AUDIT & ASSURANCE

Topic Page number

Using These Notes 2

About The Exam 2

Introduction 5

Assurance Engagements 7

Regulation Of Auditors 13

Code Of Ethics 21

Client Acceptance/Continuance, Agreeing Terms of Engagement 34

Planning 40

Systems Of Internal Controls 63

Controls Over Transaction Cycles 75

Management Assertions, Audit Procedures & Audit Evidence 88

Procedures On Specific Areas 98

Review 123

Opinion & Reporting 142

Audit Sampling 165

CAATs (Including Data Analytics) 168

Fraud 173

Laws & Regulations 176

Audit Documentation 179

Quality Control 182

Corporate Governance 186

Internal Audit 193

Not For Profit Organizations-Audit Techniques 199

Page 1 of 203
 Using These Notes

For each area of the syllabus, the notes cover:

- The key knowledge/technical areas
- The answer technique!

It is VERY important to understand that the nature of the AA exam is such that it cannot be passed without
excessive practice so these notes HAVE to be used in combination with past exams or the revision kit.

Use the LATEST revision kits from approved content providers.

The past papers on the ACCA website are not updated for changes in ISAs or IFRS.

When you are attempting questions from the latest revision kits, focus on ‘knowing’ the language used
and understanding the ‘answer technique’; remember, it’s not the English language which will help you
get through the exam- it is the ‘audit language’!

Lastly, ensure you read the Technical Articles on the ACCA website; focus on the ones that have been
published in the last 12 months from your exam attempt.

About The Exam

- All questions are compulsory. The exam will contain both computational and discursive elements.
- Questions will adopt a scenario/case study approach.

Computer-based exams
The total exam time is 3 hours.

Section A of the exam comprises three 10-mark case-based questions. Each case has five objective test
questions worth 2 marks each.

Section B of the exam comprises one 30-mark question and two 20-mark questions.

Section B of the exam will predominantly examine one or more aspects of audit and assurance from
planning and risk assessment, internal control or audit evidence, although topics from other syllabus areas
may also be included

Page 2 of 203
Tools available in the CBE

- Calculator- can bring own!

- Scratch pad
- Screen splitter- can be moved
- Highlight: visible for all requirements
- Strikethrough: dealt with this information
- Cut and paste within the CR area
- Re-set: ALL text removed. Be careful! Only if want to start again- warning message will come up.
Can use undo function to restore!

For Section B in CBEs

- Each question will have a number of requirements.

- Use word processing tools to construct the answer.
- A pre-formatted response template might also be given (mainly for audit risks, control deficiencies
and IESBA’s ethical threats and safeguards)

Which formatting options should a student use in CRs?

- Bold
- Underline
- Marks for content NOT how you are presenting it. No marks for formatting!
- Can insert table yourself if pre-formatted not given

Page 3 of 203
 Reasons for an unsuccessful attempt

Very bad scripts

1. Very brief answers to most, if not all questions. In other words, some of the basic knowledge is known,
but there is little or no application of that knowledge to the scenario

2. Significant lack of understanding of audit procedures and the audit process. For example, where a
question asks for audit procedures to be listed and explained, a typical answer is ‘check the ledger’
providing no indication of which ledger will be ‘checked’ or what the ledger is being checked for

3. Lack of exam practice. In a significant minority of scripts, it appears that candidates have not
attempted any mock exams prior to the ‘real’ exam. Poor exam technique is identified as:
• answering questions in a random sequence (for example, Question 1 Part (a), followed by
Question 3 Part (b), followed by Question 2 Part (c), and so on)
• spending far too much time on one question, leaving little or no time for the other questions
• not writing in the required style (e.g. providing the answer in one long paragraph rather than
splitting the answer up into individual points)
• focusing on theory only with no attempt to use the scenario.

Marginal scripts

1. Answering questions correctly, but not including a sufficient number of relevant points to obtain a
pass standard.

2. Having a good knowledge of auditing, but being unable to apply that knowledge to the scenarios
provided in the question.

3. Not answering all the questions.

Pass standard scripts

1. Are usually well presented, and make appropriate use of paragraphs, sentences and table formats
where appropriate.

2. Demonstrate that students are able to apply that knowledge to the question, clearly and succinctly.
Audit procedures are listed as well as explained.

3. All questions are attempted, even though some sections may not be answered that well. A few marks
could normally be obtained from a valid attempt; obviously, no marks are awarded if the question is
not attempted at all.

Page 4 of 203
 Introduction
Audit in Layman Terms

An audit can be compared to an annual checkup with the doctor. Just as the patient must pass certain
exams to ensure a clean bill of health, a company’s financial “good health” standing relies on whether or
not its financial statements abide by generally acceptable standards and accounting principles. While
audit does not guarantee perfect financial statements, it does provide reasonable assurance that the
statements are free of misstatements. In this case, the doctor is the auditor, and the company is the
patient.

Almost every organization, whether it is a privately held business, a publicly owned corporation, or
a nonprofit organization, must prepare financial reports. These reports are like the lifeline of a company
and help owners and managers make decisions and help provide the company’s financial status to
shareholders, employees, regulators, and the public.

There are two kinds of audits: internal and external.

An external audit is performed by an outside auditor who does not have any ties to the organization or
its financial statements. The outside auditor examines financial statements prepared by management for
a fair presentation as well as relevance and accuracy. Most importantly, an auditor tests whether or not
a company is adhering to professional standards and IAS/IFRS.

Internal Auditing: Companies perform internal audits to ensure that the company is meeting internal and
external goals. Internal goals include productivity, quality, compliance controls, consistency, and cost,
while external goals deal with customer satisfaction and market share. Auditors check to make sure
transactions are executed with management’s authorization. Also, access to assets must have
management’s authorization. Generally speaking, an internal auditor rates the company’s overall
effectiveness.

Accountability, Stewardship and Agency

An audit of a company's accounts is needed because in companies, the owners of the business are often
not the same persons as the individuals who manage and control that business.
▪ The shareholders own the company.
▪ The company is managed and controlled by its directors.

The directors have a stewardship role. They look after the assets of the company and manage them on
behalf of the shareholders. In small companies the shareholders may be the same people as the directors.
However, in most large companies, the two groups are different.

Page 5 of 203
The relationship between the shareholders of a company and the Board of Directors is also an application
of the general legal principle of agency. The concept of agency applies whenever one person or group of
individuals acts as an agent on behalf of someone else (the principal). The agent has a legal duty to act in
the best interests of the principal, and should be accountable to the principal for everything that he does
as agent. As agents of the shareholders, the board of directors should be accountable to the shareholders,
in order for the directors to show their accountability to the shareholders, it is a general principle of
company law that the directors are required to prepare annual financial statements, which are presented
to the shareholders for their approval.

Over time, the annual audit was developed as a way of adding credibility to the financial statements
produced by management. The statutory audit is now a key feature of Company Law throughout the
world. An auditor reports to the shareholders on the financial statements produced by a company's
management.

Accountability
It often means answerability and responsibility. (Management is accountable to shareholders)

Stewardship
Stewardship is the responsibility for taking good care of resources on behalf of someone else.
(Management acts as steward of shareholders’ investments)

Agency
Agency is a relationship between a principal (who engages the agent) and another party, (who is engaged
i.e. an agent), where the second party (agent) is authorised to carry out the principal's instructions in the
transactions with a third party.

(Management is an agent of shareholders)

Page 6 of 203
 Assurance Engagements

The practitioner examines the subject matter made available by the responsible party, matches it to the
suitable criteria using evidence and reports to the intended users.

Elements of an assurance engagement

1. An assurance engagement will require a three-party relationship comprising of:

a) The intended user who is the person who requires the assurance report.
b) The responsible party, which is the organisation responsible for preparing the subject matter to
be reviewed.
c) The practitioner (i.e. an accountant) who is the professional who will review the subject matter
and provide the assurance.

2. A second element which is required for an assurance engagement is suitable subject matter. The
subject matter is the data which the responsible party has prepared and which requires verification.

3. Thirdly this subject matter is then evaluated or assessed against suitable criteria in order for it to be
assessed and an opinion provided.

4. Fourth, the practitioner must ensure that they have gathered sufficient appropriate evidence in order
to give the required level of assurance.

5. Last, an assurance report provides the opinion which is given by the practitioner to the intended user

Types of assurance assignments

Reasonable assurance Limited assurance

An Assurance engagement in which the An assurance engagement in which the

practitioner reduces engagement risk to practitioner reduces engagement risk to a level
an acceptably low level in the that is acceptable in the circumstances of the
circumstances of the engagement as the engagement but where that risk is greater than
basis for the practitioner’s conclusion. for a reasonable assurance engagement

Page 7 of 203
 Example: External Audit Example: Review of financial statements

High level of assurance but NOT absolute or Moderate level of assurance

100%
The practitioner gathers sufficient evidence to be
A high but not absolute level of assurance is satisfied that the subject matter is plausible; in this
provided, this is known as reasonable case negative assurance is given whereby the
assurance. practitioner confirms that nothing has come to their
attention which indicates that the subject matter
contains material misstatements.

Sufficient appropriate evidence is obtained as Lesser testing-focus on obvious errors only

part of a systematic engagement process that (Analytical testing and Enquiry)
includes:
− Obtaining an understanding of the No going concern reviews
engagement circumstances
− Assessing risks The procedures undertaken are not nearly as
− Responding to assessed risks comprehensive as those in an audit, with
− Performing further procedures using a procedures such as analytical review and enquiry
combination of inspection, observation, used extensively. In addition, the practitioner does
external confirmation, re-calculation, re- not need to comply with ISAs as these only relate to
performance, analytical procedures and external audits.
inquiry.
Positive conclusion- Wording: Negative conclusion-Wording:
‘In our opinion the financial statements give (or “Nothing has come to light to suggest errors or
do not give) a true and fair view of the state of problems exist’'
the company’s affairs’.
The assurance is therefore given on the absence of
The phrases used to express the auditor’s any indication to the contrary.
opinion are ‘give a true and fair view’ or
‘present fairly, in all material respects’ which
are equivalent terms
Review engagements are often undertaken as an
alternative to an audit, and involve a practitioner
reviewing financial data, such as six-monthly
figures. This would involve the practitioner
undertaking procedures to state whether anything
has come to their attention which causes the
practitioner to believe that the financial data is not
in accordance with the financial reporting
framework.

Page 8 of 203
Assignments where no assurance is given

1. Agreed-upon procedures: A report on factual findings is given but no assurance expressed. Users must
judge for themselves and drawn their own conclusions

2. Compilation engagement: Users of the compiled information gain benefit from the accountant’s
involvement but no assurance is expressed. It is used to collect, classify and summarise financial
information. It means to present data in a manageable and understandable form.

External audit
It is a review and assessment of the financial records to form an overall conclusion as to whether:
- The financial statements have been prepared using acceptable accounting policies, which have been
consistently applied.
- The financial statements comply with all the relevant regulations and statutory requirements.
- Adequate disclosure of all material matters relevant to the proper presentation of financial
information has been made.

Objective of external audit engagements: “Opinion”: The auditor’s report contains a clear written
expression of opinion on the financial statements.

Important points to remember

• Auditors do not bear any responsibility for the preparation and presentation of the financial
statements, this is the responsibility of the directors
• There are many misconceptions about the role of the auditors, which are referred to as ‘the
expectations gap’. The expectations gap is the gap between what auditors do and what people think
they (should) do
• Statutory audits
✓ Required by law for most companies
✓ Small and dormant companies may be exempt
✓ Various other bodies require an audit under law, including Building societies, Some charities
- Non-statutory audits: Performed on various clubs, sole traders and partnerships because the
owners want them, not because it is legally needed

Page 9 of 203
General principles of external audit engagements
According to the International Standards on Auditing, the general principles of an audit are:

1. Compliance with Code of Ethics (IFAC’s)

2. Performance of an audit in accordance with ISAs
3. Audit with professional skepticism
4. Professional judgment
5. Sufficient appropriate audit evidence

Implied portion of an External Audit Opinion (only mention if material problem arises)

• Returns have been received from all branches

• Accounts agree to underlying records
• Proper accounting records have been maintained
• Information and explanations have been received
• Directors’ loans and transactions have been disclosed

Important Terms

True and Fair presentation

Financial statements are produced by management which give a true and fair view of the entity’s
results. The auditor in reviewing these financial statements gives an opinion on the truth and fairness
of them. Although there is no definition in the International Standards on Auditing of true and fair it is
generally considered to have the following meaning:

True – Information is factual and conforms with reality in that there are no factual errors. In addition it
is assumed that to be true it must comply with accounting standards and any relevant legislation. Lastly
true includes data being correctly transferred from accounting records to the financial statements.

Fair – Information is clear, impartial and unbiased, and also reflects plainly the commercial substance
of the transactions of the entity.

Those charged with governance – The person(s) with responsibility for overseeing the strategic
direction of the entity and obligations related to the accountability of the entity. This includes
overseeing the financial reporting process.

Management – The person(s) with executive responsibility for the conduct of the entity’s operations.

In some cases, all of those charged with governance are involved in managing the entity, for example,
a small business where a single owner manages the entity and no one else has a governance role

Page 10 of 203
 Engagement partner – The partner in the firm who is responsible for the audit engagement and its
performance, and for the auditor’s report that is issued on behalf of the firm, and who has the
appropriate authority from a professional, legal or regulatory body.

Professional judgment – The application of relevant training, knowledge and experience, within the
context provided by auditing, accounting and ethical standards, in making informed decisions about
the courses of action that are appropriate in the circumstances of the audit engagement.

Professional skepticism – An attitude that includes a questioning mind, being alert to conditions which
may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
Professional skepticism includes being alert to, for example:
• Audit evidence that contradicts other audit evidence obtained.
• Information that brings into question the reliability of documents and responses to inquiries to be
used as audit evidence.
• Conditions that may indicate possible fraud.
• Circumstances that suggest the need for audit procedures in addition to those required by the ISAs.

Materiality
The objective of an audit of financial statements is to enable the auditor to express an opinion on
whether the financial statements are prepared in all material respects, with an identified financial
reporting framework.

Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements.

The auditor must be concerned with identifying 'material' errors, omissions and misstatements. Both
the amount (quantity) and nature (quality) of misstatements need to be considered.

To put this into practice the auditor therefore has to set his own materiality levels – this will always be
a matter of judgement.

Inherent Limitations of audit/ Reasons why absolute assurance cannot be given

1. Sampling – it is not practical for an auditor to test 100% of transactions and so they have to apply
sampling methodologies in selecting balances/transactions to test. Therefore, there could be an error
in an item not selected for testing by the auditor.
2. Subjectivity – financial statements include judgmental and subjective areas and therefore the auditor
is required to use their judgment in assessing whether the financial statements are true and fair.
3. Inherent limitations of internal control systems – an internal control system is operated by people and
hence is liable to human error. In addition, there is the possibility of controls override by management
and of collusion and fraud. It is impossible to remove all of these inherent limitations and as the
auditor relies on the internal control systems, this can reduce the usefulness of the audit.

Page 11 of 203
4. Evidence is persuasive not conclusive – the opinion is based on audit evidence gathered; however,
while this evidence can indicate possible issues affecting the audit opinion, evidence involves
estimates and judgments and hence does not give a definite conclusion.
5. Even if everything reported on was examined and found to be satisfactory, there may be other items
which should have been included– the completeness problem.
6. Auditors plan their work to detect material errors and frauds only – so small frauds (or large frauds
split into many small amounts) may go unnoticed.

An external audit has a number of other issues which reduce its usefulness

1. Audit report format – the format of the opinion is determined by International Standards on Auditing.
However, the terminology used is not usually understood by non-accountants. This means that users
may not actually understand the audit opinion given.
2. Historic information – the audit report is often issued some time after the year end, and so the
financial information can be quite different to the current position. In the current marketplace where
companies’ financial positions can change quite quickly, the audit opinion may no longer be relevant
as it is out of date.
3. Auditors need to understand their clients in great depth if they are to understand how fraud could be
carried out and hidden. However, auditors cannot become too close to their clients or their
independence will be called into question.
4. Where auditors spot errors or fraud, their primary legal responsibility is to report this to management.
Any external reporting is hampered by rules on confidentiality.

Page 12 of 203
 Regulation of Auditors

Regulation, monitoring and Supervision

Each country's regulation of external audits will differ. Most regimes do have certain common elements
which we examine in detail below.

Briefly these are as follows:

a) Education and work experience: the IFAC has issued guidance on this

b) Eligibility: there may well be statutory rules determining who can act as auditors. Membership of an
appropriate body is likely to be one criterion.

c) Supervision and monitoring: these activities initially came under particular scrutiny in a number of
countries during the 1990s and these activities are again under the spotlight following the recent
global economic crisis. Questions have been asked about why auditors have failed to identify
impending corporate failures and whether they were being regulated strongly enough. The
supervision regime has come under particular scrutiny in countries where regulation and supervision
is done by the auditors' own professional body (self-regulation). Suggestions have been made in these
countries that supervision ought to be by external government agencies.

Eligibility to Act as Auditor

To be allowed to perform external audits, an individual must go through an approval process. The
individual must:
• Pass an approved set of examinations set by a Recognized Qualifying Body (RQB). Examples of an
RQB include the ACCA and the ICAEW;

• Become a member (and stay a member) of a Recognized Supervisory Body (RSB). The ACCA and the
ICAEW are also examples of RSBs.

In addition, the individual must not be either of:

• A director or employee of the client or any of its associated companies;

• A business partner or employee of a director or employee of the client, or any of its associated
companies.

Page 13 of 203
Duties of an external auditor
The auditor must consider the following;

Maintenance of adequate accounting records The auditor while performing his duties must
check whether proper and adequate accounting
records have been maintained and prepared.
Compliance with legislation It is the duty of an auditor to ensure that all the
applicable regulations have been complied with
while preparing the financial statements.
Verification of records The auditor’s duty is to examine, compare and
verify the accounting records and returns with the
financial statements. If the accounting records do
not agree with the financial statements or are
incomplete, then it is the duty of the auditor to
report this fact to the shareholders.
Truth and fairness It is the primary duty of the auditor to prepare a
report on the financial statements examined by
him and state whether, in his opinion and to the
best of his knowledge, the financial statements
provide:
➢ A true and fair state of affairs at the end of
accounting period, in the case of statement of
financial position (SOFP) and
➢ A true and fair view of the amount of profit or
loss during the accounting period, in the case
of statement of comprehensive income
(SOCI).
Adequate disclosure Another duty of an auditor is to ensure that the
financial statements and all the other material
disclosures are made in accordance with the
applicable statute. The auditor also needs to verify
whether all the payments and benefits accruing to
directors from the company are properly disclosed
in the accounts.

Page 14 of 203
Rights of an external auditor

The regulatory framework, within which the auditors are required to perform, provides them with certain
rights to perform their duties effectively
(i) A right of access at all times to the books, accounts and vouchers of the company.
(ii) A right to require from officers of the company such information and explanations as they
consider necessary for the performance of their duties.
(iii) A right to attend any general meetings of the company and to receive all notices of and
communications relating to such meetings which any member of the company is entitled to
receive.
(iv) A right to be heard at any general meeting on any part of the business of that meeting that
concerns them as auditors.
(v) A right, in the case of the auditors of a holding company, to request information and explanations
from subsidiaries of the holding company and their auditors.
(vi) Aright to make written representations when the company proposes to appoint auditors other
than them.
(vii) A right to requisition an extraordinary general meeting to consider any circumstances which
members or creditors ought to know about in connection with their resignation (which may be
affected at any time by giving written notice to the client setting out any such circumstances).

(viii) A right to give notice in writing requiring the holding of a general meeting for the purpose of
laying the accounts and report before the members.

Responsibilities of Directors

The directors and the auditors of a company are both appointed by the members of the company but
their duties are quite distinct.

Directors are appointed to fulfill the executive function of managing the company. In company law,
company directors also have specific responsibilities in relation to the accounting function.
(i) Directors are expected to safeguard the assets of the company.
(ii) The company is expected to keep accounting records sufficient to enable the directors to ensure
that the balance sheet and profit and loss account prepared under the Companies Act comply
with the Act. In practice, the directors will, in all but the smallest companies, delegate much
accounting work to employees of the company.
(iii) Directors are responsible for preventing errors, irregularities and fraud. This task should be
addressed by setting up appropriate controls within the company. There should be appropriate
measures in place to detect errors, irregularities and fraud which may occur. The auditors can
only be expected to carry out their work so as to have a reasonable expectation of detecting
material errors and fraud which may have occurred.
(iv) The directors must prepare financial statements for each financial year of the company. The
annual accounts are required to show a true and fair view of the state of affairs of the company

Page 15 of 203
 at the balance sheet date and of its profit or loss for the accounting period then ended, and to be
properly prepared in accordance with the Companies Act 1985.
(v) The directors are required to lay a copy of the annual accounts before the members in general
meeting. Under provisions introduced by the Companies Act 1989, a private company may
exempt itself from this requirement.
(vi) The directors must file a copy of the accounts with the Registrar of Companies within seven
months of the end of the accounting period in the case of public companies.

Appointment, Removal and Resignation of Auditors

There are various legal and professional requirements on appointment, resignation and removal of
auditors which must be followed.

Appointment of Auditors
▪ Usually, the external auditors are appointed by the shareholders at the annual general meeting (AGM)
of the company, and hold office until the next AGM. At the next AGM the auditors are re-appointed
by the shareholders, or different auditors are appointed.

However, directors may be allowed to appoint auditors in the following circumstances, as a matter of
practical convenience:
− To fill a 'casual vacancy'; for example, where the current auditor is no longer able to act
− To appoint the first auditor of a newly-formed company.

▪ An auditor appointed by the directors will normally hold office only until the next AGM, when they
will have to submit themselves for re-appointment by the shareholders.
▪ If neither the shareholders of the company nor its directors have appointed auditors, company law
may allow for an appropriate government department to make the appointment.
▪ In principle, the remuneration of the auditor is set by whoever appoints him. However, in practice,
where the shareholders make the appointment, it is usual to delegate to the board of directors the
power to set the auditor's remuneration. The directors are likely to be more familiar than the
shareholders with the nature and scope of the work involved in the audit process, and so the
appropriate level of fees for that work. (The board of directors may delegate the task of
recommending or approving the audit fee to the audit committee.)

Removal of Auditors
Key points

✓ Directors cannot remove the auditors themselves.

✓ Auditors Can be removed by a simple majority at a general meeting.
✓ The auditors should be given notice of such a meeting
✓ They are allowed to speak at the general meeting
✓ Deposit at the company’s registered office a statement of the circumstances connected with the
removal/resignation or a statement that there are no such circumstances. They can request an
Extraordinary General Meeting (EGM) of the company to explain the circumstances of the resignation.

Page 16 of 203
RESIGNATION: Sometimes it is necessary for the auditors to resign. If an auditor resigns, they should do
so in writing and they may wish to speak to the shareholders to explain their reasons

The procedures for the resignation of the current auditors will normally include the following:
– The resignation should be made to the company in writing. The company should submit this
resignation letter to the appropriate regulatory authority.
– The auditor should prepare a Statement of the Circumstances. This sets out the circumstances leading
to the resignation, if the auditor believes that these are relevant to the shareholders or creditors of
the company. If no such circumstances exist, the auditor should make a statement to this effect. This
statement should be sent:
• By the auditor to the regulatory authority
• By the company to all persons entitled to receive a copy of the company's financial statements
(principally the shareholders).

FORCED REMOVAL: Sometimes, the Board of Directors or some shareholders may wish to remove the
auditors. A General Meeting must be called so that the shareholders can vote on the proposal (via an
ordinary resolution). The auditor will normally be allowed to attend such a meeting and make statements
to the shareholders.

Alternatively, the auditor may require written statements to be circulated to the shareholders in advance
of the meeting.

Documentation should be filed with the appropriate regulatory authority

AUDITORS DO NOT WISH TO SEEK REAPPOINTMENT: Sometimes the auditors finish the annual audit and
decide they do not wish to audit the company in future years. As such, when the board asks them to
accept nomination for the following year, the auditors should politely decline and issue a Statement of
Circumstances.

International Standards on Auditing Standard Setting Procedure

International Federation of Accountants

The accounting profession believes in and practices both self-regulation and self-promotion. The
profession established and maintains the International Federation of Accountants (“IFAC”). IFAC is a
global organization comprising of 155 members and associates (mostly national professional institutes)
spread across 118 countries. Membership stands at more than 2.5 million accountants that come from
public practice, industry and commerce, the public sector as well as education backgrounds.

International Standards on Auditing (ISAs) are issued by the International Auditing and Assurance
Standards Board (IAASB) and provide guidance on the performance of an audit.

Page 17 of 203
ISAs only apply to the audit of historical financial information. They are written in the context of an audit
of financial statements by an independent auditor.

The ISAs contain basic principles and essential procedures together with related guidance in the form of
explanatory material and appendices. It is necessary to consider and understand the entire text of an ISA
to understand and apply the basic principles and essential procedures.

The basic principles and essential procedures of an ISA are to be applied in all cases. If in exceptional cases
the auditor deems it necessary to depart from an ISA to achieve the overall aim of the audit, then this
departure must be justified.

ISAs issued by the IAASB are not meant to override or supersede local auditing regulations. The reason for
the wide adoption is because of the fact that the IAASB has worked closely with many national standard
setters. By following the below diagrammed process the IAASB has managed to:
o Cooperate with national standard setters,
o Help minimise duplication of efforts and
o Gain support and acceptance of their standards during the early stages of their development

In addition, the IAASB also hosts an annual meeting with various national auditing standard setters to
discuss and debate proposed ISAs and drafts. In this way the board can reach a consensus with local
standard setters at an early stage of development for the ISAs.

Overall, it can be said that the relationship that ISAs share with national standards is one of co-existence.
By working closely with various local standard setters, the IAASB has helped to make adoption /
integration of ISAs an almost seamless process in many countries.

Page 18 of 203
The process of producing an ISA is as follows;

Research and consultation

A project task force is established to develop a draft standard or practice statement.

Transport debate
A proposed standard is discussed at a meeting, open to the public

Exposure for public comment

Exposure drafts are put on the IAASB’s website and widely distributed for comment for a
minimum of 120 days.

Consideration of comments
Any comments as a result of the exposure draft are considered at an open meeting of the
IAASB, and it is revised as necessary.

Affirmative approval
Approval is made by the affirmative vote of at least 2/3 of IAASB members.

Page 19 of 203
Application of ISAs to Small and Medium Sized Entities

Introduction
The IAASB is strongly of the view that an ‘audit is an audit’ and that users who receive audit reports
expressing an opinion have to have confidence in those opinions whether they are in relation to large or
small entity financial statements. However, the IAASB have recognised the importance of those who audit
small and medium sized entities (SMEs) and in clarifying the ISAs was heavily influenced by their needs

Qualitative characteristics of a smaller entity

These are identified by ISA 200 as follows:
a) Concentration of ownership and management in a small number of individuals; and
b) One or more of the following:
i. Straightforward or uncomplicated transactions
ii. Simple record-keeping
iii. Few lines of business and few products within business lines
iv. Few internal controls
v. Few levels of management with responsibility for a broad range of controls; or
vi. Few personnel, many having a wide range of duties

Considerations specific to SME entities

The structure of the ISAs means they are suitable for SMEs. Notably they include:
▪ A separate section for requirements to help readability and clarification of conditional requirements
▪ Requirements capable of being applied proportionately
▪ Additional guidance specific to SME audits

Small Company Audit Exemption

The majority of companies are required by national law to have an audit. A key exception to this
requirement is that given to small companies. Many EC countries have a small company exemption from
audit that is based on the turnover and total assets at the year-end.

The main reasons for exempting small companies are:

– For owner-managed companies, those receiving the audit report are those running the company (and
hence preparing the accounts!)
– the advice/value which accountants can add to a small company is more likely to concern other
services, such as accounting and tax, rather than audit and which may also give rise to a conflict of
interest under the ethics rules
– the impact of misstatements in the accounts of small companies is unlikely to be material to the wider
economy
– It may also not be cost beneficial for the small entities.

Page 20 of 203
 Code of Ethics

As the auditor has to be ethical in his dealings with clients, ACCA publishes guidance for its members in
its Code of Ethics and Conduct. This guidance is given in the form of fundamental principles, guidance and
explanatory notes.

The IESBA (International Ethics Standards Board for Accountants), a body of IFAC, also lays down
fundamental principles in its Code of Ethics for Professional Accountants. The fundamental principles of
the two associations are extremely similar.

Fundamental Principles

1. Integrity: Members should be straightforward and honest in all professional and business
relationships. Auditors should not knowingly be associated with reports, returns, communications or
other information where they believe that the information contains a materially false or misleading
statement.
2. Objectivity: Members should not allow bias, conflicts of interest or undue influence of others to
override professional or business judgements.

3. Professional competence and due care: to maintain professional knowledge and skill at the level
required to ensure that a client receives competent professional services, and to act diligently and in
accordance with applicable technical and professional standards.

4. Confidentiality: Members should respect the confidentiality of information acquired as a result of

professional and business relationships and should not disclose any such information to third parties
without proper and specific authority
There are, however, circumstances where auditors may disclose information to third parties without
first obtaining permission. These can be categorised as obligatory and voluntary disclosures.

Obligatory: Auditors are obliged to make disclosure where, for example, there is a statutory right or
duty to disclose, such as if the auditor suspects the client is involved in money laundering, terrorism
or drug trafficking in which case they must immediately notify the relevant authorities.

In addition, auditors must make disclosure if compelled by the process of law, for example under a
court order or summons, under which they are obliged to disclose information.

Page 21 of 203
 Voluntary
In certain circumstances auditors are free, as opposed to obliged, to disclose information without
obtaining the client’s permission first. These circumstances can be categorised into the four areas
below:

Public interest – An auditor may disclose information which would otherwise be confidential if
disclosure can be justified in the ‘public interest’. This would be perhaps if those charged with
governance are involved in fraudulent activities;

Protect a member’s interest – Members/auditors may disclose information to defend themselves

against a negligence action, disciplinary proceedings or if suing for unpaid fees;

Authorised by statute/laws – There are cases of express statutory provision where disclosure of
information to a proper authority overrides the duty of confidentiality;

Non-governmental bodies – Auditors may be approached by non-governmental bodies seeking

information concerning suspected acts of misconduct not amounting to a crime or civil wrong.
Disclosure should only be made to those bodies with statutory powers to compel disclosure.

