in report? Is there a whistle-blowing facility? Does Audit Committee review and monitor internal control system. Audit Committee responsible for appointment of external auditor. Responsibility of Auditors for reporting on Corporate Governance A statement regarding corporate governance must be included in the Annual Report This statement is reviewed by the auditor and any inconsistencies with the information in the annual report highlighted. 30 aCOWtancy.com If the inconsistency highlights an error in the financial statements, the auditor will issue a qualified report if the directors refuse to amend the error. If the error is in the corporate governance statement, the auditor will add an emphasis of matter paragraph to their report. Sarbanes Oxley in the US requires auditors to state an opinion on the system of internal control and whether the company has complied with corporate governance requirements. External Audit v Management Responsibilities Management and the external auditors have different responsibilities when it comes to various aspects of the client business. We will look at several aspects and draw the distinction between the responsibilities of management and the responsibilities of the external auditor. Corporate Governance Management Responsibilities To ensure that effective measures to ensure good corporate governance are in place Auditor Responsibilities If under combined code, to report on any conflicts between reported corporate governance and the financial statements 31 aCOWtancy.com Financial Reporting Management Responsibilities Prepare financial statements which provide a ‘true and fair’ view of the company’s results. Select and apply suitable accounting policies. Base judgements on prudent and responsible basis. Implement suitable internal controls. Auditor Responsibilities Report an opinion as to whether the financial statements give a ‘true and fair’ view. Planning the work to be undertaken. Gathering sufficient audit evidence. Communicating with those charged with governance: o ISA 260 Communication of audit matters with those charge with governance places responsibilities on the external auditor. o Communication takes the form of the letter of engagement and the management letter sent at the beginning and end or the audit respectively. o Ongoing communication should be undertaken throughout the audit. In order to avoid an ‘expectation gap’ the auditor should ensure that management are aware that the external auditor is not responsible for: The preparation of the financial statements Selection of accounting policies Implementing or ensuring good standards of corporate governance Systems and controls implementation Systems and Controls 32 aCOWtancy.com Management Responsibilities Establishing suitable systems and controls to safeguard assets, produce accurate accounting information and prevent and detect fraud. Auditor Responsibilities Assess risk of material misstatement due to poor systems and controls Document tests of controls undertaken Report weaknesses to those charged with governance Fraud and Error Management Responsibilities Safeguards should be in place to avoid fraud and error through the systems and controls the company operates Internal audit function will be responsible for monitoring and implementation of these Auditor Responsibilities If fraud or error leads to material misstatement, the auditor is responsible for detecting it. If immaterial, these should be reported to those charged with governance, but there is no responsibility to detect them. The inherent limitations of audit mean that the auditor cannot guarantee that the financial statements are free from fraud and error. 33 aCOWtancy.com The auditor must consider the risk of material misstatement due to fraud and error when planning and performing their audit. If discovered, fraud should be reported to the audit committee (if one exists), or the highest level of management (if not involved in the fraud), or the shareholders if the fraud is by those in senior management. 34 aCOWtancy.com Syllabus A3e) Analyse the structure and roles of audit committees and discuss their benefits and limitations. Audit Committees Know the Structure, Role & Benefits / Drawbacks Structure of the Committee At least one member of the committee should have recent and relevant financial experience. There should be at least 3 non executive directors. In the case of smaller companies, this may be 2. Role of the committee 1. To improve the quality of financial reporting 2. To increase the confidence of the public in the financial statements. 3. Assist directors in meeting their responsibilities in respect of financial reporting. 4. Provide a channel to external auditors to report concerns or issues. 5. Review the company’s system of internal controls. 6. Strengthen the position of internal audit by providing greater independence from management. 7. Appointment of external auditor. Advantages of a committee Independent Reporting Provides internal audit with an independent reporting mechanism. Without this management may be tempted to hide unfavourable reports. 35 aCOWtancy.com Frees up Executive time Leaves top executives free to manage by providing expertise on financial reporting Corporate Governance monitored Ensures that corporate governance requirements are brought to attention of the board Appropriate Internal Controls Should ensure that an appropriate system of internal control is maintained. Better Communication Better communication between the directors, external audit and management is facilitated. Strengthens external audit independence Strengthens independence of external audit as their appointment is now not made by the board. Disadvantages of Committee 1. Executive directors may perceive it as a threat to their authority. 2. Finding non executive directors with appropriate expertise may be difficult. 3. Additional costs will be involved. 4. Too much detail may be thrust upon non executive directors. 36 aCOWtancy.com Communication with the audit committee Why does the external auditor speak first to the Audit Committee? 1. To ensure independence between the board and the audit firm. The audit committee consists of independent NEDs, who can therefore take an objective view of the audit report. 2. The audit committee has more time to review the audit report and other communications (e.g. management letters) than the board. The auditor should therefore benefit from their reports being reviewed carefully 3. The audit committee can ensure that any recommendations from the auditor are implemented. The NEDs can pressurise the board to taking action on auditor recommendations 4. The audit committee also has more time to review the effectiveness and efficiency of the work of the external auditor than the board. The committee can therefore make recommendations on the re-appointment of the auditor, or recommend a different firm if this is appropriate 37 aCOWtancy.com Syllabus A3f) Explain the importance of internal control and risk management. Internal Controls & Risk Management Internal controls cannot eliminate risk, but they can minimise it. Internal controls help: 1. Safeguard the assets of the company 2. Prevent and detect fraud 3. Safeguard the investment of the shareholders They are designed to minimise the risk of fraud and error and will include such procedures as: Carrying out regular reconciliations on key ledgers Keeping assets under lock and key Passwords and computer system security 38 aCOWtancy.com Responsibilities for systems and controls It is the responsibility of executive management to put in place a suitable system of internal controls to manage the risks of the company In the UK, internal controls are divided into three categories for the purpose of corporate governance: 1. Financial controls 2. Compliance controls 3. Operational controls Financial controls These safeguard the company assets Ensure adequate accounting records are kept Include the preparation of Financial Statements Management must design and implement internal controls, The company’s governors (directors) must satisfy themselves that the IC system is adequate and works properly 39 aCOWtancy.com Syllabus A4: Professional ethics and ACCA’s Code of Ethics and Conduct Syllabus A4a) Define and apply the fundamental principles of professional ethics of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour. Fundamental Principles Professional ethics could be examined as part of any question on the F8 exam. It is very important that you know this section well. The ACCA sets out a code of ethics for members and disciplinary action is taken against those who fail to uphold them. The 5 Fundamental principles and what they mean: Integrity Members should be straightforward and honest in all business and professional relationships. Objectivity Members should not allow bias, conflicts of interest or undue influence of others to override professional or business judgements. Professional Competence & Due Care Members have a continuing duty to maintain professional knowledge and skill at a level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques. 40 aCOWtancy.com Members should act diligently and in accordance with applicable technical and professional standards when providing professional services. Confidentiality Members should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper or specific authority or unless there is a legal or professional right or duty to disclose. Confidential information acquired as a result of professional and business relationships should not be used for the personal advantage of members or third parties. Professional behaviour Members should comply with relevant laws and regulations and should avoid any action that discredits the profession. In the exam question you may have to apply these to a case study - groovy baby.. 41 aCOWtancy.com Syllabus A4b) Define and apply the conceptual framework, including the threats to the fundamental principles of self-interest, self-review, advocacy, familiarity, and intimidation. Conceptual framework Accounting standards need to built on a reliable set of concepts It's as an attempt to define the nature and purpose of accounting It's a coherent and consistent foundation that will underpin the development of accounting standards It's a statement of generally accepted accounting principles (GAAP) for evaluating existing practices and developing new ones It's a theoretical basis for determining how transactions should be measured (historical value or current value) and reported It's a basis for economic decision making In summary it's... a framework for setting accounting standards a basis for resolving accounting disputes fundamental principles which then do not have to be repeated in accounting standards Who else is the framework useful to? Auditors Users of accounts Anyone interested in how IFRS's are formulated The Framework is NOT an accounting standard, and if there's a conflict between the two then the IFRS wins 42 aCOWtancy.com Syllabus A4b) Define and apply the conceptual framework, including the threats to the fundamental principles of self-interest, self-review, advocacy, familiarity, and intimidation. Threats An auditor must be independent and be seen to be independent Five potential threats are identified in the ACCA’s code of ethics. Safeguards are suggested in order to counter each of the threats. The specific threats outlined are Self Interest, Self Review, Advocacy, Familiarity and Intimidation. Categories of Threat 1. Self-interest Here the auditor may have a financial (or other) interest in a matter. Therefore the auditor may not act with objectivity and independence. Examples outlined in the code, along with the safeguards to prevent them are as follows: Dependence on Client If a client makes up too high a percentage of an auditors income, they may be afraid of losing the income. Safeguard – If a Listed company makes up more than 10% of a firms income, they should not audit that client. (15% for non listed companies) Lowballing Lowballing is setting a very low fee either to attract new clients or ensure further work. Safeguard – Auditors should not set fees in this way, the fee must be based on a predetermined level of work required. Loans, Guarantees and overdue fees 43 aCOWtancy.com If an auditor fears he may not get such items paid back his objectivity may be threatened. In this case significant overdue fees constitute a loan. Safeguard – Do not offer loans, guarantees or allow fees to go unpaid for a significant time. Hospitality and Benefits Any such items given to the auditor by a client could be seen to be a bribe. Safeguard – Do not accept. Contingent Fees Where auditors fees are contingent on another event happening. Safeguard – Fees are not to be determined in this way. Financial or Business interest Where a close family member or personal friend is in a senior position within the client firm, or the auditor seeks employment with the client. Safeguard – Avoid such situations i.e. do not take on the audit. Financial interest such as shares etc. If an auditor owns shares in a business they may be tempted to avoid revealing information which will have an effect on the value of their investment. Safeguard – An assurance firm, any partner in the firm or an immediate family member of these may not have a direct or indirect interest in the client. Any member of the team who has such an interest must dispose of it or be removed from the team. 44 aCOWtancy.com 2. Self-review Here the auditor reviews a judgement she has taken herself. Or an audit firm prepared the financial statements and then acted as auditor. If an auditor provides other services to a client such as Tax advice, then the auditor will be reviewing their own work during the course of the audit. This is a threat to objectivity and independence. Accounting Services If an auditor prepares the accounts it is 100% sure that they will be reviewing their own work. They may be tempted to hide errors to save face. Safeguard - Auditor must not undertake accounting services for a client is they are a LISTED company. No management decisions should be made in other companies and a different team should provide each service. IT If the auditor advises on or installs accounting software for a client this will have to be reviewed during the audit. Safeguard - If the IT system is important to a significant part of the accounting system, the auditor should not design, provide or implement it. Valuation Services A valuation made by the auditor could have a material effect on the financial statements. Safeguard – If valuation requires a degree of judgement and have a material effect on the financial statements, then the auditor should not undertake to provide it. 45 aCOWtancy.com Tax Services As mentioned above, the tax work carried out will be reviewed during the course of the audit and may encourage the auditor to hide mistakes. Safeguard – If likely to have a material effect on the financial statements, should not be taken on Corporate Financial Services This could be construed as making management decisions. Safeguard – As long as not making decisions it is acceptable to assist client in raising finance or developing corporate strategies. Internal Audit Services External audit may use the work of internal audit as evidence of some of their conclusions. Safeguard – If significant reliance is to be placed on the work of Internal Audit, this should not be undertaken. Former Employee of Client joining Audit Firm If this occurs there is a chance the person could be auditing work or systems they were previously responsible for. Safeguard – The employee cannot be involved in the audit until two years have elapsed. 46 aCOWtancy.com 3. Advocacy Here the auditor is expected to defend or justify the position of the client, and act as an ‘advocate’. This is a threat to objectivity and independence. Legal Services If an auditor provides legal services, they may be perceived to take the same view as the client and therefore lose independence. Safeguard – No legal services to be offered to client or defence in dispute material to the financial statements. Corporate Financial Services May be seen to be less than independent if advising on such matters Safeguard – Don’t negotiate on clients behalf with the bank or advise on debt restructuring. 4. Intimidation Here the auditor can't act independently as she is scared due to intimidatory threats such as the threat to take away the work unless they do as the client wishes. i.e. that the auditor feels unable to give an independent opinion for fear of losing the client or upsetting someone. 5. Familiarity Here the auditor and client have a too close relationship, for example due to a long association over many years in carrying out the annual audit. 