Course Notes Flashcards
What does any assurance engagement need? (7)
A responsible party
A practitioner
A user of the report
A subject matter
Criteria
Sufficient appropriate evidence to support the conclusion
A written report containing a conclusion
What is an assurance engagement governed by?
The terms of engagement found in the engagement letter.
What are the two types of assurance?
Reasonable assurance engagement
Limited assurance engagement
What type of opinion is a reasonable assurance engagement?
Positive or negative
Positive opinion
The financial statements show a true and fair view in all material respects.
What type of opinion is a limited assurance engagement?
Positive or negative
Negative opinion
Nothing has come to our attention
What type of evidence is sought for a reasonable assurance?
Sufficient and appropriate
What type of evidence is sought for a limited assurance?
Sufficient and appropriate (less intrusive)
Can absolute assurance be provided to any assurance engagement?
No, it cannot be provided due to audit limitations and the nature of the evidence available.
Name the 6 users of an assurance engagement
Shareholders
Directors
Customers/Suppliers
Lenders/Banks
Employees
Society
What benefits would a shareholder get from an assurance engagement?
(3)
[] Enhances the credibility of the information being reported on
Reliable information to hold management to account
Draws the attention of the user to any deficiencies in the information being reported on
What benefits would a director get from an assurance engagement?
(4)
Reduces the risk of management bias and error in the information being reported on
Deter fraud
Enhanced reliability of information for business decisions
The management letter will provide constructive advice regarding internal controls and risk management leading to improvements in organisational efficiency
What benefits would a customer/supplier get from an assurance engagement?
The financial statements could impact decision to trade with the company. An audit may provide them with the confidence to transact with the company
What benefits would a lender/bank get from an assurance engagement?
(2)
They value having the business scrutinised by another set of professional eyes
The added confidence lenders have may mean it is easier for the company to raise finance assisting in negotiations and allowing the bank to appreciate risk better
What benefits would a employees get from an assurance engagement?
(2)
May provide greater confidence over job security
May provide greater confidence over bonuses payable if linked to profits
What benefits would society get from an assurance engagement?
(2)
They ensure that high-quality, reliable information circulates in the market improving the reputation of the company
It provides additional assurance to third parties such as taxation authorities concerning the reliability of the financial statements
What are the overall objectives of the auditor in conducting an audit of financial statements?
To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error
To express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework
What are the criteria to need an audit and how many do you need?
More than 50 employees
Turnover over £10.2 mil
Gross assets over £5.1 mil
Two or more to need an audit
Irrespective of size, how can subsidiaries be exempt from audit?
If the parent company guarantees the liabilities of the subsidiary.
What can cause a company to need an audit even if they do not meet two of the criteria?
The articles of association require one
Shareholders who own 10% or more ask for one
Public companies
The company is involved in insurance or banking
What types of work are performed on an audit engagement?
(8)
Analytical procedures
Enquiry
Inspection
Observation
Recalculation
Re-performance
External confirmation
Written representations
What assurance level is given in an audit?
Reasonable assurance
What assurance level is given in other assurance engagements?
Limited assurance
What does PFI stand for?
Prospective Financial Information
What work would be completed on a PFI assurance engagement?
Assessment of assumptions
Re-computation
Written representations
What work would be completed on an assurance engagement that is not an audit but reviewing past data?
Enquiry
Analytical procedures
Written representations
is it managements responsibility to manage the company? Does the auditor play any part?
Yes it is management’s responsibility.
No the auditor should not do anything to manage the company but should understand the the risks facing the business and understand how this affects their approach to the audit.
Under the Companies Act 2006, what are the responsibilities of the Directors?
(4)
Safeguard the assets
Maintain books and records
Prepare the financial statements
Give the FS to shareholders at AGM
File the financial statements at Companies House
In the Directors’ responsibilities under the
Companies Act 2006, what are the two parts to safeguarding the assets?
– Prevent and detect fraud and error
– Ensure compliance with laws and regulations
In the Directors’ responsibilities under the
Companies Act 2006, what are the four parts to preparing the financial statements?
– Correct basis
– Adequate accounting policies
– Appropriate judgements
– Comply with accounting standards
The responsibility of the external provider of assurance services is determined by:
The requirements of any legislation or regulation under which the engagement is conducted,
The terms of engagement for the assignment, which will specify the services to be provided
Ethical standards
Quality management standards
In the case of an audit of annual accounts under the Companies Act 2006, it is the external auditor’s
responsibility to:
Form an independent opinion on the truth and fairness of the annual accounts
Confirm that the annual accounts have been properly prepared in accordance with the Companies Act 2006
State in their auditor’s report whether in the opinion the information given in the directors’ report is consistent with the annual accounts.
To achieve the objective of an audit the auditor must:
(3)
The audit is planned properly
Sufficient and appropriate audit evidence is gathered
The evidence is properly reviewed and valid conclusions drawn
In accordance with the law and ethical standards the auditor must maintain…
Independence from the client
Does the appointment as an auditor make the auditor responsible for
The design and operation of the accounting systems
No
Does the appointment as an auditor make the auditor responsible for
The maintenance of the accounting records.
No
Does the appointment as an auditor make the auditor responsible for
The preparation of the financial statements.
No the responsibility stays with management
Does the appointment as an auditor make the auditor responsible for
The identification of every error and deficiency in the accounts and the accounting records
No
Does the appointment as an auditor make the auditor responsible for the prevention of fraud in a company
No
Does the appointment as an auditor make the auditor responsible for the detection of immaterial fraud in the company
No but should spot material fraud if the accounts are materially correct.
Does the appointment as an auditor make the auditor responsible for ensuring that the company has complied with relevant laws and regulations
No but if they haven’t the audit should be adjusted accordingly.
CA 2006 grants auditors certain rights to enable them to fulfil their responsibilities.
Name three
[] The right of access at all times to the company’s books and accounts
The right to obtain any information necessary for the audit from any employee of the company
The right to attend any general meeting of the company
Define error
An unintentional misstatement in financial statements, including the omission of an amount or a disclosure.
Define fraud
The intentional act to deceive or obtain an unjust or illegal advantage.
According to ISA 240 (UK) what are the two types of misstatement which can arise from fraud?
Misstatements arising from fraudulent financial reporting
Misstatements arising from misappropriation of assets
Who has the primary responsibility regarding fraud?
Management
What are the auditors responsibilities in relation to fraud?
(3)
The auditor’s responsibility is to:
Obtain reasonable assurance (not complete assurance) that the financial statements are free from material misstatement, whether caused by fraud or error.
Assess the risk of material misstatement
Where fraud or error is discovered - report to the appropriate party
Auditors should also carry out a discussion of the susceptibility of the entity’s financial statements to fraud. This will usually include a consideration of:
The unique position of management to commit fraud
The circumstances that could indicate earnings management
The known internal and external factors that could be an incentive to fraud being carried out
Any unusual or unexplained changes in behaviour/lifestyle of management or employees
Any allegations of fraud that have been made
If the auditors identify misstatements which might indicate that fraud has taken place, they should
consider the implications of this for other aspects of the audit, particularly management representations which may not be trustworthy if fraud is indicated.
Identify characteristics of journals that heighten the risk of fraud (see ISA 240 A43)
Relate to seldom used accounts or suspense accounts
Processed by individuals that do not usually do journals
Unusual in timing
Contain no description or vague references
Are made outside of office hours
Lack commercial rationale
Involve related parties
ISA 240 requires that the auditors to make the appropriate reports if fraud is found or suspected, who must they dislcose to? (3)
Those charged with governance - report to the appropriate level ie audit committee
Shareholders - Where fraud or error causes the financial statements do not give a true and fair view the auditors’ report should be modified
Third parties - The auditor determines the responsibility to report suspicion outside the entity
What are the two categories of laws and regulations that auditors are interested in?
Those with a direct impact on the financial statements, for example, the Companies Act
Those which provide a legal framework within which the company operates
What are the three areas of law that affect all businesses?