5. Professional behaviour: Members should comply with relevant laws and regulations and should avoid
any action that discredits the profession.

Threats to compliance with the fundamental principles

There are five general sources of threat (explanation of the threats are given in the table with examples
later):

1. Self-interest threat (for example, having a financial interest in a client)

2. Self-review threat (for example, auditing financial statements prepared by the firm)
3. Advocacy threat (for example, promoting shares in a listed entity when that entity is a financial
statement audit client)
4. Familiarity threat (for example, an audit team member having family at the client)
5. Intimidation threat (for example, threats of replacement due to disagreement)

The exam: Once you have identified a threat from the scenario, you will need to name the threat, explain
WHY it is a threat and tell the safeguard.

Important terms
QCR: Quality Control Review (independent partner review)- Having a professional accountant who was
not involved with the non-assurance service review the non-assurance work performed

Page 22 of 203
Public interest entities are:
(a) All listed entities; and
(b) Any entity:
i. Defined by regulation or legislation as a public interest entity; or
ii. For which the audit is required by regulation or legislation to be conducted in compliance with
the same independence requirements that apply to the audit of listed entities. Such regulation
may be circulated by any relevant regulator, including an audit regulator

Ethical Threats
Self-interest: auditor’s judgment or behaviour compromised due to financial or other interest in the
client.

Self-Review- auditor will not appropriately evaluate the results of a previous judgment made/or
service performed by him (i.e. when he reviews his own work, he won’t identify or report errors in
his work)

Familiarity: auditor’s judgment compromised due to a long or close relationship with a client. The
auditor will be too sympathetic to their interests or too accepting of their work.

Advocacy: auditor will promote a client’s position to the point that his objectivity is compromised.

Intimidation: the threat that the auditor will not act objectively because of actual or perceived
pressures, including attempts to exercise undue influence over the auditor
Gifts and hospitality - Need to check if allowed by local laws and
Threats to integrity, objectivity and professional regulations
behavior - Can only accept if trivial and no intention to
 self-interest influence behavior
 familiarity
Compensation and evaluation: When an audit CANNOT evaluate or compensate a key audit
team member is evaluated on or compensated partner based on that partner’s success in selling
for selling non-assurance services to that audit non-assurance services to the partner’s audit
client, client.

Threat: QCR: Have an appropriate reviewer review the

 self-interest work of the audit team member.

Fee dependence Listed clients:

When the total recurring fees from an assurance If gross recurring fee from one client greater than
client represent a large proportion of the 15% of the firm’s revenue for two consecutive years,
total fees of the firm, firm will be worried about - Tell client’s TCWG
losing the client

Page 23 of 203
 - Independent QCR or external QCR before OR
Threats: after issuing 2nd year’s opinion
 self-interest
 intimidation Other clients:
- Try to reduce dependence (increase client base)
- External QCR
Overdue fee: - QCR
Perceived as a loan to the client if it remains - At least partial recovery or recovery plan before
unpaid for a long time starting new work
- If outstanding for a long time, consider not
Threats: accepting reappointment as the auditor
 self-interest
 intimidation
Contingent fee - Not permitted for audit
Contingent fees are fees calculated on a
predetermined basis relating to the outcome of
a transaction or the result of the services
performed.

Threats:
 self-interest
 advocacy
Serving as a Director or Officer of an Audit - No allowed.
Client
Threats:
 self-interest
 self-review
Long association Listed entity
When an individual is involved in an audit The engagement partner-not more than 7
engagement over a long period of time cumulative years with 5 years cooling off period
Threats: Quality control reviewer- not more than 7
 self-interest cumulative years with 3 years cooling off period
 familiarity
CAN be extended to an extra year IF rotation is not
possible for genuine reasons. Need to inform client’s
TCWG about this and the safeguards that are being
implemented to manage this.

Page 24 of 203
 In the cooling off period, CANNOT participate in the
audit or, provide quality control for the
engagement, or consult with the engagement team
or the client regarding technical or industry-specific
issues or have significant or frequent interaction
with senior management etc.

Private clients
- Depends on the firm’s structure and seniority of
the people involved
- Rotate members
- QCR, External QCR
Recent Service with an Audit Client - Consider the position he was at and the role he
If an audit team member has recently served as now has in the team
a director or officer, or employee of the audit - Remove from team if worked at the client in the
client. year being audited at a position to exert
Threats: significant influence over the subject matter.
 self-interest (remember, the F/s contain comparatives as
 self-review well so the same safeguard would apply if he has
 familiarity worked in the previous year as well)
- QCR if he has already done some work at the
client

Temporary staff assignments (secondment): Ensure

Lending of staff to the client - only for a short period of time
- seconded staff should not assume management
Threats: responsibilities
 self-review
- the audit client is responsible for directing and
 familiarity
supervising the activities of the personnel.
 advocacy
- Should ideally then not be made a part of the
 management threat
audit team when he comes back to the firm after
secondment (Not including the loaned
personnel as an audit team member might
address a familiarity or advocacy threat).
Employment with the client: the director or a • Ensure no significant connection remains
senior member of the audit client has been a between the firm and the individual ( e.g.
member of the audit team or partner of the firm material amounts owed by the firm to the
in the past individual, participation in firm’s professional
activities etc)
- Modify the audit plan;

Page 25 of 203
Threats: - Assign individuals to the audit team who
 self-interest have sufficient experience in relation to the
 familiarity individual who has joined the client; or
 intimidation - QCR of the former member of the audit
team.

Considering a job offer at the client

- Removing the individual from the audit team; or
- A review of any significant judgments made by
that individual while on the team.
Family and personal relationship Remove from team if the relationship is with a
Threats: senior person at the client with influence over the
 self-interest f/s.
 familiarity
 intimidation If not, consider work allocated to the team
member(Structuring the responsibilities of the audit
team so that the professional does not deal with
matters that are within the responsibility of the
immediate family member.)

Business relationship - If material to the firm/individual, not allowed

- Commercial relationship
- Common financial interest - Buying goods/services is okay if normal course
of business and arm’s length transaction
Examples:
❖ joint venture with the client or a controlling
owner/ director;
❖ formal marketing of each other’s product;
❖ combine the services of the firm with those
being offered by client and market the
package

Threats:
 self-interest
 intimidation (due to actual or perceived
pressure about losing the audit
assignment)

Page 26 of 203
Loan and guarantees Okay ONLY IF in normal course of business
(Taking a loan from the client or giving a under normal lending conditions
guarantee for the client’s loan) QCR

Threat:
 self-interest

Financial interest Team member/firm’s financial interest in a client:

Threats: Direct- not allowed
 self-interest (threat to objectivity and Material indirect-not allowed
confidentiality)

Conflict of interest In general, the more direct the connection between

Objectivity affected. the professional service and the matter on which the
parties’ interests conflict, the more likely the level of
Examples of circumstances that might create a the threat is not at an acceptable level.
conflict of interest include:
 Providing advice to two clients at the same Examples of actions that might be safeguards to
time where the clients are competing to address threats created by conflicts of interest
acquire the same company and the advice include:
might be relevant to the parties’ Notify all parties (disclose the nature of the
competitive positions. conflict of interest and how any threats created
 Advising a client on buying a product or were addressed to the relevant parties)
service while having a royalty or commission - Get Written consent from the affected
agreement with a potential seller of that clients to act
product or service. - Segregation of teams
- Confidentiality guidelines and agreement
- Regular QCR

Lowballing Quality to be ensured (ensure ISAs followed and

Where audit firms offer reduced (or unrealistic) sufficient appropriate evidence gathered)
fees to sign new audit clients
QCR
Threat:
self-interest (threat to compliance with the
principle of professional competence and due
care)

Page 27 of 203
 Non-assurance services to audit clients
Assuming Management responsibility for an Generally, the threat is so significant that no
audit client. safeguard is possible.

If not related to decision making (e.g. routine and

They involve responsibilities involve controlling,
administrative like filing returns), ensure client
leading and directing an entity, including making
management makes all judgments and decisions
decisions regarding the acquisition, deployment
that are the proper responsibility of management.
and control of human, financial, technological,
physical and intangible resources.

Threats
 Self-review
 self-interest threats
 familiarity threat

Accounting and bookkeeping services

Accounting and bookkeeping services comprise Audit Clients that are Listed- Not allowed.
a broad range of services including:
- Preparing accounting records and financial Other clients: may provide accounting and
statements. bookkeeping services if a routine or mechanical
- Recording transactions. if safeguards are implemented.

- Payroll services.
Safeguards for routine and mechanical services:

Threat - Segregation of teams: Using professionals who

 Self-review are not audit team members to perform the
service.
Accounting and Bookkeeping Services that are - QCR: Having an appropriate reviewer who was
Routine or Mechanical. not involved in providing the service review the
audit work or service performed
Accounting and bookkeeping services that are
routine or mechanical in nature require little or
no professional judgment. Some examples of
these services are:
- Preparing payroll calculations or reports
based on client originated data for approval
and payment by the client.
- Recording recurring transactions for which
amounts are easily determinable from
source documents or originating data, such
as a utility bill where the client has

Page 28 of 203
 determined or approved the appropriate
account classification.
- Calculating depreciation on fixed assets
when the client determines the accounting
policy and estimates of useful life and
residual values.

Valuation Audit Clients that are Listed: not allowed if the

Threats valuation service would have a material effect
 Self-review on the F/S.
 Advocacy
Audit Clients that are Not Listed: not allowed if
the valuation involves a significant degree of
subjectivity and the valuation will have a
material effect on the financial statements on
which the firm will express an opinion.

(Certain valuations do not involve a significant

degree of subjectivity. This is likely to be the case
when the underlying assumptions are either
established by law or regulation, or are widely
accepted and when the techniques and
methodologies are prescribed by law or regulation).
Safeguards to be implemented to address threats if
immaterial and doesn’t involve significant degree of
judgment:
- Segregation of teams
- QCR
Internal audit
Internal audit services involve assisting the audit Audit Clients that are Listed: Not allowed if they
client in the performance of its internal audit relate to a significant part of the internal
activities. controls over financial reporting or relate
amounts/disclosures that are material
Threat
 Self-review (the results of internal audit Safeguards for self-review and management
service might be used in conducting the threats for clients that aren’t Listed or for
external audit). internal audit service that don’t relate to
 Performing a significant part of the client’s financial reporting:
internal audit activities increases the - Segregation of teams

Page 29 of 203
 possibility that firm will assume a - The client designates an appropriate and
management responsibility. competent senior management to be
responsible at all times for internal audit
activities
- The client acknowledges responsibility for
designing, implementing, monitoring and
maintaining internal control.
- The client evaluates and determines
which recommendations resulting from
internal audit services to implement and
manages the implementation process

IT systems Audit Clients that are Listed: NOT Allowed to if

Services related to IT systems include the design relate to the internal control over financial
or implementation of hardware or software reporting
systems.

Threat: For pvt clients/other IT systems not related to

 Self-review financial reporting:
 Assuming management responsibility - Segregation of teams
- The client has to acknowledge its
responsibility for establishing and
monitoring a system of internal controls
- The client should make all management
decisions with respect to the design and
implementation process;

Recruitment services to an audit client For ALL audit clients

Threats Cannot act as a negotiator on the client’s behalf
 Self-interest,
 Familiarity Cannot provide a recruiting services (related to
 intimidation searching for candidate and conducting
 assuming management responsibility reference checks) to an audit client with respect
to the following positions:
- A director or officer of the entity; or
- A member of senior management in a
position to exert significant influence over
the preparation of the F/S

Page 30 of 203
 For other positions (excluding the above)
- The client makes all management decisions with
respect to the hiring process, including
determining the suitability of prospective
candidates and selecting suitable candidates for
the position and determining employment
terms and negotiating details, such as salary,
hours and other compensation.

Taxation services to an audit client Tax return preparation- no threat!

Threats ALL audit clients
 Self-review (Preparing calculations of Allowed. Ensure management takes responsibility
current and deferred tax liabilities (or for the return
assets) for an audit client for the purpose of
preparing accounting entries that will be Providing tax return preparation services does not
subsequently audited by the firm, Providing usually create a threat.
tax planning and other tax advisory services)

 Advocacy (Providing tax planning and other Tax return preparation services are usually based on
tax advisory services, assistance in historical information and principally involve
resolution of tax disputes) analysis and presentation of such historical
information under existing tax law, including
precedents and established practice. Further, the
tax returns are subject to whatever review or
approval process the tax authority considers
appropriate.

Tax Calculations for the Purpose of Preparing

Accounting Entries-self-review

Audit Clients that are Listed: NOT allowed if material

to the F/S.

Audit Clients that are Not Listed:

- Segregation of teams
- QCR

Page 31 of 203
Tax Planning and Other Tax Advisory Services self-
review and advocacy
Tax planning or other tax advisory services comprise
a broad range of services, such as advising the client
how to structure its affairs in a tax efficient manner
or advising on the application of a new tax law or
regulation.

Allowed if immaterial and the advice provided as a

result of the tax planning and other tax advisory
services:
- Is clearly supported by a tax authority or other
precedent.
- Is an established practice.
- Has a basis in tax law that is likely to prevail.

Safeguard to be put in place:

- Segregation of teams
- QCR

Assistance in the Resolution of Tax Disputes-

advocacy
A tax dispute might reach a point when the tax
authorities have notified an audit client that
arguments on a particular issue have been rejected
and either the tax authority or the client refers the
matter for determination in a formal proceeding, for
example, before a public tribunal or court.

Not allowed if relates to material amounts and/or

the services involve acting as an advocate for the
audit client before a public tribunal or court in the
resolution of a tax matter

Otherwise:
- Segregation of teams
- QCR

Page 32 of 203
 LEGAL SERVICES Not allowed if relates to material amounts and
Threats involve judgment
 Self-review
 Advocacy

Some intimidation examples-

- Being asked to reduce extent of work to reduce fee
- Team members feels pressured to agree with client’s judgment as client has more expertise

Some advocacy examples

- Being asked to accompany the client to a meeting with the bank/lender
- Being asked to promote the client at a conference
- Providing legal services to the audit client
- Providing tax planning and other tax advisory services etc.

Steps the Auditors Should Take in Relation to Breaches in Ethical Code

• Take remedial action (apply safeguards or withdraw if the threat is too significant to be mitigated by a
Safeguard)
• Consider legal or regulatory requirements regarding reporting the breach of code of ethics where
applicable
• Communicate to the firm's ethics partner
• Communicate to client's TCWG where applicable (i.e. when a safeguard has been applied)
• Evaluate whether this can affect the firm's ability to issue an audit report

Answer Technique

1. Identify the threat by using words from the scenario.

2. Write the name of the threat and explain it! For example, it is not enough to write this is ‘self-
interest’. Explain HOW self-interest will affect the auditor’s objectivity.
3. Write the safeguard.

Page 33 of 203
 Client Acceptance/Client Continuation

The Audit Process

Obtaining/Accepting Tests of Substantive Opinion/

Planning Review
Clients Controls Procedures Report

Obtaining audit engagements

Advertising, Publicity and Obtaining professional work

Members:
• Should not obtain or seek work in an unprofessional manner
• Can advertise, but should have regard to relevant advertising codes and standards
• Should not make disparaging references to or comparisons with the work of others

Audit fee
• It is estimated according to charge out rates and work planned
• Lowballing is offering audit services at less than the market rate; undercutting others in a tender
• It can be an independence threat as such a fee is less than the work is worth
• However, audit does have a fluctuating market price and firms can reduce fees

Steps Before Accepting an Audit Client

Outgoing auditor- Professional Client- related issues Practitioner-related issues

etiquette letter (Audit firm)

The auditor should communicate 1. Formalities (of removal of 1. Any issues which might
with the outgoing auditor the outgoing auditor fulfilled) arise which could
client to assess if there are any threaten compliance with
ethical or professional reasons 2. Reputation and integrity of the ACCA’s Code of Ethics and
why they should not accept client’s management assessed- Conduct or any local
appointment. If necessary, the firm may want legislation, including
to obtain references if they do independence and
They should obtain permission not formally know the directors conflict of interest with
from the client’s management to existing clients. If issues
contact the outgoing auditor; if 3. Consider the level of risk arise, then their
this is not given, then the attached to the audit whether significance must be
engagement should be refused. this is acceptable to the firm. As considered.

Page 34 of 203
 part of this, they should
The previous auditor must obtain consider whether the expected 2. Whether they are
permission from the client’s audit fee is adequate in relation competent to perform
management to respond; if not to the risk auditing the client the work and whether
given, then the auditor should they would have
refuse the engagement. appropriate resources
Client screening (especially human
The purpose of client screening resource and time!)
procedures is to determine whether available, as well as any
the prospective client is suitable for specialist skills or
the firm. knowledge required for
the audit
The firm should evaluate the
potential risk to the firm of
acceptance.

When a client is deemed to

represent a high audit risk to the
firm, the firm should carefully
consider the implications arising
should it fail in meeting its objective
of giving an accurate audit opinion.
If the firm is not confident that the
benefit to be derived from
accepting the appointment
outweighs the potential risks
(including financial and reputational
risk of being sued), then the firm
should decline the appointment.

Indicators of high-risk clients

include:
Poor performances, lack of finance,
odd accounting, unskilled finance
director, significant related party or
unusual transactions

Factors to consider:
- The state of the economic
sector in which the client
operates (a depressed sector
may indicate risk).

Page 35 of 203
 - The client’s previous audit
history (frequent changes of
auditors, and/or qualified
reports, are obviously bad
news).
- The experience and
qualifications of the company’s
management and their attitude
towards controls.
- The current operating and
financial position of the
company.
- Directors’ understanding of
External Auditor’s role and their
own responsibilities
- The accounting policies used
- Evidence of client involvement
in fraudulent or illegal activities.
- Management permission or
refusal to allow auditors to
examine significant documents,
such as the minutes of
directors’ meetings.

Preconditions for an audit

ISA 210 Agreeing the Terms of Audit Engagements provides guidance to auditors on the steps they should
take in accepting a new audit or continuing on an existing audit engagement. It sets out a number of
processes that the auditor should perform including agreeing whether the preconditions are present,
agreement of audit terms in an engagement letter, recurring audits and changes in engagement terms.

Preconditions for an Audit

1. Determine whether the financial reporting framework to be applied in the preparation of the financial
statements is acceptable.

2. Obtain the agreement of management that it acknowledges and understands its responsibility:
(i) For the preparation of the financial statements in accordance with the applicable financial
reporting framework, including where relevant their fair presentation
(ii) For such internal control as management determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error; and
(iii) To provide the auditor with:

Page 36 of 203
 a. Access to all information of which management is aware that is relevant to the preparation
of the financial statements such as records, documentation and other matters;
b. Additional information that the auditor may request from management for the purpose of
the audit***; and
c. Unrestricted access to persons within the entity from whom the auditor determines it
necessary to obtain audit evidence

***Additional information: Additional information that the auditor may request from management for
the purpose of the audit may include when applicable, matters related to other information in accordance
with ISA 720 (Revised). When the auditor expects to obtain other information after the date of the auditor’s
report, the terms of the audit engagement may also acknowledge the auditor’s responsibilities relating to
such other information including, if applicable, the actions that may be appropriate or necessary if the
auditor concludes that a material misstatement of the other information exists in other information
obtained after the date of the auditor’s report.

Agreeing Terms of Engagement

Engagement letter (compulsory for every new engagement; sent before the audit starts)

Purpose of an engagement letter

An engagement letter provides a written agreement of the terms of the audit engagement between the
auditor and management or those charged with governance.

It confirms that there is a common understanding between the auditor and management, or those
charged with governance, of the terms of the audit engagement helps to avoid misunderstandings with
respect to the audit.

Contents of an engagement letter

Matters which should be included in the engagement letter include:
- The objective and scope of the audit;
- The auditor’s responsibilities;
- Management’s responsibilities;
- Identification of the applicable financial reporting framework for the preparation of the financial
statements;
- Expected form and content of any reports to be issued by the auditor and a statement that there may
be circumstances in which a report may differ from its expected form and content;
- Elaboration of the scope of the audit with reference to legislation;
- The form of any other communication of results of the audit engagement;
- The requirement for the auditor to communicate key audit matters in accordance with ISA 701
Communicating Key Audit Matters in the Independent Auditor’s Report;

Page 37 of 203
- The fact that some material misstatements may not be detected;
- Arrangements regarding the planning and performance of the audit, including the composition of the
audit team
- The expectation that management will provide written representations;
- The expectation that management will provide access to all information relevant to or affecting the
financial statements
- The basis on which fees are computed and any billing arrangements;
- A request for management to acknowledge receipt of the audit engagement letter and to agree to
the terms of the engagement;
- Arrangements concerning the involvement of internal auditors and other staff of the entity;
- Any obligations to provide audit working papers to other parties;
- Any restriction on the auditor’s liability; and
- Arrangements to make available draft financial statements and any other information.

Changes to engagement letters

Engagement letters for recurring/existing clients should be revised if any of the following factors are
present:
- Any indication that the entity misunderstands the objective and scope of the audit, as this
misunderstanding would need to be clarified.
- Any revised or special terms of the audit engagement, as these would require inclusion in the
engagement letter.
- A recent change of senior management or significant change in ownership. The letter is signed by a
director on behalf of those charged with governance; if there have been significant changes in
management, they need to be made aware of what the audit engagement letter includes.
- A significant change in nature or size of the entity’s business. The approach taken by the auditor may
need to change to reflect the change in the entity and this should be clarified in the engagement
letter.
- A change in legal or regulatory requirements. The engagement letter is a contract; hence if legal or
regulatory changes occur, then the contract could be out of date.
- A change in the financial reporting framework adopted in the preparation of the financial statements.
The engagement letter clarifies the role of auditors and those charged with governance, it identifies
the reporting framework of the financial statements and if this changes, then the letter requires
updating.
- A change in other reporting requirements. Other reporting requirements may be stipulated in the
engagement letter; hence if these change, the letter should be updated.

Page 38 of 203
What if Management Refuses to Sign the Engagement Letter?
Actions in respect of the engagement letter not being signed
– Discuss the matter again with the directors in an attempt to reach a suitable compromise.
– Remind the directors that statutory audits require the directors to make all the necessary information
and explanations available to the auditor.
– Explain that lack of information on the website will result in a limitation in scope of the audit work.
– Further explain that because the lack of evidence appears to relate to a material amount that the
auditor’s report will have to be modified with an ‘except for’ qualification due to the lack of
information and the possibility of misstatement of non-current assets.
– Finally note that auditor may have to decline to work for the entity unless suitable terms of
engagement can be agree

Page 39 of 203
 Audit Planning
The Audit Process

Obtaining/Accepting Tests of Substantive Opinion/

Planning Review
Clients Controls Procedures Report

Importance of audit planning

1. It helps the auditor to devote appropriate attention to important areas of the audit.
2. It helps the auditor to identify and resolve potential problems on a timely basis.
3. It helps the auditor to properly organise and manage the audit engagement so that it is performed in
an effective and efficient manner.
4. It assists in the selection of engagement team members with appropriate levels of capabilities and
competence to respond to anticipated risks and the proper assignment of work to them.
5. It facilitates the direction and supervision of engagement team members and the review of their
work.
6. It assists, where applicable, in the coordination of work done by experts

An exam focused overview

The Planning stage of audit- An overview
Planning

Audit Strategy Audit Plan

(Overall approach to audit) (Detailed implementation of strategy)
a) Understanding the client e) Description of risk assessment procedures
b) Audit Risk f) Description of further audit procedures
c) Materiality
d) Scope, timing, direction

a) Understanding the client, its environment and the financial reporting framework and
components of systems of internal controls: organizational structure, ownership governance,
business models, industry, regulatory and other external factors. Measures used to assess financial
performance, internal and external. The applicable reporting framework and accounting policies as
well as reasons for changes. Understanding the components of systems of internal controls.
b) Risk assessment
➢ Through the understanding gained
➢ Through Analytical procedures.

Page 40 of 203
 o Analytical procedures: evaluate financial information by analysing plausible relationships
among both financial and non-financial data.
o These procedures are conducted at the planning stage to assess the risk of material
misstatement in the financial statements. Examples are given below.
- Compare client’s F/S with prior periods
- Compare client’s F/S with budgets/forecasts
- Compare client’s F/S with similar industry information ( sales to accounts receivable ratio)
- Compare client’s F/S with auditor’s own expectations ( proof in total)
- Evaluate relationships among elements of F/S that are expected to have a predictable
pattern based on client’s previous experience
- Evaluate relationship between financial and non-financial data ( payroll cost to number of
employees, revenue to sales volume)

Explanation of the term Audit Risk

Audit Risk: Is the risk that the auditor might give an incorrect opinion when the F/S are materially
misstated. Audit Risk has two components ( Risk of material misstatement in F/S and Detection Risk)
Audit Risk

Risk of material misstatement in the F/S Detection Risk

(Risk that the F/S might be materially misstated before ( risk that the auditor’s procedures will
the audit) not detect misstatements in the F/S)

Inherent Risk Control Risk Possible reasons for high detection risk
include:
( Risk that a class of ( risk that a material
transaction/account misstatement in a class of - inadequate planning
balance/disclosure is transaction/account - audit team related issues
misstated before balance/disclosure will not be - lack of professional scepticism
considering any prevented/detected/corrected - inadequate supervision and review of
controls) by the client’s internal control work
because controls are not - incorrect audit procedures
designed or implemented - improper sample selection
properly)
-

Important: If risk of material misstatements in financial statement is high, the auditor will need to
reduce detection risk in order to decrease audit risk.
c) Materiality: Misstatements, including omissions, are considered material if they are expected to
influence the economic decisions of users taken on the basis of the financial statements.

Page 41 of 203
 Auditor’s determination of materiality is a matter of professional judgment.
 Material by amount for F/S as a whole: The exam: 5% of PBT, 1% of Total Assets, 0.5% of
Revenue
 Material by nature: related party transactions, Bank, items which affect debt covenants. Items
which affect statutory items ect.)
 Materiality may be revised at a later stage in audit ( for example if auditor gets new information,
or if there is a change in auditor’s understanding of the client)
 Performance materiality ( should be lower than the overall materiality level) The amount of
performance materiality is considered necessary to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements is greater than
materiality.

Important: Risk and materiality are inversely proportional!

d) Scope:
✓ locations/branches
✓ financial reporting framework
✓ any industry specific regulation that apply
✓ need of experts
✓ reliance on internal auditor’s work
✓ use of service org by client (outsourced functions)
✓ use of computer aided audit techniques (CAATs) by the auditor

Timing:
✓ reporting deadlines
✓ meetings with the management/TCWG
✓ expected communication with the management
✓ team meetings
✓ review of audit work by audit partner.

Direction:
✓ Controls plus substantive or mainly substantive (to be explained later)

Page 42 of 203
 Answer Technique

Risk of material misstatement

1. Identify risk by using words from the scenario
2. If possible, write the relevant accounting treatment.
3. Explain the risk; ensure you mention WHICH are of the financial statements is at the risk of
understatement or overstatement or misstatement. The answer HAS to end by explaining chances of
fraud/error in financial statements ( could be in an amount or a disclosure)

Detection risk
1. Identify from the scenario
2. Explain HOW it would increase the chances of the AUDITOR not being able to detect material
fraud/error.

Risk response
This is the area students struggle with the most.
This is simply the AUDITOR’s plan for the risk areas (i.e. what further work will the auditor do on the risky
areas identified above).

The plan could be ( some example)…

- The auditor will test the controls in this area
Or
- The auditor will perform substantive procedures like XXXXX later
Or
The auditor will have a look this at the review stage of audit by performing these XXXXXX procedures
Examples are given further along in the notes.

Details of the overview that has been covered above

Audit Strategy: An audit strategy sets the scope, timing and direction of the audit and guides the
development of the more detailed audit plan.

Audit plan: Once the overall strategy has been planned, detailed consideration can be given to each
individual audit objective and how it can be best met.

Page 43 of 203
A. UNDERSTANDING THE CLIENT/ KNOWLEDGE OF THE BUSINESS
The auditor obtains an understanding of the entity, its control environment and its detailed internal
controls:

➢ to identify and assess the risks of material misstatements in the financial statements and to provide
a basis for designing and implementing responses to these risks
➢ to determine the extent to which the auditor would rely on the internal control system.
➢ to assess whether the team is competent to perform the audit
➢ To understand relevant law and regulations impacting the entity
➢ To consider the reliability of various evidence sources.

WHAT MUST THE AUDITOR UNDERSTAND?

1. Understanding the Entity and Its Environment

The auditor should gain understanding about the following factors:
• The entity’s organizational structure-The complexity of the entity’s structure e.g., it could be a single
entity or have subsidiaries and associates
• Ownership and governance-to understand related party transactions and whether owners are involved
in running the business
• Business model, including the extent to which the business model integrates the use of IT-whether an
integrated IT system is used or some parts are outsourced to service organizations. Understand the
Understanding the entity’s objectives, strategy and business model helps the auditor to understand
the entity at a strategic level, and to understand the business risks the entity takes and faces
• Industry, regulatory and other external factors-Relevant industry factors include industry conditions
such as the competitive environment, supplier and customer relationships, and technological
developments. Other regulatory requirements may include labor, environmental laws and tax
legislations
• The measures used, internally and externally, to assess the entity’s financial performance-the auditor
should understand Key indicators used for evaluating financial performance like KPIs and key ratios,
trends and operating statistics. Trend analysis, variance analysis with budgets, employee performance
measures.

Page 44 of 203
2. Understanding the Applicable Financial Reporting Framework
Auditor needs to understand:
• Accounting principles and industry-specific practices, including for industry-specific significant classes
of transactions, account balances and related disclosures in the financial statements (for example, loans
and investments for banks, or research and development for pharmaceuticals).
• Revenue recognition.
• Accounting for financial instruments, including related credit losses.
• Foreign currency assets, liabilities and transactions.
• Accounting for unusual or complex transactions including those in controversial or emerging areas (for
example, accounting for cryptocurrency).