47 aCOWtancy.com Participation in Client Affairs The auditor may be too familiar with the client and be unwilling to upset them. Safeguard – Auditor cannot be a director, employee or business partner of client. Cannot be part of team if have been one of these in the last 2 years. Family/Personal Relationship An auditor may be unwilling to criticise or upset a family member if they work for the client. Safeguard – No member of the audit team may have a family member or close personal relation in the client firm. Audit Partners joining client If a partner joins the client firm this may affect the judgement of the auditors involved. Safeguard – All links to audit firm severed. Removed from audit team as soon as appointment made. If made director or key management and has worked for auditor in previous two years the audit firm must resign. (Can be reappointed after 2 yr period is up). Acting as Auditor for prolonged period If a partner has acted as auditor for a client for too long a period, they may become complacent or over familiar with them. Safeguard - If client is listed company engagement partners should act for maximum of 5 yrs with 5 yr break in between rotations. A Key audit partner must have a break of 2 yrs after a period of 7 yrs and senior staff on listed audits should also not act for more than 7 yrs. For non-listed clients it is advised that partners act for no longer than 10 years 48 aCOWtancy.com Consider the following: Could the value affect objectivity? Was the hospitality when the auditors should have been working? Were remaining members of the team properly supervised? Ensure the member checked with more senior people in the firm to check if it was allowed - otherwise it is a disciplinary offence also. Actual and threatened litigation If actual litigation then resign from the engagement. 49 aCOWtancy.com Syllabus A4c) Discuss the safeguards to offset the threats to the fundamental principles. Safeguards Safeguarding independence is the responsibility of the audit firm & the profession Audit Firm Level A culture of independence should be created, this means a rotation of the engagement partner and senior staff. In addition, an audit firm should have the following procedures in place: Training To an appropriate level for the role Quality control procedures This ensures that independence is considered in all work performed by the audit firm. Consultation So issues can be discussed internally and procedures are laid out to facilitate this Ethical Codes of conduct Internal Controls 50 aCOWtancy.com The Profession The profession should take disciplinary action as appropriate. The profession regularly suggest new practices and procedures designed to improve auditor independence. So things that the profession do to help safeguard against ethical threats are: 1. Regular rotation of auditors made compulsory 2. Using audit committees 3. ACCA Exams and CPD :) 4. Corporate Governance and of course auditing standards The Individual An individual auditor can limit ethical threats by.. Complying with CPD regulations - and staying up to date Keeping in contact with fellow professionals To informally discuss issues and problems Independent Mentor used to discuss individual threats 51 aCOWtancy.com Syllabus A4d) Describe the auditor’s responsibility with regard to auditor independence, conflicts of interest and confidentiality. Independence & Confidentiality Dealing with Threats The way in which an audit firm should deal with potential threats to independence is to have in place procedures to: 1. Identify any potential threats 2. Evaluate what level of risk they pose 3. Check that necessary safeguards are in place 4. Correct any problems if necessary The audit firm should have a checklist to ensure that they meet with the standards required on Independence. The checklist will be completed when a new client is taken on, as well as at the planning stage of each audit, at completion and when any other services are provided to the client. Confidentiality Information should only be disclosed by auditors: If the client has given their consent Under a legal obligation e.g. money laundering, terrorism, drug trafficking If required by regulatory body e.g. FSA 52 aCOWtancy.com Under a court order If in the public interest e.g. environmental pollution If one of these categories is not applicable, then the auditor is under no obligation to disclose information and in fact may be in breach of the ACCA code of conduct for doing so. 53 aCOWtancy.com Syllabus B: PLANNING AND RISK ASSESSMENT Syllabus B1: Obtaining and accepting audit engagements Syllabus B1a) Discuss the requirements of professional ethics and ISAs in relation to the acceptance / continuance of audit engagements Professional ethics and the new audit engagements Auditors may advertise their services. However, adverts should not bring the ACCA into disrepute, discredit the services of others, be misleading, or fall short of regulatory or legislative requirements. An auditor is required under ISA 315 to gain an understanding of their client. Auditors should screen clients to ensure they are not high risk. Questions to ask will be: 1) Is the client involved in any fraudulent/illegal activities? What is the nature of the industry in which they are involved – is it depressed? Has the client had a history of changing auditor regularly or had qualified audit reports in the past? Do client directors understand their role and are they able to carry it out? 2) Are management trustworthy? The risk to the auditor is ‘reputation risk’ i.e. that they will be associated with a poorly regarded client. 54 aCOWtancy.com Syllabus B1b) Explain the preconditions for an audit Preconditions for an audit Auditors should only accept a new audit engagement when it has been confirmed that the preconditions for an audit are present.. Is the FR framework acceptable? Consider the entity & the purpose of the FS Perhaps, also, laws say which FR framework should be used Do Management accept their responsibilities? For preparing FS For internal controls For giving the auditor all relevant information they request If the preconditions for an audit are not present.. The auditor shall not accept the proposed audit engagement 55 aCOWtancy.com Syllabus B1c) Explain the process by which an auditor obtains an audit engagement Accepting a new engagement Auditors should screen clients to ensure they are not high risk The risk to the auditor is ‘reputation risk’ i.e. that they will be associated with a poorly regarded client. An auditor is required under ISA 315 to gain an understanding of their client. Questions to ask will be: 1. Is the client involved in any fraudulent/illegal activities? 2. What is the nature of the industry in which they are involved – is it depressed? 3. Has the client had a history of changing auditor regularly or had qualified audit reports in the past? 4. Do client directors understand their role and are they able to carry it out? 5. Are management trustworthy? Other Areas to help gain an understanding are: The market and its competition Legislation and regulation Regulatory framework Ownership of the entity Nature of products/services and markets Location of production facilities and factories Key customers and suppliers Capital investment activities Accounting policies and industry specific guidance Financing structure Significant changes in the entity on prior year 56 aCOWtancy.com New engagement process The following procedures should be undertaken if an auditor is offered an audit role: 1. The client should be asked for permission to contact the outgoing auditor. (If not given– refuse the position) 2. Contact the outgoing auditor to ask if there is any professional reason not to take the role. 3. Ensure process of appointment and resignation of previous auditor was carried out correctly. 4. Ensure there are no independence issues. 5. Ensure that the audit firm is properly qualified to act for the client (Legality / Ethics). 6. Undertake risk assessment of the firm. 7. Ensure that the audit firm has adequate resources to conduct the audit. 8. Consider size of client, business area etc and how this will affect the audit. 9. What level of fees will be provided – is it worth it? Does it make up more fees % than allowed? Tendering for audit work Things to consider... 