Course Notes

ACCA F8
Audit and Assurance
Exams from March 2017

Tutor details

SEPTEMBER 2016 RELEASE

ii Introduction AC C A F8

No part of this publication may be reproduced, stored in a retrieval system

or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior written permission
of First Intuition Ltd.

Any unauthorised reproduction or distribution in any form is strictly

prohibited as breach of copyright and may be punishable by law.

© First Intuition Ltd, 2016

AC C A F 8 Introduction iii

Contents
Page

Introduction i

1 Accounting standards v
2 Overview of the syllabus v
3 Approach to examining the syllabus v
4 Exam technique v
5 Study planner vi

1: Audit framework and regulation 1

1 The concept of audit and other assurance engagements 1

2 External audits 3
3 Corporate governance 5
4 Professional ethics and ACCA’s Code of Ethics and Conduct 9
5 Internal audit and governance and the differences between external audit and internal audit 12
6 The scope of the internal audit function, outsourcing and internal audit assignments 13

2: Planning and risk assessment 17

1 Overview diagram 17
2 Obtaining and accepting audit engagements 18
3 Objective and general principles of audit planning 20
4 Planning an audit 20
5 Understanding the entity and its environment 21
6 Assessing the risks of material misstatements 22
7 Materiality, fraud, laws and regulations 23
8 Analytical procedures 26
9 Interim and final audits 27
10 Audit documentation 27

3: Internal control 29

1 Introduction 29
2 The use of internal control systems by auditors 30
3 Transaction cycles 32
4 IT controls 36
5 Tests of control versus substantive procedures 37

4: Audit evidence 39

1 The use of assertions by auditors 39

2 Audit procedures 40
3 The audit of specific items 42
4 Audit sampling and other means of testing 51
5 Computer-Assisted Audit Techniques 52
6 The work of others 53
7 Not-for-profit organisations 55
iv Introduction AC C A F8

5: Review and reporting 57

1 Subsequent events 57
2 Going concern 59
3 Written representations 61
4 Audit finalisation and the final review 62
5 Audit reports 62
6 Application to scenarios 69
7 Reports to Management 71

Solutions to Class lecture examples 73

Chapter 5 73
AC C A F 8 Introduction v

1 Accounting standards
The accounting knowledge that is assumed for Paper F8 is the same as that examined in Paper F3.
Therefore, candidates studying for Paper F8 should refer to the Accounting Standards listed under
Paper F3.

2 Overview of the syllabus

The syllabus headings are the same as the titles of each chapter in these course notes:
(1) Audit framework and regulation
(2) Planning and risk assessment
(3) Internal control
(4) Audit evidence
(5) Review and reporting

3 Approach to examining the syllabus

The syllabus is assessed by a three-hour 15 minutes paper-based examination. All questions are
compulsory.
Section A of the exam comprises three 10-mark case-based questions. Each case has five objective test
questions worth 2 marks each.
Section B of the exam comprises one 30-mark question and two 20 mark questions.
Section B of the exam will predominantly examine one or more aspects of audit and assurance from
planning and risk assessment, internal control or audit evidence, although topics from other syllabus areas
may also be included.

4 Exam technique
The exam is 195 minutes long and totals 100 marks. Therefore, you should allocate just under 2
minutes for each mark, or 58.5 minutes for Section A in total, 39 minutes for each 20-mark question
and 58.5 minutes for the 30-mark question. Some longer questions will have subsections which should
also be broken up. How long it takes to answer each objective test question will vary depending on the
length of the question, but you should aim to complete the whole of Section A within the 58.5 minutes
allocated to it.
Every part of every question must be attempted.
As an approximate guide, in Section B every paragraph should contain 1 valid point which will earn
1 mark. You should try to keep your paragraphs to less than four lines of writing.
Leave a line between each paragraph written, giving the marker the opportunity to give you maximum
marks.
The use of columns may work well for those questions where there are two parts of the question e.g.
if the question asks for risks and controls that would mitigate those risks or audit procedures, and the
reason for carrying them out.
vi Introduction AC C A F8

5 Study planner
The chapter number refers to the chapter of these Course Notes. The time is a guide as to how long
you should spend on this subject, including question practice. Tick each session off when you have
completed it.
Try and complete each study session in order so that you learn each topic in turn. Some sessions are
longer than others, but make sure you take a break between sessions.
Read the relevant chapter of the course notes. It is essential that you try the questions from the
Question Bank where indicated. You will not pass the exam if you don’t attempt the questions. Don’t
forget, if you get stuck you can contact your tutor to ask for advice. Tick off each chapter when you
have completed it.

Attempt the course exam

The course exam will give you a feel for how well you have grasped the syllabus content, and will also
show you if you are lacking in exam technique.

Revise
Practise lots of questions from the Question Bank and read the Examiner’s Comments and Exam
Smarts, so that you can find out what the Examiner is looking for in your written answers.
You should consider booking a First Intuition revision course at this stage, to improve your exam
skills, particularly if you scored below 50% in the course exam. Our revision courses are question-
based, and will help you improve your exam technique. We also include a Mock Exam, giving you
another chance to practise under real exam conditions.
If you complete all the sessions before you have received the course exam please email your tutor to
request it or check www.firstintuition.net to download it.
AC C A F 8 Introduction vii

Tick
PER Question when
Chapter Subject First Intuition tutor guidance relevance Time (min) practice complete
1 Audit This chapter provides a PO1, PO4, 3 hours on OT’s 1-5,
framework background to the audit process. P018 the chapter 11-20
and regulation There are a number of useful and 1½ Q1 Stark
lists to learn. hours on
ACCA’s Code of Ethics and the
Conduct is important, specifically questions
identifying threats and
suggesting safeguards.
Internal audit is also a popular
exam topic.
2 Planning and This chapter covers the PO18 3 hours on OT’s 31-40
risk preliminary stages of an audit. the chapter Q3
assessment Questions on audit risk are and 4 hours Q6
always likely so do practise these on the Q8
questions as candidates often questions
Q9
find them difficult.
Other key areas are acceptance,
materiality, analytical
procedures and fraud.
3 Internal It is important to practise PO18, PO19 3 hours on OT’s 46-55
control questions on reporting the chapter Q14
deficiencies to management, and 3½ Q15
which often form part of an hours on Q17
internal controls question. questions
Q18
There is no need to learn the
“transactions cycles” off by
heart, but you do need to be
aware of the key risks and
controls at each stage of a
business’ operations.
viii Introduction AC C A F8

Tick
PER Question when
Chapter Subject First Intuition tutor guidance relevance Time (min) practice complete
4 Audit This chapter deals with P019 3 hours on OT’s 61-70
evidence substantive testing. the chapter Q20
Make sure you know at least and 3½ Q21
four audit tests for each of the hours on Q23
key items in the statement of the
Q28
financial position and make sure questions
you understand what financial
statement assertions they are
testing.
It is important to understand the
difference between a test of
control and a substantive test –
both in theory and in practice
5 Review and This chapter focuses on the PO20 3 hours on OT’s 81-90
reporting closing stages of the audit and the chapter Q30
the auditor’s report to and 3 hours
shareholders. on the
It is essential to be familiar with questions
each different type of audit
opinion and when it would be
appropriate to use them.

5.1 Practical Experience Requirements (PER) and Performance Objectives

ACCA requires students to have 36 months’ practical experience in order to become members. Part of
the practical experience requirements is achieving performance objectives that demonstrate that you
can apply what you’ve learnt when studying to real-life, work activities.
ACCA has set out 20 performance objectives in 10 areas. You are required to achieve 13 performance
objectives – all 9 Essentials performance objectives and any 4 from 15 Technical performance
objectives. ACCA has provided guidance on which objectives are strongly linked to which exam. The
relevant objectives for F8, which comprise Essentials objectives and Technical objectives:
PO1 Professionalism and ethics (relevant for all exams) (Essentials)
PO4 Governance, risk and control (Essentials)
PO18 Prepare for and plan the audit process (relevant for F8 and P7)
PO19 Collect and evaluate evidence for an audit (relevant for F8 and P7)
PO20 Review and report on the findings of an audit (relevant for F8 and P7)
You can find further guidance on Practical Experience Requirements and performance objectives at:
http://www.accaglobal.com/uk/en/student/practical-experience.html
 1

Audit framework and

regulation

1 The concept of audit and other assurance engagements

An audit is an evaluation of an organisation, system or process. Audits are performed to ascertain the
validity and reliability of information, and also provide an assessment of a system's internal control.
In the context of a company and its accounting records, the external audit is an “independent
examination and expression of opinion on the financial statements of an entity”. Many organisations
(particularly companies) are legally required to have an external audit.
The purpose of the external audit is for the auditor to obtain sufficient appropriate audit evidence on
which to base the audit opinion. This opinion states that the financial statements give a ‘true and fair
view’ of the position, performance (and cash flows) of the entity. This opinion is prepared for the
benefit of shareholders and can be seen as helping to prevent these investors from being defrauded.
There is no strict legal definition of “true and fair” but essentially it means that the financial
statements contain no significant/material errors.
“True” can be considered as stating that the information in the financial statements is factual and
complies with accounting standards.
“Fair” refers to information being clear, impartial and unbiased, reflecting the substance of
transactions, rather than the legal form.
An audit is considered necessary for all but the smallest companies because there is often a distinction
between those people that own the company – the shareholders – and those people that run the day-
to-day operations of the company – the directors.
In this sense, the directors are considered to be the “stewards” of the company – they are accountable
to the owners for the way the performance of the company.
2 1: Audit framework and regulation AC C A F8

Company

Owned by Run by

Financial
Shareholders Directors
statements

Independent examination

Opinion Auditor

1.1 Assurance engagements

Assurance engagements (of which an external audit is an example) are simply assignments where a
practitioner expresses a conclusion designed to give confidence about the outcome of a particular
subject matter.
The five elements of an assurance engagement are:
(a) A three-party relationship:
(i) A practitioner (i.e. an accountant) who is the professional who will review the subject
matter and provide the assurance
(ii) A responsible party, which is the organisation responsible for preparing the subject
matter to be reviewed
(iii) Intended user, who is the person who requires the assurance report.
(b) An appropriate subject matter. The subject matter is the data that the responsible party has
prepared and which requires verification (e.g. financial statements).
(c) Suitable criteria. The subject matter is compared to the criteria in order for it to be assessed and
an opinion provided (e.g. accounting standards).
(d) Sufficient appropriate evidence has to be obtained by the practitioner in order to give the
required level of assurance.
(e) A written assurance report given by the practitioner to the intended user and the responsible
party.
Examples include the review of the financial statements of a company in a potential takeover bid or
the review of whether internal controls are effective by COSO (Committee of Sponsoring Organisations
of the Treadway Commission) criteria.

1.2 Explain the level of assurance provided by audit and other review
assignments
There are two levels of assurance that an assurance engagement can provide, depending on the
amount of work performed.

1.2.1 Limited level of assurance

This is assurance presented in a negative way, whereby the auditors state that “nothing has come to
their attention” that causes them to believe that the subject matter is not free from material
misstatement. This level of assurance is commonly used for forecasts (e.g. a cash flow forecast), where
the auditor cannot “vouch” the accuracy of the data because the data cannot be tested against actual
known figures.
AC C A F 8 1: Audit framework and regulation 3

1.2.2 Reasonable level of assurance

This is a positive opinion, stating that the subject matter conforms in all material respects with the
identified criteria. A good example of this is the statutory audit, stating that the financial statements
“give a true and fair view” of the company’s affairs.

1.2.3 Absolute assurance

Absolute assurance would be the certification that something is absolutely correct. This level of
assurance cannot be given on an assurance engagement, due to the inherent limitations of the
engagement (see paragraph 2.3).

2 External audits
2.1 Describe the regulatory environment within which external audits take
place
External audits are audits carried out by auditors who are independent of the entity being audited.
Most companies (except small or dormant companies) are required to have an external audit by law,
in which case, they are usually referred to as “statutory audits”. Some companies may choose to have
an external audit, even if one is not legally required.
Statutory audits have to be carried out in accordance with the legal requirements of the country in
which they are taking place.

2.2 Appointment, rights, removal and resignation of auditors

2.2.1 Appointment
Auditors are appointed by the shareholders of the company in general meeting. In practice, the
shareholders will confirm the recommendation of the directors of the company.
Before an auditor can accept a new audit appointment, he should:
 Check to ensure that the audit firm is independent of the client (see the “threats” to auditor
independence later in this chapter)
 Check to make sure the firm has the necessary resources (e.g. staff numbers, time and
expertise) to be considered competent
 Assess the risk attached to the new client – by looking at the nature of its industry, assessing
the integrity of the key staff and conducting a credit search
 Ensure there are no conflicts of interest – e.g. if the audit firm already has clients in the same
industry sector
Once satisfied with the above, the auditor should then:
 Ask client for permission to contact the outgoing auditor
 If the client denies this permission, the audit must be rejected
 Contact the outgoing auditor, asking if there are any “relevant matters” e.g. has the client paid
promptly, acted with integrity (if not, the auditor should consider whether these cause an
ethical barrier to accepting the appointment)
 The outgoing auditor should contact the client to request permission to reply to the incoming
auditor’s requests
 If this permission is denied, the new auditor should be informed of this denial
Once all of the formalities above have been completed, the incoming auditor should send a letter of
engagement to the client, setting out the key terms of the contract to perform the audit.
4 1: Audit framework and regulation AC C A F8

2.2.2 Rights
Once appointed, the auditor has the following rights:
 Access to the company’s books, accounts and vouchers.
 To receive all information or explanations that they think necessary for the performance of their
duties as auditors.
 To receive all communications relating to written resolutions.
 To receive all notices of, and other communications relating to, any general meeting which a
member of the company is entitled to receive.
 To attend any general meeting of the company and to be heard at any general meeting which
an auditor attends on any part of the business of the meeting which concerns them as auditor.
 Other rights relating to removal and resignation (see paragraphs 2.2.3 and 2.2.4)

2.2.3 Removal
The auditor can only be removed by shareholders at a General Meeting with a majority vote. Again,
the shareholders will be led by the directors in their decision making
When the Directors write to the shareholders to communicate the holding of the meeting, they must
also inform the auditor. The auditor has the right to attend the meeting and speak.
The auditor must produce a “statement of circumstances” (see below). If there are no circumstances
that need to be brought to the attention of the shareholders, then a statement of no circumstances is
required. If they have been removed before the end of their term of office, they must notify ACCA.

2.2.4 Resignation
An auditor can resign, at any time, in writing. If they wish, they can also request that the company calls
an Extraordinary General Meeting (EGM). As with removal, the auditor can attend and speak at this
meeting.
In all cases where an auditor ceases to audit a particular company, it must submit a “statement of
circumstances” to the company, explaining any issues involved in the auditor ceasing to audit the
company.
This statement must be submitted, even if it says there are no circumstances that need to be reported.
Again, if the auditors have resigned before the end of their term of office, they must notify ACCA.

2.3 Describe the limitations of external audits

Auditors rely heavily on the integrity of client management to provide the necessary information,
allow access to records etc. If management are unscrupulous and wish to hide facts from the auditor,
it may be fairly easy to do so.
The nature of financial reporting is such that it involves management judgement and subjective
decisions, which it is not possible to conclude absolutely are correct and which may be affected by
management bias.
Auditors only spend a limited amount of time at the client’s premises, testing only a sample of items
due to the fact that there is a cost/benefit element to auditing. It is not possible to address all
information that may exist or to pursue every matter exhaustively on the assumption that information
is in error or fraudulent until proved otherwise
Auditors plan their work to detect material errors and frauds only – so minor errors and frauds may
not be detected.
AC C A F 8 1: Audit framework and regulation 5

2.4 Explain the development and status of International Standards on

Auditing
The International Federation of Accountants (IFAC) is the worldwide organisation for the accountancy
profession. For the purposes of this exam, the most important part of IFAC is the IAASB – International
Audit and Assurance Standards Board.
The IAASB issues a variety of pronouncements, the most important of which are International
Standards on Auditing (ISAs) which aim to promote best practice in auditing. ISAs are designed to be
applied in the audit of financial statements (and may be applied to the audit of other historical
financial information).
The ISAs contain basic principles and essential procedures together with related guidance in the form
of explanatory material and appendices.
An auditor should follow the ISAs wherever possible. However, in some situations an auditor may
consider it necessary to depart from the ISA so that the objectives of the audit can be achieved more
efficiently. In this situation, the auditor may depart from the ISA, but they must be prepared to justify
the departure.

2.5 Explain the relationship between International Standards on Auditing

and national standards
While ISAs are designed to be implemented worldwide, they do not have legal status and so conflict
may arise between the ISA and local audit requirements.
For example, one country may have a local audit requirement for an engagement letter to be sent to
clients every five years whereas ISA 210 Terms of audit engagements recommends that the auditor
considers annually whether a letter is needed on a recurring audit.
ISAs are not designed to overrule the specific requirements of an individual country. So if there is a
conflict, the specific country regulation should be followed. However, the IAASB normally recommends
that changes are made in that country so the ISA can be followed.
Many countries have ‘adopted’ these ISAs as their national standards rather than amending their
original standards to bring them in line with ISAs. If ISAs are adopted as national standards, as has
been the case in the UK, statutory audits must be based on these ISAs. If not, they still represent best
practice in auditing, and auditors would generally follow them unless they conflict with national
standards.