3. Understanding the Components of Systems of Internal Controls

Components of Systems of Internal Controls Predominant Type of Control

1. Control Environment- The control environment includes
the governance and management functions and the
attitudes, awareness and actions of those charged with
governance and management concerning the entity’s
system of internal control and its importance in the entity.
The control environment sets the tone of an organisation,
influencing the control consciousness of its people and
provides the overall foundation for the operation of other Indirect controls
components.
Auditor’s understanding of
The control environment encompasses many elements, these control components,
such as
are likely to affect the risk of
- how management’s responsibilities are carried out (such material misstatement at
as creating and maintaining the entity’s culture and
demonstrating management’s commitment to integrity the financial statement
and ethical values);
- how those charged with governance demonstrate level.
independence from management and exercise oversight
of the entity’s system of internal control;
- how the entity assigns authority and responsibility in
pursuit of its objectives;
- how the entity attracts, develops and retains competent
individuals in alignment with its objectives; and
- how the entity holds individuals accountable for their
responsibilities in pursuit of the entity’s system of internal
control

Page 45 of 203
2. Risk assessment-The auditor shall obtain an
understanding of the entity’s risk assessment process
relevant to the preparation of the financial statements,
through performing risk assessment procedures, by
understanding the entity’s process for: Identifying business
risks, assessing the significance of those risks, including the
likelihood of their occurrence; and addressing those risks.

Robust risk assessment processes by the management leads

to stronger controls and therefore lower chances of errors
and fraud in financial statements.
3. Monitoring Systems of Internal Controls-The auditor shall
obtain an understanding of the entity’s process for
monitoring the system of internal control relevant to the
preparation of the financial statements. This includes
assessing whether there is an internal audit function within
an entity or not.

Monitoring of controls is a continual process to assess the

effectiveness of internal control performance over time. It
involves assessing the effectiveness of controls and taking
necessary remedial actions on a timely basis. Management
accomplishes the monitoring of controls through ongoing
activities, separate evaluations, or a combination of the two.

Ongoing monitoring activities are often built into the normal

recurring activities of an entity and include regular
management and supervisory activities

4. Control Activities-Control activities are the policies and

procedures which help ensure that management directives
are carried out.

Auditor has to understand control activities to assess risk of

material misstatement in the financial statements and to
design further procedures.

Page 46 of 203
Examples of controls are:
Authorization and approvals. An authorization affirms that
a transaction is valid. For example, a supervisor approves an
expense report after reviewing whether the expenses seem
reasonable and within policy. An example of an automated
approval is when an invoice unit cost is automatically
compared with a preset level of say $500. Invoices within Direct Controls
$500 are automatically approved for payment. Those
invoices above $500 are flagged for additional investigation.
Auditor’s understanding of
Reconciliations – Reconciliations compare two or more data these control components,
elements for example bank reconciliation statements. If
differences are identified, action is taken to bring the data
are likely to affect the risk of
into agreement. Reconciliations generally address the material misstatement at
completeness or accuracy of processing transactions.
the assertion level
Verifications – Verifications compare two or more items
with each other or compare an item with a policy for
example comparing expense with budget or invoice with
GRN and will likely involve a follow-up action when the two
items do not match. Verifications generally address the
completeness, accuracy, or validity of processing
transactions

Physical or logical controls - These include:

• The physical security of assets, including adequate
safeguards such as secured facilities over access to
assets and records.
• The authorization for access to computer programs and
data files (i.e., logical access).
• The periodic counting and comparison with amounts
shown on control records (for example, comparing the
results of cash, security and inventory counts with
accounting records).

Segregation of duties - Assigning different people the

responsibilities of authorizing transactions, recording
transactions, and maintaining custody of assets.
5. Information systems and Communication
Auditor will understand the process by which transactions
and events are initiated, recorded, processed, corrected,
transferred to general ledger and reported in the financial
statements.

Page 47 of 203
 Auditor will also understand how the client
communicates financial reporting roles and
responsibilities as well as important matters relating to
financial reporting.

This Understanding of business can be developed from different Sources of information:

The different sources of information that may be used by the auditor as well as example of factors found
from these sources are as follows:

Prior year financial statements: Provides information in relation to the size of the client as well as the key
accounting policies, disclosure notes and whether the audit opinion was modified or not.

Discussions with the previous auditors/access to their files: Provides information on key issues identified
during the prior year audit as well as the audit approach adopted.

Prior year report to management: If this can be obtained from the previous auditors or from
management, it can provide information on the internal control deficiencies noted last year. If these have
not been rectified by management, then they could arise in the current year audit as well and may impact
the audit approach.

The client ‘s accounting systems notes/procedural manuals: Provides information on how each of the
key accounting systems operates and this will be used to identify areas of potential control risk and help
determine the audit approach.

Discussions with management: Provides information in relation to the business, any important issues
which have arisen or changes to accounting policies from the prior year.

Review of board minutes: Provides an overview of key issues which have arisen during the year and how
those charged with governance have addressed them.

Current year budgets and management accounts: Provides relevant financial information for the year to
date. It will help the auditor during the planning stage for preliminary analytical review and risk
identification.

The client’s website: Recent press releases from the company may provide background on the business
during the year as this will help in identifying the key audit risks.

Financial statements of competitors: This will provide information about the client ‘s
competitors, in relation to their financial results and their accounting policies. This will be
important in assessing the client’s performance in the year and also when undertaking the going
concern review

Page 48 of 203
B. AUDIT RISK and Auditor Response

Examiner’s comments

Audit risk questions typically require a number of audit risks to be identified (½ marks each), explained
(½ marks each) and an auditor’s response to each risk (1 mark each).

To explain audit risk, candidates need to state the area of the accounts impacted with an assertion (e.g.
cut off, valuation etc.), or, a reference to under/over/misstated, or, a reference to inherent, control or
detection risk. Misstated is only awarded if it was clear that the balance could be either over or
understated.

Candidates are reminded that audit risk questions may also require a calculation of relevant ratios that
will allow the auditor to identify the key areas of risk in the financial statements. If this is required,
candidates should only provide one ratio per area of the financial statements per year (e.g. either
“inventory days” or “inventory turnover”), not include calculations of movements year on year (e.g.
“revenue has increased by x%), as while relevant in the discussion of risk, will not score the marks for
calculating appropriate ratios, and also come equipped with a calculator for the exam.

Importance of risk assessment

1. Assessing engagement risks at the planning stage, this will ensure that attention is focused early on
the area’s most likely to cause material misstatements.
2. It will help the auditor to fully understand the entity, which is vital for an effective audit.
3. Any unusual transactions or balances would also be identified early, so that these could be addressed
in a timely manner.
4. Assessing risks early should also result in an efficient audit. The team will only focus their time and
effort on key areas as opposed to balances or transactions that might be immaterial or unlikely to
contain errors.
5. In addition, assessing risk early should ensure that the most appropriate team is selected with more
experienced staff allocated to higher risk audits and high-risk balances.
6. A thorough risk analysis should ultimately reduce the risk of an inappropriate audit opinion being
given.
7. It should enable the auditor to have a good understanding of the risks of fraud, money laundering,
etc.
8. Assessing risk should enable the auditor to assess whether the client is a going concern.

Page 49 of 203
 Audit Risk
Risk of wrong opinion

Risk of Material
Detection Risk
Misstatement
Risk that auditors might be
Risk of errors in F/S unable to detect issues in F/s

Inherent Risk Control Risk

Risk in nature of transactions Risk that controls may be unable to
and business prevent or detect misstatements

Auditors use the audit risk model to direct audit resources to the performance of additional substantive
procedures in areas of the financial statement where audit risk is deemed to be high.

The formula for the audit risk model is:

Audit Risk = Risk of material misstatement in the financial statements x Detection Risk

Audit Risk Explained

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated.

Audit risk is a function of two main components being the risks of material misstatement and detection
risk. Risk of material misstatement is made up of two components, inherent risk and control risk.

Risk of material misstatement in the financial statements explained

Risk of material misstatement is made up of a further two components, inherent risk and control risk.
Inherent risk

Page 50 of 203
Inherent risk:
Definition: The susceptibility of an assertion about a class of transaction, account balance or disclosure to
a misstatement that could be material, either individually or when aggregated with other misstatements,
before consideration of any related controls.

Inherent risk describes something about the nature of a business or its transactions that make it
particularly susceptible to material misstatements.

Inherent risk can be assessed from developing an understanding of the entity and its environment as well
as the applicable financial reporting framework. Examples are given in table below:
Inherent Risk Inherent risk factors and examples
Understanding of the entity • Complexity- for example, complex accounting or reporting
and its environment requirements such as the audit of a large, multi-national
insurance group. Accounting measurements that involve
complex processes.
• Subjectivity- choice of valuation methodology or basis for
accounting estimations.
• Change-Operations in regions that are economically unstable,
for example, countries with significant currency devaluation or
highly inflationary economies. E.g. Going concern and liquidity
issues including loss of significant customers leading to going
concern issues. Developing or offering new products or services,
or moving into new lines of business.
• Uncertainty- for example, contingent liabilities or uncertainly
over key issues - environmental, legal or financial – such as the
audit of a company with ongoing litigation issues (requiring
provisions and estimations of liability). Pending litigation and
contingent liabilities.
• Susceptibility to misstatement due to management bias or
other fraud risk factors- for example, transactions with related
parties, the use of manual adjustments, bonus schemes
dependent on financial results.
Understanding the applicable There are several financial reporting standards which can be subject
financial reporting standards to misapplication, either deliberate or accidental, such as IFRS® 15
and the entity’s system of Revenue from Contracts with Customers or IAS® 37, Provisions,
internal control. Contingent Liabilities and Contingent Assets. Foreign currency
Auditors must consider the adjustments or complex financial instruments can further complicate
impact of the accounting the reporting (and regulatory) requirements.
policies and financial reporting
requirements, including
industry specific requirements,

Page 51 of 203
 when assessing the risk of New or emerging accounting issues, such as cryptocurrencies or
material misstatement. environmental reporting may be affected by the subjectivity of
Evaluating the financial management. In the case of technological changes, a lack of definitive
reporting policies of the entity accounting standards may result in inconsistent or incorrect
is part of the overall valuations or disclosures.
assessment of inherent risk.

Not all inherent risks will be equally important, risks fall on a SPECTRUM OF RISKS that range from risks of
low significance to significant risks.

Significant risk, which is an identified risk of material misstatement for which the assessment of inherent
risk is close to the upper end of the spectrum of inherent risk. This is due to the degree to which inherent
risk factors affect the combination of the likelihood and the magnitude of a potential misstatement.

When the auditor is planning responses to identified risks, risks may need to be prioritised as the auditor
needs to plan to obtain more evidence in relation to significant risks

Control risk

Definition: The risk that a misstatement that could occur in an assertion about a class of transaction,
account balance or disclosure and that could be material, either individually or when aggregated with
other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s
internal control.

It is the risk that an organisation’s internal control systems do not adequately protect the organization
either because they have not been adequately designed and / or implemented.
The following factors can result in an increase in control risk:
– Lack of personnel with appropriate accounting and financial reporting skills.
– Changes in key personnel including departure of key management.
– Deficiencies in internal control, especially those not addressed by management.
– Changes in the information technology (IT) environment.
– Installation of significant new IT systems related to financial reporting.

It is important to appreciate that the auditor has no control over the extent of either inherent or control
risk; these are risks borne by the entity subject to audit. However, the auditor has to assess them in the
process of determining the extent of the detailed substantive procedures to be carried out.

ISA 315 (Revised 2019) indicates that the auditor is only required to assess control risk if there are plans
to test the operating effectiveness of controls.

Page 52 of 203
If auditor decides not to test controls, Risks of Material Misstatement will be equal to Inherent Risk.

Detection risk Explained

Definition: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably
low level will not detect a misstatement that exists and that could be material, either individually or when
aggregated with other misstatements. Detection risk is affected by sampling and non-sampling risk.

Detection risk is all down to the auditors and is the risk that the auditor’s procedures fail to detect a
material misstatement.

Detection risk is affected by sampling and non-sampling risk and factors which can result in an increase
include:
– Inadequate planning.
– Inappropriate assignment of personnel to the engagement team.
– Failing to apply professional scepticism.
– Inadequate supervision and review of the audit work performed.
– Incorrect sampling techniques performed.
– Incorrect sample sizes

Detection risk include sampling risk and non-sampling risk ( these are explained in detail with the topic of
sampling- below is an overview).

Sampling risk= sample is not representative of the population

Non-sampling risk = auditor’s procedures or the conclusion reached are incorrect.

Audit Risk = Inherent Risk x Control Risk x Detection risk

Needs to be High High Must be low!

at an
acceptably
low level

Page 53 of 203
How is Audit Risk Assessed

Audit Risk Assessment

Observation and
Making Enquiries of inspection of
Analytical Procedures
management operations, documents
and reports

The audit risk model used by auditors, dictates that for a given level of audit risk, the acceptable level
of detection risk bears an inverse relationship to the assessment of the risk of material misstatement.

For example, on an audit assignment where the risk of material misstatement has been assessed as
high, in order to achieve a low level of audit risk, detection risk must be set as low.

In such circumstances the auditor would need to direct an appropriate level of resources to the testing
of the assertion in question. This will comprise adequate planning, proper assignment of personnel, the
application of professional scepticism and supervision and review of the audit work performed.

Analytical procedures
Analytical procedure is an audit procedure which seeks to provide evidence as to the completeness,
accuracy and validity of the information contained in the accounting records or in the financial
statements.

The procedure consists of the systematic study and comparison of relationships among elements of
financial information and the investigation of significant fluctuations and variances from the expected
relationship.

Steps involved in analytical procedures

1. Expectation: This step involves developing an expectation of what the financial information figures
should be. This can be agreed through comparisons of financial information or considerations of
relationships (ratio analysis).

2. Identification: This step involves identification of significant variations between the actual data with
the expected data.

Page 54 of 203
3. Investigation of unusual variances: Once the variation has been computed, and if significant variations
are found, the auditor would consult the management in order to establish explanations for the variations
revealed.

4. Performance of alternate procedures: If the auditor or the management does not find the variation
reasonable, then they investigate further and perform analytical procedures to satisfy themselves.

When performing an analytical procedure, the auditor compares numbers, ratios or even non-financial
information in order to identify unexpected trends or unexpected relationships,which may indicate the
existence of errors.

There are many different analytical procedures including the comparisons listed below
• year on year (e.g. revenue this year compared to revenue last year);
• to budget or forecast (e.g. actual purchases compared to budgeted purchases);
• to predictions made by the auditors-proof in total (e.g. auditors calculation of depreciation compared
to client’s calculation);
• to industry information (e.g. client’s revenue compared to competitor’s revenue).
• Comparison/analysis of relationships between different elements of the financial statements ( for
example gross profit compared to sales)
• Comparison of financial info with non-financial info ( for e.g. payroll expense matched to number of
employees)
• Nonfinancial information. For example, sales revenue for a client from the hotel industry might be
based on available data as to room occupancy rates.

Analytical Procedures at to assist the auditor in planning the nature, timing and extent of other audit
the Planning stage procedures. Use at this stage should add to the firm’s understanding of the
business and identify risk areas to which audit resources should be
targeted.
Analytical Procedures at at the detailed testing stage – in most instances analytical procedures
substantive testing stage should be used in conjunction with tests of detail to achieve a particular
audit objective in relation to specific financial statement assertions..
Analytical Procedures at At the final review stage the auditor must design and perform analytical
the Review stage procedures that assist him when forming an overall conclusion as to
whether the financial statements are consistent with the auditor’s
understanding of the entity and that all of the audit objectives with regard
to the financial statements have been met.

Page 55 of 203
Using Ratios
In the exam you may be asked to compute and interpret the key ratios used in analytical procedures at
both the audit planning stage and when collecting audit evidence. Ratios and comparisons can be used
to identify where the accounts might be wrong, and where additional auditing effort should be spent.

Calculating a ratio is easy, and usually is little more than dividing one number by another. Indeed, the
calculations are so basic that they can be programmed into a spreadsheet. The real skill comes in
interpreting the results and using that information to carry out a better audit. Saying that a ratio has
increased because the top line in the calculation has increased (or the bottom line decreased) is rather
pointless: this is simply translating the calculation into words.

Gross Profit Margin = Gross profit/Sales Revenue x 100

Operating profit margin =Operating profit/Sales Revenue x 100

Return on capital employed = Operating profit/ Capital employed x 100

Current Ratio= Current Assets/Current Liabilities

Quick ( or asset test) ratios =Current assets minus inventory/ current liabilities

Inventory holding period or Inventory days =Inventory/Cost of sales x 365

Receivable days/ Receivables collection period =Trade receivables/Sales x 365

Trade payable Days/Payables payment period =Trade payables/Cost of sales x 365

Gearing =Long-term loan finance/ equity finance x 100

The gearing ratio can also be defined in other ways, particularly by comparing long-term loan finance
to total finance. As gearing increases so does the risk that the interest can’t be paid. But it is difficult to
define a ‘safe’ level of gearing. For example, a property company with properties leased to tenants will
have fairly predictable rental income. Such a company can probably safely sustain substantial
borrowings (though it could be in trouble if interest rates increased significantly). A company with
volatile streams of income would have to keep its gearing lower as it must ensure that interest can be
paid during the lean times.

Interest cover = profit before interest/ interest

Page 56 of 203
Auditor’s Responses to Risk

Examiner’s comments
An auditor’s response does not have to be a detailed audit procedure, rather an approach the audit
team will take to address the identified risk.

Having identified the audit risk candidates are often required to identify the relevant response to these
risks. A common mistake made by candidates is to provide a response that management would adopt
rather than the auditor.

In the past exams, in relation to the risk of valuation of receivables if a company has a number of
receivables who were struggling to pay, many candidates suggested that management needed to chase
these outstanding customers. This is not a response that the auditor would adopt, as they would be
focused on testing valuation through after date cash receipts or reviewing the aged receivables ledger.

Auditor’s responses should focus on how the team will obtain evidence to reduce the risks identified to
an acceptable level. Their objective is confirming whether the financial statement assertions have been
adhered to, and whether the financial statements are true and fair. Responses are not as detailed as audit
procedures; instead they relate to the approach the auditor will adopt to confirm whether the
transactions or balances are materially misstated.

ISA 330 lists the following overall responses that may be used by auditors in order to address the
assessed risks of material misstatement at the financial statement level:

➢ Emphasizing to the audit team the need to maintain professional scepticism.

➢ Assigning more experienced staff, those with special skills, or using experts.
➢ Providing more supervision.
➢ Incorporating additional elements of unpredictability in the selection of further audit procedures to
be performed.
➢ Making general changes to the nature, timing or extent of audit procedures

Examples from past exams

Audit Risk Audit Response
The finance director Abrahams is planning to capitalize A breakdown of the development
the full $2.2million of development expenditure expenditure should be reviewed and tested
incurred. However, in order to be capitalized it must in detail to ensure that only projects which
meet all of the criteria under IAS 38 intangible Assets. meet the capitalization criteria are included
The risk is that the criteria has not been and assets might as an intangible asset, with the balance
be overstated. being expensed.

Page 57 of 203
 In September Abrahams Co introduced a new accounting The new system will need to be
system. This is a critical system for the accounts documented in full and testing should be
preparation and if there were any errors that occurred performed over the transfer of data from
during the changeover process, these could impact on the old to the new system.
the final amounts in the trial balance.

C.MATERIALITY

Definition: ‘Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis
of the financial statements.’

In assessing the level of materiality there are a number of areas that should be considered.

Firstly, the auditor must consider both the amount (quantity) and the nature (quality) of any
misstatements, or a combination of both.

The quantity of the misstatement refers to the relative size of it and the quality refers to an amount that
might be low in value but due to its prominence could influence the user’s decision, for example, directors’
transactions.

Page 58 of 203
In assessing materiality, the auditor must consider that a number of errors each with a low value may
when aggregated amount to a material misstatement.

The assessment of what is material is ultimately a matter of the auditor’s professional judgement, and it
is affected by the auditor’s perception of the financial information needs of users of the financial
statements and the perceived level of risk; the higher the risk, the lower the level of overall materiality.

Materiality is often calculated using benchmarks such as 5% of profit before tax or 2% of total assets.
These values are useful as a starting point for assessing materiality.

Auditors need to establish the materiality level for the financial statements as a whole, as well as assess
performance materiality levels, which are lower than the overall materiality.

Performance materiality is normally set at a level lower than overall materiality. It is used for testing
individual transactions, account balances and disclosures. The aim of performance materiality is to reduce
the risk that the total of errors in balances, transactions and disclosures does not in total exceed overall
materiality.

Definition of performance materiality below:

‘Performance materiality means the amount or amounts set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the aggregate
of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.
If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than
the materiality level or levels for particular classes of transactions, account balances or disclosures.’

Material by size (importance depends on value)-Quantitative factors

➢ 0.5% of revenue;
➢ 1% of total assets;
➢ 5% of PBT.

Material by nature
Examples
➢ Bank balances
➢ Related party transactions ( including remuneration and personal expenses of directors)
➢ Fraud/ Unlawful transactions (e.g. illegal payments)
➢ Violation of regulatory requirements
➢ Incorrect selection or application of an accounting policy that has an immaterial effect on the current
period but is likely to have a material effect on future periods
➢ Failure to meet requirements of debt-covenants
➢ Key Performance Indicators of the company (e.g. converting loss into profit)

Page 59 of 203
D.SCOPE.TIMING AND DIRECTION

Scope Timing
Deadlines for:
1. Financial reporting framework for the financial • Final reporting
statements. • Any interim report
2. Are there industry specific or other special • Meeting with Those charged with governance
reporting requirements? and Management to discuss important
3. Are there other factors which influence the matters of audit
overall approach to the audit? • Reports to management
• Multiple locations • Reports to those charged with governance.
• Need of expert
• Whether the entity has an internal audit The normal timetable for an audit includes:
function, and if so, in which areas and to - An interim visit, usually at least three-
what extent work of the function can be quarters of the way through the accounting
used. year
• Nature of business (considering need of - Attendance at inventory count
specialized knowledge). - Year-end confirmation letters
• Effect of information technology on the - The final audit shortly after the accounting
audit procedures year-end

This pattern will often be modified to suit the

needs of the particular business.

Direction
The ‘direction’ of the audit covers the overall approach and concerns such issues as:
1. Reliance on controls or a fully substantive approach.
2. Significant developments and changes in
▪ Industry (e.g. regulations and reporting requirements)
▪ Business (impact of IT, changes in processes, mergers, acquisitions)
▪ Financial Reporting Framework
▪ Others (e.g. legal environment)
3. With respect to risk
▪ Identification of areas of financial statements where there is higher risk.
▪ Impact of risk at financial statements level on direction, supervision and review.
4. With respect to materiality; Setting materiality for planning purposes
5. With respect to Internal Controls
▪ Internal control deficiencies identified in previous audits and actions to address them.
▪ Appropriateness of design, implementation and operating effectiveness of internal control.
▪ Whether it is more efficient to rely on internal control.

Page 60 of 203
Audit plan

An audit plan converts the audit strategy into a more detailed plan and includes the nature, timing and
extent of audit procedures to be performed by engagement team members in order to obtain sufficient
appropriate audit evidence to reduce audit risk to a low level.

Audit planning is a detailed recording of each procedure and process required to perform an audit.

Once the overall strategy has been determined, the auditor should prepare a detailed plan of the areas
determined in the audit strategy. Once the audit strategy has been decided, the next stage is to decide
how it is going to be carried out; an audit plan is necessary. The audit plan contains the nature, timing and
extent of the procedures to be performed.

The audit plan covers:

• Allocation of work and duties to the assistants
• Allocation of time and cost
• Formation of various teams
• Audit tests/procedures
• Data gathering techniques
• Types of audit evidence desired

The audit plan is developed in order to reduce audit risk to an acceptably low level.

Interim vs Final Audit

Interim Audit

An interim audit refers to audit work that is conducted during the accounting year, at intervals, fixed or
not. The audit of the remaining part of the year will be done at the end of the accounting year.

The auditor uses the interim audit to carry out procedures which would be difficult to perform at the year
end because of time pressure. There is no requirement to undertake an interim audit; factors to consider
when deciding upon whether to have one include the size and complexity of the company along with the
effectiveness of internal controls.

Typical work carried out at the interim audit includes:

- consideration of inherent risks facing the company. (Risk would be initially considered at the planning
stage, but is, in fact, reassessed at all audit stages.)
- documenting and testing of internal controls
- testing of profit and loss transactions for the year to date
- identification of potential problems that may affect the final audit work.

Page 61 of 203
Final audit

The final audit will take place after the year end and concludes with the auditor forming and expressing
an opinion on the financial statements for the whole year subject to audit. It is important to note that the
final opinion takes account of conclusions formed at both the interim and final audit.

Typical work carried out at the final examination includes:

- Follow up of items noted at the inventory count
- Obtaining confirmations from third parties, such as bankers and lawyers
- Analytical reviews of figures in the financial statements.
- substantive procedures of account balances and transactions
- Reviews of events after the reporting period
- Consideration of the going concern status of the organisation.

Advantages of interim audit

a) The errors are discovered at early stage

b) As the auditor visits the entity frequently, the chances of fraud being committed reduce.
c) Fraud, if committed, will be discovered at an early stage, which results in minimising the loss due to
the fraud.
d) Most of the time, the audit staff is present at the client’s premises, which acts as a moral check and
result in minimising the chances of errors or fraud.
e) All the books and records of the client are always up-to-date.
f) As the audit is started earlier, more time is available for a detailed checking of accounts and hence
this allows for a comprehensive audit.
g) An interim audit minimises the work and time involved in conducting the audit at the end of the year
and therefore assures early completion of the audit reports.
h) If the auditor plans to rely on the internal controls, some extensive testing may be done at the interim
period only so that the workload at the end of the year will be reduced.

Disadvantages of interim audit

a) There is always a danger that the audited figures may be altered either innocently or fraudulently.
That is why ISA 330 states that when audit evidence (relating to the operating effectiveness of internal
controls or the financial statement assertions), is obtained during the interim period, additional audit
evidence (relating to the effectiveness of internal controls or the financial statement assertions) must
also be obtained for the remaining period.
b) It is just a waste of time in small entities.
c) The cost would be high.

Page 62 of 203
 Evaluating Internal Controls Over Financial Reporting
The Audit Process

Obtaining/Accepting Tests of Substantive Opinion/

Planning Review
Clients Controls Procedures Report

Examiner’s comments
Internal control questions typically require internal control deficiencies to be identified (½ marks each),
explained (½ marks each), a relevant recommendation to address the control (1 mark), and, often a test
of control the external auditor would perform to assess whether each of these controls, if implemented,
is operating correctly (1 mark).

Internal control questions may also require a covering letter to management to accompany the list of
deficiencies and recommendations.

Occasionally, as in September 2015, candidates may be asked to identify internal control strengths as
well as deficiencies.

Auditors’ Responsibilities Related to Systems of Internal Controls

Decide Extent
Understand Document Test Report of Substantive
Tests

Internal controls: Internal control represents the system or policies and procedures implemented by an
organization.

Internal control over financial reporting: The process designed→implemented→ maintained by TCWG
to provide reasonable assurance about the reliability of financial reporting, effectiveness of operations
and compliance with laws and regulations.

Why does an auditor need to understand internal controls?

Internal controls assure management of the accuracy of the financial statements, that the operations of
the entity are conducted efficiently and that the entity has complied with all the laws and regulations
which are applicable to the entity.

Page 63 of 203
The objectives of internal controls relevant to audit include:
1. Avoidance of fraud, errors, wastes and inefficiency
2. Maximum accuracy of all records, data and statements
3. Enables auditors to determine the degree of reliance they can place on the various systems. This will
enable the auditors to assess the correctness, truth and fairness of the financial statements.
4. Informing management about weaknesses detected in internal controls so that corrective action can
be taken.
5. Enabling planning of the audit
6. Understanding the components of internal control: While planning the audit, the auditor understands
the various components of the internal control so as to:
o identify the types of potential misstatements.
o consider the factors that affect the risk of misstatement.
o design effective substantive tests.

Components of internal control over financial reporting

ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
and Its Environment considers the components of an entity’s internal control. It identifies the following
components:
1. Control environment
2. Entity’s risk assessment process
3. Information system and communication
4. Control activities
5. Monitoring of controls

Control Environment
Indirect Controls-Auditor needs to
Components of System of

understand these as they affect the

Risk Assessment risk of material misstatement at the
Internal Control

financial statement level

Monitoring Controls

Control Acvitities Direct Controls-Auditor needs to

understand these as they affect risk of
Information Systems material misstatement at assertion
and Communication level.

Page 64 of 203
NOTE: this table has been covered before in planning. Make sure you read this carefully for the exam!

Understand client’s Control The control environment sets the tone of an organisation, influencing
Environment-INDIRECT the control consciousness of its people. It includes the attitudes,
CONTROL awareness, and actions of TCWG concerning the entity’s internal control
and its importance in the entity.

The control environment has many elements such as:

1. Maintaining the entity’s culture and demonstrating commitment to
integrity and ethical values- This includes how ethical and behavioral
standards are communicated (e.g., through policy statements), and
how they are reinforced in practice (e.g., through management
actions to eliminate or mitigate incentives or temptations that might
prompt personnel to engage in dishonest, illegal, or unethical acts
2. Independence of TCWG and oversight of the entity’s system of
internal control-This will include an assessment of whether TCWG
has independent members and whether they ensure that they
supervise management in their responsibilities for designing,
implementing and conducting the system of internal controls
3. Assignment of authority and responsibility-this includes reporting
lines, resources provided for duties and ensuring all individuals
understand entity’s operations.
4. Attracting, developing and retaining competent individuals- this
includes the standards for recruiting most qualified individuals,
training policies and periodic performance appraisals
5. Accountability of individuals-this involves establishing performance
measures, how individuals are disciplined and communicated with
and whether performance measures pressurize individuals for
achievement.
Understand client’s Risk Auditor needs to understand the management’s process to identify and
Assessment Process- assess risks in financial reporting. Auditor also needs to understand
INDIRECT CONTROL actions taken by the management to address these risks. The auditor will
then evaluate whether there are deficiencies in the client’s risk
assessment process.
Understand client’s Auditor will understand how internal controls over financial reporting
Monitoring process monitored (including whether there is an effective internal audit
INDIRECT CONTROL department)
Understand client’s Auditor will understand the process by which transactions and events
Information systems are initiated, recorded, processed, corrected, transferred to general
relevant to financial ledger and reported in the financial statements.
reporting
Plus

Page 65 of 203
Communication- DIRECT Auditor will also understand how the client communicates financial
CONTROL reporting roles and responsibilities as well as important matters relating
to financial reporting.
Understand the Control Control activities are the policies and procedures which help ensure that
Activities-DIRECT CONTROL management directives are carried out.