1. Fee A fee will be quoted for a piece of audit work before it is carried out under a tendering process The auditor must not lowball as we have seen above, nor may they make unrealistic claims or promises to win the contract 2. Get Information 57 aCOWtancy.com The potential client will inform the auditor of what is expected, the timetable, future plans of the company and any problems with current auditor 3. Proposal The auditor may then draw up a proposal containing: Proposed audit fee Nature, purpose and legal requirements of an audit. Assessment of the requirements of the client. How audit firm proposes to satisfy requirements Any assumptions made. Proposed audit methodology. Outline of audit firm and personnel Ability of firm to perform the audit Pre-conditions Is the Financial framework used acceptable? (Consider the type of business and relevant laws and the uses of the financial statements) Client Decision The client will decide on the basis of clarity, relevance, professionalism, reputation, timeliness of delivery and originality which firm will conduct the audit 58 aCOWtancy.com Syllabus B1d) Justify the importance of engagement letters and their contents Engagement letter An engagement letter is a letter from the auditor to the client indicating various matters concerning the engagement The engagement letter is sent before the audit to the client confirming their acceptance of the audit Contents ISA 210 Terms of Engagement gives guidance as to their content, but as a rule most will include: The Objective of the audit Managements’ responsibility for the Financial Statements. The scope of the audit including reference to legislation and professional standards. The form of report to be used Use of the work of internal audit Reference to inherent limitations of an audit Access to information to be allowed Deadlines and confidentiality Expectations of management representations Fees Complaints procedures 59 aCOWtancy.com 60 aCOWtancy.com Syllabus B1e) Explain the overall objectives and importance of quality control procedures in conducting an audit Principles & Purpose Firms need to be sure that the audits they perform meet quality standards This is to decrease the risks of: Litigation against us for professional litigation Incorrect Audit opinion and hence an increased investor confidence in the financial statements There are 2 standards on Quality Control 1. At the FIRM level International Standard on Quality Control 1 (ISQC 1) – Quality Control for firms that perform audits and reviews 2. At the individual AUDIT level ISA 220 – Quality Control for audits of historical financial information ISQC 1 (firm level) ISQC 1 identifies six building blocks of a firm’s system of quality control: 1. Ethics 2. Client Relationships 3. Leadership 4. Human Resources 5. Engagement Performance 6. Monitoring 61 aCOWtancy.com We will look at the above in more detail in the next section. See you there, hotpants…. 62 aCOWtancy.com Syllabus B1f) Explain the quality control procedures that should be in place over engagement performance, monitoring quality and compliance with ethical requirements Definitions for Quality Control Learn the meaning of the following terms: 1. Engagement partner The partner responsible for the audit engagement, performance and report Also she has the appropriate authority from a professional, legal or regulatory body 2. Engagement Quality Control Review Provides an objective evaluation, before signing the report, of any significant judgments & conclusions It is for listed entity audits and any where the firm thinks such a review is required 3. Engagement Quality Control Reviewer Someone not part of the engagement team, with experience and authority to objectively evaluate the significant judgments & conclusions 4. Engagement team All partners and staff performing the engagement, plus anyone engaged by to do audit work This excludes external experts 63 aCOWtancy.com 5. Firm A sole practitioner, partnership or corporation of professional accountants 6. Inspection These provide evidence of compliance with the firm’s quality control policies 7. Listed entity An entity whose shares (or debt) are quoted on a stock exchange 8. Monitoring An ongoing evaluation of the firm’s quality control It includes periodic inspections of a selection of completed engagements 64 aCOWtancy.com Elements of a QC system This follows on from the previous section Firm Level Quality Control The objective of the firm is to establish and maintain a system of quality control to provide it with reasonable assurance that: (a) The firm and its personnel comply with professional standards and applicable legal and regulatory requirements; and (b) Reports issued by the firm or engagement partners are appropriate in the circumstances 1. Leadership An internal culture focused on quality is key This means training, appraisal & mission statements. Commercial considerations never override quality Pay & Benefits must reflect commitment to quality. Resources must be available to support quality 2. Human Resources All staff to have the capabilities & competence to ensure quality. Appraisals and development regularly 65 aCOWtancy.com 3. Engagement Issues - Planning Discuss known risks with the client and document Staff suitably qualified and experienced, have knowledge of the client Contentious areas must be consulted on in a cost effective way A timetable for suitable reviews Ensure independence and any issues addressed Time pressure All audits should be planned to ensure that adequate time can be spent to obtain sufficient appropriate audit evidence to support the audit opinion. 4. Engagement Issues - Supervision Staff supervised and assessed to control the work flow. Any problems tackled immediately and consultation on any deviations from the original plan. 5. Engagement Issues - Review Review has the purpose of identifying previously unrecognised problems and examining them along with the rest of the work carried out. Is the amount of evidence gathered sufficient or is further work required? Quality control can be achieved during the review stage by: 1) Learn lessons from mistakes made 2) Appraisal staff immediately after assignments to praise &/or constructively criticise 6. Monitoring Ensure new developments in standards and regulations are implemented Ensure CPD is kept up to date. Any breaches to monitoring system dealt with 66 aCOWtancy.com 7. Ethical Requirements Have procedures to comply with ethical requirements eg. independence Emphasise through leadership, education/training, monitoring and dealing with noncompliance Have procedures to identify independence threats eg. prompt notification by employees Ensure that firm is notified of breaches of ethical requirements promptly Types Of Review Hot Reviews A ‘hot’ review is carried out before the audit report is signed. Performed by a suitably independent reviewer such as a senior manager (not part of the management team). Listed company engagements must have a hot review as well as those of public interest or with significant risks. It reviews the quality of the judgements made such as: Is the firm independent? Are risk assessment judgements justified? Use of work outside the audit team. Have misstatements been correctly dealt with? Do working papers support the conclusions reached? Is the final engagement report justified in the circumstances? Cold Reviews 67 A ‘cold’ review is a review carried out after the audit report is signed. It will be designed to identify problems in procedures and poor practice. The cold review should make recommendations for improvements. aCOWtancy.com Engagement Performance Direction, Supervision and Performance Directing the engagement team means telling them about: 1. Their ethical responsibilities Their need to plan and perform an audit with professional skepticism 2. The objectives of the work to be performed 3. The nature of the entity’s business 4. Risk-related issues 5. Problems that may arise 6. The detailed approach to the performance of the engagement Supervision includes: Seeing if the team has enough time and competence to do their job Also whether they understand their instructions Addressing significant matters arising during the audit and modifying the plan appropriately Identifying matters for consultation with experienced engagement team members Reviews include: Ensuring that work of less experienced team members is reviewed by more experienced ones Ensuring that significant matters have been raised for further consideration Appropriate consultations have happened The work performed supports the conclusions reached and is appropriately documented The Engagement Partner’s Review of Work Performed This involves timely reviews of the following: 1. Critical areas of judgment 2. Significant risks 68 aCOWtancy.com Engagement Quality Control Review Note the following: It helps to see if sufficient appropriate evidence has been obtained It is done throughout the audit so significant matters are promptly resolved before the date of the auditor’s report. Documentation of the review may be completed after the auditor’s report (as part of the assembly of the final audit file) The extent of the review depends on: 1) The complexity of the audit 2) If the entity is listed and 3) The risk of an inappropriate auditor’s report Assigning the Audit Team You need to consider the team's competence and capabilities This means looking at their: 1. Understanding of, and experience with, similar audits 2. Understanding of professional standards and regulations 3. IT expertise and any specialist accounting / auditing 4. Knowledge of the client's industry 5. Ability to apply professional judgment 6. Understanding