3 Corporate governance
3.1 Corporate governance
KEY TERM
Corporate governance: refers to the way in which companies are organised and controlled.

A strong system of corporate governance gives credibility to a company’s financial statements,

demonstrating the company’s commitment to its internal control systems.
It is worth distinguishing between “executive” and “non-executive” directors at this point:
 Executive directors – are involved in the day-to-day running of the company. They are usually
full-time employees and paid a salary.
6 1: Audit framework and regulation AC C A F8

 Non-executive directors (NEDs) are independent, part-time directors who scrutinise the
company’s affairs. They generally only attend Board meetings and the meeting of any
committees to which they belong. As this is more of a part-time role, NEDs are usually paid a
fee, depending on their experience and time commitment to the company.
NEDs should, as far as possible be ‘independent’ of the company (i.e. not former employees) so that
they can be more objective.
Many countries have issued their own codes of corporate governance. In the UK, the “UK Corporate
Governance Code” is the model used by listed companies.
The UK Corporate Governance Code is comply or explain, with listed companies having to disclose if
they have not followed the Code.

3.2 The UK Corporate Governance Code key recommendations

3.2.1 Leadership
Every company should be headed by an effective board, which is collectively responsible for the long-
term success of the company.
There should be clear division of responsibilities at the head of the company between the person
running the board (Chairman) and the person running the company’s business (Chief Executive
Officer).
There should be a balance of Executive Directors (EDs) and Non-Executive Directors (NEDs). Ideally, at
least half of the Board should be NEDs.
Appointment procedures for directors should be transparent so that the suitability of directors for
board positions can be clearly seen. A “Nominations Committee” comprising NEDs ensures there is no
bias in board appointments. New directors should be appointed using a formal, rigorous and
transparent procedure. Appointments to the board should be made on merit and against objective
criteria. Directors of FTSE 350 companies must submit themselves for re-election annually; other
directors should be reappointed every three years.

3.2.2 Effectiveness
The board and its committees should have the appropriate balance of skills, experience,
independence and knowledge of the company to enable them to discharge their respective duties and
responsibilities effectively.
All directors should be able to allocate sufficient time to the company to discharge their
responsibilities effectively.
The board should be supplied in a timely manner with information in a form and of a quality
appropriate to enable it to discharge its duties.
All directors should receive induction on joining the board and should regularly update and refresh
their skills and knowledge.
The board should undertake a formal and rigorous annual evaluation of its own performance and that
of its committees and individual directors.
All directors should be submitted for re-election regularly and at least once every three years.

3.2.3 Accountability
The board should present a balanced and understandable assessment of the company’s position and
prospects.
The board is responsible for determining the nature and extent of the significant risks it is willing to
take in achieving its strategic objectives.
AC C A F 8 1: Audit framework and regulation 7

The board should establish formal and transparent arrangements for considering how they should apply
the corporate reporting and risk management and internal control principles and for maintaining an
appropriate relationship with the company’s auditor. This should be done using an Audit Committee.
The Audit Committee should also appoint the auditors and set their remuneration.

3.2.4 Directors’ remuneration

There should be a formal and transparent procedure for developing policy on executive remuneration
and for fixing the remuneration packages of individual directors. No director should be involved in
deciding his or her own remuneration.
A Remuneration Committee comprising NEDs should set remuneration levels for the board, so as to
be sufficient to “attract and retain” good quality directors. Remuneration should also be linked to
performance, to encourage a high standard of work.

3.2.5 Relations with shareholders

There should be a dialogue with shareholders based on a common understanding of objectives.
The board should use the AGM to communicate with investors and to encourage their participation.

3.3 Audit committees and their drawbacks and limitations

An audit committee is a subset of the main Board of Directors and should be made up of at least 3
NEDs. The primary role of the audit committee is to act as the “bridge” between the internal and
external auditors and the main Board. Their responsibilities will include:
Internal audit aspects
 Reviewing systems of internal controls
 Agreeing agenda of work for the internal audit department
 Reviewing the results of internal audit work
External audit aspects
 Reviewing accounting policies and financial statements as a whole to ensure that they are
appropriate
 Reviewing the independence and competence of the external audit firm
 Liaising with the external auditor if there are any queries/concerns
The idea is that the audit committee is more “independent” of the company than the Board and can
therefore be more objective.

3.4 Advantages of an audit committee

 As it is made up of non-execs performing a part-time role, they have more time than the
executive directors to review key documents such as the audit report.
 Increased public confidence in the credibility and objectivity of published financial information.
 Shareholders may view the committee as a form of “internal control”, leading to a stronger
control environment.
 Financial reporting – the audit committee can assist the board by checking the financial
statements to ensure that they comply with appropriate accounting standards. Ideally, one of
the members should have “financial expertise”.
 The audit committee could have a variety of business backgrounds, bringing valuable skills,
knowledge and expertise to the company.
 May be easier and cheaper to raise finance if there is a perception of good corporate
governance created by the presence of an audit committee.
8 1: Audit framework and regulation AC C A F8

3.5 The limitations of an audit committee

 Finding suitable candidates – it is not easy to find independent non-executives with relevant
knowledge of corporate governance and the company itself.
 Diminished importance of the board ─ the board may see the NEDs as having too much power
and effectively “running our company”.
 Slower decision-making by the company ─ by adding another layer to the decision-making process.
 Cost – The audit committee will increase the expenditure of the company as the NEDs will
obviously require remuneration for their time and expertise.

3.6 Internal control and risk management

The directors are responsible for the internal control system of a company. Part of an entity’s system
of internal control should include the assessment of its key business risks. These risks can be split into
the headings:
 Financial risks – those risks that would affect the entity’s cash flow such as movement in
interest rates or exchange rates.
 Compliance risks – those risks relating to laws and regulations e.g. health and safety rules.
 Operational risks – those risks relating to the day-to-day operations of the business e.g. loss of
key staff, inventory management.
It is important for the entity to demonstrate its policies and procedures with respect to the
acknowledgement and management of these risks.

3.7 Discuss the need for auditors to communicate with those charged with
governance
Per ISA 260 Communication with Those Charged with Governance, the auditor should communicate
audit matters of governance interest arising from the audit of financial statements with those charged
with governance of an entity.
“Those charged with governance” means “the person(s) with responsibility for overseeing the:
 Strategic direction of the entity
 Obligations relating to the accountability of the entity, including overseeing the financial
reporting process.
This implies that the communication should be with the highest level of management, including the
executive and non-executive directors, and the audit committee, where relevant.

Matters to be communicated:
Auditors must communicate the fact that they are responsible for forming and expressing an opinion
on the financial statements. The following must also be communicated:
 Planned scope and timing of the audit
 Significant findings from the audit, including:
– Changes in accounting policies
– The potential effect on the financial statements of any material risks and exposures, such
as pending litigation, that are required to be disclosed in the financial statements.
– Audit adjustments, whether or not recorded by the entity that have, or could have, a
material effect on the entity’s financial statements.
AC C A F 8 1: Audit framework and regulation 9

– Material uncertainties that may cast significant doubt on the entity’s ability to continue
as a going concern.
– Disagreements with management about matters that, individually or in aggregate, could
be significant to the entity’s financial statements or the auditor’s report.
– Expected modifications to the auditor’s report (see Chapter 5).
– Material weaknesses in internal control and recommendations for improvement.

4 Professional ethics and ACCA’s Code of Ethics and Conduct

4.1 The fundamental principles
The ACCA’s Code of Ethics and Conduct outlines five principles of ethical behaviour:

Integrity
A professional accountant should be honest and straightforward in performing professional services.

Objectivity
A professional accountant should be fair and not allow personal bias, conflict of interest or influence of
others to override objectivity.

Professional competence and due care

When performing professional services, a professional accountant should show competence and duty
of care by keeping up-to-date with developments in practice, legislation and techniques.

Confidentiality
A professional accountant should respect the confidentiality of information acquired during the course
of providing professional services and should not use or disclose such information without obtaining
client permission.
However, there are certain circumstances where the auditor has a responsibility to disclose client
information without needing the client’s permission:
 Obligatory responsibility – where the auditor suspects that his client has committed money-
laundering, drug-trafficking or terrorist offences, he is obliged to disclose this information to a
relevant authority. Also, the auditor must make disclosure if compelled by a court order or
summons.
 Voluntary disclosure – an auditor may decide to disclose information if he feels it is in the public
interest e.g. if the management are involved in fraud. They may also disclose information to
defend themselves against a claim of negligence or if suing for unpaid fees.

Professional behaviour
A professional accountant should act in a manner consistent with the good reputation of the
profession and refrain from any conduct which might bring discredit to the profession.

4.2 Define and apply the conceptual framework

The ACCA give guidance as to how the above principles can be applied in a “conceptual framework”.
A conceptual framework requires members to identify, evaluate and address threats to
independence, and consequently it is not sufficient for members to merely comply with the examples
of circumstances set out in the Code of Ethics and Conduct. Rather, members must ensure that, in the
particular circumstances under consideration, the Fundamental Principles have been observed.
10 1: Audit framework and regulation AC C A F8

Auditors are required to assess their independence in relation to clients prior to accepting
engagement (which we look at in more detail in Chapter 2, although the ethical considerations
discussed here will be relevant) and on an ongoing basis, that is, throughout the course of the audit
relationship.
The five categories of threat to an auditor’s independence are as follows.

Self-interest threat
This occurs when the audit firm or a member of the audit team has some financial or other interest in
a client.
Examples include:
 Undue dependence on the fees generated by the client. Where an audit client is a public
interest entity and the total fees from the client represent more than 15% of the total fees
received by the firm for two consecutive years, the firm must:
– Disclose this to those charged with governance
– Obtain an external quality control review either before or after issuing the audit opinion
on the second year’s financial statements.
– Seek other clients to reduce the dependence on this client
– Consider resigning from the audit if the threat to independence is too great to be
mitigated by other safeguards.
Other examples of self-interest threat include:
 Owning shares in a client (audit partners are specifically prohibited from holding shares in their
clients).
 A loan to or from a client or any of its directors or officers.
 Overdue fees from previous years’ work (akin to a loan) – the auditor should not start this
year’s audit until all previous fees have been paid.
 Contingent fees – where some or all of the audit fee is dependent on, say, the client’s profit for
the year. This is not permitted for audit work.
 Business relationships between the firm and the client e.g. joint ventures

Self-review threat
This occurs when the auditor has to re-evaluate work they have previously performed.
Examples:
 A member of the audit team was recently employed by the client and is therefore reviewing his
own work.
 The preparation of financial statements of an audit client. This is not allowed for listed audit
clients but may be allowed for unlisted audit clients.
 The calculation of the tax figure for inclusion in the financial statements of an audit client.
 The provision of internal audit services.
AC C A F 8 1: Audit framework and regulation 11

Advocacy threat
This occurs when an auditor represents their client, promoting a position or opinion to the point that
subsequent objectivity may be compromised.
Examples:
 Acting as an advocate on behalf of a client in litigation or a dispute
 Promoting a stock exchange listing

Familiarity threat
This occurs when members become too sympathetic to the interests of their client
Examples include:
 Having a family/personal relationship with a director of the client.
 Acceptance of gifts/hospitality from the client unless “modest” in value (also self-interest)
 Long association with a client. For listed companies, a key safeguard is that engagement
partners should be rotated at least every seven years to maintain their independence. If the
company is being listed, the partner should only continue for seven years less the time already
served as partner. If the partner has already served six or more years, the permitted service is a
maximum of another two years.
 Staff from the audit firm joining the client (also self-interest and intimidation)

Intimidation threat
This may occur when members are deterred from acting objectively by threats, actual or perceived.
e.g. threat of dismissal or threat of litigation or by having unreasonable time restraints placed on the
audit.

4.2.1 Safeguards
Clearly, if these threats exist, the auditor may be less likely to challenge accounting policies or
disclosures proposed by the client, for fear of upsetting them or losing the audit.
Simple strategies could be adopted by the auditor so that the client could be kept:
 If there is a familiarity or self-review threat, use different staff on the audit and any other
services provided
 Rotation of engagement partners and senior staff every 7 years to ensure independence
 Use a second partner to review the completed audit file before it is signed off (a “hot” review)
 Decline the offer (e.g. for hospitality)

4.3 Conflicts of interest

When faced with a conflict of interest, an accountant will face similar issues to those outlined in the
“threats to independence” section above.
There are two possible sources of conflict:
 The accountant performs a service in competition with a client. For example, First Intuition’s
auditors start offering bookkeeping courses. The only safeguard here is to notify the client of
the conflict of interest.
 The accountant might have a client in a particular industry. They might then be approached by
that client’s biggest competitor to do their audit. This would give the auditors access to
commercially sensitive information for both clients.
12 1: Audit framework and regulation AC C A F8

In this second instance, the auditor can safeguard his position by:
 Notifying both clients of the approach by the competitor and obtain the consent of both
 Advising both clients to seek additional independent advice
 Using separate engagement teams
 Using confidentiality agreements signed by employees and partners of the firm

5 Internal audit and governance and the differences between external

audit and internal audit
The role of internal audit is wide-ranging, but often focuses on the accounting and internal control
systems of a company, in a bid to improve the management of that company and to help the company
achieve its corporate objectives.
For example, the work of the internal auditors may lead to a reduction in inefficiencies and errors and
a reduction in costs.
The internal audit function is normally performed by employees of the entity. Therefore, to
demonstrate their “independence”, they usually present their reports directly to the audit committee.
This function could alternatively be outsourced to an external company (see later).
Ideally, the internal audit function should be staffed with qualified, experienced staff, whose
appointment and remuneration is controlled by an audit committee, staffed by non-executive
directors.

5.1 Discuss the factors to be taken into account when assessing the need
for internal audit
Although not required by law, the internal audit function demonstrates management’s commitment to
good internal controls and is part of the control environment.
The decision as to whether to employ an internal audit function will be influenced by:
 The size and complexity of the company
 The scale and diversity of activities
 Cost / benefit considerations
 The desire of management to have assurance and advice on risks and controls

5.2 Discuss the elements of best practice in the structure and operations of
internal audit with reference to appropriate international codes of
corporate governance
The UK Corporate Governance Code does not require companies to have an internal audit
department. However, where the company does not have an internal audit department, the Code
requires the audit committee to consider annually whether one is needed make a recommendation to
the board. It also requires the company to disclose its reasons for not having an internal audit
department in its annual report.
If a company has an internal audit department, as noted above, the audit committee is responsible for
monitoring and reviewing internal audit activities.
Internal auditors are not subject to the same qualification requirements as external auditors. However,
they may be ACCA qualified, or members of other relevant professional bodies, such as the Institute of
Internal Auditors (IIA).
AC C A F 8 1: Audit framework and regulation 13

5.3 Compare and contrast the role of external and internal audit
External auditor Internal auditor
Objectives
To form an opinion on whether a set of accounts To improve a company’s operations, in terms of
are “true and fair” efficiency and effectiveness of their internal controls
Standards
Must follow International Standards on Auditing (ISAs) Can choose to use the guidelines of the Institute of
Internal Auditors (IIA).
Report to
Shareholders via the audit report Board of Directors or audit committee
Status
Independent “Independent” but generally an employee of
company (although function can be outsourced)
Qualification
Qualified Accountant and a member of a No formal qualifications required (but many are
Recognised Supervisory Body qualified accountants or members of the IIA).

6 The scope of the internal audit function, outsourcing and internal

audit assignments
Internal audit staff can be asked to carry out a variety of tasks, including:
 Reviewing the internal controls of the business
 Reviewing the accounting systems of the business
 Reviewing the key risk areas of the business, including fraud
 Preparing schedules for the external auditors

6.1 Limitations of an internal audit function

One of the biggest problems faced by internal auditors is that one of their key duties is to form an
objective, “independent” opinion on company matters, despite the fact that they are employees.
Another possible problem occurs when there are insufficient resources to form an effective IA
function.
If internal auditors identify errors or fraud, they may be unwilling to disclose it to the Board of
Directors for fear of possible repercussions (e.g. a fellow employee losing their job).
To mitigate some of these problems, IA normally report their findings to the audit committee, who
themselves take a more objective view of the company than the executive directors may.

6.2 Outsourcing
Outsourcing is the contracting-out of a business process to a third party. Outsourcing internal audit
can overcome some of the limitations caused by insufficient resources outlined above.
14 1: Audit framework and regulation AC C A F8

6.3 Explain the advantages and disadvantages of outsourcing the internal

audit department
Advantages Disadvantages
More “independent” since they will not be Lack of client-specific knowledge
employees
External accountants are likely to have a pool of Loss of internal audit as a training ground for new
qualified accountants available, many with industry managers of the business
experience
Using experienced auditors should increase the Possible loss of control over how and when the work
reliability of their findings is performed

Should be cheaper than having a full-time presence Possible self-review threat if the external auditors
– no need to recruit staff for the IA department, no are being used
“down time” for underutilised staff and less training
costs
Quicker set up time Potential confidentiality issues

The first disadvantage listed above could be reduced by using the same firm of accountants who
perform the external audit work to do the internal audit work as well, as long as separate audit teams
were maintained.