Auditor has to understand control activities to assess risk of material

misstatement in the financial statements and to design further
procedures.

Examples of controls are:

Authorization and approvals. An authorization affirms that a
transaction is valid. For example, a supervisor approves an expense
report after reviewing whether the expenses seem reasonable and
within policy. An example of an automated approval is when an invoice
unit cost is automatically compared with a preset level of say $500.
Invoices within $500 are automatically approved for payment. Those
invoices above $500 are flagged for additional investigation.

Reconciliations – Reconciliations compare two or more data elements

for example bank reconciliation statements. If differences are identified,
action is taken to bring the data into agreement. Reconciliations
generally address the completeness or accuracy of processing
transactions.

Verifications – Verifications compare two or more items with each other

or compare an item with a policy for example comparing expense with
budget or invoice with GRN and will likely involve a follow-up action
when the two items do not match. Verifications generally address the
completeness, accuracy, or validity of processing transactions

Physical or logical controls - These include:

• The physical security of assets, including adequate safeguards such
as secured facilities over access to assets and records.
• The authorization for access to computer programs and data files
(i.e., logical access).
• The periodic counting and comparison with amounts shown on
control records (for example, comparing the results of cash, security
and inventory counts with accounting records).

Page 66 of 203
 Segregation of duties - Assigning different people the responsibilities of
authorizing transactions, recording transactions, and maintaining
custody of assets.

Computer Controls
GENERAL CONTROLS (Apply to the whole system)
Controls on the information system environment which ensure proper development of applications.

Examples include
• making regular back-ups of data and storing them off-site;
• having an IT help-desk and IT training for staff;
• keeping computers in locked rooms;
• having a disaster recovery plan;
• all computers have log in codes;
• anti-virus software and firewalls;
• segregation of duties between programmers and users.
• review of the data center or information processing facility should cover the adequacy of air
conditioning (temperature, humidity), power supply (uninterruptible power supplies, generators) and
smoke detectors

APPLICATION CONTROLS

Application controls are those controls that relate to the transaction and standing data relating to a
computer-based accounting system.

They are specific to a given application and their objectives are to ensure the completeness and accuracy
of the accounting records and the validity of entries made in those records.

An effective computer-based system will ensure that there are adequate controls existing at the point of
input, processing and output stages of the computer processing cycle and over standing data contained
in master files.

Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process
of determining the risk of material misstatement in the audit client’s financial statements.

Input controls
Data input controls ensure the accuracy, completeness, and timeliness of data during its conversion from
its original source into computer data, or entry into a computer application. Examples are given below:
- Format checks: These ensure that information is input in the correct form. For example, the
requirement that the date of a sales invoice be input in numeric format only – not numeric and
alphanumeric.

Page 67 of 203
- Range /Reasonableness checks: These ensure that input data is rejected or highlighted if it is outside
pre-set parameters. For example, where an entity rarely, if ever, makes bulk-buy purchases with a
value in excess of $50,000, a purchase invoice with an input value in excess of $50,000 is rejected for
review and follow-up.

- Compatibility/dependence checks: These ensure that data input from two or more fields is
compatible. For example, a sales invoice value should be compatible with the amount of sales tax
charged on the invoice.

- Exception checks: These ensure that an exception report is produced highlighting unusual situations
that have arisen following the input of a specific item. For example, the carry forward of a negative
value for inventory held.

- Sequence checks: ensure that sequential input of documentation/data is maintained. These facilitate
completeness of processing by ensuring that documents processed out of sequence are rejected. For
example, where pre-numbered goods received notes are issued to acknowledge the receipt of goods
into physical inventory, any input of notes out of sequence should be rejected.

- Control totals: These also facilitate completeness of processing by ensure that pre-input, manually
prepared control totals are compared to control totals input. For example, the total of all the invoices,
such as the gross value, is manually calculated. The invoices are input, the system aggregates the total
of the input invoices’ gross value and this is compared to the control total. This helps to ensure
completeness and accuracy of input.

- Existence checks: the system is set up so that certain key data must be entered, such as supplier
name, otherwise the invoice is rejected. This helps to ensure accuracy of input.

- Check digit verification: Check digits are used to protect against the transposition of data i.e. errors
arising due to accidental reversal of digits. This process uses algorithms to ensure that data input is
accurate.

- Document counts: the number of invoices to be input are counted, the invoices are then entered one
by one, at the end the number of invoices input is checked against the document count. This helps to
ensure completeness of input.

- One for one checking: the invoices entered into the system are manually agreed back one by one to
the original purchase invoices. This helps to ensure completeness and accuracy of input.

Processing controls

Processing controls exist to ensure that all data input is processed correctly and that data files are
appropriately updated accurately in a timely manner.

Page 68 of 203
For example, the balance carried forward on the bank account in a company’s general (nominal) ledger.
Other processing controls should include the subsequent processing of data rejected at the point of input,
for example:
- A computer produced print-out of rejected items.
- Formal written instructions notifying data processing personnel of the procedures to follow with
regard to rejected items.
- Appropriate investigation/follow up with regard to rejected items.
- Evidence that rejected errors have been corrected and re-input.

Output controls

Output controls exist to ensure that all data is processed and that output is distributed only to prescribed
authorised users. While the degree of output controls will vary from one organisation to another
(dependent on the confidentiality of the information and size of the organisation), common controls
comprise:
- Appropriate review and follow up of exception report information to ensure that there are no
permanently outstanding exception items.
- Careful scheduling of the processing of data to help facilitate the distribution of information to end
users on a timely basis.
- Ongoing monitoring by a responsible official, of the distribution of output, to ensure it is distributed
in accordance with authorised policy.

Term to remember: Standing Data

Standing data is the information that is held on computer files for long-term use. It is called standing data
as it tends to change less frequently than other data. Examples of standing data would be:
• the rate of sales tax to be applied to sales invoices;
• the hourly pay rate for a factory worker to be used when calculating payroll;
• employee bank account details.

Master file controls

The purpose of master file controls is to ensure the ongoing integrity of the standing data contained in
the master files. It is vitally important that stringent ‘security’ controls should be exercised over all master
files.

These include:
− appropriate use of passwords, to restrict access to master file data
− the establishment of adequate procedures over the amendment of data, comprising appropriate
segregation of duties, and authority to amend being restricted to appropriate responsible individuals
− regular checking of master file data to authorised data, by an independent responsible official

Page 69 of 203
Limitations of internal control components
The internal control system, even if well-designed and well-implemented, does not completely eliminate
the possibility of fraud or error. No internal control system can be perfect due to its inherent limitations.

- Controls are far more expensive compared to the benefits from the system.
- Overriding of controls by the management.
- Control systems are not geared up to cater to non-routine transactions.
- Possibility of human error.
- Possibility of fraud on account of collusion between employees.
- Possibility that, with a change in conditions, a control may not be modified and therefore may become
inadequate.
- Obsolescence of controls.

Responsibilities of various parties regarding ICS

Management: design and implement and effective ICS. Check and ensure it is working effectively on a
continuous basis.

BOD: ensure that an effective ICS is designed, implemented and monitored by the management. Ensure
ICS are reviewed by internal and external auditors and their recommendations are implemented
Auditors: review and report on ICS and recommend changes

External auditor’s work regarding controls

Document/Evaluate Narratives
Narrative notes consist of a written description of the system; they would
detail what occurs in the system at each stage and would include any controls
which operate at each stage.

Advantages of this method include:

− They are simple to record; after discussion with staff members of Oregano,
these discussions are easily written up as notes.
− They can facilitate understanding by all members of the internal audit
team, especially more junior members who might find alternative methods
too complex.

Disadvantages of this method include:

− They may prove to be time-consuming and cumbersome if the internal
control system is complex.
− It may make it more difficult to identify if any internal controls are missing
in narrative notes.

Page 70 of 203
Flowcharts
Flowcharts are a graphic illustration of the internal control system for the sales
and despatch system. Lines usually demonstrate the sequence of events and
standard symbols are used to signify controls or documents.

Advantages of this method include:

– It is easy to view the sales system in its entirety as it is all presented
together in one diagram.
– Due to the use of standard symbols for controls, they are easy to spot as
are any missing controls.
– Information is presented in a logical sequence.
– They ensure that a system is recorded in its entirety as all documents have
to be traced from beginning to end.
– Facilitates easy understanding of a system.
– Facilitates the highlights of strengths and weaknesses of a system.
– Serves as a permanent record of a system that can be subject to a minor
amendment on a year-to-year basis.
– They can be prepared quickly by staff with little experience.

Disadvantages of this method include:

– They can sometimes be difficult to amend, as any amendments may
require the whole flowchart to be redrawn.
– There is still the need for narrative notes to accompany the flowchart and
hence it can be a time consuming method.
– Not generally suitable for recording systems with numerous unusual
transactions.
– Only suitable for describing standard systems.
– Major amendment is not normally possible without redrawing.
– Time can be wasted by recording and checking areas that are of no audit
significance.
– They are not normally appropriate for recording systems where there are
subsystems or subroutines.

Questionnaires
Internal control questionnaires are used to assess whether controls exist which
meet specific objectives or prevent or detect errors and omissions.
− ICQ( designed to ask if certain controls are present)
− ICEQ (designed to ask if certain errors can be prevented-i.e. test the
effectiveness of controls)

Page 71 of 203
An Internal Control Questionnaire (ICQ) normally comprises a checklist of
standard controls that should exist in a specified functional area (for example
sales and trade receivables or purchases and trade payables). Questions about
the existence of specified controls are usually phrased to generate a ‘Yes’ or a
‘No’ answer, with an affirmative answer confirming the existence of the control
and a negative answer indicating the absence of the control and a weakness in
the system.

Internal Evaluation Questionnaires (ICEQs) provide an alternative and

improved means of evaluating control systems, by asking key questions about
those systems. Key questions are phrased such that answers in the positive
should alert the auditor to the fact that there are deficiencies in the systems
because systems objectives are not being met. ICEQs are usually designed to
include a list of points that the auditor should consider before answering each
key question.

The ICEQs contain detailed questions relating to the functioning of internal

controls. They are to be answered by the clients. The answers to the questions
are generally in a narrative form.
Information relating to the following matters is included the ICQs and ICEQs:
− segregation and rotation of duties
− maintenance of records and documents
− accountability for, and safeguarding of assets
− procedure for authorisations

Advantages
− Questionnaires are quick to prepare, which means they are a cost-effective
method for recording the system.
− They ensure that all controls present within the system are considered and
recorded; hence missing controls or deficiencies are clearly highlighted.
− Questionnaires are simple to complete and therefore any members of the
team can complete them and they are easy to use and understand.

Disadvantages
⎯ Internal controls may be overstated if the client is aware that the auditor is
looking for a particular answer.
⎯ Unusual controls may not be included on a standard questionnaire and
hence may not be identified.

Page 72 of 203
Test! Test of controls are performed to obtain audit evidence about 2 things:
1. Whether the ICS is designed suitably (to prevent, detect or correct material
misstatements)
2. Whether the ICS are operating properly ( test of controls)

Test of controls- examples

− inspection of documents (e.g. authorizations)
− enquiries about internal controls which leave no audit trail ( e.g. is the
person who is SUPPOSED to perform the function actually performing it or
is someone else is doing so)
− Re-performance of control procedures ( e.g. reconciliations)
− examination of evidence of management views(e.g. minutes of meetings)
− Observation of controls
− Using TEST DATA(CAATs)

If controls appear strong, they are tested to ensure they operated as described
throughout the year. If the results show they operated effectively, substantive
testing may be reduced.
Report control A letter on internal control (also referred to as a management letter or letter
weaknesses to of weakness) is a letter usually forwarded by an auditor to the senior
management management of a company.

The letter should normally be forwarded immediately following the

completion of the tests of control and before the commencement of
substantive procedures.

The letter contains weaknesses identified in the entity’s system of internal

control as identified by the auditor when performing tests of control and the
purpose of the letter is to bring these weaknesses to the attention of
management.

The weaknesses identified in the main body of the letter should be those which
could lead to fraud or material error in or omission from the company’s
financial statements, and will be classified as those relating to:
(i) the design of the systems of accounting and internal control.
(ii) the operation of the systems of accounting and internal control.

Page 73 of 203
 For both categories the implication(s) of the weakness(es) should be identified,
however minor control issues which the auditor would wish to bring to the
attention of the company’s senior management should be included in an
appendix to the letter of weakness or in a supplementary report.

Examples of matters the external auditor should consider in determining

whether a deficiency in internal controls is significant include:
– The likelihood of the deficiencies leading to material misstatements in the
financial statements in the future.
– The susceptibility to loss or fraud of the related asset or liability.
– the subjectivity and complexity of estimated amounts.
– The financial statement amounts exposed to the deficiencies.
– The volume of activity that has occurred or could occur in the account
balance or class of transactions exposed to the deficiency or deficiencies.
– The importance of the controls in the financial reporting process.
– The interaction of the deficiency with other deficiencies in the internal
controls.
Decide extent of Internal control over financial reporting strong-→ decrease substantive testing
substantive testing
Internal control over financial reporting weak-→ increase substantive testing

Answer Technique

For deficiencies in the design of the system (weaknesses in the way the system has been made):
− Identify weakness from the scenario
− Explain the impact of the weakness on the organization (think of the problem it can cause for the
business or the recording in the financial statements etc.)

For Test of controls (to confirm the operating effectiveness of internal control)
− Remember: the idea of TOCs is to simply confirm that are the systems actually being implemented
the way auditors were told (so confirm the ‘stories’ you were told!)
− Identify the control from the scenario
− Think of a way to test it to confirm it was actually being followed

Transaction Processing in Automated Environment

Each individual transaction in the Sales, Purchases, Payroll and other transaction cycles passes through
the following steps before it is reported in financial statements.

Page 74 of 203
 Controls Over Transaction Cycles

The auditors are required to understand controls implemented at each of the steps described above to
identify control deficiencies.

Once these controls have been understood and documented, the auditors will test controls on these steps
to report on their effectiveness.

The Sales System

General Ledger Trial Balance F/S

Journal Entry in
Sales Order (SO) GDN Sales Invoice
System

Receivable
Ledger

Control objectives for sales and despatch system

- To ensure that orders are only accepted if goods are available to be processed for customers.
- To ensure that all orders are recorded completely and accurately.
- To ensure that goods are not supplied to poor credit risks.
- To ensure that goods are despatched for all orders on a timely basis.
- To ensure that goods are despatched correctly to customers and that they are of an adequate quality.
- To ensure that all goods despatched are correctly invoiced.
- To ensure completeness of income for goods despatched.
- To ensure that sales discounts are only provided to valid customers.

Sales order - All sales orders documented on a sequentially numbered multi-part SALES ORDER
placed FORM.
- Confirm from the customer (preferably in writing except on telephonic sales, a
verbal reconfirmation/ call recording should be acceptable)
- Inventory check
- One copy of the GDN is sent with the goods, one copy stays in the warehouse,
stapled to the relevant sales order, and one copy is sent to the invoicing
department.
- New customer: credit checks, the obtaining of trade/bank references and the
setting of appropriate credit limits for customers
- Existing customer: credit limit check, Customer credit limits should be regularly
reviewed and updated based on the level of sales transactions and credit risk
- Any discounts committed to be authorized

Page 75 of 203
 - Follow up on unfulfilled orders- On a regular basis, a sequence check of orders
should be undertaken to identify any missing orders.
- Automated environment: access to master file limited to authorized individuals
only
Goods - Sequentially pre-numbered Goods Dispatched Note
dispatched - Matched to the sales order- Upon despatch, the GDN should be matched to the
to the order; a regular review of unmatched orders should be undertaken to identify any
customer unfulfilled orders.
- Signed by the warehouse manager after quantity and quality checks
- 3 copies (warehouse, customer, accounts/invoicing)
- Customer should sign the copies to acknowledge receipt of goods
Sales invoice - Sequentially pre-numbered invoices
raised and - Matched to GDN
entered in - 2 copies (accounts/invoicing, customer)
the - Ensure the authorized price list is used to prepare the invoice
accounting - Any discounts authorized
system - Arithmetic checks on invoices
- Sequence check on GDNs to ensure all GDNs have been invoiced
- Sequence check on Invoices to ensure all invoices have been entered in the
accounting system
- Customer statements should be sent monthly to ensure any errors and disputed
invoices are quickly identified and resolved.
Payment received from the customer Goods returned by the customer
- Match payment to invoice - Sequentially pre-numbered credit note
- Check validity of any settlement - Signed by the manager
discounts availed by the customer - Matched to invoice
- Segregation of duties: receiving - Prepare a report for reasons for returns and actions
payment and recording taken by the management.
- Encourage bank transfers
- A Bank Reconciliation Statement
should be prepared on a monthly basis
Other Aged receivables report: prepare monthly and reviewed by a senior official
controls
Exceptions reports created and reviewed (old receivables, credit limit exceeded etc.)
Amendments to master file data should be restricted so that only senior officials can
make changes.

Page 76 of 203
 The Purchase System

General Ledger Trial balance F/S

Purchase Purchase Purchase
GRN Journal Entry
Requisition Order Invoice
Supplier Ledger

Control objectives of purchase transactions are:

– Procurement is made only when the requirements are genuine.
– Purchases are made at the most optimum prices and terms.
– Purchases meet the required quality standards and if substandard quality is accepted, must be at
negotiated terms.
– Payments are made according to agreed terms.
– They are procured on time and the payments are made according to agreed terms.

Purchase - Sequentially pre-numbered

requisition - Authorized to ensure only those goods are ordered which are required
- Monitor inventory level or Re-order level set
- Inventory/ re-order level checked before raising the requisition to ensure only
order when required.
Purchase - Sequentially pre-numbered and matched to requisition
order - Authorized supplier list used and updated annually (this should take into account
the price of goods, their quality and the speed of delivery.)
- Authorized
- 3 copies (supplier, order department, warehouse)
- Follow up on order placed but not yet received
- Exception reports should be created in a computerized environment
- sequence check can be performed for any unfulfilled orders
Goods - Sequentially pre-numbered GRN
received - Matched to purchase order
- Signed by the warehouse manager after quantity and quality checks
- 3 copies (ordering department, warehouse for their records, account)
Invoice - Match to GRN
received - File in an order (CANNOT be Sequentially pre-numbered) but should be numbered
from supplier manually. This way, a sequence check can then be carried out to ensure all invoices
have been entered in the ledger.
- Arithmetic checks
- Entered in the ledger on a daily basis using application controls (such as control
total) to ensure completeness and accuracy over the input of purchase invoices.
- Stamp ‘entered’ when recorded
- Segregation of duties (order placement, goods received and recording)

Page 77 of 203
Payment made Goods returned to the supplier
- Segregation of duties (Purchase order, goods received, - Sequentially pre-numbered debit
payment) notes
- Before approving invoices for payment, a senior official - Authorized
should match them to the audit trail ( esp. the GRN) - Vendor-wise analysis to identify
- Bank transfer preferred consistent quality problems
- If payment by cheque: senior individuals only plus two
signatories for high amounts
- Stamp invoice ‘paid’
- Try and avail settlement discounts and pay according to
supplier’s terms to maintain supplier goodwill
- Payment against specific invoices only (avoid ‘on
account payment’)
- Supplier statement reconciliation with PL
- Monthly BRS
Examples of Document counts – the number of invoices to be input are counted, the invoices are
application then entered one by one, at the end the number of invoices input is checked against
controls to the document count. This helps to ensure completeness of input.
ensure the
Completeness Control totals – here the total of all the invoices, such as the gross value, is manually
and accuracy calculated. The invoices are input, the system aggregates the total of the input
of the input of invoices’ gross value and this is compared to the control total. This helps to ensure
purchase completeness and accuracy of input.
invoices.
One for one checking – the invoices entered into the system are manually agreed back
one by one to the original purchase invoices. This helps to ensure completeness and
accuracy of input.

Check digits – this control helps to reduce the risk of transposition errors.
Mathematical calculations are performed by the system on a particular data field,
such as supplier number, a mathematical formula is run by the system, this checks
that the data entered into the system is accurate. This helps to ensure accuracy of
input.

Range checks – a pre-determined maximum is input into the system for gross invoice
value, for example, $10,000; when invoices are input if the amount keyed in is
incorrectly entered as being above $10,000, the system will reject the invoice. This
helps to ensure accuracy of input.

Page 78 of 203
 Existence checks – the system is set up so that certain key data must be entered, such
as supplier name, otherwise the invoice is rejected. This helps to ensure accuracy of
input.

The Payroll System

Appointment/M Recording of Calculation of Payment of Journal Entries

Trial balance F/S
aster Files Wages Wages Wages in Legders

Control objectives of payroll system are:

- To ensure that employees are only paid for work done.
- To ensure that wages are only paid to valid employees.
- To ensure that all wages are authorised.
- To ensure that wages are paid at the correct rates of pay.
- To ensure that wages are correctly calculated.
- To ensure all wages transactions are correctly recorded in the books of account.
- To ensure that all payroll deductions are paid over to appropriate third parties (for example, tax
authorities)

Key terms: 1. Clock cards/timesheets 2. Payroll sheet 3. Pay slips 4. Bank Transfer List/payment list
(instructions to the bank)

There are five major steps in the payroll transaction cycle:

Setting up master file Robust recruitment procedures are required before new employees are
data entered on the wages master file.
- Appointments: All appointment of staff, whether temporary or permanent,
should only be made by the human resources department, separate from
the payroll department
- Interviews should be undertaken involving senior staff to ensure the new
employee has the required skills.
- New starters’ forms should be completed in the human resources (HR)
department and copies retained along with contracts of employment.
- Changes to standing data on the master file should be performed by staff
who are independent of processing payroll.
- The wages master file contains all the standing data about employees, such
as name, address, date of birth, date of starting employment, employee
number, rate of pay and tax code.
- Changes to master file data such as rates of pay and new starters/leavers
should be supported by forms approved by a senior responsible official.
(Control objectives 2 and 4)

Page 79 of 203
 - Access to the master file should require a responsible official’s password
and a log of standing data amendments should be produced and reviewed.
(Control objectives 2, 3 and 4)
- An independent check should be performed of standing data amendments
log to supporting documentation. (Control objectives 2, 3 and 4)
- Update ‘starters and leavers’ details on a timely basis. Procedures should
ensure that ‘starters’ and ‘leavers’ details are added to or deleted from the
master file immediately after starting or leaving the company’s
employment.
- All increases of pay should be proposed by the HR department and then
formally agreed by the board of directors.
Recording wages due - Clock cards are often used to record the hours that employees enter and
leave the premises. Modern equivalents would include employee ID cards
which are swiped by an electronic card reader.
- Supervision of clocking on points to ensure the attendance process is
monitored.
- Clock cards should be authorised by a responsible official before they are
sent to the payroll departments. (Control objectives 1 and 3)
- HR department should keep blank clock cards or ID cards, which are only
issued for new employees with contracts of employment. (Control objective
2)
- Periodic verification of staff cards with personal files of employees (to
ensure that there are no ghost employees).
Calculation of wages Hours worked should be converted to a gross wage by reference to the
employee’s hourly rate of pay and deductions such as payroll taxes are made
to calculate net pay. Software is normally used to produce the weekly payroll
and calculation errors are less likely than with manual systems.
- Gross wages should be based on a standard working week (for example, 40
hours).
- If overtime has been worked this should be picked up from the clock card.
However, in some systems, authorised lists of overtime worked during the
week are entered so that the revised gross wage can be calculated.
- Overtime forms/ listings should be reviewed and authorised by responsible
managers before input to the system. (Control objectives 1 and 3)
- Software controls should include data validation (edit) checks on the data
fields included on transactions, and include reasonableness, existence,
range and character checks.
- Error reports should be produced which list rejected items– for example,
employee numbers entered that do not exist. Also exception reports should
list transactions that have been processed but which exceed certain pre-
determined limits– for example, employees earning more than $2,000 per

Page 80 of 203
 week or those who worked more than 30 hours of overtime. It is very
important that reports are investigated closely and if necessary data
corrected and re-input. (Control objectives 2 and 4).
- A sample of payroll calculations should be checked by senior responsible
official and the payroll initialled. (Control objective 5)

Payment of Wages As indicated earlier employees should either be paid in cash or by bank
transfer.
- In the case of cash a cheque should be signed, preferably by two senior
responsible officials (normally directors in small companies).
- Once collected from the bank, the cash should be included in pay packets
with payroll slips for subsequent distribution to employees.
- The payroll should be reviewed by a senior responsible official before the
payroll cheque is signed.
- If employees are paid by bank transfer, the list should be reconciled with
payroll sheet and authorised before being sent to the bank. (Control
objectives 2 and 3)
- Two individuals independent of the processing of wages should be involved
in the make up of pay packets and during the wages pay-out. (Control
objective 2)
- Employees’ signatures should be required when wages are collected, as
evidence of receipt.
- If employees are absent their wage packets should be entered in an
uncollected wages book and returned to a safe under the control of an
independent responsible official (eg the cashier).
- There should be a requirement for formal identification procedures to be
carried out on the subsequent collection of wage packets. (Control
objective 2)
Accounting for payroll - Payroll software should automatically transfer total wage costs and
and deductions deductions such as tax and pension contributions to the appropriate
accounts in the general (nominal) ledger.
- Outstanding wages owed to employees or deductions not yet paid over to
the relevant third parties should be accrued and disclosed as ‘other
payables’.
- Monthly comparison of actual and budgeted payroll costs and investigation
of significant variances. (Control objective 6)
- Independent reconciliation of total pay and deductions between one
payroll and the next. (Control objective 6)
- Annual completion of tax returns and reconciliation to total tax deducted.
(Control objective 7)

Page 81 of 203
 The above comparisons and reconciliations should be performed by senior
responsible officials who are independent of the payroll department – for
example, management or financial accounting staff.

Inventory

Purchase Inventory Goods Inventory

Purchase Order Goods Received Sales Order
Requisition Recorded in F/S Despatched Updated in F/S

Recording movements
in inventory/ Counting
Inventory

Control objectives over inventory management are:

− To ensure that movements in inventory are accurately recorded.
− To ensure safe custody of inventory items and to prevent misappropriation.
− To ensure that damaged inventory is identified and held separately.
− Management has accurate and timely information about inventory levels.

Goods Received See control over goods received from the purchase transaction cycle
Goods Despatched See control over goods received from sales transaction cycle
Maintaining Custody - There should be restricted access to inventory, especially high value
of Inventory inventory (e.g., gemstones, electronics etc.)
- Identification of obsolete/slow-moving items of inventory by senior
personnel and ensuring this is held separately to ensure correct valuation.
- Inventory should be transferred to production using pre-numbered
materials requisitions, and sequence checks should be performed
periodically. Exception reports should be reviewed and investigated.
- Goods sold awaiting collection or delivery should be held securely
designated areas.
Periodic The following instructions should be followed when reconciling physical
Reconciliation of inventory with records. This will ensure that the count control is operating
Inventory on hand effectively.
with records 1. There should be adequate supervisory controls, with one individual
assuming overall responsibility for the inventory count.
2. Employees involved in the inventory count should be independent of
those working in the stores and production areas
3. Counters should work in pairs with one counting inventory and the other
recording and checking quantities counted.

Page 82 of 203
 4. Procedures should ensure that items are marked or tagged as ‘counted’
to avoid the possibility of double counting or omission.
5. There should be adequate control over the issue and returning of
inventory control sheets, possibly involving the use of pre-numbered
sheets with returned sheets being agreed to issued sequences for
completeness.
6. Inventory sheets should be completed in ink and signed by the relevant
individuals involved in the counting and recording process.
7. Movement of inventory during the count should be prohibited where
possible and a special quarantine area should be created in which to store
any goods received.
8. In order to minimise disruption to the production process, raw materials
together with parts and finished goods inventories should be counted first
with work-in-progress inventory being counted at the end of the working
day.
9. There should be stringent controls over cut-off issues with careful note
being made of the number of the last goods received, goods returned and
goods despatched and raw materials/parts issued notes prior to the
inventory count.
10. There should be adequate procedures to identify, count and record
inventory that is slow moving or obsolete.

Revenue and Capital Expenditure

Purchase Purchase Asset Purchase Non Current General

Requisition Order Received Invoice Asset Register Ledger
Trial balance F/S

Asset code,
Check if budgeted,
location, supplier
Budget should be
details,
approved. depreciation rates

Capital expenditure is incurred when a business spends money either to buy fixed assets or to add to the
value of an existing fixed asset.

Revenue expenditure is that expenditure which is incurred to maintain the existing capacity of an asset
so that it can do its daily work. Examples of revenue expenditure are cost of raw material and other stores,
salaries and wages, repairs and maintenance, stationery and printing, advertisements, postage,
telephone, travel expenses etc.

Page 83 of 203
The main control objectives over revenue and capital expenditure are to ensure that:
➢ All expenditure is authorized.
➢ Proper segregation of capital and revenue expenses is made.
➢ Expenses are properly accounted for.

The transaction cycle for capital and revenue expenditure is quite similar for purchases. However, certain
additional control points, which are to be ensured, are mentioned below:
➢ Am authorized budget is prepared for all expenditure.
➢ Preparation of a report of capital budget versus actual expenditure.
➢ Preparation of a periodic variance report of those expenses that do not match the budget.
➢ Orders for capital items should be authorised by appropriate levels of management.
➢ A document may be prepared for showing the distinction between capital and revenue expenditure
and for providing guidance on which expenses to be capitalised.
➢ All vouchers of revenue expenditure need to have approval of maintenance manager.
➢ A senior person should check the accounting treatment for the expenses (especially repairs and
maintenance).