of the firm’s quality control policies 69 aCOWtancy.com Individual level of Quality Control Individual Level Quality Control ISA 220 Quality Control for Audits of Historical Financial Information specifies the following quality control procedures that should be applied by the engagement team in individual audit assignments. Client acceptance procedures There should be full documentation, and conclusion on, ethical and client acceptance issues in each audit assignment. The engagement partner should consider whether members of the audit team have complied with ethical requirements, for example, whether all members of the team are independent of the client. Additionally, the engagement partner should conclude whether all acceptance procedures have been followed, for example, that the audit firm has considered the integrity of the principal owners and key management of the client. Other procedures on client acceptance should include: 1. Obtaining professional clearance from previous auditors 2. Consideration of any conflict of interest 3. Money laundering (client identification) procedures. Establish the identity of the entity and its business activity e.g. by obtaining a certificate of incorporation If the client is an individual, obtain official documentation including a name and address, e.g. by looking at photographic identification such as passports and driving licences Consider whether the commercial activity makes business sense (i.e. it is not just a ‘front’ for illegal activities) 70 aCOWtancy.com Obtain evidence of the company’s registered address e.g. by obtaining headed letter paper Establish the current list of principal shareholders and directors. Engagement team Procedures should be followed to ensure that the engagement team collectively has the skills, competence and time to perform the audit engagement. The engagement partner should assess that the audit team, for example: 1. Has the appropriate level of technical knowledge 2. Has experience of audit engagements of a similar nature and complexity 3. Has the ability to apply professional judgement 4. Understands professional standards, and regulatory and legal requirements. Direction The engagement team should be directed by the engagement partner. The planning meeting should be led by the partner and should include all people involved with the audit. There should be a discussion of the key issues identified at the planning stage. Procedures such as an engagement planning meeting should be undertaken to ensure that the team understands: 1. Their responsibilities 2. The objectives of the work they are to perform 3. The nature of the client’s business 4. Risk related issues 5. How to deal with any problems that may arise; and 71 aCOWtancy.com Supervision Supervision should be continuous during the engagement. Any problems that arise during the audit should be rectified as soon as possible. Attention should be focused on ensuring that members of the audit team are carrying out their work in accordance with the planned approach to the engagement. Significant matters should be brought to the attention of senior members of the audit team. Review The review process is one of the key quality control procedures. All work performed must be reviewed by a more senior member of the audit team. Reviewers should consider for example whether: 1. Work has been performed in accordance with professional standards 2. The objectives of the procedures performed have been achieved 3. Work supports conclusions drawn and is appropriately documented. Consultation Finally the engagement partner should arrange consultation on difficult or contentious matters. This is a procedure whereby the matter is discussed with a professional outside the engagement team, and sometimes outside the audit firm. Consultations must be documented to show: 1. The issue on which the consultation was sought; and 2. The results of the consultation. 72 aCOWtancy.com Syllabus B2: Objective and general principles Syllabus B2a) Identify the overall objectives of the auditor and the need to conduct an audit in accordance with ISAs. Auditor Objectives ISA 200 says “to obtain reasonable assurance, the auditor shall obtain sufficient appropriate evidence to reduce audit risk to an acceptably low level” ISA 315 extends this “to identify and assess the risk of material misstatement...designing and implementing responses to the assessed risks of misstatement” Misstatement ISA 450 Evaluation of Misstatements Identified During the Audit states that this occurs when something in the accounts is not in accordance with the applicable financial reporting framework They can arise from error or fraud There are 3 categories... Factual Misstatements Those where there is no doubt Judgmental misstatements Those where the managements judgements on estimates not considered reasonable or the policies are inappropriate Projected misstatements 73 aCOWtancy.com These come from extrapolating misstatements in samples across a population Uncorrected Misstatements Misstatements that the auditor has accumulated during the audit and that have not been corrected. The auditor has a responsibility to accumulate misstatements which arise over the course of the audit unless they are very small amounts. Identified misstatements should be considered during the course of the audit to assess whether the audit strategy and plan should be revised 74 aCOWtancy.com Syllabus B2b) Explain the need to plan and perform audits with an attitude of professional scepticism, and to exercise professional judgment. Professional Scepticism and Judgement When planning and performing an audit, the auditor should adopt an attitude of professional scepticism It is “An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence” In other words, they must not simply believe everything management tells them The exercise of professional judgement in planning and performing an audit The auditor will need to exercise professional judgement on both the quantity and the quality of evidence. So he has to judge.. 1. When is there sufficient evidence? 2. What is the quality of this evidence 3. Is it consistent with what is known from elsewhere? 4. Are assumptions reasonable? The auditor needs to not only see a record of what the assumptions are, but also challenge them and understand how they affect the conclusions the client has come to. Factors to help with the judgement are... 75 aCOWtancy.com The seriousness of the risk The materiality of the item The strength of internal controls The sampling method used (see later) 76 aCOWtancy.com Syllabus B3: Assessing audit risks Syllabus B3a) Explain the components of audit risk. Components of Audit Risk Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated Stated another way, this is the risk that there is a material misstatement in the financial statements, but the auditor misses it and says that they present a true and fair view. Formula for audit risk is: Inherent Risk x Control Risk x Detection Risk Inherent Risk This will be considered at the planning meeting as it depends on the auditors’ knowledge of the business Examples are... A cash based business This is often a problem as there must be very strong controls in place if a business is a cash based one. The auditor may feel that there are insufficient controls in place to mitigate this risk which may lead to limitation of scope. 77 aCOWtancy.com Fast moving Industry In fast moving industries such as IT or fashion there may be a risk that the inventory held by the business becomes obsolete. The auditor may take expert advice on the valuation of inventory, or they may review post year-end sales to ensure the goods are sold for more than they are valued at in the financial statements. Control Risk This is the risk of material misstatement due to inadequate internal controls within the business. The auditor will make a judgement as to the suitability and strength of internal controls – we will examine how this is done at a later stage. Examples are... No segregation of duties Segregation of duties is where different tasks in a process are performed by different people e.g. an invoice is raised by one person and the cheque is written by another and authorise by someone else. If this control is weak or not in place, the auditor may have to increase the sample size to ensure the financial statements present a true and fair view. 78 aCOWtancy.com No controls over access to assets If employees have unfettered access to the assets of the business with no restrictions, this will increase the risk of theft or damage to those assets If the auditor finds this to be the case, more physical checks of the existence and condition of assets will have to be carried out. No controls over access to IT If a business does not use passwords and other protection to protect its’ computer systems this can lead to data loss or manipulation without authorisation. If these controls are not in place the auditor will have to understand the system to assess the ease of which it can be manipulated and check for anomalous trends using analytical review. 