6.4 Discuss the nature and purpose of internal audit assignments

6.4.1 Value For Money (VFM)
A value for money audit is concerned with obtaining the best possible combination of services for the
least resources. It is therefore the pursuit of ‘Economy’, ‘Efficiency’ and ‘Effectiveness’ – sometimes
referred to as the three ‘Es’:
 Economy relates to least cost. The systems in an organisation should operate at a minimum
cost associated with an acceptable level of risk.
 Efficiency relates to the best use of resources. The goals and objectives of an organisation
should be accomplished accurately and on a timely basis with the least use of resources.
 Effectiveness provides assurance that organisational objectives will be achieved.

6.4.2 IT
An IT audit would ensure that the organisation is controlling the key risks surrounding its hardware,
software, internet, and the overall IT environment.

6.4.3 Financial
This is the most traditional part of internal audit work, involving the review of the management
accounts and the systems that produce those accounts to ensure the business is meeting its financial
targets.
It is this area of work that external auditors are most likely to want to rely on in order to reduce their
own work. Some of this work would be similar to that of the external auditor e.g. analytical review and
detailed substantive testing.
AC C A F 8 1: Audit framework and regulation 15

6.4.4 Regulatory compliance

A regulatory compliance audit would ensure that the organisation is meeting the key legal
requirements that it needs to, or specific legal requirements relating to the industry (for example, food
hygiene laws in the food industry).

6.4.5 Fraud investigations

Internal audit are employed to review the internal controls of a company so they could be asked to
review the company’s systems to ensure a fraud is not taking place. Internal audit testing is likely to
use lower materiality levels than external audit so would be more likely to detect smaller frauds.
The internal audit team might also be asked to investigate suspected fraud at an entity.

6.4.6 Customer experience

A customer experience audit helps the company to see itself from its customers’ point of view and
hence ensure that it is meeting customer needs and promoting itself as a company that third parties
want to trade with. It might include obtaining customer feedback and analysing it.

6.5 Discuss the nature and purpose of operational internal audit

assignments
An “operational” IA assignment simply reviews the operations of a business, and so gives management
assurance on the effectiveness of operations. An example is a procurement audit, see below.

6.5.1 Procurement audit

Procurement (or “purchasing”) involves obtaining goods and services from outside suppliers at the
right price.
The key risks for the business include making fraudulent payments made to non-existent suppliers,
making inaccurate or late payments and not getting the best price from suppliers. As there are risks of
the company losing money associated with procurement, it is likely to be an area that companies
would want internal audit to focus on.

6.6 Describe the format and content of audit review reports and make
appropriate recommendations to management and those charged with
governance
The internal audit department can produce a similar report to the report to management of external
auditors discussed in Chapter 3.
The format will depend on the task being performed but the main elements common to most reports
are:
 Addressee – normally the audit committee or Board of Directors
 Terms of reference – summarising who requested the report and what the purpose of the
report is
 Executive Summary – a summary of the key findings
Detailed report – including the weaknesses found and recommendations made, together with a
schedule of follow-up procedures.
16 1: Audit framework and regulation AC C A F8
 17

Planning and risk assessment

1 Overview diagram
At this stage of the course, it is useful to put the chapters in the notes in the context of the whole audit
process.
Chapter 2: Obtaining and accepting audit engagements

Chapter 2: Planning and Risk Assessment

Chapter 3: Internal Controls. The auditor tests the

client’s controls to determine how effective they are.
This will impact the level of substantive testing
performed after the year end

Year end

Chapter 4: Audit Evidence. The substantive testing of

the financial statements

Chapter 5: Review. Subsequent events, going concern

and written representations

Chapter 5 (cont): Reporting. Auditor’s reports and

reports to management
18 2: Planning and risk assessment AC C A F8

2 Obtaining and accepting audit engagements

2.1 Discuss the requirements of professional ethics in relation to the
acceptance/continuance of audit engagements
ISA 210 Agreeing the Terms of Audit Engagements provides guidance to auditors on the steps they
should take in accepting a new audit or continuing on an existing audit engagement.
It sets out a number of processes that the auditor should perform including agreeing whether the
“preconditions” are present, agreement of audit terms in an engagement letter, recurring audits and
changes in engagement terms.

2.2 Preconditions of an audit

Specific procedures required to establish whether the preconditions for an audit are present include:
(a) Determining whether the financial reporting framework to be applied in the preparation of the
financial statements is acceptable.
(b) Obtaining the agreement of management that it acknowledges and understands its
responsibility for the preparation of the financial statements, for internal controls sufficient to
ensure the financial statements are free from material misstatement, and to provide the auditor
with access to all information and personnel required for the audit.
If the preconditions for an audit are not present, the auditor shall discuss the matter with
management. If he considers that the matter is significant, he could choose to reject the proposed
audit engagement.

2.3 Justify the importance of engagement letters and their contents

ISA 210 Agreeing the Terms of Audit Engagements explains that an engagement letter provides a
written agreement between the auditor and the client.
The letter should be sent before the audit starts and may be updated regularly for changes in laws,
regulations and standards. Some audit firms send a new letter every year while others simply “roll
forward” the letter from one year to the next.
The letter therefore minimises the possibility of misunderstandings between the two parties.
The engagement letter typically contains clauses on:
 The objective and scope of the audit of financial statements
 Management’s responsibility for the financial statements and for maintaining effective internal
control
 Auditor’s responsibilities
 Provision of access to whatever records, documentation and other information requested in
connection with the audit.
 Arrangements for planning the audit
 Agreement of management to provide a letter of representation
 Description of any other letters or reports the auditor expects to issue to the client
 Basis on which fees are computed and any billing arrangements
AC C A F 8 2: Planning and risk assessment 19

2.4 Explain the quality control procedures that should be in place over
engagement performance, monitoring quality and compliance with ethical
requirements
ISA 220 Quality control for an audit of financial statements gives guidance on the quality control
procedures that should be exercised within an audit firm. Audit engagement partners should ensure
that audit work is planned, directed, supervised and reviewed in a manner that provides reasonable
assurance that the work has been performed in a competent manner.

Direction
The engagement team should be directed by the engagement partner. Procedures such as an
engagement planning meeting should be undertaken to ensure that the team understands:
 Their responsibilities;
 The objectives of the work they are to perform;
 The nature of the client’s business and any significant issues for the year;
 How to deal with any problems that may arise; and
 The detailed approach to the performance of the audit.
The planning meeting should be led by the partner and should include all people involved with the
audit. The partner should ensure that appropriate staff, with the right qualifications and experience,
are selected.

Supervision
Supervision should be continuous during the engagement. Any problems that arise during the audit
should be rectified as soon as possible.
Attention should be focused on ensuring that members of the audit team are carrying out their work
in accordance with the planned approach to the engagement. Significant matters should be brought to
the attention of senior members of the audit team. Documentation should be made of key decisions
made during the audit engagement.

Review
All audit work should be reviewed by a more senior audit staff member. The reviewer should consider
whether:
 The work has been carried out in accordance with the firm’s procedures and auditing standards.
 The work is sufficiently documented to allow the conclusions drawn.
 Significant audit matters have been raised for further consideration.
 The objectives of the audit procedures have been achieved.
 The conclusions are consistent with all the work performed.
The engagement partner should carry out an overall review of the working papers. He should
examine all key areas of judgement and all audit evidence relating to high risk areas.
Overall, the engagement partner’s review should be sufficient for him to be satisfied that the working
papers contain sufficient appropriate evidence to support the conclusions reached and for the
auditors’ report to be issued.
The review must be finished before the audit report is signed (a “hot review”), since it is part of the
decision-making process to confirm that the firm has done sufficient work to sign the report.
The firm should require an engagement quality control review for all audits of financial statements of
listed entities. The audit engagement partner shall then discuss significant matters arising during the
audit engagement with the engagement quality control reviewer.
20 2: Planning and risk assessment AC C A F8

The audit firm should have an ongoing consideration and evaluation of the firm’s system of quality
control, including a periodic inspection of a selection of completed engagements (“cold review”).
The firm should entrust this responsibility to a senior partner.
Consultation
The engagement partner should arrange consultation on difficult or contentious matters. This is a
procedure whereby the matter is discussed with a professional outside the engagement team, and
sometimes outside the audit firm.
These consultations must be documented to show the issue on which the consultation was sought and
the results of the consultation.

3 Objective and general principles of audit planning

According to ISA 300 Planning an Audit of Financial Statements the auditor should plan the audit work
so that the audit will be performed in an effective manner.
Planning an audit involves establishing the overall audit strategy for the engagement and developing
an audit plan, in order to reduce audit risk to an acceptably low level.
In modern-day auditing, auditors tend to follow a risk-based approach, tailoring their work around the
particular circumstances surrounding the client. This approach should help auditors to:
 Identify the main risk areas early on in the planning stage
 Base the audit plan around those risks
 Carry out an efficient audit that minimises audit risk and detection risk
 Reduce the chance of a negligence claim against the auditor

4 Planning an audit
The nature and extent of planning activities will vary according to the size and complexity of the entity,
the engagement team’s previous experience with the entity, and changes in circumstances that occur
during the audit engagement.
Benefits of planning the audit of financial statements include:
 Helping the auditor to devote appropriate attention to important areas of the audit.
 Helping the auditor identify and resolve potential problems on a timely basis.
 Assisting in the selection of engagement team members with appropriate levels of skills and
competence to respond to anticipated risks, and the proper assignment of work to them.
 Directing and supervising engagement team members and reviewing their work.
 Assisting, where applicable, in the coordination of work done by other auditors and experts.
 To develop an audit strategy i.e. a general approach for the nature, timing and extent of the
audit work. This strategy will be dictated by a number of factors, including:
– The size of the client
– The auditor’s familiarity/history with the client
– The complexity of the audit
– Any specific reporting requirements such as tight deadlines
At the end of the planning process, the auditor will prepare an audit plan (or “audit planning
memorandum” or “audit strategy document”). This is a summary document given to all members of
AC C A F 8 2: Planning and risk assessment 21

the audit team prior to the commencement of the audit to help familiarise themselves with the
company.
This plan will contain information such as:
 Background information about the client, including their various locations
 Significant changes in personnel or practises since last year’s audit
 Organisation chart, identifying the key managers and employees in the company
 Important laws and regulations affecting the company
 Client’s trial balance (or draft financial statements)
 Industry data on competitors
 Preliminary Analytical Review
 Key audit risks
 Calculation of materiality
 Audit staffing, timing and deadlines
 Audit budget (i.e. cost based on hours to be worked by each member of the audit team x the
rates at which their work is charged to the client (the “charge-out rate”))
 Fees
One of the key objectives of the audit plan is the efficient conduct of the audit. This will include
determining whether the most appropriate way to conduct the audit is via tests of control (Chapter 3)
or substantive testing (Chapter 4).

5 Understanding the entity and its environment

According to ISA 315 Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity, the auditor is required to identify and assess the risks of material
misstatement through understanding the entity and its environment, thereby providing a basis for
designing and implementing responses to the assessed risks of material misstatement.
Assuming the client has not previously used the audit firm before, a new set of auditors can gain an
initial understanding of a client by:
 Obtaining the latest set of financial statements and performing an analytical review of those
statements
 Requesting a meeting with the management and internal audit team of the client to discuss key
factors relevant to the audit
 Searching the internet for articles and reports on the client
 Requesting permission to meet with the current auditors and/or to review their audit files
Matters to consider when obtaining an understanding of an entity include:
 Industry, regulatory and other external factors e.g. market, competition, financial reporting
framework, general economic conditions
 Nature of the entity e.g. revenue streams, locations, key customers and suppliers
 Selection and application of accounting policies e.g. new accounting standards, changes in
accounting policies
 Objectives, strategies and related business risks e.g. new products, expansion, use of IT
22 2: Planning and risk assessment AC C A F8

 Measurement and review of the entity’s financial performance e.g. management KPIs
 Internal control (Chapter 3)
A thorough risk assessment is needed to help the auditor fully understand the client, which is vital for
an effective audit.
Any unusual items or risks would be identified early so that they could be addressed in a timely
manner and incorporated within audit programmes. This will allow higher risk areas to be audited by
more experienced staff.
Ultimately, the auditor needs to perform a risk analysis to reduce the risk of an inappropriate audit
opinion being given.
It will also help the auditor assess whether the client is a going concern or not.

6 Assessing the risks of material misstatements

6.1 Audit risk

KEY TERM
Audit risk is the risk of the auditor giving an incorrect opinion on the financial statements
being audited; for example, failing to modify the audit opinion when the financial
statements contain a material misstatement.

Audit risk has three individual components:

Audit Risk = Inherent Risk × Control Risk × Detection Risk

These two components give a risk of

a material misstatement in the
financial statements. These risks also
lie outside the control of the auditor.

6.2 Inherent risk

KEY TERM
Inherent risk. This is the risk that an account balance or disclosure is susceptible to a
material misstatement, either individually or when aggregated with other misstatements. It
arises due to the nature of the business or the external pressures placed on the business.

It is essentially the risk that the numbers in the financial statements are materially misstated. Inherent
risk could be greater if:
 The company is a cash-based business, where the risk of theft is greater
 The company was anticipating a stock exchange listing, where the chance of manipulation is greater
 The company has complex accounting transactions, where the risk of error is greater
AC C A F 8 2: Planning and risk assessment 23

6.3 Control risk

KEY TERM
Control risk. This is the risk that the internal control system will fail to prevent or detect a
material misstatement.

The auditor’s preliminary assessment of controls will help determine control risk.
For example, control risk would be higher if a company had recently installed a new computer system
or if it had high staff turnover.

6.4 Detection risk

KEY TERM
Detection risk. This is the risk that the auditor’s procedures will fail to detect a material
misstatement.

Detection risk is the only risk that can be directly controlled by the auditor.
Detection risk comprises “sampling risk” and “non-sampling risk”. Sampling risk is the risk that the
samples chosen are unrepresentative of the populations from which they are drawn. i.e. if 5% of the
population of items contains a certain error, then 5% of a representative sample should too. This risk
can be reduced simply by selecting larger sample sizes.
Non-sampling risk arises from any factor that causes an auditor to reach an incorrect conclusion that is
not related to the size of the sample (e.g. using inappropriate audit tests or misinterpretation of
evidence). This element of risk can be reduced by using a more experienced audit team.
At the planning stage the auditor must assess Inherent Risk and Control Risk and use this to determine
the audit work to be carried out.

7 Materiality, fraud, laws and regulations

KEY TERM
Materiality. ISA 320 Materiality in Planning and Performing an Audit states that an item is
considered material if “its omission or misstatement could influence the economic decisions
of users”.

With the statutory audit, it is not practical for the auditor to confirm that the financial statements are
“precisely correct”. This is because auditors cannot usually examine every transaction and also
because some elements of accounting are based on estimates and judgements.
The concept of materiality allows the auditor to use certain parameters in order to focus on significant
areas of the financial statements.
In assessing the level of materiality there are a number of areas that should be considered.
First, the auditor must consider both the amount (quantity) and the nature (quality) of any
misstatements, or a combination of both. The quantity of the misstatement refers to the relative size
of it.
24 2: Planning and risk assessment AC C A F8

The following industry guidelines can be used to estimate materiality levels:

 Above 1% of revenue
 Above 1% of total assets
 Above 5% of profit before tax.
The quality refers to an amount that might be low in value but due to its prominence could influence
the user’s decision, for example, directors’ transactions.
For example, the lack of disclosure of a director’s bonus of $5,000 may be considered “insignificant”
for a multi-million dollar company but would still be considered “material” in the UK due to local laws
on the disclosure on directors’ salaries.
The auditor also needs to consider the possibility of misstatements of relatively small amounts that,
cumulatively, could have a material effect on the financial statements. For example, an error in a
month end procedure could be an indication of a potential material misstatement if that error is
repeated each month.
The level of materiality set has a critical impact on the audit in two ways. It determines:
 The nature, timing and extent of audit procedures; and
 Evaluation of the effect of misstatements i.e. will the error lead to an adjustment or
modification of the auditor's report (see Chapter 5).

7.1 Performance materiality

During the audit, the auditor will inevitably detect errors which, in themselves are not considered
material. However, when taken together with other errors, they may accumulate into a material error.
Therefore, the auditor will often set a lower materiality level, known as “performance materiality”,
which should be used to record all errors which could accumulate into a material error.
These errors are often recorded on a Schedule of Unadjusted Errors (sometimes referred to as an
“overs and unders schedule”). At the end of the audit, errors that have a similar effect are added up,
to assess whether overall a material error exists.