Non-Current Asset register

The purpose of a tangible non-current assets register is to list details of all the non-current assets owned
by an entity, in order to facilitate control over those assets. Typically, the register should record cost,
depreciation and net book value information of each asset along with identifying details. For example in
the case of plant and machinery – gross cost, annual depreciation rate, depreciation provision, net book
value, date of acquisition, serial number and description and location of asset.
➢ The register should be updated by individuals who are separated from the acquisition, custody and
disposal of assets.
➢ Periodical reconciliation of non-current register with the general ledger to be done and any
differences to be investigated.
➢ Preparation of an exception report if the non-current register does not match the non-current assets
account maintained in accounts.
➢ Invoices should bear appropriate ledger code (distinguishing revenue items from capital expenditure)
in order to facilitate correct recording.
➢ Depreciation rates should be reasonable and authorised.
➢ Depreciation calculations should be checked
➢ NCA register should be used to confirm physical existence on a periodic basis
➢ To ensure completeness of recording, periodic checks should be made to ensure that assets in
existence are completely recorded in the register.

Page 84 of 203
 Bank and Cash

The main objectives of cash and bank transactions are to ensure that:
➢ All money received is recorded.
➢ All money received is banked.
➢ Money is properly safeguarded.
➢ Payments are made to correct persons and properly recorded.

Controls over Cash receipts

- Regular review of internal control over cash receipts and payments should be conducted by the
Internal Audit Department
- On a daily basis, cash received should be matched with the sales made. This should be done for each
till separately
- Cash should be banked with proper security on a daily basis
- Match bank deposit slips with the cash and cheque receipt register.
- Access to the cash tills should be restricted to authorized individuals only
- Monthly bank reconciliation statements should be performed and differences to be investigated.
These should be reviewed by senior officials.
- Segregation of duties between the person receiving the money, the person depositing it in the bank
and the one making the payments.
- Surprise cash counts by personnel other that the accounts department.
- Cash to be suitably insured for cash in hand, and cash in transit.
- Unused cheques to be kept under lock and key.
- Cheques books to be in the custody of a responsible person
- Minimum cash balance to be maintained needs to be decided. Whenever cash balance exceeds
minimum balance, excess balance deposited to be in the bank.

Main controls on bank and cash

➢ Segregation of duties between the person receiving the money, the person depositing it in the bank
and the one making the payments.
➢ Match bank deposit slips with the cash and cheque receipt register.
➢ Daily cash receipts immediately recorded in the customers’ accounts.
➢ Cash receipt register reconciled daily with the customer accounts.
➢ Periodical management review of the register is to be conducted to ensure that cheques are promptly
deposited into the bank.
➢ Bank reconciliation to be prepared periodically and differences to be investigated.
➢ Cash kept under the custody of the cashier. And there should be restricted access to cashier’s room
➢ Security personnel to accompany the cashier while depositing or withdrawing cash from the bank
➢ Minimum cash balance to be maintained needs to be decided.
➢ Whenever cash balance exceeds minimum balance, excess balance deposited to be in the bank.
➢ Surprise cash counts by personnel other that the accounts department.

Page 85 of 203
➢ Cash to be suitably insured for cash in hand, and cash in transit.
➢ Unused cheques to be kept under lock and key.
➢ Cheques books to be in the custody of a responsible person

Writing the answers for deficiencies

Test of controls
In the exam, you might be asked to:
- Identify and explain deficiencies in the system
- Recommend a control to address each of these deficiencies
- Describe a TEST OF CONTROL the external auditors would perform to assess if each of these controls,
if implemented, is operating effectively.

What is a Test of Control? An audit procedure designed to evaluate the operating effectiveness of controls
in preventing, or detecting and correcting, material misstatements at the assertion level.

Examples of test of controls (also mentioned earlier):

− inspection of documents (e.g. authorizations)

− enquiries about internal controls which leave no audit trail (e.g. is the person who is SUPPOSED to
perform the function actually performing it or is someone else is doing so)
− Reperformance of control procedures (e.g. reconciliations)
− examination of evidence of management views (e.g. minutes of meetings)
− Observation of controls
− Using TEST DATA(CAATs)

If you are confused about how to word a TOC, start with “The auditor should….”

Page 86 of 203
Example from a past exam
Deficiency Control Test of Control
Customer credit limits are set by Credit limits should be set by a The auditor should take a
sales ledger clerks. senior member of the sales sample of new customers
ledger department and not by accepted in the year and review
Sales ledger clerks are not sales ledger clerks. These limits the authorisation of the credit
sufficiently senior and so may should be regularly reviewed by limit, and ensure that this was
set limits too high, leading to a responsible official. performed by a responsible
irrecoverable debts, or too low, official.
leading to a loss of sales.
And/or

The auditor should enquire of

sales ledger clerks as to who can
set credit limits.

Another example from a past exam

Deficiency Control Test of Control
Supplier statement Supplier statement The auditor should review the
reconciliations are no longer reconciliations should be file of reconciliations to ensure
performed. performed on a monthly basis that they are being performed
for all suppliers and these should on a regular basis and that they
This may result in errors in the be reviewed by a responsible have been reviewed by a
recording of purchases and official. responsible official.
payables not being identified in
a timely manner.

Page 87 of 203
 Management Assertions

The Audit Process

Obtaining/Accepting Tests of Substantive Opinion/

Planning Review
Clients Controls Procedures Report

Management is responsible for the preparation of financial statements that give a true and fair view, but
what does this really mean?

For each item in the financial statements, management is making assertions.

The auditors need evidence that these financial statements are valid!

‘In representing that the financial statements are in accordance with the applicable financial reporting
framework, management implicitly or explicitly makes assertions regarding the recognition,
measurement and presentation of classes of transactions and events, account balances and disclosures’.
Consequently, auditors use these assertions when considering the potential types of misstatements
that may occur and when designing and performing appropriate audit procedures.

Transactions include sales, purchases, and wages paid during the accounting period.

Account balances include all the asset, liabilities and equity interests included in the statement of financial
position at the period end.

Page 88 of 203
ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
and Its Environment identifies the following assertions:

1. Assertions about classes of transactions and events and related disclosures for the period under audit
2. Assertions about account balances and related disclosures at the period end

Assertions about classes of transactions and events and related disclosures for the period under audit

1. Occurrence – the transactions and - This means that the transactions recorded or disclosed
events that have been recorded or actually happened and relate to the entity. For example,
disclosed, have occurred, and such that a recorded sale represents goods which were
transactions and events pertain to ordered by valid customers and were dispatched and
the entity. invoiced in the period. An alternative way of putting this
is that sales are genuine and are not overstated.

- Relevant test – select a sample of entries from the sales

account in the nominal ledger and trace to the
appropriate sales invoice and supporting goods
dispatched notes and customer orders.

2. Completeness – all transactions - No omission

and events that should have been
recorded have been recorded and - Relevant test – select a sample of customer orders and
all related disclosures that should check to despatch notes and sales invoices and the
have been included in the financial posting to the sales account in the nominal ledger.
statements have been included.
Note the difference in the direction of the above test. In order
to test completeness, the procedure should start from the
underlying documents and check to the entries in the relevant
ledger to ensure none have been missed. To test for
occurrence the procedures will go the other way and start
with the entry in the ledger and check back to the supporting
documentation to ensure the transaction actually happened.

3. Accuracy – amounts and other - This means that there have been no errors while
data relating to recorded preparing documents or in posting transactions to
transactions and events have been ledgers. The new reference to disclosures being
recorded appropriately, and appropriately measured and described means that the
related disclosures have been figures and explanations are not misstated.
appropriately measured and
described.

Page 89 of 203
 - Relevant test – calculation checks on invoices, payroll,
etc.
4. Cut–off – transactions and events - That transactions are recorded in the correct accounting
have been recorded in the correct period.
accounting period.
- Relevant test – recording last goods received notes and
despatch notes at the inventory count and tracing to
purchase and sales invoices to ensure that goods received
before the year–end are recorded in purchases at the
year end and that goods despatched are recorded in
sales.
5. Classification – transactions and - Transactions recorded in the appropriate accounts – for
events have been recorded in the example, the purchase of raw materials has not been
proper accounts. posted to repairs and maintenance.

- Relevant test – check purchase invoices postings to

nominal ledger accounts.
6. Presentation – transactions and - This means that the descriptions and disclosures of
events are appropriately transactions are relevant and easy to understand. There
aggregated or disaggregated and is a new reference to transactions being appropriately
clearly described, and related aggregated or disaggregated. Aggregation is the adding
disclosures are relevant and together of individual items. Disaggregation is the
understandable in the context of separation of an item, or an aggregated group of items,
the requirements of the applicable into component parts. The notes to the accounts are
financial reporting framework. often used to disaggregate totals shown in the profit or
loss account. Materiality needs to be considered when
judgements are made about the level of aggregation and
disaggregation.

- Relevant test – check the total employee benefits

expense is analysed in the notes to the financial
statements under separate headings– ie wages and
salaries, pension costs, social security contributions and
taxes, etc.

Page 90 of 203
 Assertions about account balances and related disclosures at the period end

1. Existence – assets, liabilities and - Means that assets and liabilities really do exist and there
equity interests exist. has been no overstatement – for example, by the
inclusion of fictitious receivables or inventory. This
assertion is very closely related to
the occurrence assertion for transactions.

- Relevant tests – physical verification of non–current

assets, circularisation of receivables, payables and the
bank letter.

2. Rights and obligations – the entity - Means that the entity has a legal title or controls the
holds or controls the rights to rights to an asset or has an obligation to repay a liability.
assets, and liabilities are the
obligations of the entity - Relevant tests – in the case of property, deeds of title can
be checked. Current assets are often checked to purchase
invoices although these are primarily used to confirm
cost. Long term liabilities such as loans can be checked to
the relevant loan agreement.

3. Completeness – all assets, - That there are no omissions and assets and liabilities that
liabilities and equity interests that should be recorded and disclosed have been. In other
should have been recorded have words, there has been no understatement of assets or
been recorded and all related liabilities.
disclosures that should have been - Relevant tests – A review of the repairs and expenditure
included in the financial account can sometimes identify items that should have
statements have been included. been capitalised and have been omitted from non–
current assets. Reconciliation of payables ledger balances
to suppliers’ statements is primarily designed to confirm
completeness although it also gives assurance about
existence.

4. Accuracy, valuation and allocation - Means that amounts at which assets, liabilities and equity
– assets, liabilities and equity interests are valued, recorded and disclosed are all
interests have been included in the appropriate. The reference to allocation refers to matters
financial statements at such as the inclusion of appropriate overhead amounts
appropriate amounts and any into inventory valuation.
resulting valuation or allocation
adjustments have been
appropriately recorded and

Page 91 of 203
 related disclosures have been - Relevant tests – Vouching the cost of assets to purchase
appropriately measured and invoices and checking depreciation rates and calculations.
described.
5. Classification – assets, liabilities - Means that assets, liabilities and equity interests are
and equity interests have been recorded in the proper accounts.
recorded in the proper accounts. - Relevant tests – the test for transactions of checking
purchase invoice postings to the appropriate accounts in
the nominal ledger will be relevant again. Also, that
research expenditure is only classified as development
expenditure if it meets the criteria specified in IAS 38.
6. Presentation – assets, liabilities - This means that the descriptions and disclosures of assets
and equity interests re and liabilities are relevant and easy to understand. The
appropriately aggregated or points made above aggregation and disaggregation of
disaggregated and clearly transactions also apply to assets, liabilities and equity
described, and related disclosures interests.
are relevant and understandable in - Relevant tests – auditors often use disclosure checklists
the context of the requirements of to ensure that financial statement presentation complies
the applicable financial reporting with accounting standards and relevant legislation. These
framework. cover all items (transactions, assets, liabilities and equity
interests) and would include for example checking that
disclosures relating to non–current assets include cost,
additions, disposals, depreciation, etc.

Methods for testing these assertions/

Procedures to obtain evidence/
Sources of evidence

Audit evidence verifies the correctness of the assertions contained in the financial statements. Audit
evidence can be obtained from different sources.

Inspection Inspection involves examining Example – the physical inspection of a freehold

records or documents, whether office building to verify existence of the building.
internal or external, in paper
form, electronic form, or other Example – the examination of a purchase invoice
media, or a physical examination to vouch the validity of an entry in the trade
of an asset. creditors ledger.

Observation Observation consists of looking at Example – the observation of the counting of

a process or procedure being inventory by an entity’s personnel to ensure that
performed by others they are counted in accordance with procedures
authorised by the management of the entity.

Page 92 of 203
 Example – the observation of the opening of the
mail of an entity to ensure that at least two
employees are present to receive and witness
the receipt of monies received by the entity.
Analytical Analytical procedures consist of Example – the calculation of the average
procedures evaluations of financial remuneration (total wages and salaries divided
information through analysis of by total employees) paid to the employees of an
plausible relationships among entity, to assess the reasonableness of the
both financial and non-financial reported wages and salaries costs as compared
data. Analytical procedures also to a previous equivalent period.
encompass such investigation as
is necessary of identified Example – the calculation of an entity’s trade
fluctuations or relationships that creditors ratio to help assess the reasonableness
are inconsistent with other of bad debt provisions, the effectiveness of credit
relevant information or that differ control and the possibility of under/over
from expected values by a statement of reported sales.
significant amount.

Assertions normally tested by the

analytical procedures are
Completeness, Accuracy,
Valuation and Classification
Inquiry Inquiry consists of seeking Example- inquire of the management whether
information of knowledgeable they have opened/closed any bank accounts
persons, both financial and non- during the year.
financial, within the entity or
outside the entity.
External An external confirmation Example – direct confirmation of a trade
confirmation represents audit evidence receivables balance – to verify the existence of a
obtained by the auditor as a direct trade receivables balance.
written response to the auditor
from a third party, in paper form, Example – letter from a loan company,
electronic form or by other confirming the balance outstanding on a loan –
medium. to verify the loan liability of the company.

Example – a certificate from a specialist,

confirming the value of specific inventories held
– to verify the valuation of inventories.

Page 93 of 203
 Recalculation Recalculation consists of checking Example – checking the accuracy of inventory
the mathematical accuracy of calculations to verify the accuracy of the
documents or records. valuation of reported inventory.
Recalculation may be performed
manually or electronically.

Re- Re-performance involves the Example – Using computer assisted audit

performance auditor’s independent execution techniques to re-perform the ageing of accounts
of procedures or controls that receivable balances.
were originally performed as part
of the entity’s internal control. Example – Re-performing the extraction of a trial
balance from the company’s general ledger.

Example-Re-perform the year end bank

reconciliation to ensure the process was
undertaken accurately.

Sufficient Appropriate evidence

The term ‘audit evidence’ describes the information obtained by the auditors in arriving at the conclusions
on which the audit opinion is based.

Audit evidence comprises source documents and accounting records underlying the financial statements
(subject to audit) and corroborating information from other sources.

The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.

Page 94 of 203
Sufficient Factors affecting sufficiency
(Quantity of evidence)
1. Assessment of risk at the financial statement level and/or the
individual transaction level. As risk increases then more evidence is
required.
2. The materiality of the item. More evidence will normally be collected
on material items whereas immaterial items may simply be reviewed
to ensure they appear correct.
3. The nature of the accounting and internal control systems. The auditor
will place more reliance on good accounting and internal control
systems limiting the amount of audit evidence required.
4. The auditor’s knowledge and experience of the business. Where the
auditor has good past knowledge of the business and trusts the
integrity of staff then less evidence will be required.
5. The findings of audit procedures. Where findings from related audit
procedures are satisfactory (e.g. tests of controls over receivables)
then substantive evidence will be collected.
6. The source and reliability of the information. Where evidence is
obtained from reliable sources (e.g. written evidence) then less
evidence is required than if the source was unreliable (e.g. verbal
evidence).

Appropriate Reliability of evidence

(Quality of evidence) Following are the factors that influence the reliability of audit evidence:
1. Audit evidence is more reliable when it is obtained from independent
sources outside the entity.
2. Audit evidence that is generated internally is more reliable when the
related controls imposed by the entity are effective.
3. Audit evidence obtained directly by the auditor (for example,
observation of the application of a control) is more reliable than audit
evidence obtained indirectly or by inference (for example, inquiry
about the application of a control).
4. Audit evidence is more reliable when it exists in documentary form,
whether paper, electronic, or other medium.
5. Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles.
6. Evidence created in the normal course of business is better than
evidence specially created to satisfy the auditor.
7. The best-informed source of audit evidence will normally be
management of the company (although management’s lack of
independence may reduce its value as a source of such evidence).

Page 95 of 203
 8. Evidence about the future is particularly diffi cult to obtain and is less
reliable than evidence about past events.

Relevance of evidence: Audit evidence should be relevant to the area/

assertions being tested.

Substantive procedure

Substantive procedure is an audit procedure which is designed to detect material misstatements at the
assertion level.

Substantive procedures (or substantive tests) are those activities performed by the auditor that gather
evidence as to the completeness, validity and / or accuracy of account balances and underlying classes of
transactions and related disclosures.

Substantive procedures comprise the following

a) Analytical procedures
b) Tests of details (of classes of transactions, account balances, and related disclosures)

a) Analytical procedures
Analytical procedures mean the analysis of significant ratios and trends. It also involves the
investigation of resulting fluctuations and inconsistent relationships. ISA 520 Analytical Procedures
states that analytical procedures may be applied as substantive procedures. For many areas of the
audit the substantive procedures will be a combination of tests of details and analytical procedures.
The decision about which procedures to use will be based on the auditor’s judgement about the
expected effectiveness and efficiency of the available procedures.

The auditor will need to consider :

- The suitability of analytical procedures to a particular assertion
- The reliability of the data from which the expected amounts or ratios are developed
- Whether the expectation is sufficiently precise to identify a material misstatement

b) Test of detail
Test of detail is carried out for transactions and balances.

Details of transaction
These are tests to obtain evidence of individual debits and credits that make up an account to reach
a conclusion about the account.

The tests can be made through tracing and vouching of transactions.

Tracing: Supporting documents traced to records/account books

Vouching: Records/account books vouched/verified by matching to relevant supporting documents

Page 96 of 203
 Important!

Attempting Questions on Audit Evidence or Audit Procedure

Mini-case studies might be given in the exam

Audit procedures are actions that auditors carry out during the audit. They are also known as ‘audit tests’
or ‘audit work’.

Audit evidence is obtained by the auditor as a result of the audit procedure.

For example, ‘performing a circularisation of receivables/debtors’ is an audit procedure, whereas ‘replies
from customers’ is audit evidence.
Deciding on audit procedure

For each scenario:

1. Think about how the accountant would have:
➢ calculated the numbers in the financial statements,
➢ the source documents used and
➢ the systems followed, and then write about the documents etc, that one would expect to see.
2. Think about how to verify the other relevant facts in each case.
3. Consider the accounting/disclosure requirements of each scenario, and say how one can check if they
are being met.

Answer Technique

- Read the mini-case carefully

- Pick up hints regarding which assertions are being talked about ( for example, is there a
completeness issue or an accuracy issue?
- Think of procedures related to that assertion
- Tailor them to the scenario

Page 97 of 203
 Procedures on Specific Areas
Substantive Procedures on Receivables Key risk: overstatement

Receivables circularization (3rd party confirmation of receivables)

Types of receivable confirmation letters

1. Positive confirmation: Receivable asked to agree or disagree with the stated balance or write the
balance owing.

2. Negative confirmation: Receivable asked to reply only if he disagrees with the balance. This type of
confirmation should only be used when:
• The audit client has a strong internal control system over sales and trade receivables.
• Other good corroborative evidence with regard to the existence of trade receivables has already
been obtained from other tests carried out.
• There are a large number of small balances.
• A substantial number of errors is not expected.

Method of sending confirmation letter

1. Select a sample of debtors to be circularized
2. Inform the client of the intended list.
3. Get the details of the debtors and prepare letters on client’s letterhead.
4. Get the letter signed by a senior person at the client.
5. Record names and amount circularized
6. Post/fax letters ensuring the replies are sent directly to the auditor.
7. Record replies received and test the ones not agreed.
8. For non-replies:
- With the client’s permission, the team should arrange to send a follow up circularisation.
- If the receivable does not respond to the follow up, then with the client’s permission, the senior
should telephone the customer and ask whether they are able to respond in writing to the
circularisation request.
- If there are still non-responses, then the auditor should undertake alternative procedures to
confirm receivables. These procedures include verifying post year end receipts from that
customer, verifying order placement and dispatch documentation and carrying out bad debt
procedures

Page 98 of 203
9. For responses with differences:
i. The auditor should identify any disputed amounts, and identify whether these relate to timing
differences or whether there are possible errors in the records of the client.
ii. Any differences due to timing, such as cash in transit, should be matched with cash received after
the year end
iii. The receivables ledger should be reviewed to identify any possible mispostings as this could be a
reason for a response with a difference.
iv. If any balances have been flagged as disputed by the receivable, then these should be discussed
with management to identify whether a write down is necessary

Substantive testing

Existence 1. Circularization of a sample of period end receivables (discussed above)

2. Verify audit trail from records to source document: Select a sample of
The receivable actually year-end receivable balances and agree back to valid supporting
exists documentation of GDN and sales order to ensure existence
Accuracy, valuation, 1. Circularization of a sample of period end receivables (discussed above)
allocation 2. Invoice: inspect and recalculate
3. Recoverability procedures (bad debts):
Receivables are • Select a significant sample of receivables and review whether there
included in the financial are any after date cash receipts (ensure that a sample of slow
statements at the moving/old receivable balances is also selected)
correct amount • Review the aged receivable ledger to identify any slow moving or old
receivable balances, discuss the status of these balances with the
credit controller to assess whether they are likely to pay
• Calculate average receivable days and compare this to prior year,
investigate any significant differences
• Review customer correspondence to identify any balances which are
in dispute or unlikely to be paid.
• Review board minutes to identify whether there are any significant
concerns in relation to payments by customers.
4. Allowance for doubtful debts:
• recalculate to ensure it is accurate
• ensure rationale/basis reasonable and in line with your
understanding of the client’s business
• written representation from management that the
basis/assumptions are reasonable and that the allowance is
adequate.
• -Inspect post year-end sales returns/credit notes and consider
whether an additional allowance against receivables is required.

Page 99 of 203
 Rights & obligation 1. Circularization of a sample of period end receivables (discussed above)
2. Invoice: inspect to confirm right over the receivable
The receivable belongs
to the client
Completeness 1. Verify audit trail from source document to record:
➢ Select a sample of GDNs and agree to valid supporting
There has been no documentation of invoice.
omission in recording ➢ Ensure these invoices have been entered in the individual ledgers.
of receivables 2. Compare ratios/balances of this period to prior periods and budgets,
investigate any significant differences.
3. Ensure all disclosures relevant to receivables have been made.

Substantive Procedures on Revenue

Substantive Analytical Procedures
− Compare the overall level of revenue against prior year and budget for the year and investigate any
significant fluctuations.
− Perform a proof in total calculation for revenue, creating an expectation of the average price for the
main ‘smart building’ products multiplied by the sales volumes for this year. This expectation should
be compared to actual revenue and any significant fluctuations should be investigated.
− Obtain a schedule of sales for the year broken down into product categories and compare this to the
prior year breakdown and for any unusual movements, discuss with management.
− Calculate the final gross profit margin and compare this to the prior year and investigate any
significant fluctuations.

Tests of Details
− Select a sample of sales invoices for customers and agree the sales prices back to the price list or
customer master data information to ensure the accuracy of invoices.
− For a sample of invoices, recalculate invoice totals including discounts and sales tax.
− Select a sample of credit notes raised, trace through to the original invoice and ensure the invoice has
been correctly removed from sales.
− Select a sample of customer orders and agree these to the dispatch notes and sales invoices through
to inclusion in the detailed sales listing and revenue general ledger accounts to ensure completeness
of revenue.
− Select a sample of dispatch notes both pre and post year end and follow these through to sales
invoices in the correct accounting period to ensure that cut-off has been correctly applied.

Page 100 of 203

 Substantive Procedures on Inventory- Key risk: overstatement

Auditor’s work before the Inventory count

1. Review the prior year audit files to identify whether there were any particular warehouses/areas
where significant inventory issues arose last year
2. Discuss with management whether any of the warehouses this year are new, or have experienced
significant control issues.
3. Consider locations. Ensure all locations are covered OR decide locations the audit team members will
attend, basing this on materiality and risk of each site.
4. Obtain a copy of the proposed inventory count instructions, review them to identify any control
deficiencies and if any are noted, discuss them with management prior to the counts.
5. Arrange to verify any inventory held by 3rd party
6. Establish whether expert help is needed
7. If an internal audit department exists, discuss the procedures that they carried out and review their
working papers.

During Inventory Count

The purpose of an auditor’s attendance at a client’s year-end inventory count is to assess the effectiveness
of the client’s inventory counting procedures in order to determine whether reliance can be placed upon
them to provide assurance about the existence and condition of inventory.

Auditor’s procedures during the count

1. Observe the counting teams to confirm whether the inventory count instructions mentioned above
are being followed correctly.
2. Perform a test of controls (i.e. test the system used for recording, issuing inventory etc.)
3. Cconfirm the procedures for identifying and segregating damaged goods are operating correctly, and
assess inventory for evidence of any damaged or slow moving items.
4. Test the counts that are being done by the client’s representative- Perform two-way testing: Match
physical stock with stock records(completeness) and records with physical stock(existence
5. Check cut-off arrangements- Identify and make a note of the last goods received notes and goods
despatched notes for the year end in order to perform cut-off procedures.
6. Note any inventory that is set aside or specially marked, providing possible indicators that inventory
is not owned by the company
7. Enquire as to the possibility of consignment or third party inventories being held by the company and
record appropriate notes for subsequent follow up
8. Obtain a photocopy of the completed sequentially numbered inventory sheets for follow up testing
on the final audit.

Page 101 of 203

After Inventory Count
1. Discuss any weaknesses discovered during count with the management
2. Match final inventory sheets with the photocopies that you did at the time of inventory count- Check
to ensure that all sheets and records used at the inventory count are included in the final inventory
count sheets and records.
3. Ensure that slow-moving and obsolete inventory lines recorded at the inventory count are properly
highlighted in the sheets and records to be used in the valuation process.
4. Follow-up on any other matters recorded in working papers at time of count

Substantive procedures

Completeness During the inventory count, take a sample of physical inventory and ensure it
is completed recorded in the records/inventory ledger
Existence During the inventory count, select a sample of inventory from the ledger and
verify its physical existence.
Rights and 1. Inspect invoices/supporting documents to confirm right
obligation 2. IF there is any inventory at the 3rd party, confirmed it is owned by the
client by circularizing the 3rd party.
3. IF there is consignment stock, the agreement will need to be inspected to
confirm when risks and rewards(control) are transferred.
Accuracy, 1. Select a representative sample of goods in inventory at the year end,
Valuation. agree the cost per the records to a recent purchase invoice and ensure
Allocation that the cost is correctly stated.
2. For a sample of manufactured items obtain cost sheets and confirm:
• raw material costs to recent purchase invoices
• labour costs to time sheets or wage records
• overheads allocated are of a production nature.

3. Net Realisable Value:

a) For a sample of inventory, review post year end sales to see if
adjustments are required
b) For unsold items, discuss with mngt to determine whether they are
slow moving and provision has been created
c) Review aged inventory reports and identify any slow moving goods,
discuss with management why these items have not been written
down
d) Perform a review of the average inventory days for the current year
and compare to prior year inventory days .Discuss any significant
variations with management.

Page 102 of 203

 e) Compare the gross margin for current year with prior year.
Fluctuations in gross margin could be due to inventory valuation
issues. Discuss significant variations in the margin with management.
f) Follow up any damaged/obsolete items noted by the auditor at the
inventory counts attended, to ensure that the inventory records have
been updated correctly
g) Determine estimated costs to completion. These costs represent
another important element of net realisable value. Determine costs
to be incurred in marketing, selling and distributing directly related to
the items in question.
h) Get a written representation from the management that inventory
has been correctly valued.
4. WIP
a) Cast the schedule of total WIP and agree to the trial balance and
financial statements.
b) Obtain the costing records for a sample of WIP and:
• Agree labour costs to payroll;
• Agree labour hours to time sheets;
• Recalculate the overhead absorption rate

5. Procedures to confirm use of standard costs for inventory valuation

a) Discuss with management the basis of the standard costs applied to the
inventory valuation, and how often these are reviewed and updated.
b) Review the level of variances between standard and actual costs and
discuss with management how these are treated.
c) Obtain a breakdown of the standard costs and agree a sample of these
costs to actual invoices or wage records to assess their reasonableness.

Cut-off Note down the last GDN and GRN for the year. Take a sample of GDNs and
GRNs immediately before AND after the year end and ensure they are
recorded in the correct accounting period

Page 103 of 203

 Inventory Held by Third Parties

Where the entity has inventory that is held by third parties and which is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence by performing one or both of
the following:
• Direct confirmation from the third party regarding quantities and condition (in accordance with ISA
505 External confirmations)
• Inspection or other appropriate audit procedures (if third party's integrity and objectivity are
doubtful, for example)

The other appropriate audit procedures referred to above could include the following:

Procedures to confirm inventory held at third party locations

1. Send a letter requesting direct confirmation of inventory balances held at year end from the third
party regarding quantities and condition.
2. Attend the inventory count (if one is to be performed) at the third party warehouses to review the
controls in operation to ensure the completeness and existence of inventory.
3. Inspecting documentation in respect of third party inventory (eg warehouse receipts)
4. Requesting confirmation from other parties when inventory has been pledged as collateral

Audit procedures for continuous (perpetual) inventory counts

In order that the company’s auditors may rely on the company’s revised continuous inventory checking
system, the auditor should ensure that:
I. Inventory records are kept up to date.
II. All inventory lines are counted at least once a year with higher value and desirable lines being counted
more frequently.
III. The counting of inventory is carried out by suitably experienced independent individuals in a
systematic and orderly manner.
IV. All corrections to inventory records are authorised by a responsible official of the company.
V. Any material discrepancies noted between inventory records and physical quantities are investigated
immediately and reported to management for immediate further follow up as appropriate.
VI. There are satisfactory procedures with regard to cut-off and receipt/issue documentation at the time
of inventory counts.

Procedures
1. The audit team should attend at least one of the continuous (perpetual) inventory counts to review
whether the controls over the inventory count are adequate.
2. The audit team should confirm that all of the inventory lines have been counted or are due to be
3. counted at least once a year by reviewing the schedules of counts undertaken/due to be undertaken.
4. Review the adjustments made to the inventory records on a monthly basis to gain an understanding
of the level of differences arising on a month by month basis.