Employment law
Social security law
Health and safety law
Who has primary responsibility to ensure compliance
with laws and regulations?
Management
What is the auditor’s responsibility regarding compliance with laws and regulations? (4)
Auditor should:
Make inquiries of management
Inspect correspondence with relevant licensing or regulatory bodies
Obtain written representations that management has disclosed all known instances of actual or possible non-compliance with laws and regulations.
Report issues of non-compliance
Do the auditors have to report non-compliance with laws and regs to those charged with governance?
Any non-compliance with laws and regulations should be reported to the appropriate level ie the Audit Committee
Do the auditors have to report non-compliance with laws and regulations with shareholders?
Only if non-compliance causes the financial statements to not give a true and fair view
Do the auditors have to report non-compliance with laws and regulations with third parties?
The auditor shall determine whether the auditor has a responsibility to report the identified or suspected noncompliance to parties outside the entity.
The Act regards a payment as bribery if
it leads to ‘improper performance’ by another person
What is the legal test of what is and is not a proper payment?
what a reasonable person in the UK would expect of a person performing the relevant function or activity’.
Can Commercial organisations be penalised for
failing to prevent bribery by persons associated
with that organisation, including employees,
agents and subsidiaries?
Yes
The Bribery Act 2010 introduces severe
penalties for individuals and organisations that
engage in bribery. The offences relating to
individuals are:
Offering a bribe
Accepting a bribe
Bribing a foreign public official
What do auditors need to do in relation to bribery as part of an audit?
Auditors will need to analyse the risk to a client of non-compliance and will need to ensure that adequate procedures are in place. Auditors may also have a duty to report suspicions of bribery to the National Crime Agency (NCA) under the Proceeds of Crime Act 2002 (POCA).
As commercial organisations in their own right, audit firms will themselves need to have bribery prevention policies in place. The government suggests that the bribery prevention policies should focus on six principles:
[] Proportionate procedures designed to mitigate risks and prevent unethical conduct
Top-level commitment that creates a culture in which bribery is unacceptable
Risk assessment that is periodic, informed and documented
Due diligence procedures that take a proportionate and risk based approach
Communication (including training) to ensure that bribery prevention is embedded and understood throughout the organisation
Monitoring and review, and making improvements to procedures where necessary
What is the risk with related party transactions?
They may not be the same as in an arm’s length transaction with an independent third party
What is the approach adopted in the financial reporting standards in relation to related parties?
To disclose the relevant amounts and relationships so that the readers of the financial statements can decide for themselves whether such transactions have led to a manipulation of the financial statements.
ISA 550 (UK) Related Parties details the audit work required in respect of related party transactions.
The work can be split into the three main stages of the audit:
The planning stage
The detailed testing stage
The review stage
What does the auditor need to consider with related party transactions at the planning stage?
The auditor needs to consider the risk of there being undisclosed material related party transactions. However materiality here is based on what is material to the transacting parties which may be smaller than the materiality of the company being audited.
ISA 550 sets out specific procedures that should be carried out at the detailed testing stage of an audit in relation to related party transactions. What 4 things are they?
Enquire to the directors of the existence of related parties
Reviewing minutes of board meetings
Reviewing records for large or unusual transactions or balances
Reviewing investments in other companies
What should be done at the reviewing stage of an audit in relation to related party transactions?
Written representations should always be requested from directors, who are in the best position to know the identities of related parties. The auditor then reviews the accounts, together with the audit evidence available, in order to reach a conclusion on the appropriate audit opinion.
What is money laundering?
Money laundering is the using, acquiring, retaining, controlling, concealing, disguising, converting and transferring the proceeds of crime and criminal property.
The purpose of money laundering is to:
Disguise the origins of funds derived from illicit sources, and
Enable illicit funds to be used by those who control them
Criminal property includes
any gain from non-compliance with laws and regulations such as tax evasion, selling illegal substances and even the saved cost of non-compliance with laws and regulations eg health and safety!
What are the firms 4 responsibilities in relation to money laundering?
Appoint a Money Laundering Nominated Officer - responsible for evaluating interal reports and reporting them to the NCA by a SAR.
Client Due Diligence - for new and existing clients
Training - staff on how to recognise and what to do
Record keeping - records kept for 5 years after the engagement has ended
What are the auditors 3 responsibilities in relation to money laundering?
Comply with the Proceeds of Crime Act
Failure to report is an offence, if an accountant has grounds for suspicion (no de-minimis) that money laundering is taking place at a client, that accountant must report it to the MLNO. This overrides the duty of confidentiality.
Avoid tipping off – this is also an offence.
The penalties for non-compliance by accountants are potentially quite severe – for some offences a
jail term of how many years is possible?
14 years
What is the expectations gap?
This so-called ‘gap’ is between the expectations of users of assurance reports, particularly of auditor’s
reports, and the firm’s legal responsibilities.
Various steps have been taken to try to reduce the expectations gap. What are they?
Expanding the auditors report
Adapting the engagement letter to state directors responsibilities
How has the auditors report been expanded to narrow the expectations gap?
Set out responsibilities of auditors and directors
Explain how an audit is conducted:
– On a test basis (which implies sampling)
– By assessing significant estimates and judgements
– So as to give reasonable assurance on the financial statements
– So as to detect material misstatements – in relation to fraud, error or any other irregularity
What is the need for professional standards?
The reliability of the financial statements does not vary from company to company so easy comparisons can be made.
IFAC was set up by the professional bodies representing accountants from…
Around the world
Members of the IFAC from the UK are:
ACCA (Certified accountants)
CIMA (Management accountants)
CIPFA (Public sector accountants)
ICAEW
ICAI (Ireland)
ICAS (Scotland)
ISAs do not override the local regulations governing the audit of financial or other information in a particular country.
True or false
True
In exceptional circumstances, an auditor may judge it necessary to depart from an ISA. Why would they do this?
in order to more effectively achieve the
objective of an audit. When such a situation arises, the auditor
should be prepared to justify the departure.
The FRC was established to promote
good financial reporting in the UK through the setting of accounting standards and review of published financial statements.
In the FRC, the codes and standards committee are responsible for?
actuarial policy,
audit and assurance,
corporate governance, and accounting and reporting policy
In the FRC, the conduct committee are responsible for?
audit quality review,
corporate reporting review,
professional discipline,
professional oversight, and
supervisory inquiries
How does the FRC promote improvements in audit quality?
Issuing audit standards (ISAs) which describe auditor responsibilities and approaches
Issuing ethical standards, which help ensure objectivity
Issuing practice notes such as on professional scepticism
The FRC monitors compliance with ISAs and ES via its Audit Quality Review Team who visits audit firms
The FRC oversees matters of misconduct and has the power to take disciplinary action against auditors and firms
The FRC also oversees the UK Code of Corporate Governance part of which outlines responsibilities of the Audit Committee to oversee the external audit function
Define Professional scepticism
‘An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.’
ISA 200 requires auditors to plan and perform audits with professional scepticism because: (4)
Management may deliberately conceal fraud
Management may be biased in the creation of the financial statements
Evidence may not be reliable
Financial statements contain complex judgemental issues
Professional scepticism ensures: (4)
Sufficient enquiry and challenge to management
The scrutiny of documents and responses for reliability
Contradictory evidence or conditions indicative of fraud followed up
Changes in accounting policies scrutinised
What is big data?
Big data is a broad term for data sets that are large or complex.
What other technological developments may have implications for accounting and auditing:
Robotic Process Automation
AI & Cognitive Computing
Blockchain
What was the kingsman review?