79 aCOWtancy.com Detection Risk This is the risk that the work carried out by the auditor does not uncover a material misstatement that exists. Detection risk can be split into sampling & non-sampling risk Non-sampling risks The auditor did not sufficiently investigate a significant balance The procedures used may have been inappropriate or misinterpreted Sampling risk ‘arises from the possibility that the auditor’s conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure’. This is another way of saying that the sample selected by the auditor was not representative of the data. Detection risk may be increased by things such as inexperienced audit staff or tight deadlines to complete the audit. 80 aCOWtancy.com Syllabus B3b) Describe the audit risks in the financial statements and explain the auditor’s response to each risk. Affecting Audit Risk This element of the syllabus can ONLY be learnt by attempting past paper questions The idea is that the examiner will give you a scenario - where there’s a risk that the FS may be materially misstated What you have to do is explain what that risk is (e.g. Risk stock is overvalued because it is getting old) and then say what you would do as an auditor (to see if it is actually overvalued - look at post year end sale prices of the stock) The key is practice these AUDIT RISK questions - they're in virtually every past paper An example question requirement relating to audit risks is as follows: Describe the audit risks and explain the auditor’s response to each risk in planning the audit of XYZ Co. Previously examined risk questions have carried a mark allocation of 10 marks. However, a significant majority of candidates have not passed this part of the question. Common mistakes made include: 1. Providing definitions of the audit risk model, even though this was not part of the question requirement 2. A lack of understanding of what audit risk is and providing business risks instead 3. Not providing an adequate response to the risk. This needs to be from the perspective of the auditor and not from management’s perspective 4. A limited range of risks identified, often just focusing on one area such as going concern. Audit risk questions require candidates to identify risks of material misstatements, which include inherent and control risks as well as detection risks. 81 aCOWtancy.com In many sessions a number of candidates have wasted valuable time by describing the audit risk model along with definitions of audit risk, inherent risk, control and detection risk. Unless the question requirement specifically asks for the ‘components of audit risk’ or ‘a description of the audit risk model’, candidates should not provide definitions of audit risk, inherent risk, control risk or detection risk as no marks are available. AUDIT RISK VERSUS BUSINESS RISK The main area where candidates continue to lose marks is that they do not actually understand what audit risk relates to. Hence, they frequently provide answers that consider the risks the business would face or ‘business risks’, which are outside the scope of the syllabus. There are no marks available for business risks. Risks must be related to the risk arising in the audit of the financial statements and should include the financial statement assertion impacted. Therefore, audit risks should be related back to relevant assertions… Assertions about classes of transactions and events for the period under audit – occurrence completeness, accuracy, cut off and classification. Assertions about account balances at the period end – existence, rights and obligations completeness, and valuation and allocation. Assertions about presentation and disclosure – occurrence and rights and obligations, completeness, classification and understandability, and accuracy and valuation. In addition, a risk can relate to a practical problem the audit team may face, such as attendance at inventory counts where the company has multiple sites holding simultaneous inventory counts, or if the company has had significant changes in their finance department and so the risk of fraud and error has increased. The common mistake is for candidates to identify a relevant issue from the scenario and then consider the risk to the company rather than to the auditor, linking into the related assertion. Therefore, using Question 3b from the June 2011 exam: ‘The travel agents are given a 90day credit period to pay Donald Co; however, due to difficult trading conditions, a number of the receivables are struggling to pay.’ 82 aCOWtancy.com The audit risk related to this point is that if receivables are struggling to pay, then they may be overstated and, hence, valuation of receivables is the relevant risk. The business faces the risk of slow cash flows and so there is a business risk related to the liquidity of Donald Co. While going concern is an audit risk, the above point from the scenario is not sufficient on its own to indicate going concern risk. In addition, Question 1a from the June 2010 exam told candidates: ‘Purchase orders for overseas paint are made six months in advance and goods can be in transit for up to two months.’ The explanation of the audit risk would be to ascertain that the cut-off of inventory is appropriate at the year end. However, many candidates explained that the company may encounter problems with stock-outs of goods, which is focused more on operational business risk rather than on the risks to the financial statements. Other examples of audit risks include: Treatment of capital and revenue expenditure – the risk here could relate to existence of property plant and equipment if revenue expenditure has been capitalised rather than charged as an expense in the income statement Valuation of inventory – when, for example, there are considerable levels of aged inventory Completeness of liabilities – this could arise if provisions have been incorrectly treated as contingent liabilities Completeness of revenue – this could be relevant where the entity being audited has significant cash sales. RESPONSES TO AUDIT RISKS Having identified the audit risk candidates are often required to identify the relevant response to these risks. A common mistake made by candidates is to provide a response that management would adopt rather than the auditor. 83 aCOWtancy.com From Question 3b June 2011, in relation to the risk of valuation of receivables, as Donald Co had a number of receivables who were struggling to pay, many candidates suggested that management needed to chase these outstanding customers. This is not a response that the auditor would adopt, as they would be focused on testing valuation through after date cash receipts or reviewing the aged receivables ledger. Auditor’s responses should focus on how the team will obtain evidence to reduce the risks identified to an acceptable level. Their objective is confirming whether the financial statement assertions have been adhered to, and whether the financial statements are true and fair. Responses are not as detailed as audit procedures; instead they relate to the approach the auditor will adopt to confirm whether the transactions or balances are materially misstated. Therefore, in relation to the risk of going concern, the response is to focus on performing additional going concern procedures, such as reviews of cash flow forecasts. Also, auditor responses should not be too vague such as ‘increase substantive testing’ without making it clear how, or in what area, this would be addressed. In addition, candidates’ must ensure that they do not provide impractical responses. A common example of this is to request directly from the company’s bank as to whether the bank will provide a loan or renew a bank overdraft. The bank is not going to provide this type of information to the auditor, especially if they have not yet informed the company, and therefore this response will not generate any marks. LIMITED RANGE OF RISKS IDENTIFIED In order to score well in risk questions it is advisable to aim to identify a breadth of points from the question scenario. If the question asks for a specific number of audit risks, such as five, then it is not sufficient to identify just one or two risks. In addition, a common mistake is to identify a risk such as going concern and then give this answer over and over again. 