7.2 Identifying and assessing material misstatements

ISA 450 Evaluation of Misstatements Identified during the Audit considers what a “misstatement” is
and deals with the auditor’s responsibility in relation to misstatements.
It defines a “misstatement” as “the difference between the amount, classification, presentation or
disclosure of a financial statement item and the figure that is required to be recorded according to the
applicable financial reporting framework.”
Misstatements can arise from error or fraud.
There are three categories of misstatement:
 Factual misstatement – about which there is no doubt.
 Judgemental misstatements – usually regarding estimates.
 Projected misstatements – which are the auditors best estimate of misstatements in a
population, involving projections of misstatements spotted in a sample.
The auditor should determine whether uncorrected misstatements are material in total or individually.
All misstatements should be communicated with those charged with governance on a timely basis and
request that they make the necessary adjustments.
AC C A F 8 2: Planning and risk assessment 25

7.3 The prevention and detection of fraud and error

Fraud is the intentional misstatement or misappropriation of assets by an individual or group of individuals.
Per ISA 240 The Auditor’s Responsibility Relating to Fraud in an Audit of Financial Statements, the
primary responsibility for prevention and detection of fraud lies with the management of a company
and those charged with governance.
External auditors should plan and perform their audit in consideration of the risks of material
misstatement, whether caused by fraud or error. Their main focus, however, is to ensure that the
financial statements show a true and fair view, NOT the detection of fraud.
However, the external auditor should maintain an attitude of professional scepticism throughout the
audit and a discussion should be held amongst the engagement team to consider areas in which the
financial statements might be susceptible to material misstatement due to fraud, including how frauds
might occur.
If the external auditor does detect a fraud, he would extend his testing on that area and then
determine the need to modify the audit report.
The auditor also has the option of contacting several parties:
(a) Audit committee – who of course are responsible for maintaining a high standard of
governance. The committee should be able to discuss the situation with the directors and
recommend that they take appropriate action.
(b) Shareholders – if the financial statements do not show a true and fair view then the auditor
needs to report this fact to the members of the company via the audit report. The audit report
will be modified with a qualified or adverse opinion (depending on materiality) and information
concerning the reason for the misstatement given.
(c) Authorities outside the organisation – if the matter is “in the public interest”, then the auditor
could consider breaching his duty of client confidentiality and reporting the matter to the
relevant authority.

7.4 The auditor’s responsibilities to consider laws and regulations

ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements states that it is the
responsibility of management to ensure that the entity’s operations are conducted in accordance with
laws and regulations. This includes responsibility for the prevention and detection of non-compliance
with laws and regulations.
Auditors are not responsible for preventing non-compliance with laws and regulations, and cannot be
expected to detect non-compliance with all laws and regulations. Their responsibility is to obtain
reasonable assurance that the financial statements are free from material misstatement.
The auditor’s responsibility differs in relation to the two different categories of laws and regulations
identified below.
 Laws and regulations which have a direct effect on the determination of material amounts and
disclosures in financial statements e.g. tax laws. Here, the auditor is responsible for obtaining
sufficient appropriate audit evidence regarding compliance.
 Laws and regulations which do not have a direct effect on the determination of material amounts
and disclosures in financial statements, but may impact the entity’s ability to continue to trade e.g.
health and safety laws. Here the auditor’s responsibility is limited to specified audit procedures to
help identify non-compliance with those laws and regulations that may have a material effect on the
financial statements. This includes inquiring with management whether the entity is in compliance
with such laws and regulations, and inspecting relevant correspondence.
In a similar way to the fraud section earlier, any non-compliance should be reported to the
management or regulatory authorities if the matter is of public interest.
26 2: Planning and risk assessment AC C A F8

8 Analytical procedures
KEY TERM
Analytical procedures. The evaluation of financial information in order to spot fluctuations
and relationships that are inconsistent with other relevant information.

This can be done simply by reviewing the client’s draft financial statements to see if they appear in line
with the auditor’s expectations.
Typically, auditors will compare this year’s data against last years, against budget or against industry
averages. They would then seek explanation from the client for any unusual trends or fluctuations.
The auditor will generally apply analytical procedures at three distinct stages of the audit:
 Analytical procedures MUST be performed at the planning stage to assess risk and to obtain an
understanding of the entity (a “preliminary analytical review”). For example, an increase in net
profit margins year-on-year highlights the risk that the client may be understating its expenses.
 During the final audit, as a substantive test. Here, the auditor will need to consider a number of
factors such as the reliability of the data, whether internal or external, from which the
expectation of recorded amounts or ratios is developed and the amount of any difference of
recorded amounts from expected values that is acceptable.
 In the overall review at the end of the audit – The auditor should form an overall conclusion as
to whether the financial statements as a whole are consistent with the auditor’s understanding
of the entity.

8.1 Key ratios used in analytical procedures

Some of the more useful ratios to help an auditor analyse financial data include the following.
(a) Profitability
Profit before interest and tax
(i) Return on Capital Employed (ROCE) = TALCL

Where TALCL = Total Assets Less Current Liabilities

Gross profit
(ii) Gross profit margin = Revenue
× 100%

Profit before interest and tax

(iii) Operating profit margin = × 100%
Revenue

(b) Liquidity
Current assets
(i) Current ratio =
Current liabilities

Current assets – Inventory

(ii) Quick ratio (acid test) =
Current liabilities

Inventories
(iii) Inventory days = Cost of sales
× 365 days

Trade receivables
(iv) Receivables collection period = × 365 days
Credit sales

Trade payables
(v) Payables payment period = × 365 days
Credit purchases
AC C A F 8 2: Planning and risk assessment 27

(c) Gearing
Interest bearing debt
(i) Debt/equity = Capital and reserves

9 Interim and final audits

Much of the auditor’s work can be done before the client’s year end e.g. the testing of the client’s
controls and substantive testing on significant pre year end transactions. Therefore, to save time
during the main audit after the year end, the auditor will normally conduct an interim audit, prior to
the client’s year end.
The interim audit often focuses on:
 Inherent risk assessment and gaining an understanding of the entity
 Analytical review of the statement of profit or loss e.g. key expense categories
 Tests of control on the company’s internal control system.
One of the main benefits to the auditor of this interim visit is that it can be done in “quiet” periods
when there is little other work on, thus spreading client’s workloads evenly throughout the year.
The final audit will then take place at a convenient time after the client’s year end and tends to focus
on the year end balances.
Typical work carried out at the final audit includes:
 Follow up of items noted at the inventory count.
 Detailed substantive testing, verifying the year end balances.
 Obtaining confirmations from third parties, such as bankers and lawyers.
 Reviews of subsequent events after the reporting period.
 Consideration of the going concern status.

10 Audit documentation
ISA 230 Audit Documentation states that the auditor should prepare, on a timely basis, audit
documentation that provides a sufficient and appropriate record of the basis for the auditor’s report.

10.1 Benefits of documenting audit work

 Provides evidence that the audit was planned and performed in accordance with ISAs. In a
worst case scenario, the auditor will therefore be able to defend themselves against claims of
negligence in court.
 Assists future audit teams to plan and perform future audits.
 Assists in the direction, supervision and review of audit work.
 Useful in training staff (especially if new to the firm).

10.2 Contents of the auditor’s working papers

The following items should be recorded on every working paper prepared by the audit team:
 Name of client and year-end date
 Title identifying the area of the financial statements being audited and the topic area e.g.
receivables circularisation. The working paper should also be given a reference e.g. PPE4 being
the fourth working paper in the audit of property, plant and equipment
 Who performed the audit work and the date such work was completed
28 2: Planning and risk assessment AC C A F8

 Who reviewed the audit work performed and the date and extent of such review
 A description of the work performed, including the objective of the testing (e.g. to support a
financial statement assertion), samples selected, testing performed, results and conclusion.
It is important that documentation is sufficiently complete and detailed such that an experienced
auditor with no previous connection with the audit could understand the work carried out, and the
conclusions reached by the audit team.
The firm retains this documentation for a period of time sufficient to permit those performing
monitoring procedures to evaluate the firm’s compliance with its system of quality control, or for a
longer period if required by law.
 29

Internal control

1 Introduction
ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
defines internal control as being “the process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable assurance about
the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness
and efficiency of operations, and compliance with applicable laws and regulations”.

1.1 Internal control components

An Internal control system consists of five elements:
 The control environment –the attitudes, awareness, and actions of those charged with
governance and management concerning the entity’s internal control and its importance in the
entity. The control environment sets the tone of an organisation, influencing the control
consciousness of its people.
 The entity’s risk assessment process – the auditor needs to determine whether the entity has a
process for identifying and controlling the risks in the business.
 The information system relevant to financial reporting – the auditor will need to understand
how the business transactions are recorded in the financial statements.
 Control activities – policies and procedures that help ensure management directives are carried out:
– Authorisation - approval of transactions by a suitably responsible official
– Physical controls - restricting access to physical assets such as cash or inventory and
accounting records
– Segregation of duties - assignment of roles and responsibilities within a process to
different people, thereby reducing the risk of fraud and error occurring
– Information processing - arithmetic and accounting controls such as checking the
arithmetical accuracy of accounting records or performing account reconciliations. Also,
general and application IT controls (see section 4)
– Performance reviews - comparison or review of the performance of the business by
looking at areas such as budget v actual results
30 3: Internal control AC C A F8

 Monitoring of controls – management’s monitoring of controls includes considering whether

they are operating as intended and that they are modified as appropriate for changes in
conditions. Internal audit may assist management with this process.

1.2 Limitations of internal control

Internal control systems can only give the directors of a company reasonable assurance as to the
achievement of the entity’s financial reporting objectives. This is because, in any system, there will be
inherent limitations:
 The cost of the controls may outweigh the benefits
 Many controls only cover routine transactions
 Human error is always possible
 Staff could collude to get round the system
 Management override of controls may be possible

2 The use of internal control systems by auditors

An understanding of internal control will help the auditor identify types of potential misstatements,
consider factors that affect the risks of material misstatement, and design the nature, timing, and
extent of further audit procedures.
Auditors are interested in internal controls, as a strong internal control system will provide them with
greater assurance as to the truth and fairness of the financial statements.

Auditor documents and assesses

likely effectiveness of clients internal
controls

Controls appear to be effective Controls do not appear to be effective

Auditor performs tests of control to

confirm that controls are operating
effectively

Controls are Controls are Report to

operating not operating management
effectively effectively

Auditor can reduce level of Full substantive

substantive testing on year end testing on year end
balances (Ch 4) balances (Ch 4)
AC C A F 8 3: Internal control 31

2.1 Explain how auditors record internal control systems

There are three methods commonly used to record a client's internal control system.

2.1.1 Narrative notes

Written, or word-processed, description of the system.
Advantages Disadvantages
Simple and quick to record Can be cumbersome, especially if the system is
complex
Easy to understand for all of the audit team Can make it more difficult to identify missing
(including juniors) internal controls as the notes record the detail but
do not identify control exceptions clearly

2.1.2 Flowcharts
Diagrammatic representations of the system, usually broken down into separate activities.
Advantages Disadvantages
Easier to identify missing internal controls Can be time-consuming to prepare
This visual aid can make it easier to record complex Needs a little training to prepare and understand
systems

2.1.3 Questionnaires
Internal control questionnaires are used to assess whether controls exist which meet specific
objectives to prevent or detect errors.
The audit firm will have a standard list of control questions.
Advantages Disadvantages
Quick to prepare, which means they are a cost Company could easily overstate the level of controls
effective way of recording the system present
All controls in the system are considered and Needs to be tailored for each client otherwise
recorded; hence missing controls are clearly unusual controls may be missed
highlighted
Simple to complete – any member of the team can
complete them

There are two types of questionnaire – Internal Control Questionnaires (ICQs) and Internal Control
Evaluation Questionnaires (ICEQs).
 ICQs are used to ask whether controls exist which meet specific control objectives. Essentially,
an ICQ aims to answer the question “how good is the client’s system of controls”.
ICQS are normally worded in such a way that the answer can only be “Yes”, “No” or “Not
applicable”. A “No” answer will suggest a control deficiency.
Example of ICQ : “does the Finance Director approve all overtime expense claims?”
 ICEQs, on the other hand, aim to determine whether errors or frauds are possible, rather than
establishing whether a particular control exists or not. They tend to be more generally worded.
Example of ICEQ : “With respect to the sales cycle, is there reasonable assurance that the credit
control department monitors the receipt of amounts due from customers?”
32 3: Internal control AC C A F8

2.2 Walkthrough tests

Once the auditor has documented the client’s internal control system, he will perform a walkthrough
test. The auditor performs this test by following one transaction through each stage of the accounting
process to ensure that the systems and controls operate as documented.

3 Transaction cycles
The ACCA have specifically identified the following transaction cycles and account balances as being
relevant to this section:
 Sales
 Purchases
 Inventory
 Non-current assets
 Payroll
 Bank and cash
Essentially, what this means is that you are likely to be given a scenario in a question based upon a
company and how it controls that particular part of the business. Your task will often be to identify the
weaknesses in that process and to make recommendations on improvements.

Sales
A company’s sales system is designed to record all of a company’s sales and ensure that all sales lead
to an eventual receipt of cash. Typical stages in such a system are as follows.
Risk Objective of control Internal control procedure
Stage 1: Receipt of customer order
There is a risk To ensure that sales are 1. All orders taken should be recorded on a pre-
that customer properly accounted for. numbered multi-part document generated by the
orders are not computer. One part could form the invoice and one
received or could go to the despatch department.
properly 2. Regular checks should be performed on the
recorded. completeness of the sequence of pre-numbered
Therefore, sales documents. Any documents unaccounted for should
are understated. be traced and investigated.
There is a risk To ensure that goods are sold Credit limits should be checked. Any orders that
that customers on credit only to customers exceed customer credit limits should be rejected and
are unable to pay. who can pay. the customer advised. Any increase or override of
credit limits should be authorised by the credit
controller.
There is a risk To ensure that inventory is The availability of inventory should be checked so that
that orders are available for despatch. orders cannot be taken for goods with nil/low
accepted from inventory.
customers and no
inventory is
available for
despatch.
AC C A F 8 3: Internal control 33

Risk Objective of control Internal control procedure

Stage 2: Despatch of customer order
There is a risk To ensure that the goods 1. All goods despatched should be accompanied by a
that goods despatched are those that are Goods Despatch Note (GDN).
despatched are ordered. 2. The GDN should be matched to the original
not the “correct” customer order.
goods ordered by
the customer.
There is a risk To ensure that the goods 1. A quality control check should be performed on a
that the goods despatched are of a random sample of despatches, checking for correct
despatched are of satisfactory quality. quality and quantities.
a poor quality. 2. The customer should sign and return the GDN as
acceptance of the goods.
Stage 3: Invoicing of customer order
There is a risk To ensure that invoices are The sales invoice should be raised from/matched to
that customers raised correctly. the GDN.
are not invoiced
or invoiced
incorrectly.
There is a risk To ensure that all invoices are 1. All sales invoices should be prenumbered.
that sales invoices properly included. 2. All invoices should be posted to the sales day book,
are not recorded the accounts receivable ledger and the accounts
in the ledgers at receivable control account.
all. 3. Regular checks should be performed on the
completeness of the sequence of pre-numbered
invoices. Any documents unaccounted for should be
traced and investigated.
There is a risk To ensure that all items are The receivables ledger and the receivables control
that some items correctly and accurately account should be reconciled each month. This
are not posted, or recorded. reconciliation should be reviewed and any differences
are posted should be investigated and resolved.
incorrectly to the
ledgers.
Stage 4: Collection of cash
There is a risk To ensure that customers pay A credit control department should ensure that all
that customers do on a timely basis. debts are paid promptly by sending out regular
not pay or pay statements and chasing overdue debts.
late.
There is a risk To ensure that funds received When bank transfers are received from customers,
that funds from customers are correctly they should be matched with individual transactions.
received from allocated.
customers are
incorrectly
allocated.
There is a risk To ensure that cheques and 1. There should be segregation of duties in the post
that cash/cheques cash do not go missing. room so that cheques received cannot be stolen.
sent through the 2. All cheques should be recorded and banked
post go missing. promptly.
3. A bank reconciliation should be performed on a
monthly basis in order to ensure that the company’s
cash records are complete, accurate and up to date.
34 3: Internal control AC C A F8

Purchases
Risk Objective of control Internal control procedure
Stage 1: Purchase order raised
There is a risk To ensure that goods ordered 1 Purchase orders (PO’s) should be sequentially
that goods are are properly authorised. numbered and the sequence checked regularly.
ordered without 2 All PO’s must be authorised by a responsible official.
proper
authorisation.
There is a risk To ensure that goods are 1 Only authorised suppliers are used from a preferred
that goods are ordered from authorised supplier list.
ordered from an suppliers. 2 If there is no authorised supplier, a tender should be
unauthorised invited and the best value supplier selected.
source.
Stage 2 : Receipt of goods
There is a risk To ensure that the goods 1 All goods received should be checked for quality and
that the supplier received are as ordered in quantity.
sends goods that terms of quantity and quality. 2 A prenumbered Goods Received Note (GRN) should
are incorrect or be raised and matched to PO.
substandard.
There is a risk To ensure that goods received 1. The inventory system should be updated if the
that goods are added to inventory. goods are for resale. If the items are for business use,
received are not the correct entry should be made to non-current
added to assets etc.
inventory. 2. GRN should be initialled to show inventory updated.
Stage 3 : Receipt of purchase invoice
There is a risk To ensure that the correct 1. All invoices received should be checked back to PO
that suppliers product, quantities and prices and GRN.
invoice for the are invoiced.
incorrect product,
quantity or price.
There is a risk To ensure that invoices are 1. Invoices should be added to the purchase day book.
that invoices are included in the accounts. 2. Purchase day book should be posted to the nominal
not included in ledger/ purchase ledger.
the accounts. 3. Supplier statements should be reconciled back to
the purchase ledger.
Stage 4 : Payment of purchase invoice
There is a risk To ensure that payments are 1. All payments, whether cheque or bank transfer,
that payments are made to the correct suppliers should be authorised by a responsible official and
made to the and for the correct amounts. counter signed over a certain amount.
incorrect supplier, 2. All paid invoices should be stamped “Paid”.
for the incorrect 3. The purchase ledger should be updated
amount. promptly/automatically.
4. Purchase ledger should be reconciled to the nominal
ledger monthly.
AC C A F 8 3: Internal control 35

Inventory
Of course, there is a direct link between the controls surrounding inventory and purchases, given the
accounting entries for a purchase.
As well as those controls outlined in the purchases section above, the following controls are also
relevant.
Risk Objective of control Internal control procedure
There is a risk To ensure that inventory is 1. There should be appropriate physical security.
that inventory stored securely. E.g.locks/cameras.
could be stolen. 2. There should be regular manual physical checks to
make sure that actual numbers agree to stock records.
There is a risk To ensure that inventory is 1. There should be a regular review of stock listing to
that inventory current and saleable. monitor slow moving items.
could be obsolete 2. There should be regular reviews of the physical
or slow moving. stock to check for damage.
There is a risk To ensure that inventory does There should be a regular review of re-order levels.
that inventory not run out.
may run out.