The Kingman review resulted in the wake of some high profile corporate collapses of Carillion and BHS – where some stated that the audit was a colossal waste of time and money
providing only false assurance. The Kingman review was published in December 2018 and recommended the abolition of the FRC replacing it with a new Audit, Reporting and Governance Authority (ARGA)
It is anticipated that the new
ARGA will:
Directly regulate the biggest audit firms
Impose greater sanctions in cases of corporate failure
Require rapid explanations from companies
Publish reports about company’s conduct and management
What was the Competitions and Market
Authority’s review (CMA)
The CMA made some recommendations having reviewed the state of the audit market. The key recommendations were:
Greater oversight of audit committees and the role they play to ensure audit quality
A split between the Big Four’s audit and non-audit businesses to ensure focus on quality
A five-year review of the state of the industry
Mandatory joint audits to increase the ability of smaller firms to compete with the Big-Four
What was the brydon report for?
This report called for urgent reform to rebuild public trust in the audit.
Key recommendations:
Separation of the audit profession from the accounting profession
A redefinition of audit and its purpose
Introduction of the word suspicion into qualities of audit
To increase audit responsibilities beyond the financial statements
[] Greater engagement with shareholders
Change the language of the opinion given
Greater clarity around the role of the audit committee
Improved auditor transparency
Which companies are required to make disclosures related to climate-related issues
The largest ones
What are the 5 ethical principles?
Integrity
Objectivity
Professional competence and due care
Confidentiality
Professional behaviour
Define integrity
A professional accountant should be straight forward and honest.
Define objectivity
A professional accountant should not allow bias, conflict of interest or undue influence of others to provide professional or business judgements
Define professional competence and due care
A professional accountant has a continuing duty to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation, and techniques. A professional accountant should act diligently and in accordance with applicable technical and professional standards when providing professional services
Define confidentiality
A professional accountant should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper and specific authority unless there is a legal or professional right or duty to disclose.
Define professional behaviour
A professional accountant should comply with relevant laws and regulations and should avoid any action that discredits the profession
What are the 6 ethical threats?
Self interest
Self review
Management
Advocacy
Familiarity
Intimidation
What are the general safeguards to threats?
Training
ICAEW offers support
Quality management systems in place
3 examples of quality management systems
Planning, supervision and review procedures
Hot and cold file reviews
Regulatory inspections
What are the overarching principles and supporting ethical provisions?
Integrity
Objectivity
Independence
What is the control environment?
The whole culture and working practices of the firm which should lead to ethical behaviour
Firms should:
Create ethical policies
Monitor compliance
Have reporting systems to ensure breaches are communicated to the engagement partner
Evaluate the implications of identified possible or potential breaches
What does the engagement team do?
It sets out requirements for partners and staff to report:
Family and other personal relationships
Financial interests in an entity audited by the firm
Decisions to join an audited entity
As these might be perceived as casting doubts about the firm’s independence.
What is the role of the ethics partner?
Section 1 requires all firms except the very smallest to appoint an ethics partner, who will be a senior partner with a good deal of authority within the firm, and who will be available for consultation on ethical matters
What is the engagement partners’ role?
Responsible for documenting and reaching a conclusion on the firm’s ethical compliance on a particular audit and communicating on a timely basis any issue that impacts the firms’ objectivity to those charged with governance.
What is the independent partners role?
For listed clients, the firm’s compliance with ethical standards should be reviewed by an independent partner.
What is the other auditors role?
Where other auditors are involved with the engagement, the firm has to be satisfied that they too comply with the ethics rules.
Who cannot have financial interests in a client?
The parties listed below are not allowed to own a direct financial interest or an indirect material financial interest in an audited entity:
The audit firm
Any partner in the audit firm
Any person in a position to influence the conduct and outcome of the engagement (eg, a member of the engagement team)
A person closely associated with any of the above
An audit firm or member of the engagement team (inc immediate family) should not enter into any loan or guarantee arrangement with an audited entity that is not a bank or similar institution.
Describe/explain close business relationships
For audited entities, there should be no close business relationships other than that of the audit engagement except for the purchase of goods on:
In ordinary course of business
On an arms-length basis
Not material to either party
Inconsequential in the view of an objective, reasonable and informed third party
Describe/explain employment with assurance firm from client
Individuals who have been a director or officer of the client, or an employee in a position to exert direct and significant influence over the subject matter information of the assurance engagement in the period under review or the previous two years, should not be assigned to a position in which he or she is able to influence the conduct and outcome of the audit for two years following the date of leaving the audited entity.
Describe/explain employment with assurance client
When a partner leaves the firm and is appointed as a director or to a key management position with an audited entity, having acted as audit engagement or engagement quality reviewer/key partner in relation to that audit at any time in the previous two years:
The firm shall resign as auditors
The auditors shall not reaccept appointment until two years have elapsed since that partner’s involvement in the audit or the former partner leaves the audit client, if earlier.
When any other former member of an engagement team joins an audit client as director/key management within two years of being involved with the audit, the firm shall consider whether the composition of the audit team is appropriate.
The audit firm, a partner or employee of an audit firm shall not perform a role as an officer or member of the board of an audited entity
Describe/explain family and personal relationships
When an immediate family member of a member of the audit team is a director, an officer or an employee of the audited entity in a position to exert direct and significant influence over the subject matter information of the audit engagement, the individual should be removed from the audit team.
Describe long association for listed entities
The following partner rotation rules exist:
Five years – engagement partner for listed clients, can’t be a partner for a further 5 years
Can be extended by 2 years if necessary to safeguard audit quality ie in times of significant change (must be disclosed to shareholders)
Seven years – engagement quality reviewers, key partners involved in the audit and senior
staff for listed clients can’t be a quality reviewer for a further 5 years
An audit tender should be carried out every 10 years and there should be a mandatory rotation of audit firm every 20 years
Describe long association for non-listed entities
Regular rotation is not mandatory, but after ten years the firm must consider if ‘a reasonable and informed 3rd party would question the partners objectivity’ – if so safeguards should be implemented such as involving additional partners and quality reviews.
Can an audit be undertaken on a contingent fee basis?
No
What are the rules around high percentage of fees?
Where total fees for both audit and non-audit services will regularly exceed 15% (10% for a listed entity) the firm must not act as auditor.
Where total fees (audit and non-audit services) from an audited entity are expected to regularly exceed 10% of the annual fee income of the audit firm (5% in the case of a listed company) the audit engagement partners should disclose that fact to the ethics partner and those charged with governance of the audited entity and consider whether appropriate safeguards should be applied to reduce the threat to independence.
Where non audit services are permitted, they are limited to no more than 70% of the audit fee, calculated on a rolling three-year basis.
What is lowballing?
What must still be ensured?
Where the fee quoted is significantly lower than would have been charged by the predecessor firm the engagement partner must be satisfied that:
The appropriate staff and time are spent on the engagement irrespective of the fee
All applicable assurance standards, guidelines and quality management procedures have been complied with
Fee has not been influenced by the provision of non-audit services
What is considered gifts and hospitality?
Unless the value of a gift or hospitality is clearly insignificant, a firm or a member of an engagement team should not accept them. (Reasonable and informed 3rd party test)
Describe evaluation policies within the firm?
There should be a firm’s policy on the extent to which gifts, hospitality etc may be accepted from audited entities.
Audit staff should not be assessed, or have their performance appraisal or their pay related to their ability to cross sell the firm’s products.
For listed clients an external independent quality review (hot review) MUST be undertaken.
The firm should resign as auditor where there is actual or potential litigation between the firm and the audited entity.
What is a PIE?
Public interest entity
Examples of PIE
An issuer whose transferable securities are admitted to trading on a UK regulated market (ie a listed company)
A credit institution (eg a bank)
A person who would be an insurance undertaking
Can you complete audit related services for a PIE?
Yes, other assurance engagements are permitted as they too require the auditor to be objective. The auditor may still need to be mindful of total fees earned and their reliance on the client.
Can internal audit be completed as an additional service for a PIE?
Provision of internal audit is prohibited.
Can valuation and actuarial valuation be completed as an additional service for a PIE?
No - Valuation services are prohibited where they require significant judgement and are material to the financial statements.
Can IT services be provided to a PIE audit client?
The firm should not undertake work on IT systems which would be important to any significant part of the accounting system and production of the financial statements.
Can tax services be provided to a PIE audit client?
No - The firm must not prepare, calculate or provide tax advice including deferred tax.
Can transaction related services be provided to a PIE audit client?
No - Transaction related services are ‘one-off’ engagements such as due diligence work. Such work often involves undertaking a management role and is prohibited for listed companies
Can restructuring services be provided to a PIE audit client?
Limitations on advice relating to an entity in distress.
Can recruitment and renumeration advice services be provided to a PIE audit client?
The firm is prohibited from providing recruitment services of any director or employee where this would mean taking on responsibility for the appointment. The firm shall not provide advice on measurement criteria in relation to any director or employee’s remuneration package
Can accounting and payroll services be provided to a PIE audit client?
Not it is prohibited
Can audit related services be provided to a non-PIE?
Similar considerations apply as PIEs – this decision must be taken in context of the circumstances of the client and the audit firm in the same way.
Can internal audit services be provided to non-PIE audit clients?
Provision of internal audit is prohibited.
Can valuation and actuarial valuation be provided to a non-PIE audit client?
Valuation services are prohibited where they require significant judgement and are material to the financial statements
Can IT services be provided to non-PIE audit clients?
The firm should not undertake work on IT systems which would be important to any significant part of the accounting system and production of the financial statements.
Can tax services be provided to a non-PIE audit client?
The firm must not undertake tax services that would result in the firm advocating for the client
Can transaction related services be provided to a non-PIE client?
Subject to consideration of management role/advocacy.
Can restructuring related services be provided to a non-PIE client?
Subject to consideration of management role/advocacy.
Can recruitment and renumeration advice related services be provided to a non-PIE client?
The firm is prohibited from providing recruitment services of any director or employee where this would mean taking on responsibility for the appointment. The firm shall not provide advice on measurement criteria in relation to any director or employee’s remuneration package.
Can accounting and payroll services be provided to a non-PIE audit client?
Only permitted so far as management role not adopted and services are mechanical/routine
What does the provisions available for small entities mean for fee dependence?
Section 6 exempts the audit firm from the requirement in Section 4 which requires an external independent quality review where fees dependence is between 10% to 15% for small entities.
The reliance should be disclosed to the ethics partner and to those charged with governance of the audited entity.
What does the provisions available for small entities mean for non-audit services?
For small entities the restrictions on the provision of non-audit services are waived, but:
There needs to be ‘informed management’.
The audit firm needs to extend its cycle of cold reviews.
The departure needs to be mentioned in the auditor’s report (ie reference to Section 6)
What does the provisions available for small entities mean for partner joining audit client?
For small entities the provisions concerning partners joining audit clients are waived provided there is no threat to the audit team’s integrity, objectivity and independence and disclosure is made in the auditor’s report.
Define informed management?
The client must have the genuine opportunity to decide between alternative courses of action.
There should be a member of management designated to receive the results of non-audit services and make necessary judgments and decisions.
That member must have the capability to make independent judgments and decisions on the basis of the information provided.
What are the three circumstances where an accountant can disclose confidential information?
Client has given permission
Disclosure is required by law
Disclosure is in the public interest
Two examples of where disclosure is required by law
Reporting directly to regulators for regulatory breaches
The reporting of suspected money laundering to NCA.
What must an auditor do before disclosing information for public interest.
Take legal advice
What should an accountant do if they are approached by an informant?
[]Advise the informant to pass on the information to his employer in accordance with company procedures.
Protect the identity of the informant to the extent that this is possible.
Take care in the way that this information is used, if at all.
What do you do if there is a conflict of interest?
Mitigate them with safegaurds
What safeguards would you use to mitigate a conflict of interest?
Disclosure of the circumstances of the conflict
Obtaining the informed consent of the client to act
The use of confidentiality agreements signed by employees
Establishing information barriers
– Ensuring that there is no overlap between different teams
– Physical separation of teams
– Careful procedures for where information has to be disseminated beyond a barrier and for maintaining proper records where this occurs
Regular review of the application of safeguards by a senior individual not involved with the relevant client engagement
Ceasing to act (Where the conflict cannot be managed)
Why is it important that a good quality audit is carried out?
Protect the reputation of the firm and of the profession
Provides defence in the event of being sued for negligence
It is in public interest (and that of specific users) in order that sound decisions are made
What are the two types of systems to identify audit failure?
Internal and external
What is audit failure?
When a serious distortion in the financial statements is not reflected in the auditor’s report.
Describe internal systems to identify quality failures?
Firm needs quality systems and procedures to ensure that failures simply do not happen.
ISQM 1 raises areas of quality for firms to consider.
Describe external systems to identify quality failures?
Listed company audit files are periodically reviewed by the Audit Inspection Unit part of the FRC Executive Committee.
Regulatory reviews of non-listed audits by ICAEW.
Audit failures may result in disciplinary action being taken against the firm. Can lead to fines or suspension of authorisation to audit.
A firm is required to implement system of quality management (QMS) that gives the firm reasonable assurance that:
The firm and its personnel fulfil professional, legal and regulatory requirements, and
Engagement reports issued are appropriate in the circumstances
Who is responsible and accountable for the QMS of a firm?
CEO or managing partner
What is QMS?
Quality management systems
What is a quality partner?
Someone who may head up a quality team. They are chosen by CEO or managing partner and given time to spend on QMS.
What are the 8 elements that a system of quality management will address
(1) Risk assessment
(2) Governance and leadership
(3) Ethical requirements
(4) Continuance and acceptance
(5) Engagement performance (there is substantial cross over with ISA 220 here – see below)
(6) Resources
(7) Information and communication
(8) Monitoring and remediation process
The engagement partner is responsible for…
managing and achieving quality on an audit engagement, including emphasising firm culture, the responsibility of all for quality, and the importance of good communication.
What are the three relevant ethical requirements in relation to quality at an engagement level?
The engagement partner must know what these are and take responsibility for the team understanding them.
The engagement partner must evaluate threats arising and take appropriate actions.
Prior to signing the auditor’s report, the engagement partner must take responsibility for ensuring that ethical requirements have been fulfilled
The engagement partner is also responsible for client acceptance/continuance. What procedures will they complete before engagement?
Ascertain the level of risk attached to the client.
The auditor will need to assess the integrity of the client. The auditor will not want to be associated with companies with a poor reputation or who have going concern issues.
The test above includes performing an identity check for money laundering purposes.
Ascertain whether the firm has adequate resources to perform the work.
Ascertain whether the firm has the necessary technical competence to perform the work.
Ensure that the firm is independent of the client.
Obtain professional clearance from the outgoing auditors.
Discuss and agree the terms of engagement (in the engagement letter)
What is needed to be considered with engagement resources?
The audit engagement partner shall determine that sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner. This involves considering whether all members of the team (including eg IA offering direct assistance) have the appropriate competence and time available. If not, the audit engagement partner will take appropriate action.
What needs to be considered with direction, supervision and review in regards to quality management?
Direction
The engagement partner controls how the assurance engagement should be conducted
Usually delegated to most senior team member.
Key aspect is engagement planning meetings
Supervision
Partner has overall responsibility for supervising the audit - delegated to senior
Includes tracking progress, monitoring adherence to the audit plan and ensuring matters that arise are addressed appropriately.
Review
Work performed by staff is reviewed by other more senior staff or engagement partner
This includes hot and cold file reviews
What must the engagement partner ensure the team knows before starting engagement?
What work they are supposed to be doing
The nature of the entity’s business
Any risks relevant to the engagement
Problems that might arise during the engagement
The detailed approach to the engagement
The purpose of the review is to consider whether… (7)
The work has been performed in accordance with professional standards and regulatory and legal requirements
Significant matters have been raised for further consideration
Appropriate consultations have taken place and the resulting conclusions have been documented and implemented
The objectives of the engagement procedures have been achieved
The work performed supports the conclusions reached and is appropriately documented
The evidence obtained is sufficient and appropriate to support the report and
There is a need to revise the nature, timing and extent of work performed
Describe a hot file review
A hot review is designed to provide an objective evaluation of the significant judgments made and conclusions reached in formulating an auditor’s report. It can be conducted by an external party but this is rare.
