Chapter 7: Responsibilities

Question 1

What aspects of business risk are management responsible for?

Answer 1

Management is responsible for managing the business so that its objects are achieved so should:

• assess the business risks facing the company
• devise the necessary strategies to deal with these risks

Question 2

According to the Companies Act 2006, how should directors act?

Answer 2

In a way most likely to promote the success of the company for the benefit of its members as a whole

Question 3

What are directors assigned responsibility for?

Answer 3

• safeguarding the company’s assets
• keeping proper accounting records
• preparing company financial statements and delivering them to Companies House
• ensuring the company complies with applicable laws and regulations

Question 4

According to the Companies Act 2006, what are the responsibilities of the auditor conducting a statutory audit?

Answer 4

• form an independent opinion on the truth and fairness of the financial statements
• confirm that the accounts have been properly prepared in accordance with Companies Act 2006
• state in the audit report whether the information given in the directors’ report is consistent with the annual records

Question 5

How can an auditor achieve their objectives?

Answer 5

• Plan the audit
• Obtain sufficient appropriate audit evidence
• Draw valid conclusions

Question 6

What opinion is the auditor responsible for?

Answer 6

The auditor is responsible for forming an opinion on whether the financial statements are free from material misstatement

Question 7

What should audit procedures be directed towards?

Answer 7

Detecting fraud and error. Fraud may be more difficult to detect than error as it is often accompanied by a deliberate attempt to conceal

Question 8

What does ISA 240 cover? (Two types of fraud)

Answer 8

The ISA identifies two types of misstatement arising from fraud:

• misstatements arising from fraudulent financial reporting
• misstatements arising from the misappropriation of assets

Question 9

What are the responsibilities of an auditor and management under ISA 240?

Answer 9

Management: responsible for preventing and detecting fraud

Auditor: responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error

Question 10

What is professional scepticism?

Answer 10

Professional scepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence

Question 11

What are the typical indicators of fraud according to ISA 240 Appendix 1?

Answer 11

• incentives/pressures
• opportunities
• attitudes/rationalisations

Question 12

When should you report suspected or actual fraud to internal/management?

Answer 12

Report to management. If management suspected of fraud, report to those charged with governance.

Before reporting to management, the auditor should consider whether the fraud constitutes ‘money laundering’, and if so, must avoid tipping off

Question 13

When should you report suspected or actual fraud to shareholders?

Answer 13

Only if the fraud causes a material misstatement or uncertainty in the financial statements

Question 14

When should you report suspected or actual fraud to third parties?

Answer 14

If there is a duty or right to disclose e.g. to a regulator

Question 15

How can and why should an auditor obtain an understanding of the entity and its environment?

Answer 15

The auditor should obtain an understanding of the legal framework within which the company operates as part of the process of understanding the entity and its environment as a material misstatement could be caused by non-compliance with laws and regulations

Question 16

What responsibilities does ISA 250 set out?

Answer 16

ISA 250 covers the auditor’s responsibilities in relation to compliance with laws and regulations

Management: responsible for complying with relevant laws and regulations

Auditor: obtain sufficient appropriate evidence of compliance with laws and regulations generally recognised to have a direct effect on the financial statements

Question 17

What procedures identify misstatement caused by non-compliance with laws and regulation?

Answer 17

Perform a risk assessment, considering:

• relevant laws and regulations
• how the client ensures compliance

Obtain evidence about compliance:

• enquiries of management
• inspect correspondence with regulatory bodies
• obtain written management representations to confirm all known instances of non-compliance have been disclosed

Question 18

When should the auditor discuss suspected non-compliance with management/internal?

Answer 18

If management suspected of involvement in non-compliance, report to those charged with governance

If there is no higher level of management, consider obtaining legal advice

Be aware that if the non-compliance constitutes money laundering, the auditor must avoid tipping off

Question 19

When should the auditor discuss suspected non-compliance with shareholders?

Answer 19

Only if the non-compliance causes a material misstatement or uncertainty in the financial statements

Question 20

When should the auditor discuss suspected non-compliance with third parties?

Answer 20

When there is a duty or right to disclose e.g. to a regulator

Question 21

What should bribery prevention policies focus on?

Answer 21

• top level culture in which bribery is unacceptable
• risk assessment
• due diligence procedures taking a risk-based approach
• communication to staff, including training

The audit firm should also comply with the Act

Question 22

What procedures can the auditor carry out to identify misstatement caused by non-compliance with the Bribery Act?

Answer 22

• assess risk of non-compliance with the Bribery Act
• Exercise professional scepticism
• assess bribery prevention policies of the client

Question 23

Who should the auditor report suspicions of bribery to?