Page 104 of 203

5. If significant differences consistently arise, this could indicate that the inventory records are not
adequately maintained. Discuss with management how they will ensure that year-end inventory will
not be under or overstated.
6. Consider attending the inventory count at the year end to undertake test counts of inventory from
records to floor and from floor to records in order to confirm the existence and completeness of
inventory.

Substantive testing: Property, Plant & Equipment Key risk: overstatement

Completeness 1. Take a sample of physical assets and ensure they are completely recorded
in the NCA Register
2. Re-perform the NCA Register reconciliation to the General Ledger
3. Obtain a breakdown of additions, cast the list and agree included in the
non-current assets register to confirm completeness of PPE.
4. Review the repairs and maintenance ledger to ensure capital expenditure
has not been accidently expensed off
Existence 1. Select a sample of assets from the NCA Register and inspect them to verify
their physical existence
2. Ensure disposed-off assets have been removed from the NCA Register as
they no longer exist.
Rights & Obligation 1. Inspect the ownership documents (title deeds, registration documents etc)
to ensure they are in client’s names.
2. Review insurance policies to confirm the asset is in client’s name.
Accuracy, Additions during the year
valuation, 1. Select a sample of additions and agree cost to supplier invoice to confirm
allocation valuation.
2. Ensure all additions were authorized by inspecting the minutes of the board
meetings
3. Review the list of additions and confirm that they relate to capital
expenditure items rather than repairs and maintenance.

Disposals during the year

1. Disposal proceeds matched to supporting documents such as invoices and
to cash book and bank statement
2. Verify that the correct cost and depreciation has been removed from the
records
3. Recalculate profit/loss on disposal agree to the statement of profit or loss
4. Check authorising documentation to ensure that the disposal was
appropriately authorised
5. Examine the sales documentation relating to the disposal and ensure that
the sale details match those in the authorising documentation.

Page 105 of 203

 Revaluation
1. Obtain a schedule of assets revalued this year and cast to confirm
completeness and accuracy of the revaluation adjustment.
2. Ensure all similar assets have been revalued
3. Verify depreciation has been calculated on the revalued amount
4. Agree the valuation to the expert’s report
5. Inspect the valuer’s report to ensure the valuer was skilled and independent
6. Agree the revalued amounts for these assets are included correctly in the
non-current assets register.
7. Review the financial statements disclosures of the revaluation to ensure
they comply with IAS 16

Depreciation
1. Review the depreciation policy of the company to ensure that it is
consistent and appropriate(this can be done by comparison with last year
and with industry practice)
2. recalculate and re-perform depreciation charge to ensure its accuracy.
3. assess depreciation method is reasonable:
 compare with last year
 compare with industry practice
 review NCA Register with Net Book Value of zero which are still in use
 review NCA Register for excessive profit/loss on disposal. Enquire from
the management the reason for this.
4. enquire from the management whether they consider the depreciation
method to be reasonable- obtain a ‘written representation’
5. Review the disclosure of the depreciation charges and policies in the draft
financial statements.

General
Review the disclosure of the additions and disposals in the draft financial
statements and ensure it is in line with IAS 16 Property, Plant and Equipment.

Repairs and Maintenance

1. Obtain a schedule of the expenditure and cast to ensure accuracy.
2. For those items treated as capital and included with property, plant and equipment, agree to purchase
invoices and ascertain whether they are in fact of a capital nature.
3. For items treated as repairs, agree to invoices to ensure they are not of a capital nature and that they
have been correctly expensed to the statement of profit or loss (income statement).

Page 106 of 203

 Intangible assets

1. Obtain and cast a schedule of intangible assets, detailing opening balances, amount capitalised in the
current year, amortisation and closing balances.
2. Agree the opening balances to the prior year financial statements.
3. Agree the closing balances to the general ledger, trial balance and draft financial statements.
4. Recalculate the amortisation charge for a sample of intangible assets and confirm it is line with the
amortisation policy.

Research and Development

1. For those expensed as research, agree the costs incurred to invoices and supporting documentation
and to inclusion in profit or loss.
2. For those capitalised as development, agree costs incurred to invoices and confirm technically feasible
by discussion with development managers or review of feasibility reports.
3. Review market research reports to confirm client has the ability to sell the product once complete
and probable future economic benefits will arise.
4. Review the disclosures for intangible assets in the draft financial statements are in accordance with
IAS 38 Intangible Assets.

An acquired brand/patents/license.

1. Review board minutes for evidence of discussion of the purchase of the acquired brand, and for its
approval.
2. Agree the cost to the company’s cash book and bank statement.
3. Obtain the purchase agreement and confirm the rights of client in respect of the brand.
4. Discuss with management the estimated useful life of the brand and obtain an understanding of how
the useful life has been determined.
5. Recalculate the amortisation expense for the year and agree the charge to the financial statements
6. Confirm adequacy of disclosure in the notes to the financial statements.

Page 107 of 203

 Bank and cash
General 1. Agree the bank balance on the trial balance to
procedures - the year end bank balance on the computer system, and
- the balance on the financial statements.
2. Review the cash book and bank statements for any unusual items or large
transfers around the year end, as this could be evidence of window dressing.
3. Review the financial statements to ensure that the disclosure of cash and bank
balances are complete and accurate.

Bank Procedure for obtaining a bank letter

confirmation 1. The auditor will produce a confirmation letter in accordance with local audit
letter regulations and practices.
2. The letter will be sent to the client to sign and authorise disclosure and then it
will be forwarded on to the client’s bank. (Alternatively, the client may already
have provided a standard authority for the bank to respond to a bank letter
each year. In this case separate authority would not be required.)

Ideally the letter should be sent before the end of the accounting period to enable
the bank to complete it on a timely basis e.g. at the year-end.

3. The bank will complete the letter and send it back directly to the auditor.

Contents of a bank letter

The following matters should be confirmed in the confirmation from the company’s
bank:
1. Titles and account numbers of all bank accounts held in the name, joint name
or trade name of client at the year end
2. Confirmation of balances held in those accounts at the year end
3. Full details of interest charged or received on accounts held during the year if
not specified on bank statements.
4. Details of overdrafts and loans repayable on demand together with details of
other loans and facilities.
5. Details of any assets of client which are held as security by the bank.
6. Details of any other assets held by the bank, for example share certificates,
documents of title or deed boxes.
7. Accounts with nil balance
8. Details of accounts closed in the last 12 months
9. A list of branches of the bank, or other banks, or associated companies where
it is known that a relationship has been established with the client.

Page 108 of 203

 Audit procedures on the bank letter include:
1. Agree the balances for each bank account to the relevant bank reconciliation
and the yearend balance in the financial statements.
2. Agree total interest charges on the letter to the interest expense account in
the general ledger.
3. For any details of loans, ensure repayment terms are correctly disclosed in the
financial statements between current and non-current liabilities.

Period-end Bank Obtain a copy of client’s bank reconciliation and perform the procedures below:
Reconciliation 1. Cast the reconciliation to check arithmetical accuracy
Statement (BRS) 2. Agree the bank balance to the trial balance.
3. Agree the reconciliation’s balance per the cash book to the year-end cash
book.
4. Agree the balance per the bank statement to an original year-end bank
statement and also to the bank confirmation letter.
5. Trace all of the outstanding lodgments to the pre-year-end cash book, post
year-end bank statement and also to paying-in-book per year end.
6. Trace all un-presented cheques through to a pre-year-end cash book and post
year-end statement. For any unusual amounts or significant delays obtain
explanations from management.
7. Examine any old un-presented cheques to assess if they need to be written
back into the purchase ledger as they are no longer valid to be presented.

Completeness 1. Agree all balances listed on the bank confirmation letter to client’s bank
reconciliations or the trial balance to ensure completeness of bank balances.
2. Examine the bank confirmation letter for details of any security provided by
client as this may require disclosure.

Cash
Generally, cash balance is immaterial to the financial statements. However, cash is an area which is prone
to fraud, especially if the internal controls are not efficient. That is why cash verification is an important
audit procedure for internal auditors.

Physical verification of cash

Cash balances include the hard cash, unbanked cheques, credit card slips and IOUs. That is why all cash
balances need to be counted at the same time.

The audit working papers relating to the cash count will include the date of the count, time of the count,
name and signature of staff conducting the count and the name of the client’s staff available at the count.

Page 109 of 203

 Audit procedures for cash
The main audit work involved in verifying cash balances is a physical count.
Audit procedures include the following:
• The auditor should count cash at all locations simultaneously and in the presence of a company
official. (Simultaneous counting is necessary, to prevent the client from moving cash that has been
counted at one location to another location ready for the next count.)
• After the count the auditor should obtain a signed receipt for the amount of cash returned to the
official,
• The auditor should check the cash balance obtained from the count against the client's cash records
and cash balance in the draft financial statements.
• Where appropriate, the auditor should also investigate the treatment of any money advances to
employees (for example, against wages or salary).

Substantive testing: Trade Payables- Key risk: understatement

Completeness 1. Check reconciliation of supplier account statements to trade payable ledger

balances, prepared by client. Enquire into any abnormalities and carry out
further reconciliations as required.
2. Obtain year-end supplier statements:
➢ Agree the balance on the statement to the individual account in client’s
payables ledger.
➢ Where necessary, reconcile the balances taking into account cash and
invoices in transit.
3. Compare trade payables individually and in total to prior, investigate any
significant difference, in particular any decrease for this year.
4. Calculate the trade payable days and compare to prior years, investigate any
significant difference.
5. Current supplier list matched to last year’s supplier list and explanations sought
for suppliers missing this year
6. Select population from purchase invoices received after the year-end. Trace to
evidence of goods receipt and where goods received prior year-end, ensure
invoice amount included in purchase accrual
7. Post year end payments reviewed. If they relate to purchases made before the
year end, ensure they were recorded as a liability at the year end!

8. Verify the Audit trail from source document to records (Take a sample of GRNs prior
to the end of the year and trace to purchase invoice. Ensure a liability has been
recorded)

Page 110 of 203

Accuracy, 1. Supplier circularization (rare in practice)
Valuation, 2. Verify supporting documentation (Purchase order Goods Received Note,
Allocation Invoice)
3. Supplier statements reconciled to individual supplier accounts (as above)
Cut-off 1. Select a sample of GRNs before the year end and after the year end and follow
(purchases) through to inclusion in the correct period’s payables balance, to ensure correct
cut-off.
2. Review after date payments; if they relate to the year under audit, then follow
through to the purchase ledger listing to ensure they are recorded in the correct
period
Existence 1. Supplier circularization (rare in practice)
2. Verify the Audit trail from records to source documents (individual ledger to
purchase invoice and Goods Received Note)

Substantive procedures for supplier statement reconciliations

1. Select a representative sample of year-end supplier statements and agree the balance to the
purchase ledger. If the balance agrees, then no further work is required.
2. Where differences occur due to invoices in transit, confirm from goods received notes (GRN) whether
the receipt of goods was pre year end, if so confirm that this receipt is included in year-end accruals.
3. Where differences occur due to cash in transit from client to the supplier, confirm from the cashbook
and bank statements that the cash was sent pre year end.
4. Discuss any further adjusting items with the purchase ledger supervisor to understand the nature of
the reconciling item, and whether it has been correctly accounted for.

Why supplier circularization is rare in practice

Third party evidence is a good source of audit evidence and a large proportion of the documentation
available when auditing trade payables is produced by third parties, for example, suppliers’ invoices,
statements and correspondence.

A trade payables circularisation may however be deemed appropriate where:

 supplier statements are, for whatever reason, unavailable.
 only faxed or photocopied supplier statements are available and there is some doubt as to their
authenticity.
 the auditor or the company, suspect that fraudulent manipulation with regard to supplier payments
is taking place within the company.

Page 111 of 203

 Substantive testing: Accruals

1. Obtain or prepare a listing of accruals as at the end of the reporting period.

2. If the list is prepared by the client company, check the calculations and additions far arithmetical
accuracy. Check the amounts in the listing against the balances in the relevant main ledger expense
accounts and ensure that the amounts are the same.
3. Sample check computations of accruals by comparing to earlier relevant invoices and payment
records.
4. Review the bank statement for post year end payments that may relate to services used before the
year end. Trace these items to the accruals listing.
5. Compare the list of accruals to those for the previous period to obtain assurance as to the
completeness of the accruals.
6. Review the list of accruals for completeness, based on the auditor's knowledge of the business. The
auditor will review expense categories included in the income statement to identify areas of possible
accruals and check to list of accruals for inclusion.
7. Relate items on the list of accruals to other audit areas, such as the bank confirmation letter (which
might provide details of unpaid/accrued bank charges).
8. Test transactions around the accounting period end to determine whether amounts have been
recognised in the correct period.

Substantive testing: Payroll

Substantive Analytical procedures

1. Compare the total payroll expense to the prior year and investigate any significant differences.
2. Review monthly payroll charges, compare this to the prior year and budgets and discuss with
management for any significant variances.
3. Perform a proof in total of total wages and salaries, incorporating joiners and leavers and the annual
pay increase. Compare this to the actual wages and salaries in the financial statements and investigate
any significant differences.

Other procedures

1. Cast a sample of payroll records to confirm completeness and accuracy of the payroll expense.
2. For a sample of employees, recalculate the gross and net pay and agree to the payroll records to
confirm accuracy.
3. Re-perform the calculation of statutory deductions to confirm whether correct deductions for this
year have been made in the payroll.
4. Select a sample of joiners and leavers, agree their start/leaving date to supporting documentation,
recalculate that their first/last pay packet was accurately calculated and recorded.

Page 112 of 203

5. Agree the total net pay per the payroll records to the bank transfer listing of payments and to the
cashbook.
6. Agree the individual wages and salaries per the payroll to the personnel records for a sample to
confirm bona fide employees.
7. Select a sample of weekly overtime sheets and trace to overtime payment in payroll records to
confirm completeness of overtime paid.

Substantive testing: Accrual for income tax payable on employment income

1. Agree the year-end income tax payable accrual to the payroll records to confirm accuracy.
2. Re-perform the calculation of the accrual to confirm accuracy.
3. Agree the subsequent payment to the post year-end cash book and bank statements to confirm
completeness.

Substantive testing: Corporation tax

1. Agree the year end tax liability back to the year end tax computation.
2. Agree the year end tax liability to the post year end payment to the tax authorities.
3. Agree the corporation tax liability to the amount owed as per correspondence from the tax
authorities.

Substantive testing: Long term loans

Completeness of new Review Board minutes for evidence of new loans being taken out in the
loans during the year year and ensure they have been recorded.

Inspect the bank statements for the year for evidence of a significant
deposit, which may be proceeds of a loan.
Loan balance - Loan statement from the bank.
- Bank letter
-amount of the loan - Loan agreement
-the rate of interest
chargeable
-any security provided
-repayment terms.

Finance cost - Recalculate expected interest charges during the year and compare to
the client’s figure.

Page 113 of 203

 Other procedures ( - Verify the amount of the loan outstanding at the balance sheet date
presentation and and ensure that this is accurately stated and fully disclosed in the
disclosure) company’s balance sheet. The amount of the loan outstanding should
be disclosed as repayable within 12 months and repayable after 12
months from the balance sheet date.
- Check the note to the company’s financial statements to ensure that
full disclosure is made with regard to any security for the loan.

1. If it’s an old loan with balance outstanding at the year end, agree the opening balance of the bank
loan to the prior year audit file and financial statements.
2. For any loan payments made during the year, agree the cash outflow to the cash book and bank
statements.
3. Agree loan balances back to the loan statement from the bank.
4. Inspect the bank confirmation letter for details of loans and overdrafts and trace these amounts to
the balance sheet to ensure they have been recorded.
5. Review Board minutes for evidence of new loans being taken out in the year and ensure they have
been recorded.
6. Inspect the bank statements for the year for evidence of a significant deposit, which may be proceeds
of a loan.
7. Recalculate expected interest charges during the year and compare to the client’s figure.
8. Verify the amount of the loan outstanding at the balance sheet date and ensure that this is accurately
stated and fully disclosed in the company’s balance sheet. The amount of the loan outstanding should
be disclosed as repayable within 12 months and repayable after 12 months from the balance sheet
date.
9. Examine the loan agreement to verify the amount of the loan, the rate of interest chargeable, the
security provided and the repayment terms.
10. Review the loan agreement for details of covenants and recalculate to identify any breaches in these.
11. Agree closing balance of the loan to the trial balance and draft financial statements.
12. Review that the F/S disclosures are adequate, including any security provided and that the disclosure
is in accordance with accounting standards and local legislation.

Page 114 of 203

 Substantive testing: Accounting estimates

Accounting estimates are approximations. Approximations are often made in conditions of uncertainty
regarding the outcome of events.

When transactions involve precise amounts and are supported by specific documents, verification is
relatively easier. However, this comfort is not available in the case of accounting estimates. There is
greater risk of material misstatement. Therefore greater care is needed when auditing them.

The auditor should adopt one or a combination of the following approaches in the audit of an estimate:
– review and test the process used by management to develop the estimate – use an independent
estimate for comparison with that prepared by management – review subsequent events which
confirm the estimate made.

Exam focus: Provision for fines/penalties, provision for legal claims, provision for restructuring(detailed
formal plan, valid expectation raised in those affected, implementation of plan started/public
announcement, DO NOT include retraining/relocation, marketing expenses etc.), provision for warranties,
provision for redundancies, Fair Value

Review and test the process used by 1. Enquire of management how the accounting
management to develop the estimate estimate is made
2. Enquire of management data on which it is
based-the data used should be accurate,
complete and assumptions reasonable.
3. Review the method of measurement used and
assess the reasonableness of assumptions
made.
Use an independent estimate for comparison with that prepared by management. The estimate can
be made by the auditor OR obtained from an expert.
Review subsequent events which confirm the estimate made.
- Obtain written representations from management and, where appropriate, those charged with
governance whether they believe significant assumptions used in making accounting estimates are
reasonable.
- Ensure disclosures relating to accounting estimates are adequate and complete.
- If applicable, compare with last year to evaluate reasonableness of the estimate.
- If applicable, compare last year’s estimated with actual result to evaluate reasonableness of the
estimate.

Further explanation of the procedures above

1. Recalculate to ensure accuracy
2. Review process used by the management and controls over how the estimate was made.

Page 115 of 203

3. Enquire of management how the accounting estimate is made and the data on which it is based-the
data used should be accurate, complete and assumptions reasonable.
4. Review the method of measurement used and assess the reasonableness of assumptions made.
Review the judgments and decisions made by management in the making of accounting estimates to
identify whether there are indicators of possible management bias.
5. Test the operating effectiveness of the controls over how management made the accounting
estimate.
6. Develop an expectation of the possible estimate or a range of amounts to evaluate management’s
estimate.
7. Obtain written representations from management and, where appropriate, those charged with
governance whether they believe significant assumptions used in making accounting estimates are
reasonable.
8. Review expert’s report if applicable
9. Determine whether events occurring up to the date of the auditor’s report (after the reporting period)
provide audit evidence regarding the accounting estimate.
10. To confirm the probability and amount of a provision (or the need of a contingent liability disclosure):
- Inspect pinutes of board meetings
- Inspect client’s Correspondence with any 3rd party
- Inspect Other documents (copy of claims, copy of laws etc.)
- Enquire from a relevant 3rd party
11. Ensure disclosures relating to accounting estimates are adequate and complete
12. If applicable, compare with last year to evaluate reasonableness of the estimate.
13. If applicable, compare last year’s provision with actual result to evaluate reasonableness of the
estimate.
14. Fair Value: Expert’s report
Examples extracted from past exams- read through them rather than rote learning them!
Scenario: Law suit filed by a former (ex) employee for unfair dismissal- decision pending

Substantive procedures to confirm completeness of provisions or contingent liability:

o Discuss with management the nature of the dispute between the client and the former employee
to ensure that a full understanding of the issue is obtained and to assess whether an obligation
exists.
o Review any correspondence with the former employee to assess if a reliable estimate of any
potential payments can be made.
o Write to the company’s lawyers to obtain their views as to the probability of the ex-employeer’s
claim being successful.
o Review board minutes and any company correspondence to assess whether there is any evidence
to support the former employee’s claims of unfair dismissal.
o Obtain a written representation from the directors of client confirming their view of chances of a
successful claim.

Page 116 of 203

Scenario: sales ledger department is being made redundant and a redundancy provision has been
included in the financial statements.

Substantive procedures to verify redundancy provision

o Discuss with the directors as to whether they have formally announced their intention to make
the sales ledger department redundant, to confirm that a present obligation exists at the year
end.
o If announced before the year end, review supporting documentation to verify that the decision
has been formally announced.
o Review the board minutes to ascertain whether it is probable that the redundancy payments will
be paid.
o Obtain a breakdown of the redundancy calculations by employee and cast it to ensure
completeness.
o Recalculate the redundancy provision to confirm completeness and agree components of the
calculation to supporting documentation.
o Review the post year-end period to identify whether any redundancy payments have been made,
compare actual payments to the amounts provided to assess whether the provision is reasonable.
o Obtain a written representation from management to confirm the completeness of the provision.
o Review the disclosure of the redundancy provision to ensure compliance with IAS 37 Provisions,
Contingent Liabilities and Contingent Assets.

Scenario: Customers of a hotel have filed a law suit claiming they got food poisoning- directors do
not feel a provision is needed

1. Review the correspondence from the customers claiming food poisoning to assess whether client
has a present obligation as a result of a past event.
2. Send an enquiry letter to the lawyers of client to obtain their view as to the probability of the
claim being successful.
3. Review board minutes to understand whether the directors believe that the claim will be
successful or not.
4. Review the post year-end period to assess whether any payments have been made to any of the
claimants.
5. Discuss with management as to whether they propose to include a contingent liability disclosure
or not, consider the reasonableness of this.
6. Obtain a written management representation confirming management’s view that the lawsuit is
unlikely to be successful and hence no provision is required.
7. Review the adequacy of any disclosures made in the financial statements.

Page 117 of 203

 Scenario: Reorganisation provision has been made

1. Review the board minutes where the decision to reorganise the business was taken, ascertain if
this decision was made pre year end.
2. Review the announcement to shareholders to confirm that this was announced before the year
end.
3. Obtain a breakdown of the reorganisation provision and confirm that only direct expenditure from
restructuring is included.
4. Review the expenditure to confirm that there are no retraining costs included.
5. Cast the breakdown of the reorganisation provision to ensure correctly calculated.
6. For the costs included within the provision, agree to supporting documentation to confirm validity
of items included.
7. Obtain a written representation confirming management discussions in relation to the
announcement of the reorganisation.
8. Review the adequacy of the disclosures of the reorganisation in the financial statements to ensure
they are in accordance with IAS 37 Provisions, Contingent Liabilities and Contingent Assets.

Substantive testing: Capital and Other Issues

Share (equity) capital

1. Review board minutes to confirm the issue of additional share capital during the year.
2. Agree the issue of shares is permitted from a review of any statutory constitution agreements in place
(Where local law requires that companies should have an authorised share capital, the auditor should
check that the total authorised capital in the draft financial statements is consistent with the
company's constitution)
3. Inspect the cash book and bank statements for evidence of cash receipts from the share issue.
4. Recalculate the split of proceeds between the nominal value of shares and premium on issue and
agree correctly recorded within share capital and share premium account.
5. Review the disclosure of the share issue in the draft financial statements and ensure it is in line with
relevant accounting standards and local legislation.
6. Check that the amount reported as issued share capital agrees with the amount recorded in the
register of members/shareholders, if the company has such a register. (In some countries there is a
legal requirement to maintain a register of members.)

Substantive procedures: reserves

The auditor-will usually carry out tire following substantive procedures on reserves:
• Obtain an analysis of movements on all reserves during the period.
• Check the accuracy of these movements by checking supporting documentation.

Page 118 of 203

• Ensure that any specific legal requirements relating to reserves have been complied with. (For
example, check that the entity has not breached legal restrictions on use of the share premium
account.)
• Confirm that dividends have been deducted only from those reserves that are legally distributable
(usually the accumulated profits reserve/retained earnings).
• Check the authorisation for the amount of dividends paid by reviewing board minutes.
• Check the dividend calculations and check that the total dividends paid are consistent with the
amount of issued share capital at the relevant date.

Directors’ Emoluments

Emoluments include compensation paid for the services provided by the directors to the company and
reward for entrepreneurial contribution.

The various components of emoluments include:

− Basic salary
− Bonuses
− Share options
− Pension contributions
− Other benefits (e.g. provision of a company car, rented accommodation, health insurance etc.)

Main procedures for directors’ bonus and remuneration

1. Obtain a schedule of the directors’ remuneration including any bonus paid and cast the addition of
the schedule.
2. Agree the individual bonus payments to the payroll records.
3. Confirm the amount of each bonus paid by agreeing to the cash book and bank statements.
4. Review the board minutes to confirm whether any additional bonus payments relating to this year
have been agreed.
5. Obtain a written representation from management confirming the completeness of directors’
remuneration including the bonus.
6. Review any disclosures made of the bonus and assess whether these are in compliance with local
legislation

Other procedures:
- Verify the accuracy of the emoluments recorded by recalculating the amount of emoluments
applicable to the directors with the recommendations of the remuneration committee.
- For all performance related bonus, verify the correctness of the bonus by comparing the bonus with
the achievement of the performance related targets i.e. ensure that performance related bonus is
supported with appropriate achievement of targets.
- Loyalty bonuses are given when a person completes a certain number of years in a company. Verify
the accuracy of the payments made along with adherence to the conditions of the loyalty bonus.

Page 119 of 203

- Verify the directors’ rent accounts for the directors’ accommodation and trace entries therein with
the approvals of the remuneration committee and also confirm the correctness of the values with the
rent agreement.
- Verify the directors’ health insurance accounts paid for the directors and trace entries therein with
the approvals of the remuneration committee and also confirm the correctness of the values with the
insurance policies.

Relying on work of others

In certain cases, auditors may rely on the work of third parties when gathering their audit evidence.
• Experts such as: lawyers; valuation experts;
• The client’s internal auditors (who have reviewed the internal controls).
• Service organization ( who work has been outsourced to by client)
• Another firm of external auditors (who may for example be auditing an overseas subsidiary of our
client).

Why?
- Avoid duplication of work
- Improve efficiency and effectiveness
- Improve trust of shareholders
- Reduce cost

Reliance on the work of an expert

ISA 500 Audit Evidence requires auditors to evaluate the competence, capabilities including expertise and
objectivity of a management expert.

1. Are they suitably qualified? (member of a professional body or industry association)

2. Do they have the experience?
3. Are they independent of the client?
4. The auditor should meet with the expert and discuss with them their relevant expertise in order to
understand their field of expertise.
5. Evaluating the Adequacy of the Expert’s Work (the audit procedures carried out to evaluate the work
done by the expert!)
a) the relevance and reasonableness of that expert’s findings or conclusions, and their consistency
with other audit evidence
b) If that expert’s work involves use of significant assumptions and methods, the relevance and
reasonableness of those assumptions and methods in the circumstances
c) Adequacy and appropriateness of source data

Page 120 of 203

Audit considerations relating to entities using service organisations
Service organisation: third-party organisation providing services to user entities that are part of those
entities’ information systems relevant to financial reporting

When any work is outsourced to the service organisation, the auditor should consider its impact on the
internal control of the entity.

If the auditor concludes that outsourcing to service organisation significantly affects the accounting and /
or internal control system of the entity, they should obtain sufficient understanding of the entity and its
environment, including the internal control.

This will help him in assessing the risk of material misstatement and designing and performing further
audit procedures

Factors auditors should consider in relation to client’s use of the service organisation include:

1. The audit team should gain an understanding of the services being provided by the service
organisation , including the materiality of that area and the basis of the outsourcing contract.
2. They will need to assess the design and implementation of internal controls at the service
organisation
3. The team may wish to visit the service organisation and undertake tests of controls to confirm the
operating effectiveness of the controls.
4. If this is not possible, auditors should contact the service organisation’s auditors to request either
a type 1 (report on description and design of controls) or type 2 report (on description, design and
operating effectiveness of controls).
5. The auditor is responsible for obtaining sufficient and appropriate evidence, therefore no reference
may be made in the audit report regarding the use of information from the service organisation’s
auditors

Page 121 of 203

Writing the Answers

Page 122 of 203

 The Review Stage of Audit
The Audit Process
Obtaining/Accepting Tests of Substantive Opinion/
Planning Review
Clients Controls Procedures Report

Subsequent events review

Exam Questions
- Adjusting or non-adjusting?
- Auditor’s responsibilities
- Procedures
- Impact on opinion
Adjusting event: An event after the reporting period that provides further evidence of conditions that
existed at the end of the reporting period, including an event that indicates that the going concern
assumption in relation to the whole or part of the enterprise is not appropriate.
Non-adjusting event: An event after the reporting period that is indicative of a condition that arose after
the end of the reporting period.

Events after the balance sheet date

ADJUSTING NON-ADJUSTING

Provide additional evidence Concern conditions which did not

of conditions existing at the exist at the balance sheet date
balance sheet date

Adjust the financial Impacts going concern Does not impact going
statements to reflect the concern
event

Adjust the financial Do not adjust the

statements to present financial statements
on an alternative basis
(break-up basis)

If important to users
understanding disclose
in a note:
nature of event
estimate of financial
effect

Page 123 of 203

Examples of adjusting events
→ The bankruptcy of a customer indicates that their debt was irrecoverable at the reporting date
→ The sale of inventory at less than cost indicates that it should have been valued at NRV in the accounts
→ The resolution after the reporting date of a court case giving rise to a liability
→ Invoices received in respect of goods or services received before the year end
→ Discovery of fraud or errors showing that financial statements were incorrect
→ Determination of employee bonuses
→ The tax rates applicable to the financial year are announced
→ The auditors submit their fee

Examples of non-adjusting events

 Destruction of major assets in natural disasters

 A purchase or sale of a non-current asset
 The announcement of plans to discontinue an operation
 Dividends declared on equity after the reporting date

Auditor’s responsibilities-ISA 560

Page 124 of 203

For the purposes of ISA 560, subsequent events are those events that occur between the reporting date
and the date of approval of the financial statements and the signing of the auditor’s report.

Page 125 of 203

 Period between the year-end date and the date the auditor’s report is signed

The auditor shall perform audit procedures designed to obtain sufficient appropriate audit evidence
that all events occurring between the date of the financial statements and the date of the auditor’s
report that require adjustment of, or disclosure in, the financial statements have been identified.

A. Review procedures management has established to ensure that subsequent events are identified.
B. Inspect: Read minutes of board meetings, shareholder meetings and audit committees that have
taken place since the year-end.
C. Obtain and review the latest available interim financial statements and/or management accounts,
budgets and other related management reports.
D. Perform normal post balance sheet work (e.g. checking receipts from trade receivables after the
yearend)
E. Enquire of the entity’s legal counsel concerning litigation and claims.
F. Enquire of management as to whether any subsequent events have occurred which might affect
the financial statements
G. Checking whether any events have occurred that could call into question the validity of the going
concern assumption

Facts discovered after the date of the auditor’s report but before the date the financial statements are
issued.

The auditor does not have any responsibility to perform audit procedures or make any enquiry
regarding the financial statements or subsequent events after the date of the auditor’s report.

In this period, it is the responsibility of management to inform the auditor of facts which may affect the
financial statements.

When the auditor becomes aware of a fact which may materially affect the financial statements, the
matter should be discussed with management.

If the financial statements are appropriately amended then a new audit report should be issued, and
procedures relating to subsequent events should be extended to the date of the new audit report.

If management do not amend the financial statements to reflect the subsequent event, in
circumstances where the auditor believes they should be amended, a qualified or adverse opinion of
disagreement should be issued.

Page 126 of 203

Facts discovered after the financial statements have been issued.

After the financial statements have been issued, the auditor has no obligation to perform any audit
procedures regarding such financial statements. However, if, after the financial statements have been
issued, a fact becomes known to the auditor that, had it been known to the auditor at the date of the
auditor’s report, may have caused the auditor to amend the auditor’s report, the auditor shall:

(a) Discuss the matter with management and, where appropriate, those charged with governance;

(b) Determine whether the financial statements need amendment; and, if so,

(c) Inquire how management intends to address the matter in the financial statements.

If management amends the financial statements, the auditor shall:

(a) Carry out the audit procedures necessary in the circumstances on the amendment.

(b) Review the steps taken by management to ensure that anyone in receipt of the previously issued
financial statements together with the auditor’s report thereon is informed of the situation.

Event specific procedures

 Confirm event( maybe through enquiry, inspection or

observation) and calculate impact on financial statements(if
any or the need for a disclosure

 Discussion with the management ( any adjustments to be

made, disclosure to be given, impact on going concern etc.)

 Enquire: from any relevant 3rd party to get further evidence

about the event( insurance company,lawyers, customer etc
)

 Review: minutes of the board meetings in which the event

and its impact was discussed

 Review: accounting records and any correspondence with

3rd parties involved

Page 127 of 203

Page 128 of 203
 Going concern review

The Exam

- Indicators (words from the scenario and explain why it is an indicator; what problems it can cause in
the future)
- Procedures
- Impact on audit opinion and audit report

Under the ‘going concern assumption’, an entity is ordinarily viewed as continuing in business for the
foreseeable future (being to a date of at least, but not limited to, 12 months from the end of the
reporting period); with neither the intention nor the necessity of liquidation, cessation of trading or the
seeking of protection from creditors pursuant to laws or regulations.

Accordingly assets and liabilities are recorded on the basis that the entity will be able to realise its assets
and discharge its liabilities in the normal course of business.

Management’s responsibility

- assess ability of the company to continue in the foreseeable future

- disclose uncertainties that might affect the going concern status
- adjust F/s and disclose if financial statement not prepared on a going concern basis

Page 129 of 203

It is the responsibility of management to make an assessment of whether the going concern presumption
is appropriate, or not, when they are preparing the financial statements.

Auditor’s responsibilities

1. They carry out appropriate audit procedures to determine whether the management’s assumption
of going concern is appropriate and ensure that the organisation’s management have been realistic
in their use of the going concern assumption
2. Report if not appropriate. In forming the audit opinion, the auditor should consider two issues: have
the financial statements been prepared using the appropriate going concern assumption, and is there
adequate disclosure of any material uncertainty regarding the going concern status.

Indicators of going concern problems

Financial Indicators
– Net liability or net current liability position.
– Fixed term borrowings approaching maturity without realistic prospects of renewal or repayment, or
excessive reliance on short-term borrowings to finance long-term assets.
– Adverse key financial ratios.
– Substantial operating losses.
– Arrears or discontinuance of dividends.
– Inability to pay payables on due dates.
– Difficulty in complying with the terms of loan agreements.
– Change from credit to cash-on-delivery transactions with suppliers.
– Inability to obtain financing for essential new product development or other essential investments.

Operating Indicators
– Loss of key management without replacement.
– Loss of major market, franchise, licence, or principal supplier.
– Labour difficulties or shortages of important supplies.

Other Indicators
– Non-compliance with capital or other statutory requirements.
– Pending legal proceedings against the entity that may, if successful result in judgements that could
not be met.
– Changes in legislation or government policy.

Page 130 of 203

Audit Procedures
DONOT produce a list of generic audit procedures, but instead identify and highlight the factors from the
scenario that may call into question the entity’s ability to continue as a going concern.

1. Evaluate the management’s assessment

o the process followed by management to make its assessment
o the assumptions on which the assessment is based
o management’s plans for future action
o whether management has taken into consideration all the facts that the auditor is aware of due
to their audit procedures
2. Reading minutes of shareholders’ meetings to identify any current, or potential, cash flow difficulties
3. Review post year end management accounts
4. Review cash flow forecast (sufficient cash to continue operations for next year?) In this evaluation the
auditor should pay particular attention to the\ reliability of the company’s systems for generating the
cash flow information, and whether the assumptions underlying the cash flow appear reasonable.
5. Confirming the existence, terms and adequacy of borrowing facilities
6. Review events after the period end to identify those that affect the entity’s ability to continue as a
going concern
7. Review the terms of loan agreements and determining whether they have been breached
8. Requesting written representations from management and, where appropriate, those charged with
governance, regarding their plans for future action and the feasibility of these plans.
9. View correspondence with major customers, suppliers and banks for evidence of dispute
10. Legal/solicitor letter- inspect correspondence to understand possible consequences of legal action
being brought against the company.
11. Obtaining and reviewing reports of regulatory action
12. Other procedures relevant to question given should also be considered!

Page 131 of 203

 Prepare this section AFTER revising Audit Opinion

Auditor’s conclusions
Use of going concern basis of accounting Use of Going Concern Basis of Accounting Is
is appropriate Inappropriate
but When the use of the going concern basis of accounting is
a material uncertainty exists relating to not appropriate in the circumstances, management may
events or conditions that may cast be required, or may elect, to prepare the financial
significant doubt on the entity’s ability to statements on another basis (e.g., liquidation basis). The
continue as a going concern. auditor may be able to perform an audit of those
financial statements provided that the auditor
In auditor’s judgment, appropriate determines that the other basis of accounting is
disclosure of the nature and implications of acceptable in the circumstances.
the uncertainty is necessary.

If adequate If adequate The financial The auditor may be able to

disclosure about the disclosure about statements have express an unmodified opinion
material uncertainty the material been prepared using on those financial statements,
is made in the uncertainty is not the going concern provided there is adequate
financial statements, made in the basis of accounting disclosure therein about the basis
the auditor shall financial but, in the auditor’s of accounting on which the
express an statements, the judgment, financial statements are
unmodified opinion auditor shall: management’s use prepared, but may consider it
and the auditor’s Express a modified of the going concern appropriate or necessary to
report shall include a opinion (Qualified basis of accounting include an Emphasis of Matter
separate section or Adverse as in the preparation of paragraph
under the heading appropriate) the financial
“Material statements is
Uncertainty Related In the Basis for inappropriate, the
to Going Concern” Opinion section of auditor shall express
(a) Draw attention the report, state an adverse opinion
to the note in that a material
the financial uncertainty exists
statements that that may cast doubt
discloses the on entity’s ability to
matters continue as a going
concern and that F/
S do NOT

Page 132 of 203

(b) State that these adequately disclose
events or this matter
conditions
indicate that a
material
uncertainty
exists that may
cast significant
doubt on the
entity’s ability to
continue as a
going concern
and that the
auditor’s
opinion is not
modified in
respect of the
matter.

Example Material
Uncertainty Related
to Going Concern
We draw attention
to Note 6 in the
financial statements,
which indicates that
the Company
incurred a net loss of
ZZZ during the year
ended December 31,
20X1 and, as of that
date, the Company’s
current liabilities
exceeded its total
assets by YYY. As
stated in Note 6,
these events or
conditions, along
with other matters
as set forth in Note 6,
indicate that a

Page 133 of 203

 material uncertainty
exists that may cast
significant doubt on
the Company’s
ability to continue as
a going concern. Our
opinion is not
modified in respect
of this matter.

REPORTING IN LINE WITH ISA 570, GOING CONCERN

Exam questions might ask the candidate to recognise indicators that an entity may not be a going concern,
or require candidates to arrive at an appropriate audit opinion depending on the circumstances presented
in the scenario. It may be the case that candidates are presented with a situation where the auditor has
concluded that there are material uncertainties relating to going concern and the directors have made
appropriate disclosures in relation to going concern and candidates must understand the new auditor
reporting requirements in this respect.

Under ISA 570 (Revised), if the use of the going concern basis of accounting is appropriate but a material
uncertainty exists and management have included adequate disclosures relating to the material
uncertainties the auditor will continue to express an unmodified opinion, but the auditor must include a
separate section under the heading ‘Material Uncertainty Related to Going Concern’ and:
• draw attention to the note in the financial statements that discloses the matters giving rise to the
material uncertainty, and
• state that these events or conditions indicate that a material uncertainty exists which may cast
significant doubt on the entity’s ability to continue as a going concern and that the auditor’s opinion
is not modified in respect of the matter.

The section headed ‘Material Uncertainty Related to Going Concern’ is included immediately after the
Basis for Opinion paragraph but before the KAM section.

Over and above the new reporting requirements under ISA 570, candidates need to understand how
issues identified regarding going concern interact with the requirements of ISA 701. By their very nature,
issues identified relating to going concern are likely to be considered a key audit matter and hence need
to be communicated in the auditor’s report. Where the auditor has identified conditions which cast doubt
over going concern, but audit evidence confirms that no material uncertainty exists, this ‘close call’ can
be disclosed in line with ISA 701. This is because while the auditor may conclude that no material
uncertainty exists, they may determine that one, or more, matters relating to this conclusion are key audit
matters. Examples include substantial operating losses, available borrowing facilities and possible debt
refinancing, or non-compliance with loan agreements and related mitigating factors.

Page 134 of 203

In summary if a confirmed material uncertainty exists it must be disclosed in accordance with ISA 570 and
where there is a ‘close call’ over going concern which has been determined by the auditor to be a KAM it
will be disclosed in line with ISA 701. This is illustrated in the following example:

Example – unmodified audit opinion but material uncertainty exists in relation to going concern and the
disclosures are adequate

Report on the Audit of the Financial Statements (extract)

Opinion: In our opinion, the accompanying financial statements present fairly, in all material respects, the
financial position of the Company as at 31 December 2015, and its financial performance and its cash
flows for the year then ended in accordance with International Financial Reporting Standards (IFRSs).

Basis for opinion: We conducted our audit in accordance with International Standards on Auditing (ISAs).
Our responsibilities under those standards are further described in theAuditor’s Responsibilities for the
Audit of the Financial Statements section of our report. We are independent of the Company in
accordance with the ethical requirements that are relevant to our audit of the financial statements in
Farland, and we have fulfilled our other ethical responsibilities in accordance with these requirements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for
our opinion.

Material uncertainty related to going concern: We draw attention to Note 6 in the financial statements,
which indicates that the Company incurred a net loss of $125,000 during the year ended 31 December
2015 and, as of that date, the Company’s current liabilities exceeded its total assets by $106,000. As stated
in Note 6, these events or conditions, along with other matters as set forth in Note 6, indicate that a
material uncertainty exists that may cast significant doubt on the Company’s ability to continue as a going
concern. Our opinion is not modified in respect of this matter.

Key audit matters: Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These matters were addressed
in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and
we do not provide a separate opinion on these matters. In addition to the matter described in the Material
Uncertainty Related to Going Concern section, we have determined the matters described below to be
the key audit matters to be communicated in our report.
[Include a description of each key audit matter]

Page 135 of 203

 Written representations/Management representation letter

Written representations are necessary information that the auditor requires in connection with the audit
of the entity’s financial statements. Accordingly, similar to responses to inquiries, written representations
are audit evidence.

The auditor needs to obtain written representations from management and, where appropriate, those
charged with governance that they believe they have fulfilled their responsibility for the preparation of
the financial statements and for the completeness of the information provided to the auditor.

Written representations are needed to support other audit evidence relevant to the financial statements
or specific assertions in the financial statements, if determined necessary by the auditor or required by
other International Standards on Auditing.

This may be necessary for judgemental areas where the auditor has to rely on management explanations.

Written representations can be used to confirm that management have communicated to the auditor all
deficiencies in internal controls of which management are aware.

Written representations are normally in the form of a letter, written by the company’s management and
addressed to the auditor. The letter is usually requested from management but can also be requested
from the chief operating officer or chief financial officer.

Throughout the fieldwork, the audit team will note any areas where representations may be required
During the final review stage, the auditors will produce a draft representation letter. The directors will
review this and then produce it on their letterhead.

It will be signed by the directors and dated as at the date the audit report is signed, but not after.

The ISAs require auditors to obtain written representations from management on matters material to the
Financial Statements where other sufficient, appropriate, audit evidence cannot reasonably be expected
to exist.

Purpose of written representation

1. Acknowledging responsibility for the financial statements by management(ISA 580 requires that “the
auditor should obtain audit evidence that management acknowledges its responsibility for fair
presentation of the financial statements and for the completeness of the information provided to the
auditor)
2. Acknowledging responsibility for other matters (ICS, related party transactions etc.)
3. Used as audit evidence there is no sufficient appropriate evidence in existence on a matter which is
material to the financial statements.
4. Acknowledges representations previously made verbally by management
5. Minimises misunderstandings between management and auditor

Page 136 of 203

Reliability of written representations
– Representations from management are a source of assurance evidence.
– They cannot be used instead of other (better) evidence which the assurance providers expect to exist.
– HOWEVER, they may be the only available form of evidence in certain circumstances.
– They are relatively unreliable as evidence.
– Corroborative evidence will always be sought, but may not always be available.
– If a representation appears to be contradicted by other evidence the circumstances should be
investigated, and the reliability of other representations made by management should be
reconsidered.

Written representation letter contents

 No irregularities involving management or employees that could have a material effect on the
financial statements
 All books of account and supporting documentation have been made available to the auditors
 Information and disclosures with reference to related parties is complete
 Financial statements are free from material misstatements including omissions
 No non-compliance with any statute or regulatory authority
 No plans that will materially alter the carrying value or classification of assets or liabilities in the
financial statements
 No plans to abandon any product lines that will result in any excess or obsolete inventory
 No events, unless already disclosed, after the end of the reporting period that need disclosure in the
financial statements.

SPECIFIC MATTERS
Included here is anything else that the auditor would like a representation on for example:
 that a certain debt is recoverable;
 all bank accounts have been disclosed;
 any plans to reorganise the business or discontinue product lines have already been disclosed.

Refusal to Provide Requested Written Representations

If management refuses to provide a written representation, then the auditor should again review the
possibility of obtaining sufficient audit evidence from alternative sources in connection with the matter
or issue under review.
If the directors refuse to sign the representation letter, then the auditor has a number of options available
to him:
(i) The auditor could discuss the matter with the directors and try to resolve their problems with the
letter.
(ii) The auditor could write a representation letter for the directors, then send this to the directors and
ask them to sign it.
(iii) If the auditor considers that he has not received all the information and explanations required for his
audit, then the auditor’s report should be qualified.

Page 137 of 203

(iv) Before taking these actions, the auditor should explain to the directors the consequences of not
signing the representation letter, to try to avoid a confrontation.
(v) An auditor should reconsider the reliability of other representations.

If the representation is not consistent with other audit evidence, the auditor should perform audit
procedures to attempt to resolve the matter. For this, the auditor should reassess the appropriateness of
the risk of material misstatement on account of this inconsistency. If required, the auditor should revise
the nature, timing and extent of further audit procedures.

Overall review of financial statements

Before the audit report is signed, the auditor needs to know that the work is finished and that all necessary
issues have been dealt with. The easiest way to do this is to use a series of checklists:
• The audit plan should be reviewed, to verify that all issues raised have been resolved.
• An Accounting Standards Checklist will be completed, forcing the auditor to consider every possible
accounting issue that could affect the client’s Financial Statements.
• Additional checklists may be necessary (e.g. Company Law) to make sure that any other issues have
been fully considered

All audit work should be subject to review. This is a basic quality control requirement of ISA 220, Quality
Control for an Audit of Financial Statements, and serves to ensure that sufficient appropriate audit
evidence has been obtained in respect of transactions and balances included in the financial statements.

Page 138 of 203

In performing a file review, the reviewer should consider the sufficiency of evidence obtained and may
need to propose further audit procedures if evidence is found to be insufficient or contradictory. ISA 230,
Audit Documentation requires that documentation of the review process includes who reviewed the audit
work completed and the date and extent of such review.

Typically, the auditor will present the client with a list of misstatements (often referred to as the ‘audit
error schedule’), quantifying the amount of each misstatement, and proposing the necessary adjustment
to the financial statements. The proposed adjustment may be in the form of a journal entry, an
amendment to the presentation of the financial statements, or a correction to a disclosure note. When
management makes the necessary adjustments to the financial statements, the auditor should confirm
that the adjustments have been made correctly.

Procedures an auditor should perform include:

1. Reviewing the financial statements to ensure compliance with accounting standards and local
legislation disclosure. This is sometimes done via the use of a disclosure checklist.
2. Reviewing the disclosure of the accounting policies to ensure that they are in accordance with the
accounting treatment adopted in the financial statements, and that they are sufficiently disclosed.
3. Reviewing the financial statements to ensure they are consistent with the auditor’s knowledge of the
business and the results of their audit work.
4. Reviewing the financial statements to assess whether they adequately reflect the information and
explanations previously obtained and conclusions reached during the course of the audit.
5. Performing analytical procedures of the financial statements, under ISA 520 Analytical Procedures;
this helps the auditor to form an overall conclusion on the financial statements (explained separately
below)
6. Reviewing the aggregate of uncorrected misstatements to assess whether in aggregate a material
misstatement arises; if so discuss with management with regards to a potential adjustment.
7. As part of the overall review, the auditor should assess whether the audit evidence gathered by the
team is sufficient and appropriate to support the audit opinion.

Final analytical procedures

Before the audit report is signed, it is sensible to do some final analysis of the Financial Statements (e.g.
ratio analysis) – just to make sure that the auditor is confident in the audit opinion.

There are 2 main reasons for this final analysis:

The Financial Statements may have been adjusted during the audit as mistakes were found, so the final
figures may never have been analysed or been subject to ratio analysis.

Page 139 of 203

The auditor will have learned more about the company during the audit, so is in a better position at the
end of the audit to analyse the figures and understand trends in ratios.

The analytical procedures performed at this stage of the audit are not different to those performed at
the planning stage – the auditor will perform ratio analysis, comparisons with prior period financial
statements and other techniques to confirm that trends are as expected, and to highlight unusual
transactions and balances that may indicate a risk of misstatement.

The key issue is that, near the end of the audit, the auditor should have sufficient audit evidence to
explain the issues highlighted by analytical procedures, and should therefore be able to conclude as to
the overall reasonableness of the financial statements.

When the analytical procedures performed near the end of the audit reveal further previously
unrecognised risk of material misstatement, the auditor is required to revise the previously assessed risk
of material misstatement and modify the planned audit procedures accordingly. This means potentially
performing further audit procedures in relation to matters that are identified as high risk.

Page 140 of 203

 Misstatements

Misstatements: A difference between the amount, classification, presentation, or disclosure of a reported

financial statement item and the amount, classification, presentation, or disclosure that is required for
the item to be in accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.

Uncorrected misstatements: Misstatements that the auditor has accumulated during the audit and that
have not been corrected.
There are three categories of misstatements:
i. Factual misstatements are misstatements about which there is no doubt.
ii. Judgemental misstatements are differences arising from the judgements of management concerning
accounting estimates that the auditor considers unreasonable, or the selection or application of
accounting policies that the auditor considers inappropriate.
iii. Projected misstatements are the auditor’s best estimate of misstatements in populations, involving
the projection of misstatements identified in audit samples to the entire populations from which the
samples were drawn.
The auditor has a responsibility to accumulate misstatements which arise over the course of the audit.
Identified misstatements should be considered during the course of the audit to assess whether the audit
strategy and plan should be revised.

The auditor will communicate the uncorrected misstatements and their implication on the auditor’s
report to those charged with governance.

The auditor will also request a written representation (including a summary of uncorrected
misstatements) from management and – where appropriate – those charged with governance as to
whether they believe the effects of uncorrected misstatements are immaterial, individually and in
aggregate to the financial statements as a whole.

The auditor may find:

1. Individual material misstatements
2. Individual immaterial misstatements
3. Immaterial misstatements which become material when aggregated

In all 3 cases, they have to be reported to the management.

Examples of circumstances when misstatement is considered material when it lower than quantitative
(material by nature)
– Affects compliance with regulatory requirements;
– Affects compliance with debt covenants or other contractual requirements;
– Affects ratios used to evaluate the entity’s financial position, results of operations or cash flows;
– Has the effect of increasing management compensation, for example, by ensuring that the
requirements for the award of bonuses or other incentives are satisfied;

Page 141 of 203

 Audit Opinion & Audit Report
The Audit Process

Obtaining/Accepting Tests of Substantive Opinion/

Planning Review
Clients Controls Procedures Report

Examiner’s comments
Questions historically in this area of the syllabus have required a discussion of the accounting treatment,
a materiality calculation, an assessment of the type of audit report modification and the impact on the
auditor’s report.
Candidates often find auditor’s reports a challenging part of the syllabus and in preparation for exams,
it is imperative that candidates can:
- describe the different elements of the auditor’s report
- determine the most appropriate type of audit opinion in a given scenario, often through an
explanation of why a certain opinion is appropriate which will test the application of the candidate’s
knowledge
- understand the issues that may arise during the course of an audit that could require an Emphasis
of Matter or Other Matter paragraph to be included in the audit report, and
- identify Key Audit Matters (KAM) that are required to be disclosed in an auditor’s report.

Candidates will not be expected to draft an auditor’s report but may be asked to present reasons for
an unmodified or a modified opinion, or the inclusion of an Emphasis of Matter paragraph.

Candidates attempting the exam may be required to identify and describe the elements of the auditor’s
report and therefore candidates should ensure that they have a sound understanding of the revised ISA
700, Forming an Opinion and Reporting on Financial Statements.

Candidates may also be presented with extracts from an auditor’s report and be asked to critically
appraise the extracts, or challenge the proposed audit opinion.

Page 142 of 203

An Exam focused overview

Page 143 of 203

Page 144 of 203
Page 145 of 203
Page 146 of 203
Page 147 of 203
Page 148 of 203
Page 149 of 203
Page 150 of 203
Page 151 of 203
 Explanation of the overview given above
Form of opinion

Unmodified opinion The auditor shall express an unmodified opinion when the auditor
concludes that the financial statements are prepared, in all material
respects, in accordance with the applicable financial reporting framework.
Modified opinion If the auditor:
- Qualified (a) concludes that, based on the audit evidence obtained, the financial
- Adverse statements as a whole are not free from material misstatement; or
- Disclaimer (b) is unable to obtain sufficient appropriate audit evidence to conclude
that the financial statements as a whole are free from material
misstatement, the auditor shall modify the opinion in the auditor’s
report in accordance with ISA 705 (Revised).

To understand different types of opinions, the following terms need to be understood.

Misstatement: Discussed above

Inability to obtain appropriate and sufficient evidence: The auditor was not able to get sufficient
appropriate audit evidence on which to base the opinion. The auditor’s inability to obtain sufficient
appropriate audit evidence is also referred to as a limitation on the scope of the audit and could arise
from:
o Circumstances beyond the entity’s control (e.g. accounting records destroyed)

Page 152 of 203

o Circumstances relating to the nature or timing of the auditor’s work (e.g. the timing of the auditor’s
appointment prevents the observation of the physical inventory count).
o Limitations imposed by management (e.g. management prevents the auditor from requesting
external confirmation of specific account balances).

Pervasive: This is a term used to describe the effects or possible effects on the financial statements of
misstatements or undetected misstatements (i.e. due to an inability to obtain sufficient appropriate audit
evidence). There are three types of pervasive effect:
o Those that are not confined to specific elements, accounts or items in the financial statements.
o Those that are confined to specific elements, accounts or items in the financial statements and
represent or could represent a substantial portion of the financial statements.
o Those that relate to disclosures which are fundamental to users understanding of the financial
statements.

Unmodified Opinion Auditor concludes that the financial statements are prepared, in all
material respects, in accordance with the applicable financial reporting
framework.

Wording
In our opinion, the financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of ABC
Company as of December 31, 20X1, and (of) its financial performance and
its cash flows for the year then ended in accordance with International
Financial Reporting Standards.
Modified Opinion a) Qualified

a) Qualified Nature of matter: Material

b) Adverse
c) Disclaimer Reason: material misstatement or inability to obtain appropriate and
sufficient evidence (regarding an accounting policy, transaction, balance
or disclosure etc.)

Opinion: Qualified ‘Except for’

Wording:
QUALIFIED OPINION
In our opinion, except for the effects of the matter described in the Basis of
Qualified Opinion paragraph the financial statements present fairly, In all
material respects, (or give a true and fair view of) the financial position of
ABC Company as at December 31, 20X1 and (of) its financial performance

Page 153 of 203

and its cash flows for the year then ended in accordance with International
Financial Reporting Standards.

BASIS FOR QUALIFIED OPINION

(Nature, amount , impact to be explained)
The company’s inventories are carried in the balance sheet at XXX.
Management has not stated inventories at the lower of cost and net
realizable value but has stated them solely at cost, which constitutes a
departure from International Financial Reporting Standards. The
company’s records indicate that had management stated the inventories
at the lower of cost and net realizable value, an amount of XXX would have
been required to write the inventories down to their net realizable value.
Accordingly, cost of sales would have been increased by XXX, and income
tax, net income and shareholders’ equity would have been reduced by XXX,
XXX and XXX, respectively.
b) Adverse
Nature of matter: Material and pervasive

Reason: Misstatement in the F/S

Opinion: Adverse

Wording:
ADVERSE OPINION
In our opinion, because of the significance of the matter discussed in the
Basis of Adverse Opinion paragraph, the consolidated financial statements
do not present fairly (or do not give a nature and fair view of) the financial
position of ABC Company and its subsidiaries as at December 31, 20X1 and
(of) their financial performance and their cash flows for the year then
ended in accordance with International Financial Reporting Standards.

BASIS FOR ADVERSE OPINION

(Nature, amount , impact to be explained)

c) Disclaimer

Nature of matter: Material and pervasive

Reason: Inability to obtain appropriate and sufficient evidence

Opinion: Disclaimer

Page 154 of 203

 Wording:
DISCLAIMER OF OPINION
Because of the significance, of the matters described in the Basis for
Disclaimer of Opinion paragraph, we have not been able to obtain
sufficient appropriate audit evidence to provide a basis for an audit
opinion. Accordingly, we do not express an opinion on the financial
statements

BASIS FOR DISCLAIMER OF OPINION

(Nature, amount , impact to be explained)

Emphasis of Matter paragraph

Emphasis of Matter paragraph :A paragraph included in the auditor’s report that refers to a matter
appropriately presented or disclosed in the financial statements that, in the auditor’s judgment, is of such
importance that it is fundamental to users’ understanding of the financial statements.

Emphasis of Matter Paragraphs in the Auditor’s Report

If the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in the
financial statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’
understanding of the financial statements, the auditor shall include an Emphasis of Matter paragraph in
the auditor’s report provided:

- The auditor would not be required to modify the opinion in accordance with ISA 705 (Revised) as a
result of the matter; and
- When ISA 701 applies, the matter has not been determined to be a key audit matter to be
communicated in the auditor’s report. (When ISA 701 applies, the use of Emphasis of Matter
paragraphs is not a substitute for a description of individual key audit matters.)

When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
(a) Include the paragraph within a separate section of the auditor’s report with an appropriate heading
that includes the term “Emphasis of Matter”;
(b) Include in the paragraph a clear reference to the matter being emphasized and to where relevant
disclosures that fully describe the matter can be found in the financial statements. The paragraph
shall refer only to information presented or disclosed in the financial statements; and
(c) Indicate that the auditor’s opinion is not modified in respect of the matter emphasized.

Page 155 of 203

Examples of circumstances where the auditor may consider it necessary to include an Emphasis of
Matter paragraph are
1. An uncertainty relating to the future outcome of exceptional litigation or regulatory action.
2. A significant subsequent event that occurs between the date of the financial statements and the date
of the auditor’s report.
3. Early application (where permitted) of a new accounting standard that has a material effect on the
financial statements.
4. A major catastrophe that has had, or continues to have, a significant effect on the entity’s financial
position.
5. When a financial reporting framework prescribed by law or regulation would be unacceptable but for
the fact that it is prescribed by law or regulation.
6. When facts become known to the auditor after the date of the auditor’s report and the auditor
provides a new or amended auditor’s report (i.e., subsequent events).

Other Matter paragraph

Other Matter paragraph – A paragraph included in the auditor’s report that refers to a matter other than
those presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to
users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report.

If the auditor considers it necessary to communicate a matter other than those that are presented or
disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding
of the audit, the auditor’s responsibilities or the auditor’s report, the auditor shall include an Other Matter
paragraph in the auditor’s report, provided:

(a) This is not prohibited by law or regulation; and

(b) When ISA 701 applies, the matter has not been determined to be a key audit matter to be
communicated in the auditor’s report.

When the auditor includes an Other Matter paragraph in the auditor’s report, the auditor shall include
the paragraph within a separate section with the heading “Other Matter,” or other appropriate heading.