In addition, controls over the inventory count discussed in Chapter 4 of these notes should be
followed.

Payroll
Risk Objective of control Internal control procedure
There is a risk To ensure that only bona fide All new employees entered onto or leavers removed
that non bona employees are paid. from the payroll system should be authorised by a
fide employees responsible official. There should be segregation of
are paid. duties between the human resources and payroll
functions.
There is a risk To ensure that employees are 1. Time sheets should be reviewed for all employees.
that employees paid the correct amount. 2. Over time / bonuses should be properly authorised
are paid incorrect by an appropriate manager.
amounts. 3. Changes in pay rates should be properly
documented.
4. The monthly payroll should be reviewed for
reasonableness by an appropriate manager.
5. Exception reports should be generated and
reviewed for pay over a certain threshold.
There is a risk To ensure that tax and NI are 1. Tax and NI should be calculated by a trained official.
that tax and NI correctly calculated. 2. Software used should be updated regularly to
are incorrectly account for changes in legislation.
calculated.
There is a risk To ensure that wages paid in 1. There should be adequate security available.
that wages paid in cash are properly secure. 2. Staff must sign to confirm receipt of cash wages.
cash may be 3. Only pay staff directly into their bank accounts
stolen.
36 3: Internal control AC C A F8

Bank and cash

Many of the controls surrounding receipt and payment of cash have already been listed above. Additional
risks and controls include the following.

Risk Objective of control Internal control procedure

There is a risk that To ensure that petty cash is 1. There should be appropriate security for petty cash.
cash kept on the kept securely. E.g. locked drawer/safe.
premises could go 2. There should be an imprest system that is regularly
missing. checked.
There is a risk that To ensure there is proper Expenditure should be appropriately authorised.
petty cash is spent control of petty cash.
inappropriately.
There is a risk that To ensure that payments are There should be at least two persons that sign
cheques are paid to only made to authorised cheques. Cheques should be kept in a secure location.
unauthorised persons.
persons.
There is a risk that To ensure that all receipts are A bank reconciliation should be performed at least
receipts go missing banked and all payments are once per month. This reconciliation should be
or payments are made to bona fide persons. reviewed and authorised.
made to
unauthorised
persons.

4 IT controls
4.1 Application controls
These are manual or automated procedures that operate “within” a computer system. They can be
preventative or detective in nature and aim to ensure that the transactions that are input, processed
or output recorded are complete, accurate and valid.
Examples include:
 Mandatory input fields for websites e.g. postcode required
 Checking the arithmetical accuracy of records
 Range/limit checks e.g. a check on whether a customer has exceeded their credit limit
 Edit checks of input data e.g. checking whether a customer code is input in the correct format
 Numerical sequence checks

4.2 General IT controls

These include controls such as virus protection, regular backups and operating logs. They also include
the acquisition and maintenance of new hardware and software, as well as password controls.
AC C A F 8 3: Internal control 37

5 Tests of control versus substantive procedures

5.1 Tests of control
Tests of control evaluate the operating effectiveness of controls in preventing, or detecting and
correcting material misstatements.
For example, the auditor may be told that all purchase orders are authorised by a responsible official.
The auditor would then test this control by selecting a sample of purchase orders and inspecting them
for evidence of appropriate authorisation.
If the internal controls are strong, the auditor can perform reduced substantive testing and more tests
of control.
By testing the client’s controls, the auditor can also “add value” to the client, by making
recommendations of ways to improve their controls.

5.2 Substantive tests

The aim of a substantive procedure is to ensure that there are no material errors at the assertion level
in the client’s financial statements (see Chapter 4 for more detail).

5.3 Deficiencies in internal control systems

ISA 265 Communicating Deficiencies in Internal Control to those Charged with Governance
distinguishes between a “deficiency” and a “significant deficiency”.
(a) A deficiency exists when:
(i) A control is designed, implemented or operated in such a way that it is unable to prevent,
or detect and correct, misstatements in the financial statements on a timely basis; or
(ii) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
(b) A significant deficiency is one that, in the auditor’s opinion, is of sufficient importance to merit
the attention of those charged with governance. This is a good way of “adding value” to the
client.
In order to determine whether a deficiency is “significant” or not, the auditor should consider:
 The likelihood of the deficiency leading to a material misstatement in the financial statements
 The susceptibility of the related asset to loss or fraud
 The cause and frequency of the exceptions detected as a result of the deficiencies in the
controls
 The volume of activity that has occurred or could occur in the account balance exposed to the
deficiency
The auditor shall communicate in writing significant deficiencies in internal control identified during
the audit to those charged with governance on a timely basis.

5.4 Reports to management

The communication of significant deficiencies in internal control is performed by the auditor writing a
“report to management” to the client. This document highlights any deficiencies identified in the
client’s internal control system, explains their potential effect and makes recommendations on what
the client should do to overcome those deficiencies.
This is a VERY popular exam question and one that you must practise.
38 3: Internal control AC C A F8

The recommendations are normally communicated to ‘those charged with governance’ – i.e. the board
of directors or Audit Committee (if one exists) at the end of the audit and a response sought.
In the covering letter, the auditor would typically include a statement that the report is not a
comprehensive list of deficiencies, but only those “significant” items that have come to light during
normal audit procedures.
In addition, a request should be made that no disclosure of the items mentioned in the report should
be made to a third party without the written agreement of the auditor

ILLUSTRATION

Deficiency Consequence (“could”) Recommendation (“should”)

Purchases
No authorisation of purchase Purchases for personal use could Purchasing procedures should be
orders is made for goods of less be made. updated such that all purchase orders
than $1,000. Also, even if the goods were for are authorised by a responsible official.
business use, the company may These purchase orders should be
not be using authorised sequentially numbered and reviewed
suppliers, who have been chosen periodically to ensure that any missing
because of their quality and price orders can be investigated.
guarantees.
Sales
Customers can input orders Goods could be sent out to The online ordering system should be
online without a check being customers who do not have the updated so that an automated credit
performed on their credit limit. ability to pay for them. limit check is performed before the
order is accepted. Orders exceeding
customer credit limits should be
rejected by the system.
Post
A junior clerk opens the post This could result in payments to A second member of the accounts
unsupervised. the company being team should assist with the mail: one
misappropriated. should open the post and the second
should record cash received in a log.

EXAM SMART
Be very careful with the way you word you answer to these questions. You need to make
sure you are not too brief and that you give enough detail in your recommendation to allow
the client to make practical changes. For example, the following points would NOT earn
credit.
Deficiency Consequence (“could”) Recommendation (“should”)
Post
Opened unsupervised Money will be stolen Segregation of duties
 39

Audit evidence

1 The use of assertions by auditors

According to ISA 500 Audit Evidence, auditors obtain audit evidence by performing audit procedures.
There are three types of procedure:
 Risk assessment procedures – Procedures to obtain an understanding of the entity and its
environment, including its internal control, to assess risks of material misstatement at the
financial statement and assertion levels (covered in Chapter 2)
 Tests of controls – Procedures to test the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level (covered in Chapter 3)
 Substantive procedures – Procedures to detect material misstatements in account balances and
disclosures (covered in this chapter)
When performing substantive tests, the auditor needs to gather evidence that proves various
assertions relating to the account balance being tested.
We will focus on seven key assertions.

1.1 Key assertions

Completeness: that all transactions, events, assets, liabilities and disclosures that should be included,
are included in the financial statements.
Occurrence: all transactions (e.g. sales) that have been recorded actually occurred and pertain to the
entity (i.e. they’re “real” transactions).
Disclosure (classification and presentation): transactions, events, assets and liabilities have been
recorded properly in the accounts and presented correctly.
Existence: an asset or liability exists at the year end.
Cut off: transactions should be recorded in the correct accounting period.
40 4: Audit evidence AC C A F8

Accuracy or valuation and allocation: transactions (accuracy), assets and liabilities (valuation and
allocation) have been recorded at appropriate amounts.
Rights and obligations: Essentially “ownership”. The asset or liability belonged (in substance) to the
entity at the year end.
Giving the easy to remember mnemonic (!) of “CODECAR”.

EXAM SMART
A likely question in the audit exam is to “describe audit procedures” for a particular area of
the financial statements and then “state the reason for each procedure”. You should
consider using two columns for this style of question, with the second column – “reason for
the procedure” focusing on one of the seven assertions.
The idea is that once the auditor is happy with the completeness, occurrence, disclosure etc
of an account balance, then he is satisfied that that balance is “true and fair”.
It is worth remembering that existence is more important when auditing assets and
completeness is more important when auditing liabilities.

2 Audit procedures
2.1 Discuss the quality and quantity of audit evidence
According to ISA 500, the auditor must design and perform procedures to obtain evidence that is
sufficient and appropriate in order to obtain a reasonable level of assurance and form an opinion on
the financial statements.
Sufficiency relates to the quantity of evidence obtained. The following factors have an impact on the
amount of the evidence that needs to be gathered:
 The auditor’s previous experience of the client
 Risky areas will require more evidence than less risky areas
 Similarly, material areas will require more evidence
 Areas requiring judgement will require more evidence
 The quality of the evidence obtained
Appropriateness relates to the quality of evidence that needs to be collected during an audit. Audit
evidence must be relevant and reliable in order to support the auditor’s opinion.
There are several different techniques that the auditor can use to gather evidence:
 Analytical procedures – evaluation of financial information by studying possible relationships
among financial and non-financial data
 Enquiry – ask a relevant person for information
 Inspection – of a record or document such as an invoice
 Observation – of a process or procedure performed by the client such as an inventory count
 Recalculation – check the mathematical accuracy of a document
 Confirmation – obtaining a representation from a third party
 Reperformance – of a key procedure by the auditor to satisfy himself that the client has done it
properly.
AC C A F 8 4: Audit evidence 41

2.2 Relevance and reliability of audit evidence

Audit evidence is relevant if it supports the purpose of the audit procedure.
When performing substantive testing, audit evidence is relevant if it supports the financial statement
assertion that is being tested. For example, the physical inspection of the condition of a tangible non-
current asset would provide relevant evidence to support the assertions of existence and valuation.
However, it would not provide relevant evidence to support the assertion of rights and obligations as
the asset may not belong to the company.
When testing controls, audit evidence is relevant if it confirms that a control exists and is operating
effectively.
There are three basic sources of audit evidence:
 Auditor-generated e.g. reperformance of a calculation
 Third party e.g. purchase invoice, bank statement
 Client generated e.g. non-current asset register, payroll report
The reliability of the evidence may be a matter of judgement for the auditor, but ISA 500 Audit
Evidence gives some basic rules:
 Original documents are more reliable than photocopies
 Third party evidence is more reliable than client-generated
 Written evidence is more reliable than oral
 Audit evidence obtained directly by the auditor (for example, observation of the application of a
control) is more reliable than audit evidence obtained indirectly or by inference (for example,
inquiry about the application of a control).

2.3 The use of analytical procedures as substantive procedures

As mentioned in Chapter 2, “analytical procedures” are used to spot fluctuations and relationships that
are inconsistent with other relevant information. This can be done simply by reviewing the client’s
draft financial statements to see if they appear in line with the auditor’s expectations.
By looking at the reasonableness of a balance, the auditor can save time and effort by not having to
test the detail underlying the account balance. For example, a client has a holiday pay accrual this year
of $2,000 relating to its 10 staff. Last year, the accrual was $1,000 relating to its five staff (the company
has grown during the year). Analytical review of this accrual suggests it is “reasonable” and may not
need further testing if we were satisfied with the process used to produce the accrual last year.
Typically, auditors will compare this year’s data against last year’s, against budget or against industry
averages.

2.4 Accounting estimates

ISA 540 Auditing Accounting Estimates, including Fair Value Accounting Estimates, and Related
Disclosures states that the auditor should obtain sufficient appropriate audit evidence regarding
accounting estimates. An “accounting estimate” is an approximation of the amount of an item in the
absence of a precise means of measurement. Examples include:
 Inventory provisions
 Doubtful debt provisions
 Useful economic lives of non-current assets
 Provision for a loss from a lawsuit
 Provision to meet warranty claims
The original estimates mentioned above will have been made by the directors of the entity and so an
element of bias is possible or even likely.
42 4: Audit evidence AC C A F8

Common audit procedures used to test estimates include:

 Review the process used by management to develop the estimate for reasonableness
 Perform an analytical review on the estimate year on year and budget against actual and discuss
any variations with management (note this is only relevant if the estimate is a recurring
estimate, so will not be valid for one-off lawsuits for example!)
 Use an independent expert to make an estimate for comparison
 Review the accuracy of prior years’ estimates compared to the final actual results
 Review subsequent events for events that help to confirm the accuracy of the estimate
 Obtain sufficient appropriate audit evidence about whether the disclosures in the financial
statements related to accounting estimates are reasonable.

3 The audit of specific items

For each of the following account balances, you may be required to explain the substantive procedures
used in auditing each balance and the purpose of those procedures in relation to financial statement
assertions:
 Receivables
 Inventory
 Payables, accruals, provisions and contingencies
 Bank and cash
 Tangible and intangible non-current assets
 Share capital, reserves and directors’ emoluments

3.1 Trade receivables

Testing on receivables tends to focus on:
 Existence and valuation – This covers the recoverability of the debt. If the customer is unable to
pay some or all of the debt, it needs to be provided for or even written off. Either way, the asset
is overvalued.
 Cut-off – Given that the other side of the accounting for a receivable is to revenue, companies
may be tempted to “squeeze in” a few more sales into this year’s financial statements, even if
the sale actually took place next year. Cut-off testing will ensure that only sales relevant to this
year’s financial statements are included.

Receivables circularisation
The most common test used to confirm each of these assertions is the direct confirmation (or
“circularisation”). This involves writing to a sample of customers on the year end trade receivables
listing and asking them to confirm whether they agree that the debt is correctly stated.
This “positive” circularisation (which includes the expected balance) is a useful substantive audit
procedure because it helps to confirm four key assertions:
 Existence – confirmed by the receivable replying to the receivables confirmation.
 Rights and obligations – the receivable confirms that the amount is owed to the company again
by replying to the confirmation.
 Valuation – the receivable will dispute any amounts that do not relate to that account.
 Cut-off – the circularisation will identify reconciling items such as sales invoices/cash in transit.
AC C A F 8 4: Audit evidence 43

Procedure
The steps to follow here are:
 Obtain the listing of the year end trade receivables from the client:
Company X – Receivables Ledger
31/12/20X1
Customer Total 30 days 60 days 90 days > 90 days
$ $ $ $ $
A 500 400 100
B 1,870 1,870
C 5,250 5,250
D 11,125 8,400 2,650 75
E 3,060 2,400 540 120
Total 21,805 16,450 3,290 120 1,945

 Cast the listing and reconcile the total of this listing to the nominal ledger.
 Review the listing for any unusual items.
 Select a sample of customers to circularise, paying particular attention to material or overdue
amounts.
 The circularisation letter should be on the client’s paper, with a copy of the current statement
attached. It should request that the reply be sent direct to the auditor.
 If no reply has been received after a reasonable period, the auditor should telephone the
customer.
 If the customer still doesn’t reply, alternative procedures will be needed e.g. check to see if any
of the invoices on the listing have been paid after the year end or check invoices back to the
customer order and/or the signed delivery note.

Common tests on receivables

Audit procedure Reason for procedure
Obtain the list of receivables balances and check To ensure that the list is accurate and that the total
that it casts. fairly represents the individual balances.
Agree the total of the receivables list to the nominal To ensure that the company’s receivables are
ledger and financial statements. recorded accurately.
Perform an analytical review on the trade Provides an initial indication as to the accuracy and
receivables listing by comparison with prior periods. completeness of the list.
Calculate trade receivables days and compare to last
year.
Any significant variations should be investigated and
substantiated, with particular attention being paid
to old outstanding amounts.
Review the aged receivables listing for any old To ensure that the receivables figure is not
unpaid amounts. Reasons for non-payment should overstated – a valuation test.
be discussed with the client and a suitable provision
included if necessary.
44 4: Audit evidence AC C A F8

Audit procedure Reason for procedure

For a sample of trade receivables, write to the This very useful test helps to prove existence,
customer asking them to confirm the outstanding valuation, cut-off and rights and obligations.
amounts – a “circularisation”.
For customers that don’t reply to the circularisation, To ensure that the receivables figure is not
or where recoverability is considered a particular overstated – a valuation test.
risk, vouch any receipts after the year end back to
the cashbook or bank statements.