84 aCOWtancy.com In Question 3b of the June 2011 exam, there was only a maximum of one mark available for the description of going concern risk. Each scenario will have a variety of audit risks and candidates should, as part of their planning, aim to identify as many as possible. They should then decide which of the identified risks they will explain/describe in their answer. If the question asks for five risks, candidates should aim to identify six or seven points during their initial reading of the question. Candidates should then review their list and pick the five risks and responses that they feel they can expand on the most when writing up their answer. T he auditor cannot affect inherent risk or control risk as these are internal (called Entity Risk) The auditor therefore concentrates on detection risk once they have assessed the control and inherent risk. Consider the elements of Audit risk and how they relate in our formula: Inherent Risk x Control Risk x Detection Risk If Inherent & Control risk are judged to be high, then to minimise overall audit risk, the auditor must attempt to minimise detection risk. The auditor will have to increase the amount of tests or the number of samples to ensure that there is less chance of a material misstatement being overlooked or missed. 85 aCOWtancy.com Syllabus B3c) Define and explain the concepts of materiality and performance materiality. and Syllabus B3d) Explain and calculate materiality levels from financial information. Materiality ISA 320 defines information as material if ‘its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.’ Material items could be large transactions or significant events. Materiality is important to the auditor because if a material item is incorrect, the financial statements will not show a ‘true and fair view.’ Materiality Levels 1. The auditor will decide materiality levels and design their audit procedures to ensure that the risk of material misstatements is reduced to an acceptable level. Generally, materiality will be set with reference to the financial statements such as: 0.5 – 1% of turnover 5 – 10% of profits reported 1 – 2 % of gross assets Judgement will be used by the auditor in charge and will depend on the type of business and the risks it faces. 86 aCOWtancy.com 2. Considerations Quantity The relative size of the item Quality This might be something that's low in value but could still affect users' decisions e.g.. Directors wages Tolerable Error This is when the auditor accepts the error For example finding one error out of 100 tested, might be ignored The tolerable level will be decided at planning stage Performance Materiality This is lower than normal materiality The idea is that this will try to prevent all those small, undetected errors do not aggregate to become material There are now 2 standards to consider.. 1. ISA 320 Audit Materiality 2. ISA 450 Evaluation of Misstatements Identified During the Audit As we know, materiality is calculated at the planning stage But it might not stay at that amount - oh no baby Things happen that make the auditor change the level Such things are often immaterial in quantity but material by their nature 87 aCOWtancy.com Example The company you are auditing makes a $5,000 profit. The materiality is set at $10,000 You notice that an invoice for $6,000 has been incorrectly placed into next year. This would be material as it changes the look of the whole accounts (changing a profit into loss) The new standard recognises that there could well be instances where certain classes of transactions, account balances or disclosures might be affected by misstatements which are less than the materiality level for the financial statements as a whole, but which may well influence the decisions of the user of those financial statements regardless of the fact they are below materiality – this is where performance materiality is to be applied. Specifically, the clarified ISA 320 suggests performance materiality be applied to areas such as related party transactions and directors’ remuneration. 88 aCOWtancy.com Syllabus B4: Understanding the entity and its environment Syllabus B4a) Explain how auditors obtain an initial understanding of the entity, its environment and the applicable financial reporting framework. How to get Initial Understanding Firstly the auditor needs to understand the entity’s environment, this will require the auditor to assess: Industry conditions Principle business strategies Competitors Laws and regulations Technology Stakeholders Financing Acquisitions and disposals Related parties Competence of management Accounting policies From a number of sources.. 1. Internal to the audit firm such as last years’ file. 2. External sources such as credit reference agencies. 3. Information provided by the client. 4. The auditor’s personal experience and knowledge ISA 315 requires a planning meeting where ‘the members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements.’ The minutes of this meeting should be documented as evidence of its occurrence. Analytical procedures should be undertaken at this stage to establish an understanding of the financial statements and draw attention to anomalies. 89 aCOWtancy.com Risk Assessment Procedures Risk assessment procedures assess the risk that material misstatement exists This involves recognising the nature of the company and management, interviewing employees, performing analytical procedures, observing employees at work, and inspecting company records. After you run through all applicable risk-assessment procedures, you use the results to figure out how high the chance is that your client has material financial-statement mistakes. Not every mistake is important. Let's look at these in more detail now.. The nature of the company Here are some crucial questions to ask the client during your risk assessment procedures.. What’s the company’s market overview? For example, if the client is a bank, in how many countries does it operate? Who (if anyone) regulates the client? Many businesses don’t have an outside regulatory agency, but any publicly traded company will have stock exchange rules to follow What’s the company’s business strategy? Most business strategies are to maximise shareholder value by increasing profitability and serving the community in which they’re located. The answer may lead you to more probing follow-up questions. 90 aCOWtancy.com The quality of company management Look for things like.. Do they enforce procedures - check their attitude in interviews Is there high employment turnover Are the top management experienced Any accounting adjustments needed in prior years Ask Employees for information Talk with individuals holding different levels of authority, from low-level clerks all the way up to the board of directors. 91 aCOWtancy.com Syllabus B4b) Describe and explain the nature, and purpose of, analytical procedures in planning. Analytical Procedures in Planning Analytical procedures consist of ‘evaluations of financial information through analysis of plausible relationships among both financial and non-financial data’ Analytical procedures are compulsory at two stages of the audit under ISA 520 namely the planning stage and the review stage. Analytical procedures use calculations such as financial ratios to generate an expectation of what a figure is likely to be and then comparing this to the actual figure in the accounts. They can be used to highlight unusual figures in order to focus the audit on them or to establish that a trend has continued. At the planning stage they help you understand the business and its environment Because you compare figures to the industry and to previous years Any items which go against the expected relationships help you assess the risk of material misstatement 92 aCOWtancy.com How to perform Analytical Procedures A step by step guide 1. Predict a figure, based on a relationship Eg. This could be gross profit as a % of revenue (based on previous years and industry averages) 2. Define what a significant difference is We call this the threshold below which we see any difference as just a tolerable ‘error’ 3. Calculate the procedure and the difference to the prediction in step 1 4. Investigate the difference Differences indicate an increased likelihood of misstatements If caused by factors previously overlooked, look at what impact this would have on the original expectations as if this data had been considered in the first place, and to understand any accounting or auditing ramifications of the new data Types of analytical procedures Trend analysis The analysis of changes in an account over time Ratio analysis The comparison of relationships using financial