Answer 23

The National Crime Agency (NCA) under the Proceeds of Crime Act 2002

Question 24

What are the provisions of the Sarbox/SOX Act in relation to management?

Answer 24

(Applies to the subsidiaries of US listed companies and their auditors)

Management:

• Chief executive officers and chief finance officers must attest to the veracity of the financial statements
• Greater disclosure of the amendments made to the financial statements during the audit process

Question 25

What are the provisions of the Sarbox/SOX Act in relation to auditors?

Answer 25

- Stricter enforcement of auditor independence rules - Public Company Accounting Oversight Board (PCAOB) can inspect the audit files of US listed companies, including subsidiaries based overseas

Question 26

What is a related party?

Answer 26

A related party is a company or person that might have, or be expected to have, an undue influence on the company being audited e.g. directors and their families, key management, other companies in the same group Related party transactions may not be at arm's length - for example, a director may be in a position to buy a property from the company at less than market value

Question 27

What is the accounting rule and subsequent audit risk of related party transactions?

Answer 27

Accounting rule: related party transactions should be disclosed in the financial statements Audit risk: Non-disclosure would represent a material misstatement

Question 28

What does ISA 550 cover?

Answer 28

The requirements in relation to the audit of related party transactions. Management: responsible for disclosing related party transactions in the financial statements Auditor: responsible for performing audit procedures to identify, assess and respond to the risk of material misstatements arising from failure to correctly disclose related party transactions

Question 29

What procedures should the auditor carry out to identify misstatement caused by non-disclosure of related party transactions?

Answer 29

- Obtain a list of related parties from management - Carry out detailed tests of transactions and balances as usual, looking out for related party transactions - Review minutes of the meetings of shareholders and directors where related party transactions may have been discussed - Review bank confirmation letters for evidence of guarantor relationships - Review investment transactions - Confirm that the correct disclosures have been made in the financial statements - Obtain written management representations confirming that all related party transactions have been disclosed

Question 30

What does money laundering aim to do?

Answer 30

Money laundering aims to disguise the origins of funds from criminal conduct so that they can be used. The definition in the Proceeds of Crime Act 2002 includes using, acquiring, retaining, controlling, concealing, disguising, converting, transferring, and removing from the UK the proceeds of criminal conduct

Question 31

What are some examples of money laundering that feature in the exam?

Answer 31

- Obvious criminal behaviour such as using the proceeds from the sale of illegal drugs - Tax evasion - Saving costs by failing to comply with laws and regulations - Offences committed overseas that are criminal offences in the UK e.g. bribers that would be covered by the Bribery Act 2002

Question 32

What are the responsibilities of an auditor in relation to money laundering?

Answer 32

The auditor should report actual knowledge, or reasonable grounds for suspicion of money laundering, to: - the audit firm's money laundering nominated officer (ISA 250: MLRO) - the money laundering nominated officer with consider whether it is necessary to report the NCA

Question 33

What offences can the auditor commit in relation to money laundering?

Answer 33

- failure to report - failure to provide suitable training for staff - tipping-off the money launderer The most severe penalty is imprisonment for 14 years and the audit team must be alert and cautious if they disclose suspicions with others

Question 34

What must any organisation collecting/holding data do?

Answer 34

Must comply with the principles of the GDPR and the Data Protection Act The Information Commissioner's Office (ICO) must be notified (effective for a year), by organisations processing personal information. The person responsible for informing the ICO is called a data controller. Failure to notify is classed as a criminal offence

Question 35

What is law under both the GDPR and the Data Protection Act?

Answer 35

- Anyone processing personal information has to make sure that it is correctly protected - Individuals can access both a) their personal data, and b) details of how it is processed - Personal data can only be held if a lawful reason exists, or they have chosen to allow the storage of data

Question 36

What are some common expectations of the auditor versus the actual responsibilities of the auditor?

Answer 36

Expectation: Detect all instances of fraud, however small Reality: Identify fraud that has caused a material misstatement in the financial statements Expectation: Test every transaction so that all errors are identified Reality: Carry out audit procedures that provide reasonable assurance that the financial statements are free from material misstatement Expectation: Prevent fraud Reality: Detect material fraud

Question 37

How can auditors narrow the expectations gap?

Answer 37

- Improving the audit report to set out: Responsibilities of directors and auditors Explain how an audit is conducted e.g. test basis, reasonable assurance, material misstatements Further detail provided in the audit reports for listed companies - Including the responsibilities of directors and auditors in the engagement letter - Liaising with audit committees

Question 38

When the auditor is found to be negligent, we say the audit has failed. What can it be due to?

Answer 38

- Failure to assess audit risk - Failure to respond to the assessed audit risk - Failure to recognise or respond to threats to objectivity - Failure to recognise or respond to situations where the auditor is not competent