Describe a cold file review
A cold review seeks to provide the firm with reasonable assurance that its system of quality management is operating effectively and are usually conducted by a Quality Partner or a quality team member under the remit of the quality partner.
What does a hot file review involve?
A hot review involves:
Review of financial statements and proposed auditor’s report
Review of judgements and scepticism
Evaluation of conclusions given evidence
obtained
Evaluation of the firm’s independence
Consideration of whether appropriate consultation has been undertaken on contentious matters
What does a cold file review consider and result in?
A cold review is performed on a sample of audit
files. Its purpose to considers compliance with:
Firm’s procedures
ISAs
Ethical Standards
Legislative requirements
UK Audit Regulations
It should result in:
Identifying areas requiring improvement
Taking remedial action/training/discipline
Preventing problems that might damage the firm
When is a hot file review required?
A hot review is mandatory for audits of listed entities and for other audits where the firm has determined them as high risk or as a safeguard where objectivity may appear compromised (ISQM 2)
When is a cold file review required?
Cold file reviews are a mandatory requirement of ISQM 1 (item 8, monitoring and remediation process).
When does a hot file review take palace?
On or before the date of the auditor’s report.
When is a cold file review performed?
A cold review is performed after the date of the auditor’s report.
What is the requirement of documentation for an audit engagement?
audit documentation should contain what would be necessary to provide
an experienced auditor, with no previous connection with the audit, with an understanding of the nature, timing and extent of audit procedures, the results of audit procedures, and the audit evidence obtained, and significant matters arising during the audit and conclusions reached thereon.
Documentation also facilitates review and monitoring and could be used to prove quality and thus defend against a negligence claim.
What needs to be considered in consultation for an audit engagement?
The engagement partner should obtain consultation for technical, difficult or contentious issues, to ensure good quality judgements are made. All consultation issues and results should be documented.
If differences of opinion arise on the audit, the audit engagement partner is responsible for following the firm’s related procedures, taking responsibility for differences of opinion and resolving them, and not sign the auditor’s report until the difference is resolved (probably via consultation).
The audit engagement partner is responsible for addressing issues arising from the monitoring and remediation process as they apply to this audit. This is a continual process (ie if the engagement partner is made aware of a general quality issue by the monitoring team during the audit process, he should ensure it is dealt with on the current audit).
What three things must a claimant prove for negligence?
The auditor owed them a duty of care (automatic for a client due to engagement letter)
That duty of care was breached
As a result of that breach they suffered a loss
What is professional indemnity insurance for?
Means that any settlement will be paid out by the insurance company, but not full protection, lawyer fees and reputational damage could still put an end to the firm.
What is limited liability?
Limits amounts partners are liable to pay
Many have incorporated,
becoming Limited companies or Limited Liability Partnerships (LLPs), which were introduced into UK law in 2001.
What is a limited liability agreement and when is it used?
Some clients which are too risky to take on, leaving companies required to have an audit under the law unable to appoint an auditor.
Companies Act 2006 brought in a provision for auditors to cap their liability to companies in respect of statutory audits.
For such an agreement to be valid it must:
Cover only one financial year
Be approved by a resolution of the company’s shareholders
Must be “fair and reasonable”
What is the bannerman paragraph and why was it introduced?
In auditor’s reports to restrict the auditor’s duty of care.
What does it state?
‘This report is made solely to the company’s members, as a body…, we do not accept or assume responsibility to
anyone other than the company and the company’s members as a body for our audit work, for this report, or for the opinion we have formed.’
Who is responsible for the general oversight of the auditor?
The audit committee
What does the audit committee need to do for the general oversight of the auditor?
Recommending the appointment,
Recommending reappointment and removal
Approving fees
Agreeing on the terms of engagement.
Putting the audit out to tender every 10 years.
Annually assessing the independence, objectivity and effectiveness of the external
audit process and report to the shareholders that they have done so.
In relation to potential threats to objectivity, the audit committee should seek reassurance that the auditors and their staff have no financial, business,
employment or family and other personal relationship with the company which could adversely affect the auditor’s independence and objectivity.
The audit committee should seek from the audit firm, on an annual basis, information about policies and processes for maintaining independence.
What should the audit committee consider during planning?
The audit strategy and plan
Materiality
Resources and expertise of the audit team
What should the audit committee review during the audit?
Findings and discuss major issues encountered
Key accounting and audit judgements
Errors identified
How should the audit committee assess the effectiveness of the audit in completion stage?
Reviewing whether the auditor has met the agreed audit plan and understand the reasons for any changes
Considering the scepticism of the auditors in their handling of the key accounting and audit judgements identified
Obtaining feedback about the conduct of the audit from key people involved
Reviewing the content of the external auditor’s management letter, in order to assess whether it is based on a good understanding of the company
Considering the cost effectiveness and value for money of the audit
An assurance firm might obtain an engagement by the following methods:
Being approached by a potential client and being asked to accept the engagement
Being approached by an existing client and being asked to accept the engagement
Being approached by a potential or existing client and being asked to tender for the engagement
What do firms do during the tender process?
‘bid’ for the engagement
What will the potential audit client have to consider?
The quality of the service the prospective auditors are likely to provide
The knowledge of the business they possess
The experience of the industry they have
The proposed personnel on the audit team
References obtained about the audit firm
What is lowballing?
Lowballing is the name given to the practice of charging less than the ‘market rate’ for the audit.
Is lowballing ethical?
It is not unethical in itself but ethical safeguards should be considered as low balling increases self-interest threat
Fees should be determined with reference to:
The seniority and professional experience of the persons necessarily engaged on the work
The time expended by each
The degree of risk and responsibility which the work entails
The nature of the client’s business, the complexity of its operation and the work to be performed
The priority and importance of the work to the client
Together with any expenses properly incurred
When carrying out a risk assessment how would
whether the directors/management of
the company appear to have integrity
be assessed?
Looking at the accounting policies of the company, qualifications of the finance director, obtaining references from bankers or solicitors, or the previous auditors.
When carrying out a risk assessment how would
Whether the company has a good financial record
be assessed?
Looking at recent and projected financial performance
When carrying out a risk assessment how would
Whether the company appears to have good internal control or, at minimum, a good control environment
be assessed?
The existence of an internal audit department, or assessed
through inquiries of management
When carrying out a risk assessment how would Whether the company has unusual transactions or a complex structure
be assessed?
This can be assessed by reviewing published financial statements and publicly available information at Companies House
When deciding whether to accept an assurance engagement, the auditors need to consider the following:
The results of risk analysis (discussed above)
Whether there are any ethical issues which prevent acceptance
Whether the firm has sufficient experience and resources to undertake the engagement
For an audit engagement, whether all the legal requirements associated with the appointment of the incoming auditors and the removal or resignation of the outgoing auditors have been met.
In order to carry out the audit of a company, the auditor first needs to be…
Appointed (and previous
auditor removed) by ordinary resolution
Where are the auditors appointed?
At the annual general meeting (AGM) or another general meeting
What is the deadline for appointment of an auditor?
28 days after the accounts have to be filed.
What happens if an auditor is not appointed by the deadline?
The previous auditor is deemed to be reappointed.
What responsibilities does an auditor have during the removal of them as auditors?
The auditor must write a statement of circumstances and deposit it at the company’s registered office explaining the circumstances of their removal.
If no circumstances exist a ‘statement of no circumstances’ must be completed (although this is not an option for auditors of listed companies)
What rights do auditors have when they are removed as auditors?
The auditor has the right to receive notice, attend and speak at the meeting appointing the new auditor (AGM).
The auditor has the right to have written representations circulated to all the members, perhaps explaining why they should not be removed.
This latter point prevents directors inappropriately putting auditors up for removal when they have a disagreement with them giving the auditors the right to argue their case
What responsibilities do resigning auditors have?
The auditor must submit written notice to the company’s registered office and submit a statement of circumstances explaining the circumstances of their resignation.
If no circumstances exist a ‘statement of no circumstances’ must be completed (although this is not an option for auditors of listed companies)
What rights do resigning auditors have?
The auditor has the right to request that the directors convene a general meeting, allowing the auditor to explain the circumstances surrounding their decision.
The auditor has the right to require the directors to circulate the statement of circumstances in advance of the meeting.
What matters should an engagement letter cover?
The objective and scope of the audit of financial statements (including reference to applicable legislation, regulations, financial reporting framework and auditing standards)
Management’s responsibilities (including responsibility for the financial statements and the company’s system of internal control)
The auditor’s responsibilities
The form and content of reports and communications that will arise from the audit
The fact that due to the test nature and other limitations of an audit, there is an unavoidable risk that some material misstatement may remain undiscovered
The fact that auditors are entitled to unrestricted access to records, documents and other information requested in connection with the audit
The expectation that management will provide written representations
When the audit is a recurring audit, it is not necessary to issue a new engagement letter each year. However, the auditors should consider every year whether…
A new engagement letter is required.
Audit planning is a requirement of ISA 300 (UK) Planning an Audit of Financial Statements. Audits (and other assurance engagements) are planned because if they are not: (3)
Time might be wasted doing the wrong work
The really important work might not be done at all
Ultimately, the wrong conclusion might therefore be drawn
Define audit strategy
The formulation of the general strategy for the audit, which considers materiality, risk, audit approach, experts, timing, team, budgets and the deadlines of the audit and guides the development of the audit plan.
Define audit plan
An audit plan is more detailed than the strategy and sets out the specific nature, timing and extent of the audit procedures to be performed by the engagement team members in order to obtain sufficient and appropriate evidence
Define material
Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements
What percentage do you use to calculate materiality for revenue?
0.5%-1%
What percentage do you use to calculate materiality for profit before tax?
5%-10%
What percentage do you use to calculate materiality for gross assets?
1%-2%
What misstatements are material in nature?
Misstatements which affect compliance with regulatory requirements
Misstatements which impact on debt covenants
Misstatements which obscure a change in earnings or affect ratios used to evaluate the entity
Misstatements which affect management compensation
What are the benefits of analytical procedures at the planning stage?
Allows auditor to identify risk areas/material areas requiring further work
Identifies items which look odd in relation to accounts as a whole/issues for further consideration
May highlight errors not identified by detailed testing
Uses information outside of the accounting records which the preparer may have less scope over (ie budgets)
Assists in understanding client’s business
What are the cons of analytical procedures at the planning stage?
A good knowledge of the business is required to understand results
Consistency of results may conceal a material error
There may be a tendency to carry out procedures mechanically, without appropriate professional scepticism
Requires an experienced member of staff to be done properly
Reliable data may not be available
Return on capital employed formula
Profit before interest and tax
/
Total Assets Less Current Liabilities
Gross profit margin formula
Gross profit
—————— * 100
Revenue
Operating cost percentage formula
Operating costs
———————- * 100
Revenue
Operating profit margin formula
Profit before interest and tax
—————————————-*100
Revenue
What are the two liquidity ratios
Current and quick ratio
formula for the current ratio
Current assets
/
Current Liabilities
Formula for quick ratio
Current assets - inventory
————————————– =
Current liabilities
Gearing formula
Net debt (borrowing less cash owned)
——————————-*100
Equity
Interest cover formula
Profit before interest payable
——————————————- =
Interest payable
Net asset turnover formula
Revenue
/
Capital employed (TALCL)
Inventory period formula
Inventories
—————– * 365
Cost of sales
Trade receivable period formula
Trade receivable
———————— *365
Revenue
Trade payable period formula
Trade payables
———————— *365
COS
Recommendation were communication is a key barrier in relation to cyber security
Organisations should appoint a Chief Information Security Officer to translate such language making it more accessible
Recommendation where responsibility and accountability is a challenge in cyber security
Organisations are increasingly employing information security functions (either in-house or outsourced) tasked with protecting the organisation
What should the board do in relation to cyber security?
Regularly consider cyber security risk and ensure awareness of such is embedded in day to day operations
What does ICAEW recommend when there is a lack of knowledge on cyber security
Ensuring a diverse mix of Non-Executive Directors and regular
training and provision of expertise should be
made available if they require it
Explain business continuity planning
Measures to ensure continuation of the business should a major IT failure occur
Explain system access controls
Including prevention and detection of information systems from unauthorised activities
Explain system development and maintenance
Ensuring systems are up to date and protected
Explain physical security for IT
Prevention of theft of data and hardware
What compliance must be done with IT
Following legal requirements ie data protection
What is the security policy for IT
A written document setting out organisations approach to information security
Define asset classification and control in terms of IT
Information is an asset, it should be recognised and provided with an ‘owner’ who is accountable and responsible for it
What is personnel security in terms of IT
Including employment of trustworthy staff and training of staff to ensure they know the companies IT policies
What external reports can auditors look at when understanding the entity and its environment? (5)
Credit reference agencies
Industry surveys
Industry publications such as trade journals
HM Revenue and Customs produces Business Economic Notes (but can be out of date)
Companies House searches.
What should the firm review when understanding the entity and its environment?
The audit team should review:
Last year’s file
The permanent file
The correspondence file
The tax file
Who should the audit team talk to when understanding the entity and its environment?
And should talk to:
The partner
The manager
The tax person
Last year’s senior
The firm’s industry specialist
What should the auditors do in terms of the client to understand the entity and its environment?
Talk to the people responsible for the area you are auditing
Read internal correspondence and minutes of board meetings
Read internal audit reports
Observe what goes on around you, how transactions are recorded and how processes are operated.
Look at the website, brochures etc.
What are the 9 questions needed to be answered to understand the entity and its environment?
What does the client do?
What are the characteristics of the industry/environment in which it operates?
Is it governed by specific laws and regulations, or is it at greater risk than other businesses from the incidence of more general laws and regulations?
What are the characteristics of its relationships with external parties, shareholders, other stakeholders, trading partners and providers of finance?
Is it under threat from takeover or lack of finance?
Are there any dealings with related parties?
How competent is its management?
Are suitable systems and controls in place?
What accounting policies has it adopted?
What are the requirement of an auditor if the client uses services organisations?
(1) Obtain an understanding of the services provided by a service organisation, including internal control, specifically:
The nature of the services provided by the service organization
The nature and materiality of the transactions processed
The degree of interaction between the activities of the service organization and those of the company
The nature of the relationship between the user entity and the service organization, including the relevant contractual terms
(2) Consider access to sources of evidence
(3) Assess the risks arising
What are the two types of reports that an auditor can ask for from a service organisation used by the client?
A report conveying negative assurance that includes the service organisations opinion on their system and controls
A further report giving opinion of effectiveness of controls, description of service auditors tests of controls and the results.
What are the key risks of outsourcing payroll?
Loss of data or data protection issues
Incorrect calculation of wages/taxes and late payments leading to fines
Reputational damage
Increased cost
Risk of fraud
Define business risk
‘risk resulting from significant conditions, events, circumstances that could adversely affect an entity’s ability to achieve its objectives and execute its strategies’
Define financial risks
The risks arising from the financial activities or financial consequences of an operation, for example, cash flow issues or overtrading
Define operational risks
The risks arising with regard to operations, for example, the risk that a major
supplier will be lost and the company will be unable to operate
Define compliance risks
The risk that arises from non-compliance with laws and regulations that surround the business, for example a restaurant failing to comply with food hygiene regulations might face fines, enforced closure, legal action from customers and so on.
Define audit risk
The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
Formula for audit risk
Inherent risk x control risk x detection risk
Define inherent risk
A factor that increases the susceptibility of an assertion to misstatement that could be material, either individually or when aggregated with other misstatements.