and non- financial data Reasonableness testing Comparing expectations based on financial data, non-financial data, or both to actual results 93 aCOWtancy.com Limitations when used for Planning 1. Often budgets and forecasts needed 2. If done before Y/E extrapolations used - these aren't reliable if business is seasonal 3. Many accounting adjustments missed as only done at Y/E 4. Often uses less rigorous management accounts 5. Even more difficult for smaller companies who don't have good management accounts Syllabus B4c) Compute and interpret key ratios used in analytical procedures. The financial ratios used by the auditor will fall into 3 general categories: Profitability/Return Gross Margin Net Margin ROCE Liquidity/Efficiency Receivables/Payables/Inventory Days Current Ratio Quick Ratio Gearing Financial Gearing Operational Gearing 94 aCOWtancy.com ROCE: Profit Before Interest and Tax Total Assets – Current Liabilities (Capital Employed) ROE: Profit after tax – preference dividends Equity shareholders funds Gross Margin Gross profit Revenue Operating Margin Profit before interest and tax Revenue Current Ratio ___Current Assets___ Current Liabilities Quick Ratio Current Assets – Inventories Current Liabilities Inventory Days Closing (or average) Inventory_ x 365 COS Receivable Days 95 aCOWtancy.com Trade Receivables x 365 Credit Sales Payable Days __Trade Payables__ x 365 Credit Purchases1 Gearing _____Debt2______ Debt + Equity3 OR ___Debt___ Equity Interest Cover Profit before Interest and Tax (PBIT) Interest payable 1 Take cost of sales if credit purchases are not given 2 Debt = Loans + Preference Shares Equity = Ordinary share capital + Reserves + Non-controlling interest 96 3 aCOWtancy.com Syllabus B5: Fraud, laws and regulations Syllabus B5a) Discuss the effect of fraud and misstatements on the audit strategy and extent of audit work. In order to detect fraud, the auditor must maintain an attitude of professional scepticism meaning to always be aware of the possibility of fraud, regardless of past experience of the client Once an error (unintentional) or fraud (intentional) has been found by the auditor then the auditor needs to re-assess his original risk assessment of the audit It will make the audit higher risk and hence increase the testing that needs to be done Also it may well make the auditor question further the integrity of the management and the effectiveness of controls All of this will result in: More testing on the areas in which fraud is suspected. perhaps not relying on the representations of management if they are suspected of involvement in fraud. Materiality may be reduced. Evidence provided by the client may not be relied upon. The auditor may have to generate more 3rd party evidence. 97 aCOWtancy.com Reporting fraud and error Fraud and error must be reported to management or the audit committee ASAP What about reporting to shareholders? By including a paragraph in the audit report What if it's in the public interest? Report to a 3rd party (e.g. Regulator) Especially if management involved 98 aCOWtancy.com Syllabus B5b) Discuss the responsibilities of internal and external auditors for the prevention and detection of fraud and error. Management and Auditor Responsibilities Fraud and Error Management Responsibilities Safeguards should be in place to avoid fraud and error through the systems and controls the company operates Internal audit function will be responsible for monitoring and implementation of these Auditor Responsibilities If fraud or error leads to a material misstatement, the auditor is responsible for detecting it. If immaterial, these should be reported to those charged with governance, but there is no responsibility to detect them. The inherent limitations of audit mean that the auditor cannot guarantee that the financial statements are free from fraud and error. The auditor must consider the risk of material misstatement due to fraud and error when planning and performing their audit. If discovered, fraud should be reported to the audit committee (if one exists), or the highest level of management (if not involved in the fraud), or the shareholders if the fraud is by those in senior management. 99 aCOWtancy.com Syllabus B5c) Explain the auditor’s responsibility to consider laws and regulations. Responsibilities of management and auditors Management is responsible for ensuring that the company complies with laws and regulations Auditors are responsible for concluding FS free from misstatements caused by non-compliance with laws and regulations having a general understanding of the legal and regulatory framework within which the company operates applying professional scepticism obtaining a general understanding of applicable laws and regulations understanding how the entity complies with those laws and regulations identifying instances of non-compliance being aware of the impact of breaches of regulations on the assertions Responsibilities of Management (and Those Charged With Governance) 1. Prevention AND detection of fraud and error 2. Strong risk management and internal control 3. A culture of honesty and ethical behaviour 4. Compliance with applicable laws and regulations 5. Monitoring legal requirements 6. Developing, publicising and following a Code of Conduct 7. Training 100 aCOWtancy.com Syllabus B6: Audit planning and documentation Syllabus B6a) Identify and explain the need for and importance of planning an audit. Why Plan an Audit? Plan the audit so that the engagement will be performed in an effective manner Time spent planning the audit to ensure it is carried out efficiently will reduce the time taken and thus the cost. The planning process will also assess and thus reduce risk. The auditor will want to ensure that the correct team is in place to conduct the audit, they are working efficiently and that work is focused on material areas of risk and potential problem areas. Planning Activities Risk Assessment We will look in detail later at risk assessment, but at this point we should be aware that the identification of risk will determine the entire audit process. Audit Strategy 101 aCOWtancy.com The audit strategy sets out the scope, timing and direction of the audit. The Scope: The scope of the audit will be determined by the reporting framework applied as well as any industry specific requirements. If there are any geographical or other factors which may affect the audit, they will be considered here. Timing: The timing of the audit will set out any deadlines applicable and the dates of the interim and final audit visits. The interim audit is conducted before the final audit to evaluate controls and document the systems in place. In addition there may be some substantive tests carried out. The attendance at the stock count will be carried out at this time and perhaps the receivables circularisation. The final audit will involve the bulk of the audit work and it may be possible to concentrate on the statement of financial position figures if sufficient work has been carried out during the interim audit. Direction: The direction of the audit will be determined by the identification of high risk areas and materiality. The strategy decided upon will be tailored to the client and the nature of their business and their structure. The auditor must ensure that the strategy selected is appropriate. 102 aCOWtancy.com Syllabus B6b) Identify and describe the contents of the overall audit strategy and audit plan. Contents of the Plan There are several stages in the planning process: As follows Ensure understanding of the business Undertake analytical review Assess the risks involved with the business Establish materiality levels Establish tolerable error for material errors Decide the audit approach Ensure auditor independence Decide the budget and staff requirements Timetable the audit & set deadlines Permanent file 103 aCOWtancy.com The permanent file kept by the audit firm will bring forward a lot of the knowledge of the business, but this must be kept up to date. Current File The current file contains the evidence and documents relevant to the current year. The planning section of the file will cover all of the areas above, and there will be a completion section which will review the audit. In between there will be a sub-section for each balance sheet item (e.g. Non Current Assets) and for each income statement item (e.g. purchases) with the work done outlined and evidence documented 104 aCOWtancy.com Syllabus B6c) Explain and describe the relationship between the overall audit strategy and the audit plan. Audit Strategy vs Audit Plan Whilst the strate

ACCA AA (F8) Course Notes PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue