Unit 1 - Audit Framework and Regulation

Question 1

What is an audit, and the most important words in the definition?

Answer 1

The independent examination of and expression of opinion on the financial statements of an entity by a duly appointed auditor in pursuit of that appointment.

Independence and Opinion.

Question 2

What are the five elements of an assurance engagement?

Answer 2

1 - A three party relationship involving a practitioner, a responsible party, and intended users.
2 - Appropriate subject matter
3 - Suitable criteria
4 - Sufficient appropriate evidence
5 - A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement

Question 3

What is the three party relationship?

Answer 3

Practitioner e.g. the auditor - responsible for determining the nature, timing and extent of procedures, and is required to pursue anything that leads the practitioner to question whether a material modification should be made to the subject matter information.

A responsible party - the person responsible for the information and assertions.

The intended users are the persons for whom the practitioner prepares the assurance report. The responsible party can be one of the intended users.

Question 4

Examples of subject matter?

Answer 4

Financial Performance

Non-financial performance

Physical characteristics

Systems and processes

Behaviour

Question 5

Appropriate subject matter criteria

Answer 5

Identifiable, and capable of consistent evaluation or measurement against the identified criteria

Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence.

Question 6

What are suitable criteria, and examples of them?

Answer 6

The benchmarks used to evaluate/measure the subject matter

When reporting on F/S - IFRS
Internal control - Internal control framework
Compliance - Applicable law, regulation or contract.

Question 7

What five characteristics do suitable criteria exhibit?

Answer 7

Relevance - Relevant criteria contribute to conclusions that assist decision-making by the intended users.

Completeness - Criteria are sufficiently complete when they include all relevant factors that could affect the conclusions.

Reliability - Reliable criteria allow reasonable consistent evaluation of the subject matter.

Neutrality - Neutral criteria so that conclusions are free from bias.

Understand-ability - Conclusions that are clear, comprehensive, and not subject to significantly different interpretations.

Evaluation/measurement of a subject matter on the basis of the practitioner’s own expectations, judgements and individual experience would not constitute suitable criteria.

They need to be available to the intended users to allow them to understand how the subject matter has been evaluated or measured.

Question 8

Sufficient appropriate evidence? What attitude should the auditor adopt?

Answer 8

The practitioner plans and performs an assurance engagement with an attitude of professional scepticism to obtain sufficient appropriate evidence about whether the subject matter information is free from material misstatement. An attitude of professional scepticism means the practitioner questions the validity of evidence and is alert to evidence that brings into question the reliability of documents or representations.

Question 9

What is professional scepticism?

Answer 9

Scepticism means you don’t know. It doesn’t mean that the practitioner assumes everyone is dishonest or that figures have been deliberately misrepresented. Nor does it mean that you believe all figures and statements are correct. it means you are aware that we can all be subject to optimism, human error, giving quick answers, misunderstanding. It also recognises that sometimes people are deliberately misleading or dishonest.

Scepticism means that evidence is required to test statements/assumptions. You could almost summarise assurance in the phrase ‘collect evidence that supports everything that is being claimed.’

Question 10

What is sufficiency of evidence? Appropriateness of evidence?

Answer 10

Sufficiency - measure of quantity
Appropriateness - measure of quality - relevance and reliability, it is influenced by its source and by its nature, and dependent upon the individual circumstances under which it was obtained.

Question 11

Assurance report

Reasonable assurance?

Limited assurance?

Answer 11

In a reasonable assurance engagement the practitioner’s conclusion is worded in the positive form e.g. “In our opinion internal control is effective, in all material respects, based on XYZ criteria.”

In a limited assurance engagement, the conclusion is worded in the negative form, e.g. “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria.”

Question 12

Examples of positive assurance?

Answer 12

The F/S show a true and fair view.

The value of inventory lost is £x

AKA Reasonable assurance, an auditor cannot give a guarantee.

Question 13

Examples of negative assurance?

Answer 13

We have discovered nothing wrong with the F/S

The basis of the forecast is not unreasonable.

There is no evidence of discrimination in the appointment.

AKA limited assurance

Question 14

Why wouldn’t an auditor express a conclusion?

Answer 14

There is a limitation on the scope of the practitioner’s work (ie sufficient appropriate evidence cannot be obtained)

The assertion is not fairly stated (in all material respects or the subject matter information is materially misstated.

Question 15

Why is Corporate Governance needed?

Answer 15

Corporate governance is the system by which companies are directed and controlled.
The problem with bad corporate governance is that although the shareholders own companies, the day-to-day management and direction of companies is given to the board of directors. In large companies many shareholders are relatively passive and the board of directors is given more or less free rein to make whatever decisions they wish.

Auditing was instituted so at least once a year, when the financial statements were presented to the members of the company, the auditors would examine them and give some expression of pinion to the members of the company as to whether the financial statements were true and fair. Without that assurance the members of the company really would have a little idea whether or not the information could be relied on. The auditors therefore examine the financial statements and this adds credibility to those statements, the shareholders have a much better idea of the performance of the directors and the company.

Note that the shareholders appoint the auditors as well as the directors. The problem is that once directors were appointed, shareholders often don’t take much further interest in what the directors were doing and there were annual gaps between financial statements being issued. This hands-off approach has recently been found entirely inadequate and additional safeguards have been instituted to try to ensure that directors act in the best interests of the members of the company. Directors should at for the shareholder but often acted for themselves – the agency problem. In agency terms, the shareholders are the principals and the directors are their agents. Agents should act in the best interests of their principals.

Question 16

UK Corporate governance code principles

Answer 16

Board Leadership and Company Purpose

Division of Responsibilities

Composition, Succession and Evaluation

Audit, Risk and Internal Control

Remuneration

Question 17

What is comply or explain?

Answer 17

The code has no force in law and is enforced on listed companies through the stock exchange. Listed companies are expected to “comply or explain” and this approach is the trademark of corporate governance in the UK.
Listed companies have to state that they have complied with the code or else explain to shareholders why they haven’t. this allows some flexibility and non-compliance may be acceptable in some cases.

Question 18

Board leadership and company purpose

Answer 18

Every company should be headed by an effective board which is collectively responsible for the long term success of the company.

All directors must act with integrity, lead by example and promote the desired culture.

Question 19

Division of Responsibilities

Answer 19

There should be a clear division between the running of the board and the executive responsibility for the running of the company’s business. No one individual should dominate decision making. This means that the roles of CEO and chairman should not be performed by one person as that concentrates too much power in one person.

The chairman is responsible for leadership of the board.

Non-executive directors (NEDs) must be appointed to the board and they should constructively challenge and help develop proposals on strategy. NEDs sit in at board meetings and have full voting rights, but do not have day to day executive or managerial responsibility. Their function is to monitor, advise and warn the executive directors.

Question 20

Composition, Success and Evaluation

Answer 20

Appointments to the board should be subject to a formal, rigorous and transparent procedure led by a nomination committee. A majority of the committee should be independent NEDs .

The board and its committees should have a combination of skills, experience and knowledge. The length of service of the board as a whole should be considered and membership regularly refreshed. The post of chairman should not be held beyond nine years.

The board should undertake a formal and rigorous annual evaluation of its own performance and that of its committees and individual directors.

All directors should be submitted for re-election annually.

Question 21

Audit, Risk and Internal Control

Answer 21

The board should establish formal and transparent policies and procedures to ensure the independence and effectiveness of internal and external audit and the integrity of financial statements.

The board should present a fair, balanced and understandable assessment of the company’s position and prospects. The financial statements should state whether the board considered the appropriateness of the going concern basis of accounting and identify any material uncertainties for at least 12 months from the date of approval of the financial statements.

The board should establish procedures to manage risk, oversee internal controls and determine the nature and extent of the principal risks the company is willing to take to achieve its long-term strategic objectives.

Question 22

Remuneration

Answer 22

In essence, remuneration should be sufficient to attract, retain and motivate directors of sufficient quality… but avoid paying more than is necessary.

A significant proportion of executive directors’ remuneration may be structured to link rewards to corporate and individual performance. In other words, profit related pay is encouraged. Directors should not receive high pay irrespective of company performance.

There should be a formal and transparent procedure for developing policy on executive remuneration and for fixing the remuneration packages of individual directors. No director should be involved in deciding his or her own remuneration. This means that a remuneration committee (NEDs) should be formed to fix directors’ remuneration.

Question 23

Main roles/responsibilities of AC

Answer 23

Monitoring and reviewing the effectiveness of internal audit. Companies don’t have to have an internal audit department, but the need for one must be reviewed annually.

Monitoring the integrity of the financial statements and reviewing significant financial reporting judgements.
Review the internal financial controls and risk management systems (unless there is a separate risk committee/board that does this)

Making recommendations to the board about the appointment, reappointment and removal of the external auditors and agreeing the terms of the engagement. (note that the external auditors are appointed by members in the general meeting, but the board puts forward the nomination.)

Annually assessing the independence, objectivity and effectiveness the external auditors including confirming that there are no self-interest or familiarity issues and that partners and staff are rotated properly.

Acting as a forum to link directors and auditors. Auditors will typically write to the audit committee about any problems they may be having on the audit or obtaining all of the information they require. If the auditors are worried in some way about the financial statements they will raise those concerns with the AC.

Developing and implementing policy on the engagement of the external auditor to supply non-audit services: skills, approval and non-approval for certain services, ensuring any threats to independence and objectivity are reduced to acceptable levels and monitoring the fees for those services and the total fee for all services provided for by the external auditor.

Question 24

What are the auditor’s rights?

Answer 24

They have access to all records they require

They have a right to receive information and explanations of all transactions

They have a right to attend and receive notice about general meetings and they have right to speak at general meetings on relevant matters.

A general meeting is where the shareholders of the company come together, and the AGM ensures that there should be at least one every year. The auditors have the right to receive advance info about any resolutions proposed at these GMs.

They also have the right to require that the company’s FS should be presented at the GM – as, if the F/S contained info they wanted to keep hidden, they would delay presenting them.

Their right to informed about, attend and speak at general meetings gives the auditors an opportunity to communicate directly with the shareholders – by whom they have been appointed and for whom they are acting.

Question 25

What are the auditor’s duties?

Answer 25

To issue an auditor’s report, giving opinions on:

Truth and fairness of F/S

Whether the F/S are properly prepared

Any other opinion required

When leaving a client, to issue a ‘statement of circumstances’

After resignation, to supply information to the new auditors.

Question 26

What requirements does an auditor need?

Answer 26

An auditor:
Must pass an approved set of professional examinations, set by a RQB

Must become (and stay) a member of a RSB

The auditor must not be a director or employee of the company/associated companies

The auditor must not be an employee or business partner of a director or employee of the company, or of any associated companies.

Question 27

Appointment of auditors

Answer 27

Auditors have to be reappointed by resolution at every AGM. Note that reappointment is not automatic. This is to prevent the incumbent auditors from simply staying in office. The requirement for a resolution means that the members have to take positive action to get auditors appointed.

Prior to the first AGM the directors can appoint the first auditors or if an auditor resigns, for example, because he or she falls ill, the directors can appoint another auditor to fill a casual vacancy. This appointment will only last until the next AGM.

If all else fails, in the UK, the secretary of state will ensure all companies have an auditor.

Question 28

Resignation of auditors

Answer 28

Auditors can resign by giving written notice and a statement of circumstances to the company.

A statement of circumstances explains why they have resigned. Written notice must also be sent to the regulatory authority and the members by the company.

The thinking behind the statement of circumstance is that auditors may have resigned because they are deeply concerned about some aspect of the company activities. So the statement of circumstances explains why the auditor has resigned, which could, of course, have been cased by perfectly innocent reasons, for example, that the auditor wishes to cut back on work, or the auditor feels that the company is now too large for the auditing firm to deal with.

If the auditors are really concerned about the company and that’s why they have resigned, they could also require the directors to call a general meeting. The auditors can speak at these meetings and therefore they can address the members and explain their concerns and why they have resigned.

Question 29

Removal of auditors

Answer 29

Auditors can be removed from office. This would normally be at instigation of the directors, but the resolution must be passed by the shareholders. They could be removed from office for perfectly legitimate reason. Perhaps the auditors failed to find a material fraud in the company and the directors have lost faith in them, or perhaps the company has now become international and a larger firm of auditors is needed.

However the big fear is that auditors were perhaps too good too strict on insisting that certain aspects of the financial statements should be changed, or perhaps they issued a modified auditors report because the directors refused to change the financial statements.

This is why the auditors are given the right to make representations about why they should stay in office. They have to deposit a statement of circumstance at company office and this should be sent to the regulatory authority. The auditors can also receive notices, speak at a general meeting at which the term of their appointment would have expired. This allows the auditors, if necessary, to explain to shareholders what has happened and that they’ve been removed without due cause.

Question 30

Regulation of auditors

Answer 30

Auditors are regulated by:
Professional bodies (ACCA)
International bodies (IFAC)
National bodies (FRC in UK)

The purpose of IFAC is to serve the public interest by establishing and promoting adherence to high-quality professional standards. It has a number of boards including:

IAASB (international auditing and assurance standards board): sets international standards on auditing (ISAs) and other assurance standards

IESBA (International ethics standards board for accountants: issues the international code of ethics for professional accountants

The IAASB’s ISAs are adopted by the FRC in the UK which has local regulatory power. The IESBA’s code has been adopted by ACCA in its code of ethics and conduct.

Question 31

Who has to adhere to the ACCA code of conduct?

Answer 31

The code applies to all members of ACCA and also to all ACCA students. It also applies not only to those in public practice (‘auditors’) but also those in industry and commerce (‘in business’)
The ethical framework recognises that there are:
Ethical principles to be followed
These are subject to threats
Accountants should apply safeguards to avoid or to respond to threats by reducing them to acceptable levels.

Question 32

What are the ACCA’s five fundamental principles?

Answer 32

Integrity requires professional accountants to be honest and straightforward in all professional and business relationships. If they see something is amiss, they should say so and shouldn’t try to conceal it; they shouldn’t turn a blind eye, they shouldn’t try to be ambiguous, they should state things plainly.

Objectivity in making professional or business judgements must not be compromised. They must avoid bias, conflict of interest and undue influence.
Professional competence and due care must be exercised. They must keep themselves up-to-date with legislation and recent developments. They shouldn’t take on work which they are not qualified for or for which they have no skills. They must be diligent, and careful.

Confidentiality must be respected. Auditors, in particular, have access to highly confidential and price sensitive info, it must be held confidentially. Members shouldn’t disclose confidential info unless they have a legal or professional duty to do so. An example of a legal duty to disclose information can arise if a member thinks that a client or the person they are working for is involved in money laundering.

Professional behaviour requires accountants to comply with the law and avoid any actions which discredit the profession. So for example when they are trying to advertise their services they shouldn’t say that other members are bad or poor. They should confine themselves to promotion what they are good at; they shouldn’t criticise other professionals.

Question 33

What are self-interest threats?

Answer 33

Financial: For example if an auditor owns shares in the client, the auditor could be accused of wanting the client’s profits to look good, so that the share/dividends ^enrich auditor

Close business relationships: If a partner retired from an audit then immediately went to work for a client, they could be accused of doing the audit poorly so they could be lined up to get a job there. >2 years. Partner on client board is unacceptable.

Close family and personal relationships between the auditor and owners/directors of the company they are auditing lay the auditor open to suggestions that the audit has been neither objective nor independent, and that auditor didn’t show proper level of integrity.

Loans and guarantees from the client to the auditor should be looked at carefully. If the audit client is a bank and it makes a loan on normal business terms to a member of the audit staff, e.g. a mortgage, it wold be acceptable, but if they gave a large loan not on normal lending terms then it may compromise the auditor’s independence. No special relationship.

Overdue fees put the auditor at some risk as there is a possibility that the client will never pay those fees. This could lead to accusations that the auditor has not modified the audit opinion to reduce the likelihood that a worried creditor triggers the company liquidation. If there are overdue fees the auditor should not make the situation worse and should not incur any more chargeable time until those fees have been settled. If fees remain outstanding, then the auditor should resign.

Question 34

More self-interest threats

Answer 34

Contingent fees – Not permitted for audit engagements – an example of a contingent fee is one that is calculated based on reported revenue/profit

High percentage fees – If the auditor earns a high % of total income from one audit client, then the auditor will rely too much on that client and can’t afford to lose them. This can give the client too much leverage over the auditor. The total fees from a public interest entity (listed on stock exchange) shouldn’t exceed 15% of the firm’s total fees for two consecutive years. If they do, safeguards must be applied. No figure is mentioned for non-pie clients but auditors need to be mindful of the threat.

Low-balling refers to the practice of quoting a very low audit fee to win a client, in the hope of gaining more lucrative non-audit work. This means the audit doesn’t pay for itself so how could a proper audit be done? Audit is competitive, the fee is important to clients. An auditor can just find it difficult to claim a proper audit has been carried out if a loss was made there.

Recruiting staff on behalf of a client should not be undertaken. The danger here is that members of staf are recruited by the auditor, particularly financial staff, then subsequently the auditor might be reluctant to criticise the performance of those staff members as the advice they gave on recruitment looks bad. However, providing recruiting services to a non-PIE client is not prohibited as long as the hiring decision is left to the client. Similar considerations should be taken into account when asked to perform any management function for the client.

Question 35

Self-review threats?

Answer 35

Self-review threats arise when an auditor does work for a client and that work may then be subject to self-checking during the subsequent audit. For example, if the auditor prepares the F/S and then has to audit them, or the auditor performs internal audit services and then has to check that the system of internal control is operating properly. Auditors could obviously be reluctant to criticise the work which their own firms have undertaken earlier, and this could interfere with independence and objectivity.

Generally auditors must be very careful when undertaking such work. Certainly, it is common for auditors to do additional work for their clients, but what is important is that the work is done by an entirely different team from the audit firm
Self-review threats can also arise if a member of the audit team:
Recently served as a director/officer of the client
Is seconded (‘lent’) to the client for a temporary assignment

Question 36

Advocacy threats

Answer 36

Advocacy is where the assurance/audit firm promotes a point of view or opinion to the extent the subsequent objectivity is compromised. An example would be where the audit firm promotes the shares in a listed company or supports the company in some sort of dispute (e.g. with tax authorities) It can interfere with professional scepticism

As always, the audit firm should weigh up the risks to its objectivity, integrity and independence and they should withdraw from performing further works if the risks too high

Question 37

Familiarity threats

Answer 37

Familiarity threats arise because of the close relationship between members of the audit team and the client. The close relationship can arise by friendship, family or through business connections. There is no general definition of what’s meant by close relationships, but if you were an auditor and your brother was the FD of a client firm then there probably is a close relationship. If however the FD was a remote cousin of yours then there might not be a close relationship. Friendship can threaten independence and integirty too.

Long association of senior personnel creates a familiarity and self-interest threat. The code requires that a key auditor partner cannot serve a PIE client for more than seven years. This is to prevent too close of a relationship and friendship growing between the two parties. The problem is that when a close relationship does grow, objectivity and scepticism may be lost.

Question 38

Intimidation

Answer 38

They can deter the assurance team from acting properly.

Examples could be threatened litigation, blackmail, or even physical intimidation. Blackmail can also be more subtly applied, e.g. giving a gift to an auditor then the possibility of that being made public can create an intimidation threat to objectivity.

Question 39

The supply of other services

Answer 39

The issue of whether the auditor should provide audit clients with other services, such as taxation and management consultancy is a controversial one, as there are both pros and cons.

For example, auditors will know a great deal about the operations of their clients and this can make the performance of other work much more efficient. If entirely new firms have to be brought in to supply these services, much of the info they find about the client will already be known by the auditor and there is duplication of effort.

The provision of many non-assurance services will create a self-review threat (eg bookkeeping, internal auditing, tax calcs and valuations material to the F/S)
Another danger, of course, is that auditors come to rely too heavily on the fees earned from the other work and are therefore reluctant to risk losing a client if they express a modified audit opinion (ie self interest threat) large audit firms can at least use separate departments, though this may be difficult with small firms.

In the US, listed companies are not allowed to obtain other services from their auditor. This is to ensure that the auditor is independent and performs only the audit. In most jurisdictions there are no hard and fast rules, but the overall guidance on ethics relating to objectivity and independence should be adhered to.

Question 40

Safeguards

Answer 40

The code’s conceptual framework approach requires that when a threat to the fundamental principles is not at an acceptable level, safeguards must be applied to eliminate or reduce the threat to an acceptable level. The ‘test’ of what is acceptable is whether a “reasonable and well informed party would be likely to conclude that compliance with the fundamental principles is not compromised”.
They fall into two broad categories:
Those created by the profession, legislation or regulation (eg professional standards and membership requirements, including CPD)

Question 41

Examples of firm-wide safeguards

Answer 41

Quality control monitoring procedures

Disciplinary procedures to promote compliance with p

Question 42

Engagement-specific safeguards

Answer 42

Rotating senior members of the audit team

Consulting an independent third party