5 factors to consider in inherent risk
Complexity
Subjectivity
Change
Uncertainty
Susceptibility of bias and fraud
Define control risk
The risk that a misstatement will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
What two types of controls do you need to consider in control risk?
Indirect and direct
What are indirect controls and what do they affect in relation to control risk?
Affect risk of material misstatement at a financial statement level
Control environment
Entity’s risk assessment process
Entities process to monitor internal controls
What are direct controls and what do they affect?
Direct controls
Affect risk of material misstatement at an assertion level
Information system and communication
Control activities, such as:
authorisation, reconciliation, segregation of duties and physical controls
Define detection risk
The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists
What are the two components of detection risk?
Sampling risk
Non sampling risk
Define sampling risk
A risk that a material
misstatement will not be
discovered due to the fact that
the auditor does not sample
100% of transactions
What could affect non sampling risk in detection risk?
Recent appointment
Rush job
Poor approach
Lack objectivity &
professional scepticism
Define significant risk
An audit risk is deemed to be significant when it plots ‘high’ on the spectrum of risk discussed above, ie it is likely to have high likelihood and/or materiality. The auditor is required to undertake evaluation of controls in respect of significant risk areas.
Overall responses to risks of material misstatement will be changes to
The general audit strategy or reaffirmations to staff of the general audit strategy. For example:
Emphasising to audit staff the need to maintain professional scepticism
Assigning additional or more experienced staff to the audit team
Using experts, the work of internal auditors or other auditors
Providing more supervision on the audit
Incorporating more unpredictability into the audit procedures
Define data analytics
Data analytics is the use of technology through the audit to improve audit quality.
Examples of uses of data analytics at the planning and risk assessment stage
Use of graphics to visualise results through the year vs last year or budgets
Ratio analysis month by month
Identification of unusual transactions such as manual/unauthorised journals vs authorised system generated
Easier to identify duplication of invoices or journals
Tapping into unstructured data such as comments on social media or emails, could alert auditors to a problem
Examples of uses of data analytics at substantive testing stage
Procedures can be on the whole population rather than sampling
Comparing last time an item was purchased then sold for cost/NRV testing
Receivables days calculated by customer or revenue trends by product or inventory days by type of unit
Analysis of gross margin trends by unit to identify those with negative margins
Detailed recalculations of fixed depreciation assets by item
Examples of uses of data analytics for testing controls
Matching of orders to goods dispatch notes to sales invoices to cash received
HOWEVER……
Do not forget that your data analytics are relying on the client system (and therefore its controls).
What is a limitation of data analytics?
A limitation of data analytics is that it relies on the quality of the data – and if controls are weak, this quality might be poor.
Use of work of internal auditors at planning stage
Regarding the identification and assessment of risk and documentation of internal controls.
Use of work of internal audits for interim testing
Tests done in the year may be used by the external auditor – these may include internal control tests and walkthroughs
Can internal audit give direct assistance on material areas or where subjective judgement is required
No
What three things do you have to consider in the assessment of internal audit
Objectivity
Competence
Systematic and disciplined approach
Define auditors expert
An individual or organisation possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence.
Define a management expert
An individual or organisation possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements.
When management have used a managements expert, auditors decision to use auditors expert is influenced by what 5 things
The nature, scope and objectives of the management’s expert’s work
Whether the management’s expert is employed by the entity, or is a party engaged by it to provide relevant services
The extent to which management can exercise control or influence over the work of the management’s expert
The management’s expert’s competence and capabilities
Whether the management’s expert is subject to technical performance standards or other professional or industry requirements
Before relying on an auditor’s expert the auditor should consider the following: (3)
Competence – Experts used by the auditor must have the necessary qualifications
Capabilities – including the time, resources and physical ability to exercise that competence
Objectivity – lack of bias, conflict of interest or the influence of others1
The auditor of the parent is responsible for the audit of
the parent company and the group financial statements
Group Auditor will need to consider:
Qualification
Competence (Knowledge of IFRS)
Scope of audit (ISA compliant)
Compliance with ethical requirements
Resources
Operates in a regulatory environment
What is management’s Point Estimate?
Amounts recognised by management for an estimate in the financial statements
What is auditor’s point estimate?
Amounts developed by the auditor for assessing management’s point estimate
What is estimation uncertainty?
The susceptibility of an estimate to error due to lack of precision
Areas to consider in the audit approach
Test of controls
Consider subsequent events
Consider historical accuracy
Consider compliance with the relevant accounting standard
Be sceptical
Verification of data used by management
Managements expert
Create an auditor’s point estimate
Ensure related disclosure are adequate
Inclusion in written representation letter
What entities require special audits?
Banks, insurers, charities
Solicitors
There is a Charities Statement of Recommended Practice (SORP) outlining what a charity’s accounts should comprise. It suggests:
A statement of financial activities (SOFA) that shows all resources made available to the charity and all expenditure incurred and reconciles all changes in its funds
Where the charity is required to prepare accounts in accordance with the Companies Act, or similar legislation a summary income and expenditure account (in addition to the SOFA) is produced.
A balance sheet that shows the assets, liabilities and funds of the charity. The balance sheet (or its notes) should also explain, in general terms, how the funds may, because of restrictions imposed by donors, be utilised
A cash flow statement, where required by accounting standards
Notes
The financial thresholds for determining whether charity accounts require auditing are fairly complex, but in general terms unincorporated charities are exempt if gross income is less the £1m unless:
Gross assets are greater than £3.26m; and
Gross income is greater that £250,000
All charities with a gross income of more than what are required to be sent to Charity Commission
£25,000
Charities with a gross income of between £25,000 and £1m are required to
Have an independent verification of their financial statements
When planning the audit of a charity, the auditors should consider the following:
The scope of the audit
Recent recommendations of the Charity Commissioners or the other regulatory bodies
The acceptability of accounting policies adopted
Changes in circumstances in the sector in which the charity operates
Past experience of the effectiveness of the charity’s accounting system
Key audit areas
Any specific areas the auditor is required to report externally on.
What areas need controls in relation to charity cash donations?
Collecting boxes and tins
Postal receipts
What areas need controls in relation to charity non cash donations?
Gift aid
Legacies
Donation in kind
What areas need controls in relation to charity other income?
Fund raising activities
Central and local government grants and loans
What areas need controls in relation to charity use of resources?
Restricted funds
Grants to beneficiaries
All the partner has to do at the completion is…
review the file,
come to a decision about the final issues demanding professional judgement
and sign off the accounts
What three things does the audit partner have to consider at the completion stage?
Do the financial statements:
Comply with Companies Act 2006
Make sense
The work that has been done
What 4 aspects is there to reviewing the work completed during the completion stage?
Whether the work done was in-line with the audit plan
Whether the right work has been done (perhaps the plan needed to be flexed in the light of conditions actually encountered by the client)
Whether enough work has been done
Any issues arising have been resolved
Other matters to consider at the completion stage of the
Evaluate discovered errors
Ensure opening balance and comparatives are correct
Review whenever the going concern basis of the financial statements is appropriate
Review subsequent events
Obtain necessary management representations
All misstatements should be communicated to management on a timely basis and adjustment requested. The auditor should then review the adjustments.
If misstatements remain uncorrected the auditor should
reassess materiality and determine if any unadjusted errors are material, individually or in aggregate)
The auditor must obtain an understanding from management reasons for not adjusting.
The auditor should ensure that management acknowledge that the unadjusted errors are immaterial by including such in the management representation letter
Where the engagement is an initial engagement the auditor will have to consider the risks of
unaudited figures from past periods being materially misstated
The auditor shall obtain sufficient appropriate evidence on opening balances by:
Determining whether the prior period’s closing balances have been brought forward correctly
Determining whether the opening balances reflect the application of appropriate accounting policies;
Performing specific audit procedures to obtain evidence regarding the opening balances.
Define going concern
The entity will continue to trade for the foreseeable future (12 months)
Define break up basis
Client cannot be considered a going concern
Financial indicators the entity is not a going concern
Net liability position
Fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment
Excessive reliance on short term borrowings
Indications of withdrawal of financial support
Adverse key financial ratios
Substantial operating losses
Inability to pay creditors on due dates
Inability to comply with terms of loan agreements
Operating indicators that the entity is not a going concern
Management intentions to liquidate the entity or to cease operations
Loss of key management without replacement
Loss of a major market, key customer(s), franchise,
license, or principal supplier(s)
Labour difficulties
Shortages of important supplies
Emergence of a highly successful competitor
What are other indicators that the entity is not a going concern?
Non-compliance statutory/regulatory requirements
Pending legal proceedings against the entity that the entity is unlikely to be able to satisfy
Changes in law or regulation expected to adversely affect the entity
Uninsured or underinsured catastrophes when they occur
What is the opinion and reasoning for it when the financial statements have been completed on a going concern basis when they shouldn’t have been
Adverse opinion because there is pervasive misstatement
What is the opinion and reasoning for it when the financial statements have been correctly completed on a break up basis but there is a lack of disclosure?
Adverse opinion as pervasive misstatement
What is the opinion and reasoning for it when the financial statements have been correctly completed on a break up basis but there is inadequate disclosure?
Qualified opinion as it is a material misstatement
What is the opinion and reasoning for it when the financial statements have been correctly completed on a break up basis but there is full adequate disclosure?
True and fair view with an emphasis of matter
Opinion when significant uncertainties relating to the companies going concern where evidence cannot be reasonably exist.
If evidence exists but was not available - a material or pervasive inability to obtain sufficient appropriate evidence then qualified or disclaimer opinion would be provided
But as evidence does not exist to support the uncertainty the auditor should conclude the financial statements are true and fair and include a note on material uncertainty related to gong concern
Define adjusting events
Those that provide evidence of conditions that existed at the date of the financial statements
Define non-adjusting events
Those that provide evidence of conditions that arose after the date of the financial statements
Do auditors have an active duty before the auditors report is issued?
Yes, need to look for sub events
Do auditors have an active duty after the auditors report is issued?
Not active but must act if made aware
Within the written representation management must confirm:
Their responsibility to prepare the financial statements
They have provided all relevant information to the auditor
That all transactions are recorded in the financial statements
When should the rep letter be signed…
Before the auditors sign the audit report
Is written representations sufficient and appropriate evidence in its own right?
No but it supports the audit evidence
An auditor produces two crucial audit outputs, what are they?
The auditor’s report for the shareholders and a communication to those charged with governance, often referred to as a management letter.
ISA 260 explains matters to be communicated prior to the audit commencing, such matters would include:
The auditor’s responsibilities in relation to the financial statement audit
Planned scope and timing of the audit
Auditor declared independence and safeguards put in place to eliminate the threats
ISA 260 also explains matters to be communicated that come to the auditors’ attention as a result of the audit; such matters would include:
Significant findings from the audit
Any issues regarding compliance with the UK Corporate Governance Code
What is included under significant findings in the management letter?
Written representations the auditor is requesting
The auditor’s views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures.
Significant difficulties, if any, encountered during the audit
Significant matters, if any, arising from the audit that were discussed with management
Other matters, if any, arising from the audit that, in the auditor’s professional judgement, are significant to the oversight of the financial reporting process
ISA 265 requires the auditor to report on deficiencies in the internal controls encountered during the course of their work in writing to those charged with governance, including:
Where deficiencies have been identified the auditor shall determine whether those deficiencies are significant
Significant deficiencies shall be communicated in writing to those charged with governance
Other deficiencies shall be communicated to management if the auditor considers them important enough to warrant management attention
Written communication shall include a description of the deficiencies and their potential effects of the deficiency
What is an unmodified opinion?
The auditor is satisfied that the evidence obtained is sufficient and appropriate and supports the view presented in the financial statements prepared by the company’s management
What is a modified opinion?
The auditor is either not satisfied with the sufficiency or appropriateness of the evidence that has been obtained, compared with what could reasonably be expected, or has issues with the content of the financial statements.
Note that a modified opinion automatically results in a modified auditor’s report.
What are the main components of an auditor’s report?
Title
Addressee
Auditors’s opinion
Basis for opinion
Conclusions relating to going concern
Emphasis of matter
Our application of materiality
Our approach - key audit matters
Other information
Opinion on other matters required by the Companies Act
Matters on which the auditor is required to report on by exception
Responsibilities of directors
Auditor’s responsibilities
Other matters we are required to address
What are the matters that are required to be reported on by exception?
Adequate accounting records have not been kept
– We have not received all information and explanations we require for the audit
– Returns have not been received from branches not visited
– Financial statements are not in agreement with the underlying accounting records
– Certain disclosures regarding directors’ remuneration have not been disclosed
– The directors’ report/strategic report contain material misstatements
What are the auditors responsibilities stated in auditors report?
Explain our objective to do a reasonable assurance engagement in accordance with ISAs.
For those companies applying the UK Corporate Governance Code there is extra detail
Explain what areas the auditor considered most at risk of misstatement
Explain how materiality was applied and
Explain how risks of material misstatement were addressed by the scope of the audit
What is the audit opinion when there is an inability to obtain sufficient and appropriate evidence
And it is material but not pervasive
Qualified opinion
Except for…..
What is the audit opinion when there is an inability to obtain sufficient and appropriate evidence
And it is material and pervasive?
Disclaimer opinion
We are unable to express an opinion
What is the audit opinion when there is a material but not pervasive misstatement?
Qualified opinion
Except for …
What is the audit opinion when there is a material and pervasive misstatement?
Adverse opinion
The financial statements do not show a true and fair view
The auditor should add an ‘emphasis of matter’ paragraph in the auditor’s report where the auditor considers it necessary to…
draw users’ attention to a matter presented or disclosed adequately in the financial statements that are of such importance that they are fundamental to users’ understanding of the financial statements.
Does the auditors have to give an opinion on other information e.g. ratios and chairmans report?
The auditor’s opinion does not cover these disclosures BUT the auditor does have a duty to ensure these are consistent with the Financial Statements.
Common examples of other assurance engagements include:
Reviewing prospective financial information
Reviewing historical financial information (similar to an audit, eg perhaps interim financial statements or if a small company does not require an audit)
Reviewing performance information (for example, sustainability issues, social issues, controls issues)
It is vital to understand what is required in an assurance engagement, and whether it is appropriate for a firm to carry out the assurance engagement. Firms should consider:
Who the user is and why they are using the information (internal/external/associated level of risk)
Who will be able to access the information (general or limited distribution/potential liability)
How much assurance can be offered (never absolute, but need to consider the nature of the assertions as to whether assurance might be limited – for example, on prospective financial information, information is estimated. How it is estimated (methodical/best estimate v hypothetical) affects assurance. It might not be possible to provide any level of assurance on very hypothetical ‘guesses’.
What report is required
What period the assurance covers (the longer the prediction period in PFI, the less confidence assurance providers will have in their ability to give assurance)
Whether the firm has suitable skills and resources (likely for financial information, more
consideration needed in other assurance)
Whether there are any ethical barriers to taking the engagement (is it for an audit client? Even if it is standalone assurance, should consider whether firm will be objective)
In limited assurance engagement, where there is a limitation of scope that is material effect what opinion is given?
Express a qualification of negative assurance explaining possible adjustments to the financial statements
In limited assurance engagement, where there is a limitation of scope that is material effect and is pervasive what opinion is given?
Do not provide any assurance
In limited assurance where matters have come to the attention of the assurance provider, that is material but not pervasive, what opinion is given?
Express a qualification of negative assurance explaining possible adjustments to the financial statements
In limited assurance where matters have come to the attention of the assurance provider, that is material and pervasive, what opinion is given?
Give an adverse statement that the financial statements do not give a true and fair view