3.2 Prepayments
The schedule of prepayments should be obtained and reconciled to the financial statements.
Depending on the materiality of the prepayments balance, a simple analytical review of the
components of the prepayments balance compared to last year may be sufficient.
If further testing is required, then the auditor should obtain the client’s backup schedule for the
calculation of the prepayment. The schedule should then be vouched to the cash book and invoice
documentation.
The mathematical accuracy of the prepayment can then be checked.

3.3 Inventory
Inventory is an important element of a set of financial statements as it is often a material balance
affecting both the statement of profit or loss and the statement of financial position.
When auditing inventory, it is important to remember that there are two distinct aspects of the final
year-end balance: valuation and quantity.

Valuation
Per IAS 2, inventories should be valued at the lower of cost and net realisable value.
Cost should comprise all costs of purchase, costs of conversion and other costs incurred in bringing the
inventories to their present location and condition.
To audit valuation, for a sample of inventory items on the final inventory sheets, the cost of those
items should be traced back to the original purchase invoice.
For a manufacturing company, the components of cost will be materials, labour and production
overheads:
 Material costs can be checked back to purchase invoices. The quantities of materials recorded
in finished goods, work-in-progress and raw material inventory can be verified by inspection.
 Labour costs can be vouched by agreeing labour rates to payroll records and hours worked by
observation and by reference to timesheets.
 Overheads can be tested by ensuring that only production overheads are included, based on a
normal level of activity.
Net realisable value is the estimated selling price, less the estimated costs of completion and the
estimated costs necessary to make the sale.
This can be tested by checking a sample of post year-end sales invoices back to the final inventory
sheets ensuring that the sales value exceeds the cost. Where sales value is less than cost, ensure that
the inventory is stated at the realisable value on the inventory sheet.
Where an item has been in inventory for a long period of time, discuss the item with the client to
determine whether the item can be sold for more than cost.
AC C A F 8 4: Audit evidence 45

Note that for most businesses, the NRV will be more than cost. The auditor may want to check that the
inventories are being sold for more than cost by selecting a sample of items and ensuring that the
selling price per the invoice is greater than the cost per the purchase invoice.
Also, a sample of inventories can be physically verified to see if it looks old or out of date.

Quantity
Most companies keep track of the quantities of stock by performing regular inventory counts
(“stocktakes”) or via a “perpetual inventory” system.
A perpetual inventory system is an alternative to the year-end inventory count. With a perpetual
inventory count, the client counts a sample of goods every day or week on a rotational basis. This is
quicker and less disruptive than closing the whole warehouse down for a full year end count.
The client should ensure that all items are counted at least once per annum.
Such a system is particularly beneficial for companies whose business relies on accurate, up-to-date
inventory information.
If an annual inventory count is performed, there are various tests that the auditor should undertake.

Before the inventory count

 Review prior year working papers.
 Arrange attendance with the client and request a copy of the count instructions are sent before
the attendance.
 These instructions should be reviewed for reasonableness.
 If there are any inventories held off-site, enquire as to how the client will count these.
 Enquire of management about the likely level of write-down of inventories (e.g. if they are old,
of inadequate quality or spoiled). This can be compared with prior years to form an opinion as
to its appropriateness. The calculation of any provision should be checked for reasonableness
and consistency with the prior year.
 Book audit staff for attendance at inventory counts.
 Prepare audit programme for the count.

During the inventory count

 Perform an overall review with client staff. Check that client’s count instructions are being
followed as this will help to ensure that the count is complete and accurate.
For example, the staff should count in pairs, with one person checking the inventory and
another recording the details.
 The factory/shop should be closed during the count to minimise the risk of double-counting and
to ensure that there is no confusion regarding which items are sold.
 Once counted, inventory should be marked up to avoid double-counting.
 Obtain the completed count sheets. Photocopy them and place them on the audit file. The
count sheets should be pre-numbered to ensure that no count sheets are lost.
 Perform some test counts: from count sheet to inventory (to test existence) and from inventory
to count sheet (to test completeness).
 Review the physical condition of the inventory. Any items which look damaged or old should be
noted for net realisable testing at the final audit (see above).
Work in progress should be reviewed to vouch the stage of completion.
46 4: Audit evidence AC C A F8

 Record the number of the last pre year end Good Received Note (GRN) and Goods Despatch
Note (GDN) for cut-off testing at the year-end audit.
 Ensure all count sheets are returned after the count and that the sequence is complete. A copy
of the final count sheets should be taken.

After the inventory count (i.e. during the final audit)

 Obtain the final inventory listing, showing the quantity and cost for each item of stock held.
 Reconcile this listing to the figure in the financial statements.
 Trace the test counts performed to this listing.
 Perform cut-off testing from details of the last GRN and GDN received during the inventory
count.
 Trace a sample of GRNs and GDNs just before and just after the year-end to the sales and
purchases systems in order to ensure that costs had been correctly allocated to the correct
accounting period.
 This test should also be performed in reverse, from the sales and purchases systems through to
goods received and despatch notes.

3.4 Payables
When testing any liability, the key risk for auditors is the understatement of the liability. Therefore,
audit testing tends to focus on the completeness assertion.
Audit procedure Reason for procedure
Obtain the list of payables balances and check that it To ensure that the list is accurate and that the total
casts. fairly represents the individual balances.
Agree the total of the payables list to the nominal To ensure that the company’s payables are recorded
ledger and financial statements. accurately.
Perform an analytical review on the trade payables Provides an initial indication as to the accuracy and
listing by comparison with prior periods. completeness of the list.
Calculate trade payables days and compare to last
year.
Any significant variations should be investigated and
substantiated, with particular attention being paid
to old outstanding amounts.
Obtain supplier statements and reconcile these to Supplier statements are a reliable form of evidence
the purchase ledger balances. as they are third party, written documents –
completeness, existence, valuation, cut-off.
For invoices on statements but not on the payables Ensure that all relevant liabilities are included in the
listing, check the date of receipt to GRN. If the goods correct period – completeness and cut-off.
were received pre year, they should be included on
the payables listing.
Select a sample of trade payables and perform a This will prove existence and accuracy.
trade payables circularisation, following up any non-
replies.
Select a sample of Goods Received Notes before the To ensure the correct cut-off.
year end and follow through to inclusion in the year
end payables balance.
AC C A F 8 4: Audit evidence 47

Audit procedure Reason for procedure

A review of correspondence with credit suppliers This will help test the valuation and completeness of
should be performed and the client’s legal the payables listing.
department should be requested to provide details
of disputed balances.
From the cash book or bank statements, trace a This will help prove the completeness and accuracy
sample of post year end payments back to the of the payables listing.
payables (or accruals) listing.
Ensure that the payables have been correctly To ensure that the company’s payables are
disclosed in the financial statements under “current appropriately disclosed.
liabilities”.

3.5 Accruals
 A schedule of purchase accruals should be obtained and checked for arithmetical accuracy and
completeness by comparison with prior periods and invoices received after the period-end.
 Both trade payables and purchase accruals should be tested for the accuracy of cut-off by
checking samples of invoices for goods received just before and just after the year-end to goods
received notes, purchase invoices and records of inventory counts.

3.6 Provisions
A provision must be recognised when all of the following criteria are met at the year end:
 When an entity has a present obligation (legal or constructive) as a result of a past event (the
“obligating event”);
 It is probable (“more likely than not”) that an outflow of economic resources will be required to
settle the obligation, and
 The amount can be estimated reliably.
A contingent liability is a possible obligation or an obligation with a possible outflow of benefits.
Contingent liabilities do not appear in the statement of financial position. They are disclosed in the
notes to the accounts.
As a liability, most of the testing on provisions will focus on completeness. Typical tests include:
 Obtain a breakdown of this year’s provision and perform an analytical review, comparing the
components of the balance with last year
 Discuss with management the reasons for any omissions or unusual figures in this year’s
balance
 Cast the breakdown to check its mathematical accuracy
 For a sample of items on the provisions list, discuss with management
 If any of the provisions relate to legal costs, discuss the matter with the client’s solicitors to
determine the likelihood of the payment occurring.

3.7 Bank and cash

The most common audit procedure is to seek confirmation of bank balances, loan agreements and
other matters direct from the client’s bank. A bank report for audit purposes (“bank confirmation
letter”) is sent by the auditor to each of the client’s banks shortly after the client’s year end.
The report gives evidence that bank accounts exist and confirm the year end valuations (subject to
any reconciling items). It should also ensure that all receipts and payments are recorded in the correct
period – cut off.
48 4: Audit evidence AC C A F8

All companies should perform regular bank reconciliations, reconciling the balance on the bank
statements to the balance in the nominal ledger.
Company X – Bank Reconciliation
31/12/20X1
$ $
Balance per the bank statement 23,325
Add: outstanding lodgements
30/12/20X1 150
31/12/20X1 400
550
Less: unpresented cheques
2450 625
2489 1,300
2490 70
1,995
Balance per the cash book 21,880

The auditor should check the reconciliation by:

 Casting it.
 Agreeing the bank balance to the trial balance.
 Agreeing the bank statement balance to the year-end bank statement.
 Agreeing any uncleared deposits/lodgements to the bank statement after the year end (they
should clear within five working days).
 Agreeing any unpresented cheques or similar expenses to the cash book before the end of the
year and the bank statements after the end of the year.
In addition to the tests above, the cash book should be reviewed for unusual items.

3.8 Tangible non-current assets

One of the key accounting documents used in the audit of non-current assets is the non-current asset
register (“fixed asset register”). This register lists all of the client’s non-current assets and details their
date of purchase, cost and depreciation to date. In theory, the total of this register should tie into the
net book value balance figure in the financial statements.
Company X – Non Current Asset Register
31/12/20Y1

Purchased Depreciation Cost Acc Dep NBV

Asset Years Method $ $ $
Building 01/01/20X6 50 SL 1,000,000 120,000 880,000
Computer 1 01/01/20Y0 3 SL 1,000 667 333
Computer 2 01/01/20Y0 3 SL 2,000 1,333 667
Computer 3 01/01/20Y1 3 SL 3,000 1,000 2,000
Desks 01/01/20X8 5 SL 8,000 6,400 1,600
Chairs 01/01/20X9 5 SL 2,000 1,200 800
Total 1,016,000 130,600 885,400

Remember, Net Book Value = Cost – accumulated depreciation to date. Therefore, to vouch the
valuation of the non-current asset figure, both the cost and accumulated depreciation figure need to
be confirmed.
AC C A F 8 4: Audit evidence 49

Accuracy / Valuation

Cost / Valuation
1. Obtain non-current asset register from client. Cast the cost, depreciation and net book value
columns of the register and agree to the financial statements.
2. For a sample of new additions and other material items in the non-current asset register, vouch
the cost and title back to the purchase invoice.
3. For a sample of assets revalued in the year, confirm the valuation to third party verification such
as a valuation report.

Depreciation
4. Check the appropriateness of the depreciation charge used by considering the physical
condition of the assets and by comparing to industry standards.
5. Perform a proof in total calculation of depreciation, considering the timing of additions and
disposals and compare this expectation to the actual charge, and investigate any significant
differences.
6. Test the calculation of depreciation in the non-current asset register, ensuring that the rates
used are those disclosed in the financial statements.
7. Review the profit (or loss) on disposal calculation and check for accuracy. The sale proceeds can
be traced back to the bank statement and the depreciation charge vouched as reasonable.

Existence
8. Physically verify the existence of the asset. At the same time, check the physical condition of the
asset to vouch its remaining useful economic life.

Cut-Off
9. Check that the asset has been recorded in the non-current-asset register in the correct period.

Completeness
10. Select a sample of assets physically present at the entity’s premises and inspect the asset
register to ensure that these are included.
11. Review the repairs and maintenance expense account in the statement of comprehensive
income for items of a capital nature.

Rights and ownership

12. Verify ownership of property via inspection of title deeds and land registration documents.
13. For a sample of additions / major assets, agree to purchase invoices to verify invoice relates to
the entity.
14. Review any new lease agreements to ensure assets are correctly treated as finance or operating
leases.
15. Inspect vehicle registration documents to confirm ownership of motor vehicles.

Disclosure
16. Ensure that the accounting policy for depreciation is clearly stated in the financial statements
and is the same as last year.
50 4: Audit evidence AC C A F8

3.9 Intangible non-current assets

Testing intangible non-current assets will focus on accounting treatment (i.e., does an intangible asset
exist?) Valuation can be agreed to purchase invoices or internal cost records.

3.10 Share capital, reserves and directors’ emoluments

Share capital audit tests
 Agree the share capital figure to the statutory documents of the company
 Agree any issue of shares during the year to Board Minutes
 Agree the cash received for the shares to the cash book and bank statement
 Reconcile the list of shareholders to the nominal ledger

Reserves
 Discuss the company’s reserves with the directors to establish which reserves they have (e.g.
retained earnings, revaluation surplus, share premium)
 Agree the movement in any of the reserves to supporting documentation:
– Share premium to board minutes
– Revaluation surplus to third party valuation report
– Retained earnings to the income statement and dividend payments
 Review the financial statements to ensure that the movements in reserves is accurately
recorded in the statement of changes in equity.

Directors’ emoluments
 Perform an analytical review of directors’ total emoluments year on year to determine
reasonableness. Discuss any large discrepancies with the directors.
 For each director, obtain a breakdown of total emoluments for the year, split between salary,
bonuses, other benefits and pension contributions.
 Check the addition of each schedule and reconcile the total to the nominal ledger.
 Check the directors’ emoluments back to the signed directors’ letters of employment.
 Obtain and review returns made to the tax authorities to ensure consistency with the amounts
recorded in the financial statements.
 Review the financial statements to ensure the adequate disclosure of director’s emoluments.

EXAM SMART: SUBSTANTIVE TESTING

It is worth acknowledging that there are some “standard” tests that the auditor can perform
for many key areas on the statement of financial position:
 Obtain the “X” ledger (where “X” is inventory or receivables or non-current assets etc).
Cast the ledger and agree the total to the financial statements.
 Agree opening balances to prior year financial statements
 Perform an analytical review of the ledger by reviewing it for unusual items and asking
management to explain any such items
 For a sample of items on the ledger, vouch their valuation by…
 Review the draft financial statements and ensure that “X” is correctly disclosed in
accordance with accounting standards.
AC C A F 8 4: Audit evidence 51

4 Audit sampling and other means of testing

KEY TERM
Audit sampling involves the application of audit procedures to less than 100% of items
within a population such that all sampling units have a chance of selection.

It is not possible in anything but the very smallest of entities to take any other approach, as testing
100% of a population:
 May not be practical
 May not be cost effective
 May take too long
It should also be remembered that sampling risk exists when an auditor does not pick the entire
population of a series of data to test. Sampling risk is the risk that the auditor’s conclusions based on a
sample may be different from the conclusion if the entire population were picked.

4.1 Differences between statistical and non-statistical sampling

KEY TERMS
Statistical sampling means any approach to sampling that involves the random selection of a
sample; and the use of probability theory to evaluate sample results, including measurement
of sampling risk.
Non-statistical sampling is simply any approach which doesn’t use statistical methods e.g.
where the auditor picks his sample using his judgement.

4.2 Basic principles of statistical sampling and other selective testing

procedures
All sample selection methods, whether statistical or non-statistical, should attempt to select samples
that are representative of the entire population. A representative sample is one whose characteristics
are the same as, or similar to, the characteristics of the population as a whole.
For example, a sample of invoices that have not been properly authorised in 2% of cases will be
representative of all invoices if the population as a whole also has around 2% of invoices not
authorised.
There are various different methods of sample selection including the following.

4.2.1 Statistical sampling

 Random selection – ensures each item in a population has an equal chance of selection, for
example by using random number tables or random number generators.
 Systematic selection – involves taking every nth item in a population, starting at a random point.
 Monetary unit sampling (MUS) – a value-weighted selection whereby every $1 in a population is
regarded as a separate sampling unit. This technique should ensure that every $1 in a
population has an equal chance of being selected. Material balances are more likely to be
selected.
52 4: Audit evidence AC C A F8

ILLUSTRATION: MONETARY UNIT SAMPLING

Total value of receivables population is $500,000 and sample size is 5.

$500,000 / 5 = $100,000 so select every $100,000
Customer Balance Cumulative Total Selected Y/N
$ $
A 20,000 20,000 N
B 60,000 80,000 N
C 10,000 90,000 N
D 90,000 180,000 Y
E 50,000 230,000 Y
F 30,000 260,000 N
G 70,000 330,000 Y
H 80,000 410,000 Y
I 40,000 450,000 N
J 50,000 500,000 Y
Total 500,000

4.2.2 Non-statistical sampling

 Haphazard selection – where a sample is chosen by hand. This is often deemed to be an
inappropriate method of selection as bias would often creep in e.g. an auditor may attempt to
avoid choosing any potentially problematic items.
 Block / sequence selection – involves selecting a block(s) of continuous item from a population
e.g. examining all sales invoices for the month of January.

4.3 Discuss the results of statistical sampling, including consideration of

whether additional testing is required
Errors found in a sample are extrapolated across the population as a whole, in order to enable the
auditor to form a conclusion on whether the population is materially misstated.
It is important to remember that there is not necessarily a direct, linear relationship between errors in
samples and errors in the populations from which they are drawn. Therefore, any errors found should
be discussed with the client. The auditor should then determine whether the error can be tolerated or
whether further testing is needed.

5 Computer-Assisted Audit Techniques

Computer-assisted audit techniques (CAATs) are used to assist the auditor in the collection of audit
evidence from computerised systems. They enable the auditor to test a greater number of items
quickly and accurately, thus reducing detection risk.
CAATs also allow the auditor to test the actual accounting system and records rather than printouts
which are only a copy of those records and could be incorrect.
AC C A F 8 4: Audit evidence 53

5.1 The use of audit software and test data by auditors

There are two forms of CAAT:
Audit software – this is where the auditor uses his own computer programmes to substantively test a
balance or transaction. The most commonly used form of audit software is the spreadsheet, which can
check the correct casting (addition) of a set of numbers.
Audit software can also be used to select samples, analyse monthly trends and calculate ratios.
Test data – this is where the auditor tests the integrity of the client’s system by posting data onto the
client’s computer system to see if the transactions are posted as they should be.
Common examples of test data are:
 Password controls – to see if unauthorised users can access key areas of the system.
 Test transactions – data can be input (“live” or “dead”) to see in the system rejects invalid data.
E.g. the input of a negative quantity when ordering inventory or the input of an invalid credit
card number.
 Test transactions using an embedded system – this is similar to above but aims to test a piece of
data or collate information over a longer period, perhaps even the entire year. E.g. the auditor
could request that all capital expenditure over $10,000 in value is collated in a separate file.

5.2 Advantages of using CAATs

 Enable the auditor to test program controls – if CAATs were not used then those controls would
not be testable.
 Enable the auditor to test a greater number of items quickly and accurately. This will also
increase the overall confidence for the audit opinion.
 Allow the auditor to test the actual accounting system and records rather than printouts which
are only a copy of those records and could be incorrect.
 CAATs are cost effective after the initial setup (as long as the company does not change its
systems) as the auditor can run the same audit software each year.
 Allow the results from using CAATs to be compared with ‘traditional’ testing – if the two sources
of evidence agree then this will increase overall audit confidence.

6 The work of others

By relying on the work of others, auditors may be able to make better judgements on areas where
they do not have expertise. They may also save time and effort by not reproducing work that has
already been completed by a competent party.

6.1 Discuss the extent to which auditors are able to rely on the work of
internal audit
While the external auditor has sole responsibility for the audit opinion expressed and for determining
the nature, timing and extent of external audit procedures, certain parts of internal auditing work may
be useful to the external auditor.
Areas of the audit where the external auditor may be able to use the work of the internal auditor
might include systems documentation, controls testing and inventory count procedures. Per ISA 610
Using the Work of Internal Auditors, the external auditor should consider the following when assessing
whether to place reliance on the work of internal audit:
54 4: Audit evidence AC C A F8

(a) Organisational status: In the ideal situation, internal audit will report to the highest level of
management. Also, the internal auditors will need to be free to communicate fully with the
external auditor.
(b) Technical competence: Whether internal auditing is performed by persons having adequate
technical training and proficiency as internal auditors. The external auditor may, for example,
review the policies for hiring and training the internal auditing staff and their experience and
professional qualifications.
(c) Systematic and disciplined approach including quality control: Whether internal auditing is
planned, supervised, reviewed and documented in such a way as to be able to draw reasonable
conclusions from the work. The existence of adequate audit manuals, work programmes and
working papers would be considered.
Once they have decided whether it is appropriate to rely on the work of internal audit, the external
auditors would then read the reports relating to that internal audit work and perform sufficient
procedures on that work to determine it is adequate for purpose.
It is also possible to use internal auditors for direct assistance on the external audit (i.e. to carry out
external audit procedures). Again, audit judgement must be exercised in determining exactly what
work internal audit can carry out.

6.2 Discuss the extent to which auditors are able to rely on the work of
experts
For the majority of audit work, the auditor will rely upon their own skill and judgement in forming an
opinion. However, there may be some areas where a level of expertise beyond that of the auditor is
needed e.g. the valuation of assets such as works of art and precious stones.
When planning to use the work of an expert, the auditor should evaluate the professional competence
of the expert.
This will involve considering the expert’s:
 Qualifications – for example, via membership in an appropriate professional body.
 Experience and reputation in the field in which the auditor is seeking audit evidence.
 References – from previous work performed.
 Access to information – the expert should be allowed access to whatever information he feels
necessary at the client.
 Independence/objectivity of the expert (e.g. if the expert has a family/financial connection with
the client).
If the auditor is concerned regarding the competence or objectivity of the expert, the auditor needs to
discuss any reservations with management and consider whether sufficient appropriate audit evidence
can be obtained concerning the work of an expert.
The auditor may need to undertake additional audit procedures or seek audit evidence from another
expert.

6.3 Service organisations

Entities often outsource non-core areas of the business such as payroll and credit control to service
organisations. This presents a potential problem to auditors, as they are probably not the auditors of
those service organisations and therefore won’t necessarily be allowed access to their premises and
documentation.
The auditor should therefore consider the significance of the service organisation’s activities to the
entity and the relevance to the audit.
AC C A F 8 4: Audit evidence 55

To do this, they should consider:

 The nature and materiality of the services provided by the service organisation.
 The extent to which the entity’s internal controls interact with the systems at the service
organisation.
 The service organisation’s capability and financial strength, including the possible effect of the
failure of the service organisation on the entity.
 The existence of third-party reports from the service organisation’s auditors or internal auditors
as a means of obtaining information about the effectiveness of the internal controls of the
service organisation.
The auditor could request to see any relevant documentation from the service organisation but the
service organisation is under no duty to allow this.
Similarly, the auditor could request from the service organisation’s auditor written confirmation of the
strength of the service organisation’s controls. Again, this will require the permission of the client, the
service organisation and their auditors.

6.4 Explain the extent to which reference to the work of others can be
made in audit reports
In the UK, no reference can be made to any work of others in the final audit report.

7 Not-for-profit organisations
Not-for-profit organisations such as charities and societies are different to most organisations in that
their primary goal is not the maximisation of profit. As many of these organisations are not
incorporated, they will probably not need a statutory audit but may need an assurance engagement
due to the requirements of their governing body.
The audit of a not-for-profit organisation will involve similar planning and testing techniques as for a
“conventional” audit, with the auditor planning their work based on the key risks inherent in the client.
In addition, the following risks are often applicable to such organisations:
 The audit of “irregular” income such as cash donations and fund-raising events
 The training / qualifications of volunteer or unpaid staff
 Lack of traditional accounting controls due to small number of staff (e.g. lack of segregation of
duties and management override of controls)
 Misuse of designated funds
 Excessive administrative costs
The letter of engagement will dictate the reporting requirements of the organisation, but an element
of the audit may revolve around the recommendation of improvements to the current system of
control.
Because of the lack of controls mentioned above, the audits of not-for-profit organisations are
normally substantive in nature. The substantive tests you have learnt above will be relevant to the
audit of a not-for-profit organisation, but when proposing audit procedures for these organisations,
you should be mindful of any particular issues highlighted in the question which might need
recognising in your audit tests.
56 4: Audit evidence AC C A F8
 57

Review and reporting

1 Subsequent events
ISA 560 Subsequent Events defines subsequent events as those which occur after the year end date.
Many of these events will have an effect on the financial statements.

KEY TERMS
Adjusting events – those that provide additional evidence of conditions that exist at the year
end e.g. the write-off of a trade receivable. An adjustment must be in the financial
statements to reflect this event.
Non-adjusting events – those events which did not exist at the year end e.g the loss of
inventory in a post year end fire. These events must be disclosed in the financial statements.

Auditors must therefore take steps to ensure that any such events are properly reflected in the
financial statements.

Time

Reporting Adjusting Non-adjusting Auditor’s FS issued

date event event report
issued

1 2 3

1 Events occurring up to the date of the auditor’s report

The auditor has an active duty to search for any material adjusting and non-adjusting events up to the
date of the auditor’s report that may require adjustment of, or disclosure in, the financial statements.
58 5: Review and reporting AC C A F8

Procedures to be undertaken in performing a subsequent events review

 Review management procedures to try and ensure that subsequent events are identified.
 Read minutes of the post year-end company meetings and Board meetings and enquiring into
unusual items.
 Obtain the company’s latest accounts as well as any budgets and cash flow forecasts.
 Ask management as to whether any subsequent events have occurred such as new borrowing
commitments or significant sales of assets.
 Check whether any events have occurred that could call into question the validity of the going
concern assumption.
 Enquire of the company’s solicitors as to any new developments re: litigation.
 Include the matter on the management representation letter.

2 Facts discovered after the date of the auditor’s report but before the date the
financial statements are issued
The auditor does not have any responsibility to perform audit procedures or make any enquiry
regarding the financial statements after the date of the auditor’s report. They only have a duty to act if
they are made aware of something.

ILLUSTRATION

A few days after signing the audit report on 24 April 20X9, but before the client’s financial statements
have been issued, the auditors receive a phone call from a director indicating a material error in the
financial statements.
In such circumstances, the client could either:
 Produce a revised set of financial statements
Where this happens, the auditor will audit the amendment and then redraft and re-date the
audit report, or
 Refuse to change the financial statements
Here, the financial statements are materially incorrect, but the initial audit report says they are
true and fair.
The auditor should consider other methods of contacting the members. For example, the auditor can
speak at the upcoming AGM to inform the members.
The auditor may also obtain legal advice and consider resignation.

3 Facts discovered after the financial statements have been issued

After the financial statements have been issued, the auditor has no obligation to make any inquiry
regarding such financial statements.
However, if the auditor becomes aware of a fact which existed at the date of the auditor’s report and
which, if known at that date, may have caused the auditor’s report to be modified, the auditor should:
 Consider whether the financial statements need revision;
 Discuss the matter with management; and
AC C A F 8 5: Review and reporting 59

 If needed, issue a new report on the revised financial statements. This report should include an
emphasis of matter paragraph referring to the reason for the revision.
If management do not revise the financial statements, the auditor should take legal advice with the
objective of trying to prevent further reliance on the report.

2 Going concern
Under the going concern assumption, an entity is ordinarily viewed as continuing in business for the
“foreseeable future” with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors. This “foreseeable future” should be at least 12 months after the
period end.

2.1 Explain the respective responsibilities of auditors and management

regarding going concern
Management are required to perform an assessment of whether the company is a going concern or
not.
The auditor’s responsibility in respect of going concern is explained in ISA 570 (redrafted) Going
Concern. The ISA states ‘when planning and performing audit procedures and in evaluating the results
thereof, the auditor should consider the appropriateness of management’s use of the going concern
assumption in the preparation of the financial statements’.
The auditor’s responsibility therefore falls into three areas:
 To carry out appropriate audit procedures that will identify whether or not management have
been realistic in their use of the going concern assumption when preparing the financial
statements.
 To conclude whether a material uncertainty exists relating to events and conditions that may
cast significant doubt on the entity’s ability to continue as a going concern.
 To report to the members where they consider that the going concern assumption has been
used inappropriately, for example, when the financial statements indicate that the organisation
is a going concern, but audit procedures indicate this may not be the case.
In obtaining an understanding of the entity, auditors should consider whether there are events or
conditions which may cast significant doubt on going concern status of their client. They should also
review the disclosures regarding going concern before forming their audit opinion.
Examples of events or conditions which may cast significant doubt about the going concern
assumption are set out below.

Financial
 Net liability or net current liability position (or other adverse financial ratios)
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment.
 Negative operating cash
 Substantial operating losses or significant deterioration in the value of assets used to generate
cash flows.
 Inability to pay creditors on due dates.
60 5: Review and reporting AC C A F8

Operating
 Loss of key management without replacement.
 Labour difficulties or shortages of important supplies.

2.2 Discuss the procedures to be applied in performing going concern

reviews
In order to establish whether a company is a going concern or not, the key evidence the auditor will
review is management’s assessment of going concern. They should evaluate whether it is reasonable
(which may involve testing of any cash forecasts included and any assumptions made, for example, in
relation to sales trends in the coming year) and whether it takes into account all the issues that the
auditor is aware of relating to going concern. Where the client has prepared forecasts suggesting that
there is no problem with going concern, the auditor should compare previous years’ forecasts with
actual results to determine the historical accuracy of the client’s forecasts.
If the auditor has identified events or conditions that raise doubt concerning going concern, the
auditor should perform additional audit procedures, which may include the following:
 Obtain a copy of the cash flow forecast and discuss the results of this with the directors.
 Make enquiries of the directors and examine appropriate documentation supporting the
company’s going concern status such as budgets and cash flow forecasts.
 Consider the appropriateness of assumptions which directors have made, the sensitivity of
assumptions to external and internal changes, the existence and adequacy of borrowing
facilities and the directors’ plans to deal with any going concern problems.
 Document the extent of any concerns, taking account of matters that have come to their
attention during the course of the audit and in particular, financial, operational, or other
indicators of going concern problems that are present.
 Obtain the entity’s latest available interim financial statements to ascertain whether there is
sufficient audit evidence to confirm or dispel whether or not a material uncertainty regarding
going concern exists.
 Make enquiries of the entity’s lawyer regarding the existence of litigation and claims and the
reasonableness of management’s assessments of their outcome and the estimate of their
financial implications.
 Seek written representations from management regarding its plans for future action.
 Review correspondence from company bankers regarding continuance of loan facilities.
 Review receivables ageing analysis to determine whether there is an increase in days – which
may also indicate cash flow problems.

2.3 Going concern and the audit report

Auditors are required to assess the adequacy of the use of the going concern assumption and the
disclosures made in the accounts with respect to going concern.
AC C A F 8 5: Review and reporting 61

Is the company a
going concern?
Yes No
Yes, but a material
uncertainty exists

Unmodified audit Is this fact adequately Is this fact adequately reflected in

report disclosed? the accounting basis and disclosed?

No Yes Yes No

Qualified audit Unmodified audit opinion Adverse audit

opinion – material with material uncertainty opinion – pervasive
misstatement relating to going concern misstatement
paragraph

3 Written representations
ISA 580 Written Representations covers this area. Written representations (or “management
representations”) are a form of audit evidence. They are contained in a letter, written by the
company’s directors and sent to the auditor, prior to the completion of audit work and before the
audit report is signed.
Representations are required for two reasons:
 So the directors can acknowledge their collective responsibility for the preparation of the
financial statements and to confirm that they have approved those statements.
 To confirm any matters, which are material to the financial statements where representations
are crucial to obtaining sufficient and appropriate audit evidence.
In the latter situation, other forms of audit evidence are normally unavailable because knowledge of
the facts is confined to management and the matter is one of judgement or opinion. For example, a
warranty provision is essentially an estimate as to how many goods will need to be repaired under
warranty in the future. By its very nature, this figure will be an estimate for which independent third
party evidence is unlikely to be available.
Obtaining representations does not mean that other evidence does not have to be obtained. Audit
evidence will still be collected and the representation will support that evidence. Any contradiction
between sources of evidence should, as always, be investigated. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that an
auditor would ordinarily expect to obtain.
The letter also usually confirms that:
 All matters occurring since the year end date that should be brought to the attention of auditors
have been brought to their attention
 All of the accounting records have been made available to the auditors
 All related party relationships and transactions have been appropriately disclosed
If management refuses to provide a representation that the auditor considers necessary, the auditor is
unable to obtain sufficient appropriate evidence on which to base his opinion. Therefore, the auditor
should express a qualified opinion or a disclaimer of opinion.
62 5: Review and reporting AC C A F8

3.1 Procedure for obtaining written representations

 The auditor agrees the need for a management representation letter with the client before the
audit commences
 The auditor drafts the letter for the client, discussing any key points
 The client types up the letter on its own notehead
 The letter should be signed by at least one senior executive on behalf of the board
 The letter should be dated as close as possible to the date the audit report is signed.

4 Audit finalisation and the final review

After the completion of the audit work and before the audit report is signed, the auditor should
perform an overall review of the financial statements. This review should determine:
 That the financial statements are prepared using appropriate accounting policies (e.g. comparable
with other firms in the same industry) and whether they have been consistently applied.
 Whether the information in the financial statements is consistent with the auditor’s knowledge
of the business and compatible with their audit findings.
 Whether the information in the financial statements is properly presented and disclosed in
accordance with accounting standards, legislation and other regulatory requirements.
 That sufficient, appropriate audit evidence has been obtained to support the audit opinion.
The auditor would also consider uncorrected misstatements at this stage of the audit to ensure that
the overall effect of uncorrected misstatements was not material to the financial statements.

5 Audit reports
5.1 Unmodified audit reports
5.1.1 ISA 700 Forming an Opinion and Reporting on Financial Statements
The purpose of an external audit is for the auditor to form and express an independent opinion on a
set of financial statements. This opinion is provided in the auditor’s report.
An unmodified opinion is expressed by the auditor when the auditor concludes that the financial
statements are prepared, in all material respects, in accordance with the applicable financial reporting
framework i.e. they give a true and fair view.
The standard unmodified audit report should contain the following:
 Title – stating that it is the report of an independent auditor
 Addressee – addressing the report (usually to the shareholders)
 Opinion paragraph – identifying the company, what exactly has been audited (normally the
financial statements) and whether a “true and fair” view is given
 Basis for opinion paragraph – refers to ISA’s, ethical requirements and sufficient, appropriate
evidence
 Management’s responsibility - for preparing the financial statements – in accordance with the
applicable financial reporting framework
 Auditor’s responsibility– for expressing an opinion on them and the audit was conducted in
accordance with International Standards on Auditing
 Date of the auditor’s report
 Signature and address of auditor
AC C A F 8 5: Review and reporting 63

The full unmodified audit report from ISA 700 is shown below for illustration purposes – you do not
need to learn it as a proforma.

ILLUSTRATION: UNMODIFIED AUDITOR’S REPORT

INDEPENDENT AUDITOR’S REPORT

[Appropriate Addressee (i.e. the shareholders)]
Report on the Financial Statements of FI Ltd
Opinion
We have audited the financial statements of FI Ltd for the year ended 31 December 2016, which
comprise the statement of financial position, the statement of comprehensive income, statement of
changes in equity, statement of cash flows and a summary of significant accounting policies and other
explanatory information.
this is an “unmodified audit opinion”

In our opinion, the financial statements give a true and fair view of the financial position of FI Ltd as of
December 31, 2016, and of its financial performance and its cash flows for the year then ended in
accordance with International Financial Reporting Standards.

Basis for Opinion

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our
responsibilities under those standards are further described in the Auditor’s Responsibilities for the
Audit of Financial Statements section of our report. We are independent of the company in
accordance with the ethical requirements that are relevant to our audit of financial statements in
[jurisdiction], and we have fulfilled our ethical responsibilities in accordance with these requirements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis
for our opinion.
Key Audit Matters
[Description of each matter in accordance with ISA 701]
Other information
[Report in accordance with ISA 720]
Responsibilities of Management and Those Charged with Governance for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in
accordance with International Financial Reporting Standards, and for such internal control as
management determines is necessary to enable the preparation of financial statements that are free
from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is responsible for assessing the Company’s ability
to continue as a going concern, disclosing, as applicable, matters relating to going concern and using
the going concern basis of accounting unless management either intends to liquidate the company or
to cease operations, or has no realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s financial reporting
process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report
that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee
that an audit conducted in accordance with ISAs will always detect a material misstatement when it
64 5: Review and reporting AC C A F8

exists. Misstatements can arise from fraud and error and are considered material if, individually or in
the aggregate, they could reasonably be expected to influence the economic decisions of users taken
on the basis of these financial statements.
A further description of the auditor’s responsibilities for the audit of the financial statements is located
at [organisation’s] website at: [website link]. This description forms part of our auditor’s report.
[Auditor’s signature] [Date of the auditor’s report]
[Auditor’s address]

The further description of the auditor’s responsibilities is as follows:

As part of an audit in accordance with ISAs, we exercise professional judgement and maintain
professional scepticism throughout the audit. We also:
 Identify and assess the risks of material misstatement of the financial statements, whether due
to fraud or error, design and perform audit procedures responsive to those risks, and obtain
audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of
not detecting a material misstatement resulting from fraud is higher than for one resulting from
error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the
override of internal control.
 Obtain an understanding of internal control relevant to the audit in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of the Company’s internal control.
 Evaluate the appropriateness of accounting policies used and the reasonableness of accounting
estimates and related disclosures made by management.
 Conclude on the appropriateness of management’s use of the going concern basis of accounting
and, based on whether a material uncertainty exists related to events or conditions that may
cast significant doubt on the Company’s ability to continue as a going concern. If we conclude
that a material uncertainty exists, we are required to draw attention in our auditor’s report to
the related disclosures in the financial statements, or, if such disclosures are inadequate, to
modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of
our auditor’s report. However, future events and conditions may cause the Company to cease
to continue as a going concern.
We communicate with those charged with governance regarding, among other matters, the planned
scope and timing of the audit and significant audit findings, including any significant deficiencies in
internal control that we identify during our audit.

5.1.2 ISA 701 Communicating Key Audit Matters in the Independent Auditor’s Report
ISA 701 Communicating Key Audit Matters in the Independent Auditor’s Report requires auditors of
listed entities to determine key audit matters (KAM) and to communicate those matters in the
auditor’s report.
Auditors of non-listed entities may do so voluntarily or at the request of those charged with
governance. KAM are those that in the auditor’s opinion were of most significance during the audit
and are selected from matters reported to those charged with governance. They might include:
 Areas of high risk of material misstatement
 Significant auditor judgements
 The audit of significant transactions or events such as goodwill, fair values, financial instruments
or provisions
If there are no key audit matters to report, the auditor’s report shall contain a statement to that
effect.
AC C A F 8 5: Review and reporting 65

5.2 Modified audit reports

Exam questions are much more likely to focus on modified audit reports. Per ISA 705 Modifications to
the Opinion in the Independent Auditors Report, an auditor modifies an audit report in any situation
where it is inappropriate to provide an unmodified report. Therefore, a modified audit report is one
that differs in any way from the report on the previous page.
It is important to note that it is possible to have:
 A modified audit report with an unmodified opinion, or
 A modified audit report with a modified opinion.

5.3 ISA 706 Modified Audit Report with an Unmodified Opinion –

“Emphasis of Matter”
The auditor’s report may be modified by adding an emphasis of matter paragraph to re-highlight a
significant matter such as a going concern problem or some other significant uncertainty which is
fundamental to the users’ understanding of the financial statements. This matter will be already
appropriately disclosed within the financial statements.
The additional paragraph should be added after the basis of opinion paragraph under the heading
“Emphasis of Matter”. This paragraph will explicitly start with the words “without qualifying our
opinion…” to highlight the fact that the audit opinion is unmodified in respect of this matter.
An example of when an emphasis of matter paragraph may be appropriate includes an uncertainty
relating to the future outcome of exceptional litigation

ILLUSTRATION: EMPHASIS OF MATTER

We draw attention to Note X to the financial statement which describes the uncertainty related to the
outcome of the lawsuit filed against the company by XYZ Company. Our opinion is not qualified in
respect of this matter.

Occasionally, the audit report might be modified by the inclusion of an ‘Other Matter’ paragraph,
which is very similar to an emphasis of matter paragraph.

5.4 ISA 705 Modified audit report with a modified opinion

There are three different types of modified opinion:
 Qualified opinion
 Adverse opinion
 Disclaimer of opinion
The type of modified opinion given by the auditor will depend on the reason for modification and the
degree of severity.
Reason for modified opinion Degree of Severity
Material but not Pervasive Material and Pervasive
Financial statements are materially Qualified opinion Adverse opinion
misstated
Auditor is unable to obtain sufficient Qualified opinion Disclaimer of opinion
appropriate audit evidence
66 5: Review and reporting AC C A F8

Pervasive is a term used to describe the effects on the financial statements of misstatements or
possible misstatements that have not been detected due to an inability to provide sufficient
appropriate audit evidence.
Pervasive effects are those that:
 Are not confined to specific elements, accounts or items in the financial statements
 If so confined, represent or could represent a substantial portion of the financial statements
 In relation to disclosures are fundamental to users understanding of the financial statements

5.4.1 Qualified opinion – material misstatement

Material misstatements could arise due to inappropriate selection or application of accounting policies
or due to inadequate disclosures.
Assuming the auditors cannot persuade the directors to change the relevant item, and it is considered
to be material but not pervasive, the auditor would issue a qualified opinion.
An additional, explanatory paragraph is added to the audit report after the opinion paragraph, called a
“Basis for Qualified Opinion” paragraph. This provides details of the misstatement concerned and the
effect on the financial statements.
The opinion paragraph is entitled “Qualified Opinion” and will include wording such as “except for any
adjustments that are needed to the financial statements...”

ILLUSTRATION: QUALIFIED OPINION DUE TO A MATERIAL MISSTATEMENT

Qualified Opinion
We have audited … (as in unmodified report)
In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion
paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view
of) the financial position of ABC Company as at December 31, 20X2, and (of) its financial performance
and its cash flows for the year then ended in accordance with International Financial Reporting
Standards.
Basis for Qualified Opinion
The company’s inventories are carried in the statement of financial position at xxx. Management has
not stated the inventories at the lower of cost and net realisable value but has stated them solely at
cost, which constitutes a departure from International Financial Reporting Standards. The company’s
records indicate that had management stated the inventories at the lower of cost and net realisable
value, an amount of xxx would have been required to write the inventories down to their net
realisable value. Accordingly, cost of sales would have been increased by xxx, and income tax, net
income and shareholders’ equity would have been reduced by xxx, xxx and xxx, respectively.
We conducted our audit … (as unmodified report)

5.5 Adverse opinion

If the misstatement is material and pervasive, then the auditor’s report states that the auditor is of the
opinion that the financial statements do not give a true and fair view – an adverse opinion. This form
of audit report is very rare.
An additional, explanatory paragraph is added to the audit report after the opinion paragraph, called a
“Basis for Adverse Opinion” paragraph. This provides details of the misstatement concerned and the
effect on the financial statements.
The opinion paragraph is entitled “Adverse Opinion” and will include wording such as “the financial
statements do not give a true and fair view”.
AC C A F 8 5: Review and reporting 67

ILLUSTRATION: ADVERSE OPINION

Adverse Opinion
We have audited … (as in unmodified report)
In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion
paragraph, the consolidated financial statements do not present fairly (or do not give a true and fair
view of) the financial position of ABC Company and its subsidiaries as at December 31, 20X2, and (of)
their financial performance and their cash flows for the year then ended in accordance with
International Financial Reporting Standards.
Basis for Adverse Opinion
As explained in Note X, the company has not consolidated the financial statements of subsidiary XYZ
Company it acquired during 20X2 because it has not yet been able to ascertain the fair values of
certain of the subsidiary’s material assets and liabilities at the acquisition date. This investment is
therefore accounted for on a cost basis. Under International Financial Reporting Standards, the
subsidiary should have been consolidated because it is controlled by the company. Had XYZ been
consolidated, many elements in the accompanying financial statements would have been materially
affected. The effects on the consolidated financial statements of the failure to consolidate have not
been determined.
We conducted our audit … (as unmodified report)

Note: The audit of consolidated financial statements is not examinable in paper F8.

5.6 Qualified opinion – auditor is unable to obtain sufficient appropriate

audit evidence
This type of modification arises when an auditor does not receive all of the information and
explanations needed to form an opinion.
This may arise from:
 Circumstances beyond the control of the entity e.g. destruction of accounting records
 Circumstances related to the nature or timing of the auditor’s work e.g. auditor was appointed
too late to attend a year-end inventory count or the entity’s records are too inadequate to
derive an opinion from
 Limitations imposed by management e.g. management prevents the auditor from requesting
third party confirmation of specific account balances
Assuming the matter is considered to be material but not pervasive, the auditor will issue a qualified
opinion.
An additional, explanatory paragraph is added to the audit report after the opinion paragraph, called a
“Basis for Qualified Opinion” paragraph. This explains the reason for the inability to obtain sufficient
appropriate evidence and gives an indication of the possible adjustments to the financial statements
that might have been deemed necessary had the evidence been available.
The opinion paragraph is entitled “Qualified Opinion” and will include wording such as “except for any
adjustments that might be needed to the financial statements...”
68 5: Review and reporting AC C A F8

ILLUSTRATION: QUALIFIED OPINION DUE TO AN INABILITY TO OBTAIN SUFFICIENT APPROPRIATE EVIDENCE

Qualified Opinion
We have audited … (as in unmodified report)
In our opinion, except for the possible effects of the matter described in the Basis for Qualified
Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and
fair view of) the financial position of ABC Company as at December 31, 20X2, and (of) its financial
performance and its cash flows for the year then ended in accordance with International Financial
Reporting Standards.
Basis for Qualified Opinion
ABC Company’s investment in XYZ Company, a foreign associate acquired during the year and
accounted for by the equity method, is carried at xxx on the statement of financial position as at
December 31, 20X2, and ABC’s share of XYZ’s net income of xxx is included in ABC’s income for the
year then ended. We were unable to obtain sufficient appropriate audit evidence about the carrying
amount of ABC’s investment in XYZ as at December 31, 20X2 and ABC’s share of XYZ’s net income for
the year because we were denied access to the financial information, management, and the auditors
of XYZ. Consequently, we were unable to determine whether any adjustments to these amounts were
necessary.
We conducted our audit … (as unmodified report)

5.7 Disclaimer of Opinion

The auditor issues a disclaimer of opinion when they are unable to obtain sufficient appropriate audit
evidence on which to base the opinion, and the auditor concludes that the possible effects on the
financial statements of undetected misstatements, if any, could be both material and pervasive.
Under these circumstances, the auditor states that he “does not express an opinion” on the financial
statements. This will occur in the unusual event that there is a large volume of information that the
auditor has requested but not received.
An additional, explanatory paragraph is added to the audit report after the opinion paragraph, called a
“Basis for Disclaimer of Opinion” paragraph. This explains the reason for the inability to obtain
sufficient appropriate evidence and the possible effect on the financial statements had the evidence
been available.
The opinion paragraph will include wording such as “we do not express an opinion on the financial
statements”.

ILLUSTRATION: DISCLAIMER OF OPINION

Disclaimer of Opinion
We have audited … (as unmodified report)
Because of the significance of the matters described in the Basis for Disclaimer of Opinion paragraph,
we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit
opinion. Accordingly, we do not express an opinion on the financial statements.
Basis for Disclaimer of Opinion
We were not appointed as auditors of the company until after December 31, 20X2 and thus did not
observe the counting of physical inventories at the beginning and end of the year. We were unable to
satisfy ourselves by alternative means concerning the inventory quantities held at December 31, 20X1
AC C A F 8 5: Review and reporting 69

and 20X2 which are stated in the statement of financial position at xxx and xxx, respectively. In
addition, the introduction of a new computerised accounts receivable system in September 20X2
resulted in numerous errors in accounts receivable. As of the date of our audit report, management
was still in the process of rectifying the system deficiencies and correcting the errors. We were unable
to confirm or verify by alternative means accounts receivable included in the statement of financial
position at a total amount of xxx as at December 31, 20X2. As a result of these matters, we were
unable to determine whether any adjustments might have been found necessary in respect of
recorded or unrecorded inventories and accounts receivable, and the elements making up the
statement of comprehensive income, statement of changes in equity and statement of cash flows.
We conducted our audit … (as unmodified report)

6 Application to scenarios
The following diagram helps to apply the theory in ISA 705 to scenarios given in exam questions.

Has the auditor

received all of the
information and
explanations
Yes required to form an No
opinion?

Does the auditor Modified audit

agree with all of opinion due to an
the numbers and inability to obtain
disclosures? sufficient appropriate
evidence

Yes No

Unmodified audit Modified audit Material Pervasive

opinion opinion due to a
material
misstatement
Qualified Disclaimer
“except for...” of Opinion
Material Pervasive

Qualified Adverse
“except for...” opinion
70 5: Review and reporting AC C A F8

LECTURE EXAMPLE 5.1

During the audit of Bodie Co, the auditors notice that the company’s main office building has not been
depreciated. After challenging the directors about this, the directors feel that a charge is not necessary
as the office is painted every three years and therefore won’t suffer a fall in value.
Will this matter affect the auditor’s report?

Solutions to the Lecture examples can be found in the back of these Notes.

LECTURE EXAMPLE 5.2

During the audit of Doyle Co, the auditors notice that the company hasn’t kept any purchase orders or
invoices and estimates the year end trade payables figure based on statements received from key suppliers.
Will this matter affect the auditor’s report?

LECTURE EXAMPLE 5.3

During the audit of Jackson Co, the auditors notice that the company is being sued for $4m by a
customer who slipped and injured themselves on Jackson’s premises. The court case is scheduled for a
date after the date of the audit report. The directors have correctly disclosed the matter as a
contingent liability.
Will this matter affect the auditor’s report?
AC C A F 8 5: Review and reporting 71

7 Reports to Management
ISA 260 Communication with those Charged with Governance states that auditors “should
communicate audit matters of governance interest arising from the audit of financial statements with
those charged with governance of an entity”.
Those charged with governance means those entrusted with the supervision, control and direction of
an entity and would therefore include management, the audit committee and non-executive directors.
Such communications normally take the form of a letter, written promptly after the completion of the
audit, addressed to the audit committee or Board of Directors if there is no audit committee. One of
the main features of these letters is a list of the control weaknesses identified during the audit and the
recommendations made regarding those weaknesses. See Chapter 3 for further details.
The letter should be discussed with the client before it is sent to ensure that all of the statements
made in the letter are factually correct. A reply should be sought from the client’s management at
their earliest convenience.
72 5: Review and reporting AC C A F8
 73

Solutions to
Class lecture examples

Chapter 5
Lecture example 5.1
According to IAS 16, Property, Plant and Equipment, all tangible non-current assets apart from land
must be depreciated. The auditors would therefore consider this to be a material misstatement. If they
could not persuade the directors to amend the financial statements, they would have to issue a
qualified audit report, using the “except for” wording.

Lecture example 5.2

Assuming the trade payables figure is a significant one, this would represent a material (but not
pervasive) inability to obtain sufficient appropriate evidence. The auditor’s report would contain an
“except for…might” wording with respect to the trade payables.

Lecture example 5.3

Assuming the $4m is a material amount, this matter could affect the going concern of Jackson and
should be brought to the attention of the shareholders.
An emphasis of matter paragraph should be included after the opinion paragraph explaining the
lawsuit and referring to note in the financial statements where the contingent liability is disclosed.
74 Solutions to Class lecture examples AC C A F8