Circumstances in Which an Other Matter Paragraph May Be Necessary

1. Relevant to Users’ Understanding of the Audit: In the rare circumstance where the auditor is
unable to withdraw from an engagement even though the possible effect of an inability to obtain
sufficient appropriate audit evidence due to a limitation on the scope of the audit imposed by
management is pervasive,the auditor may consider it necessary to include an Other Matter
paragraph in the auditor’s report to explain why it is not possible for the auditor to withdraw from
the engagement.

Page 156 of 203

2. Relevant to Users’ Understanding of the Auditor’s Responsibilities or the Auditor’s Report: Law,
regulation or generally accepted practice in a jurisdiction may require or permit the auditor to
elaborate on matters that provide further explanation of the auditor’s responsibilities in the audit
of the financial statements or of the auditor’s report thereon.

3. Reporting on more than one set of financial statements: An entity may prepare one set of financial
statements in accordance with a general purpose framework (e.g., the national framework) and
another set of financial statements in accordance with another general purpose framework (e.g.,
International Financial Reporting Standards), and engage the auditor to report on both sets of
financial statements. If the auditor has determined that the frameworks are acceptable in the
respective circumstances, the auditor may include an Other Matter paragraph in the auditor’s
report, referring to the fact that another set of financial statements has been prepared by the same
entity in accordance with another general purpose framework and that the auditor has issued a
report on those financial statements.

4. Prior Period Financial Statements Audited by a Predecessor Auditor . If the financial statements of
the prior period were audited by a predecessor auditor and the auditor is not prohibited by law or
regulation from referring to the predecessor auditor’s report on the corresponding figures and
decides to do so, the auditor shall state in an Other Matter paragraph in the auditor’s report:
a. That the financial statements of the prior period were audited by the predecessor auditor;
b. The type of opinion expressed by the predecessor auditor and, if the opinion was modified,
the reasons therefore; and
c. The date of that report.

5. Prior Period Financial Statements Not Audited : If the prior period financial statements were not
audited, the auditor shall state in an Other Matter paragraph in the auditor’s report that the
corresponding figures are unaudited. Such a statement does not, however, relieve the auditor of
the requirement to obtain sufficient appropriate audit evidence that the opening balances do not
contain misstatements that materially affect the current period’s financial statements

Matters to be communicated to TCWG (Those Charged with Governance)

1. The auditor’s responsibilities in – A statement that the auditor is responsible for forming and
relation to the financial expressing an opinion on the financial statements.
statements – That the auditor’s work is carried out in accordance with
ISAs and in accordance with local laws and regulations.

2. Planned scope and timing of This would include

audit – The audit approach to assessing the risk of serious
misstatement, whether arising from fraud or error.

Page 157 of 203

 – The audit approach to the internal control system and
whether reliance will be placed on it.
– The timing of interim and final audits, including reporting
deadlines.

3. Significant findings from the This heading could include:

audit – Significant difficulties encountered during the audit,
including delays in obtaining information from
management.
– Material weaknesses in internal control and
recommendations for improvement.
– Audit adjustments, whether or not recorded by the entity,
that have, or could have, a material effect on the entity’s
financial statements. For example, the bankruptcy of a
material receivable shortly after the year-end that should
result in an adjusting entry.

4. A statement on independence This would include:

issues affecting the audit ( for – That the audit firm has ensured that all members of the
listed entities only) audit team have complied with the ethical standards of
ACCA.
– – That appropriate safeguards are in place where a potential
threat to independence has been identified.

The lists of examples listed under the above headings are not exhaustive and in practice many more specific
matters would be communicated to those charged with governance such as:
– Modifications to the audit report.
– Any management representation points requested.
– Cases of suspected/actual fraud.)

Key Audit Matters (KAM)

Key audit matters: Those matters that, in the auditor’s professional judgment, were of most significance
in the audit of the financial statements of the current period. Key audit matters are selected from matters
communicated with those charged with governance.

Objectives: The objectives of the auditor are to determine key audit matters and, having formed an
opinion on the financial statements, communicate those matters by describing them in the auditor’s
report.

Page 158 of 203

Determining KAM
The auditor shall determine, from the matters communicated with those charged with governance, those
matters that required significant auditor attention in performing the audit. In making this determination,
the auditor shall take into account the following:
1. Areas of higher assessed risk of material misstatement, or significant risks identified in accordance
with ISA 315 (Revised).
2. Significant auditor judgments relating to areas in the financial statements that involved significant
management judgment, including accounting estimates that have been identified as having high
estimation uncertainty.
3. The effect on the audit of significant events or transactions that occurred during the period.
4. Other considerations

COMMUNICATING KAM
Once the auditor has determined which matters will be included as KAM, the auditor must ensure that
each matter is appropriately described in the auditor’s report including a description of:
1. Why the matter was determined to be one of most significance and therefore a key audit matter, and
2. How the matter was addressed in the audit (which may include a description of the auditor’s
approach, a brief overview of procedures performed with an indication of their outcome and any
other key observations in respect of the matter).

Audit Report-an exam focused summary

Column A and B will be in all reports.
Column C explains the impact of various issues on the report-this will be in addition to Column B and C.
Column A Column B Column C
Content Explanation Impact of various issues
1 Title The auditor’s report shall have a title
that clearly indicates that it is the report
of an independent auditor.
2 Addressee The auditor’s report shall be addressed,
as appropriate, based on the
circumstances of the engagement.

3 Opinion “we have audited..” In modified opinion:

- Name the client - Heading changes to the name of
- Year end the modified opinion
- Components of F/s + accounting - Wording of the opinion changes
policies
“in our opinion”…..
4 Basis for - Conducted audit according to ISAs Heading changes: Basis for
Opinion - Our responsibilities described in a Qualified/Adverse/Disclaimer
separate paragraph Opinion

Page 159 of 203

 - We are independent in accordance Nature, amount, impact and
with IESBA code of ethics/local reference to accounting standard
codes given
- SAE gathered to provide a basis for
the opinion
Material uncertainty relating to
going concern” paragraph (if
needed)

- draw attention to the note in

the financial statements that
discloses the matters giving rise
to the material uncertainty, and
- state that these events or
conditions indicate that a
material uncertainty exists
which may cast significant doubt
on the entity’s ability to
continue as a going concern and
that the auditor’s opinion is not
modified in respect of the
matter.

Disclosure correctly given- ‘we draw

your attention to notes to the
account number 6 which relate
to….”
5 Key Audit - Provide further information about
Matters the process that led to the opinion When the auditor expresses a
so related to matters included in disclaimer of opinion then the
the F/S auditor’s report should not include a
- Selected from matters KAM section.
communicated to TCWG
- According to auditor’s judgment,
the MOST significant matters
relating to the audit

Key audit matters are those matters

that, in our professional judgment, were
of most significance in our audit of the
financial statements of the current

Page 160 of 203

 period. These matters were addressed
in the context of our audit of the
financial statements as a whole, and in
forming our opinion thereon, and we do
not provide a separate opinion on these
matters.”

[Description of each key audit matter in

accordance with ISA 701.]

EOMP ( can be placed here or before

Key Audit Matters- auditor has to
use his judgment)
- Cannot be used for drawing
attention to a going concern
uncertainty disclosure as a separate
paragraph is now required for this
- Should be headed as EOMP
- Reference of the disclosure needs
to be given ( Note # 7…)

OMP
- placed here ( always AFTER Key
audit matters)
- cannot be used for other
information issues as there is
now a separate paragraph for
this.
- -none of the Key Audit Matters
can be mentioned here.
6 Other - Management responsible for other Any uncorrected inconsistencies in
information information in the document Other Information will be explained
containing financial statements here.
- Our opinion does not cover OI, no
assurance given on it
- Our responsibility to read OI and
find inconsistencies with F/S

Page 161 of 203

 The auditor shall read the other
information (e.g., the Chairman’s
Statement) and, in doing so shall:
(a) Consider whether there is a
material inconsistency between the
other information and the financial
statements. Or an inconsistency in
other information and the auditors
understanding of the business.
(b) If the auditor identifies a material
inconsistency (or becomes aware
that the other information appears
to be materially misstated), the
auditor shall discuss the matter
with management and, if
necessary, perform other
procedures to conclude on the
nature of misstatement. The
auditor will need know whether the
misstatement exists in other
information, financial statements
or auditors understanding of the
business.

If the auditor concludes that a material

misstatement of the other information
exists, the auditor shall request
management to correct the other
information. If management:
(a) Agrees to make the correction, the
auditor shall determine that the
correction has been made; or
(b) Refuses to make the correction, the
auditor shall communicate the
matter with those charged with
governance and request that the
correction be made.
7 Responsibilities - Preparation of F/S
of management - Internal control over financial
and TCWG reporting

Page 162 of 203

 - Assess ability of the company to
continue as a going concern
- TCWG’s responsibility to oversee
the financial reporting process
8 Auditor’s - Reasonable assurance that F/S free
responsibility from material misstatements- not a
for audit of F/S guarantee that all misstatements
will be detected
- Issue audit report
- Define material misstatement in
this para
- Mention use of professional
judgment and professional
skepticism
- Identify and assess risk of material
misstatement due to fraud and
error ( fraud could include
collusion, forgery, intentional
omissions, misrepresentation,
override of internal control)
- Obtain understanding of internal
control over financial reporting to
design audit procedures- no
opinion given
- Evaluate appropriateness of
accounting policies
- Evaluate reasonableness of
accounting estimated
- Conclude on appropriateness of
management’s use of going
concern basis-also mention that
future events/conditions may still
cause the company to cease as
going concern
- Evaluate overall presentation,
structure, content of F/S including
disclosures
- Communicate with TCWG
- ‘ from matters communicated with
TCWG, we determine the most

Page 163 of 203

 significant ones (KEY AUDIT
MATTERS)
9 Report on other In some jurisdictions, the auditor may
legal and have additional responsibilities to
regulatory report on other matters that are
requirements supplementary to the auditor’s
responsibilities under the ISAs

For example, the auditor may be asked

to report certain matters if they come
to the auditor’s attention during the
course of the audit of the financial
statements.
. Auditing standards in the specific
jurisdiction often provide guidance on
the auditor’s responsibilities with
respect to specific additional reporting
responsibilities in that jurisdiction
10 Engagement
partner’s name
11 Signatures
12 Auditor’s
address
13 Date

Page 164 of 203

 Audit Sampling

Audit sampling is the application of audit procedures to less than 100% of items within a population of
audit relevance, such that all sampling units have a chance of selection in order to provide the auditor with
a reasonable basis on which to draw conclusions about the entire population.

Audit sampling can be applied using either a statistical or a non-statistical approach. It involves testing a
smaller number of items and using the results to draw a conclusion about the whole balance or class of
transactions.

It is necessary for auditors to sample as it is impossible to select all items for testing as this would take the
audit team too long and it would cost too much.

In addition, auditors do not provide 100% assurance in their audit report about the financial statements,
they only provide reasonable assurance and hence it is not necessary to test every item within a
population.

Audit sampling is also widely known to reduce the risk of ‘over-auditing’ in certain areas, and enables a
much more efficient review of the working papers at the review stage of the audit.

In devising their samples, auditors must ensure that the sample selected is representative of the
population. If the sample is not representative of the population, the auditor will be unable to form a
conclusion on the entire population.

SAMPLING RISK
Sampling risk is the risk that the auditor’s conclusions based on a sample may be different from the
conclusion if the entire population were the subject of the same audit procedure.

ISA 530 recognises that sampling risk can lead to two types of erroneous conclusions:

1. The auditor concludes that controls are operating effectively, when in fact they are not. In substantive
testing, the auditor may conclude that a material misstatement does not exist, when in fact it does.
These erroneous conclusions will more than likely lead to an incorrect opinion being formed by the
auditor.

2. The auditor concludes that controls are not operating effectively, when in fact they are. In terms of
substantive testing, the auditor may conclude that a material misstatement exists when, in fact, it
does not.

Page 165 of 203

NON-SAMPLING RISK

Non-sampling risk is the risk that the auditor forms the wrong conclusion, which is unrelated to sampling
risk. An example of such a situation would be where the auditor adopts inappropriate audit procedures,
or does not recognise a control deviation.

METHODS OF SAMPLING

Random selection: This method of sampling ensures that all items within a population stand an equal
chance of selection by the use of random number tables or random number generators. The sampling
units could be physical items, such as sales invoices or monetary units.

Systematic selection: This is a method of selection in which the auditor selects items using a constant
interval between selections. The first item may be selected on a random or haphazard basis, and
thereafter the sampling interval is derived by the auditor, for example, by dividing the population by the
sample size.

Haphazard selection: The auditor selects the sample without following a structured technique – the
auditor would avoid any conscious bias or predictability.

Block selection: This involves selection of a block(s) of contiguous items from within the population. Block
selection cannot ordinarily be used in audit sampling because most populations are structured such that
items in a sequence can be expected to have similar characteristics to each other, but different
characteristics from items elsewhere in the population.

Monetary Unit Sampling: This is a type of value-weighted selection in which sample size, selection and
evaluation results in a conclusion in monetary amounts. This selection method ensures that each
individual $1 in the population has an equal chance of being selected.

STATISTICAL VERSUS NON-STATISTICAL SAMPLING

‘Statistical’ sampling: ‘An approach to sampling that has the following characteristics:

i. Random selection of the sample items, and

ii. The use of probability theory to evaluate sample results, including measurement of sampling risk.’

The ISA goes on to specify that a sampling approach that does not possess the characteristics in (i) and (ii)
above is considered non-statistical sampling.

Page 166 of 203

The advantages of using statistical sampling rather than judgemental sampling (non-statistical sampling)
include:
(1) The size of the sample is determined objectively having regard to the degree of risk associated with
the area being tested.
(2) Bias is eliminated.
(3) Results of statistical sampling can be more easily justified as being representative of the population
as a whole, thus increasing the level of confidence in the results of testing the sample. As a
consequence of this, the conclusion drawn from the results of sample testing are more easily justified
where an audit client disputes the audit conclusions.
(4) In instances when there is a large population, the use of statistical sampling techniques may reduce
the sample size, and therefore the amount of audit work required, as compared to the sample size
that would be selected using judgement sampling methodology.

When might sampling not be appropriate

A sampling approach to testing would not be appropriate in the following circumstances:

i. Where there is a statutory requirement to disclose specific items in the financial statements, for
example directors’ remuneration.
ii. Where the population is very small and the results from sampling could not be relied on, for
example when conducting certain compliance tests.
iii. Where the population is small in number but comprises material individual balances or
transactions, for example property additions.
iv. Where the population is not homogenous and requires subdivision before sampling can be
attempted, for example purchase invoices and credit notes.
v. When the auditor is put ‘on enquiry’ for example when testing for fraud.
vi. Where the costs of sampling outweigh the benefits as compared to 100% testing.

EXTRAPOLATION: Extrapolation takes the result of a sample and projects that result over the whole
population.

Imagine total sales are $10m. You select a sample of $1m (10% of the population) to test. If errors of $37k
are found in the sample, it could be inferred by extrapolation that there are errors of $370k in the total
population.

Extrapolation can only be applied to statistical sampling.

Page 167 of 203

 Computer Assisted Audit Techniques (CAATs)

Computer-assisted audit techniques (CAATs) are those featuring the ‘application of auditing procedures
using the computer as an audit tool’

The extent to which an auditor may choose between using CAATs and manual techniques on a specific
audit engagement depends on the following factors:
- the cost effectiveness of using CAATs
- the availability of audit time
- the availability of the audit client’s computer facility
- the level of audit experience and expertise in using a specified CAAT
- the level of CAATs carried out by the audit client’s internal audit function and the extent to which the
external auditor can rely on this work

There are three types of CAATs that can be used:

CAATs

Audit Data
Test Data
Software Analytics

Test data Test data consists of data submitted by the auditor for processing by the client’s
computer system. The principle objective is to test the operation of application
controls.

For this reason, the auditor will arrange for dummy data to be processed that includes
many errors on purpose, to ensure that the client’s application controls can identify
problems.

Examples of errors that might be included:

• supplier account codes that do not exist to test whether system processes
transactions in these accounts
• employees earning in excess of a certain limit to test whether system rejects
payment of excessive wages
• sales invoices that contain addition errors to test whether client system
identifies these errors
• entering wrong passwords to check restricted access

Data without errors will also be included to ensure ‘correct’ transactions are
processed properly.

Page 168 of 203

 As such, dummy transactions are processed through the client’s computerised
system. The results of processing are then compared to the auditor’s expected results
to determine whether controls are operating efficiently.

Test data should contain valid data (to ensure the system processes it correctly) and
invalid data (to ensure system rejects it).

Live test data: data processed on the client’s system during a normal production run

Dead test data: data processed at a time when the normal production run is not
taking place

Integrated test facility: the auditor may seek permission from the client to establish
an integrated test facility within the accounting system. This entails the establishment
of a dummy unit, for example, a dummy supplier account against which the auditor’s
test data is processed during normal processing runs.
Audit The term ‘audit software’ describes the computer software used by auditors to assist
Software them in their work, when examining the operations of, and testing the output of a
computer-based accounting system.

Computer programs designed to carry out tests of control and/or substantive

procedures

This performs checks that auditors would otherwise need to do by hand.

Such programs may be classified as:

Packaged programs (off the shelf)

These consist of pre-prepared generalised programs used by auditors and are not
‘client specific’. They may be used to carry out numerous audit tasks, for example, to
select a sample, either statistically or judgementally, during arithmetic calculations
and checking for gaps in the processing of sequences.

Purpose written programs (bespoke)

These programs are usually ‘client specific’ and may be used to carry out tests of
control or substantive procedures. Audit software may be bought or developed, but
in any event the audit firm’s audit plan should ensure that provision is made to ensure
that specified programs are appropriate for a client’s system and the needs of the
audit. Typically, they may be used to re-perform computerised control procedures
(for example, cost of sales calculations) or perhaps to carry out an aged analysis of
trade receivable (debtor) balances.

Page 169 of 203

 Enquiry programs
These programs are integral to the client’s accounting system; however they may be
adapted for audit purposes. For example, where a system provides for the routine
reporting on a ‘monthly’ basis of employee starters and leavers, this facility may be
utilised by the auditor when auditing salaries and wages in the client’s financial
statements. Similarly, a facility to report trade payable (creditor) long outstanding
balances could be used by an auditor when verifying the reported value of creditors

Uses of audit software

Highlighting of exceptions- For example, to identify exceptional wages payments

outside of stated parameters

Highlighting of trends- To highlight reported inventory movement both immediately

before and after reporting dates to identify possible manipulation of inventory figures

Performance of sequence checks- To verify completeness of sales reporting by

ensuring that all invoices have been recorded.

Calculation checks- To ensure that overhead costs are totalled correctly in the general
ledger.

Stratification of data – To subdivide the population of inventory lines with a view to

examining only material balances.

Selection of items for testing – To select trade receivables accounts for

circularisation, to verify the existence of trade receivables.

Detecting violation of system rules – For example, where other people besides the
accountant have been overriding overtime payments or employees amending their
own gross wages.
Data Analytics Data analytics (DA) is the process of examining data sets in order to draw conclusions
about the information they contain, increasingly with the aid of specialized systems
and software.

With the increasing volume of data in business today, data analytics can be used as
an audit technique to better understand and analyze large volumes of data. Equipped
with a more in-depth knowledge of the entity’s business, the auditor is able to focus
on items of greater audit interest and can enhance risk assessment in planning.

Page 170 of 203

 Data analytics enhances audit quality because the population tested is larger with the
objective that 100 % of the data is screened. This also enables the auditor to analyze
information in various formats, enabling analysis of financial and non-financial
information as well as qualitative and quantitative data.

Audit firms use data analytics as part of their audit offering to reduce risk and to add
value to the client. Bigger firms often have the resources to create their own data
analytics platforms whereas smaller firms may opt to acquire an off the shelf package.
These tools are generally developed by specialist staff and use visual methods such as
graphs to present data to help identify trends and correlations.

For auditors, the main driver of using data analytics is to improve audit quality. It
allows auditors to more effectively audit the large amounts of data held and
processed in IT systems in larger clients. Auditors can extract and manipulate client
data and analyze it. By doing so they can better understand the client’s information
and better identify the risks. This enhances the quality of the auditor’s risk assessment
and response.

Examples of the use of data analytics to perform audit procedures include:

• NRV testing – comparing the last time an inventory item was purchased with the
last time it was sold and at what price.
• Analysis of revenue trends by product and region
• Matching purchase orders to invoices and payments
• Segregation of duties testing by identifying combinations of users involved in
processing transactions from the metadata attached to transactions

Test of controls using data analytics

Examples include the following tests of controls:
✓ Analysis of all paid invoices of the fiscal year: approval present? Timely? Correct
person?
✓ Analysis of credit limits by customers: any exceeded?
✓ Analysis of access rights of users and possible changes throughout the fiscal year

The advantages of automated tools:

• increased business understanding through a more thorough analysis of a client’s data. CAATs allow
auditors to better understand the trends and patterns of the business and makes it easier to out of
ordinary transactions.
• better focus on risk. This increase in understanding, aids the identification of risks associated with a
client, enabling testing to be better directed at those areas
• increased efficiency through the use of computer programmes to perform very fast processing of large
volumes of data and provide analysis to auditors on which to base their conclusion, saving time within

Page 171 of 203

 the audit and allowing better focus on judgemental and risk areas. For example much larger samples
can be tested, often 100% testing is possible using data analytics, improving the coverage of audit
procedures and reducing or eliminating sampling risk
• increased fraud detection through the ability to interrogate all data and to test segregation of duties.
• Are cost-effective after initial set up, as long as the company does not change its systems.
• Allow the results from using CAATs to be compared with "traditional" testing; if the two sources of
evidence agree, this will increase overall audit confidence.

The challenges associated with automated tools

• Substantial setup costs are likely to be incurred in developing bespoke CAATs and testing them.
• data privacy and confidentiality. The copying and storage of client data risks breach of confidentiality
and data protection laws as the audit firm now stores a copy of large amounts of detailed client data.
• The audit client may be reluctant to allow the audit firm sufficient access to their systems to perform
audit data analytics or to test the system to preserve confidentiality.
• compatibility issues with client systems may render standard tests ineffective specially if the firm is
using a standard or off-the-shelf audit software or data analytics platform that might not suit client
systems.
• audit staff may not be competent to understand the exact nature of the data and output to draw
appropriate conclusions, training will need to be provided which can be expensive
• an expectation gap among stakeholders who think that because the auditor is testing 100% of
transactions in a specific area, the client’s data must be 100% correct.

Page 172 of 203

 Fraud
Fraud: ISA 240 (Redrafted) defines fraud as: ‘An intentional act by one or more individuals among
management, those charged with governance, employees, or third parties, involving the use of deception
to obtain an unjust or illegal advantage.’

Error: is an unintentional misstatement in financial statements, including the omission of an amount or a

disclosure.

Two types of intentional misstatements are relevant to the auditor – misstatements resulting from
fraudulent financial reporting and misstatements resulting from misappropriation of assets.

Fraudulent financial reporting

Fraudulent financial reporting often involves management override of controls that otherwise may appear
to be operating effectively. Fraud can be committed by management overriding controls using such
techniques as intentionally:
• Recording fictitious journal entries, particularly close to the end of an accounting period, to
manipulate operating results or achieve other objectives.
• Inappropriately adjusting assumptions and changing judgments used to estimate account balances.
• Omitting, advancing or delaying recognition in the financial statements of events and transactions
that have occurred during the reporting period.
• Omitting, obscuring or misstating disclosures required by the applicable financial reporting
framework, or disclosures that are necessary to achieve fair presentation.
• Concealing facts that could affect the amounts recorded in the financial statements.
• Engaging in complex transactions that are structured to misrepresent the financial position or
financial performance of the entity
• Altering records and terms related to significant and unusual transactions

Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees
in relatively small and immaterial amounts. However, it can also involve management who are usually
more able to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation
of assets can be accomplished in a variety of ways including:

• Embezzling receipts (for example, misappropriating collections on accounts receivable or diverting

receipts in respect of written-off accounts to personal bank accounts).
• Stealing physical assets or intellectual property (for example, stealing inventory for personal use or
for sale, stealing scrap for resale, colluding with a competitor by disclosing technological data in return
for payment).

Page 173 of 203

• Causing an entity to pay for goods and services not received (for example, payments to fictitious
vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices,
payments to fictitious employees).
• Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a
personal loan or a loan to a related party).

Misappropriation of assets is often accompanied by false or misleading records or documents in order to

conceal the fact that the assets are missing or have been pledged without proper authorization.

External auditor-responsibilities regarding fraud

The main focus of audit work is to ensure that the financial statements show a true and fair view. The
detection of fraud is therefore not the main focus of the external auditor’s work.

Learn!

1. In accordance with ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements, external auditors are responsible for obtaining reasonable assurance that the financial
statements taken as a whole are free from material misstatement, whether caused by fraud or error.
2. In order to fulfil this responsibility, they are required to identify and assess the risks of material
misstatement of the financial statements due to fraud.
3. They need to obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses. In addition,
auditors must respond appropriately to fraud or suspected fraud identified during the audit.
4. When obtaining reasonable assurance, auditors are responsible for maintaining professional
scepticism throughout the audit, considering the potential for management override of controls and
recognising the fact that audit procedures which are effective in detecting error may not be effective
in detecting fraud
5. To ensure that the whole engagement team is aware of the risks and responsibilities for fraud and
error, ISAs require that a discussion is held within the team, placing particular emphasis on how and
where the entity’s financial statements may be susceptible to material misstatement due to fraud,
including how fraud might occur
6. In situations where the external auditor does detect fraud, then the auditor will need to consider the
implications for the entire audit. In other words, the external auditor has a responsibility to extend
testing into other areas because the risk of providing an incorrect audit opinion will have increased.

Page 174 of 203

Groups to report fraud to

1. Report to audit committee: Disclose the situation to the audit committee as they are charged with
maintaining a high standard of governance in the company. The committee should be able to discuss
the situation with the directors and recommend that they take appropriate action
2. Report to members: If the financial statements do not show a true and fair view then the auditor
needs to report this fact to the members through their audit report.
3. Report to professional body: If the auditor is uncertain as to the correct course of action, advice may
be obtained from the auditor’s professional body.

Internal auditor’s responsibilities regarding fraud

• Commenting on the process used by management to identify and classify the specific fraud and error
risks to which the entity is subject (and in some cases helping management develop and implement
that process)
• commenting on the appropriateness and effectiveness of actions taken by management to manage
the risks identified (and in some cases helping management develop appropriate actions by making
recommendations)
• periodically auditing or reviewing systems or operations to determine whether the risks of fraud and
error are being effectively managed
• monitoring the incidence of fraud and error, investigating serious cases and making recommendations
for appropriate management responses.

In practice, the work of internal audit often focuses on the adequacy and effectiveness of internal control
procedures for the prevention, detection and reporting of fraud and error. It should be recognised,
however, that many significant frauds bypass normal internal control systems and that, in the case of
management fraud in particular, much higher level controls (those relating to the high level governance
of the entity) need to be reviewed by internal audit in order to establish the nature of the risks and to
manage them effectively.

Page 175 of 203

 Laws and Regulations

An important part of an external audit is the consideration by the auditor as to whether the client has
complied with laws and regulations.
Key points
Management’s responsibility: Management have a responsibility to ensure that the operations of The
client are conducted in accordance with the provisions of laws and regulations. This includes
compliance with laws and regulations that determine amounts and disclosures in financial statements,
including tax liabilities and charges.

Auditor’s responsibility: Auditors are not responsible for preventing non-compliance with laws and
regulations, and cannot be expected to detect non-compliance with all laws and regulations.
They have a responsibility to obtain reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or error.

Auditor’s responsibility differs in relation to the two different categories of laws and regulations
identified below:

1. Laws and regulations which have a DIRECT effect on the determination of material amounts and
disclosures in financial statements. Here the auditor is responsible for obtaining sufficient
appropriate audit evidence regarding compliance.

2. Laws and regulations which DO NOT HAVE A DIRECT EFFECT on the determination of material
amounts and disclosures in financial statements, but may impact the entity’s ability to continue to
trade. Here the auditor’s responsibility is limited to specified audit procedures to help identify non-
compliance with those laws and regulations that may have a material effect on the financial
statements. This includes inquiring with management whether the entity is in compliance with such
laws and regulations, and inspecting correspondence with relevant licensing or regulatory
authorities.

The auditor also has a responsibility to remain alert, by maintaining professional scepticism, to the
possibility that other audit procedures may bring instances of identified or suspected non-compliance
with laws and regulations.

DIRECT AND INDIRECT LAWS AND REGULATIONS- IMPORTANT EXAPLANATION TO GO THROUGH

There are many laws and regulations that a reporting entity may have to comply with in order to continue
in business. For example, many entities (particularly in the UK) will have to comply with strict health and
safety legislation; a food manufacturer may have strict food hygiene legislation to comply with, and an
accountancy firm will have a code of ethics to follow from its professional body.

Page 176 of 203

Such laws and regulations will have both a direct effect on the financial statements and
an indirect effect.

Laws and regulations that have a direct Laws and regulations that have an indirect effect on the
effect on the financial statements financial statements

Gather sufficient and appropriate audit The auditor will undertake procedures with the objective
evidence that the entity has complied of identifying non-compliance with such laws and
with such laws and regulations. For regulations. ISA 250 gives examples of:
example, when auditing the payroll the • compliance with the terms of an operating license
auditor will be concerned with gathering • compliance with regulatory solvency requirements, or
sufficient and appropriate audit evidence • compliance with environmental regulations.
to ensure that tax legislation has been
correctly applied by the entity because if When designing procedures to help to identify non-
it has not (there is risk that the entity compliance with laws and regulations, the auditor should
could be fined for non-compliance and obtain a general understanding of:
the fines could be material, either in • the applicable legal and regulatory framework, and
isolation or when aggregated with other • how the entity complies with that framework.
misstatements. In addition, amounts
within the financial statements may also the auditor must maintain a degree of professional
be misstated as a result of the non- scepticism and remain alert to the possibility that other
compliance with laws and regulations. audit procedures applied may bring instances of non-
compliance or suspected non-compliance with laws and
regulations to the auditor’s attention, and such procedures
could include:
• reading minutes of board meetings
• enquiring of management and/or legal advisers
concerning litigation or claims brought against the
entity, and
• undertaking substantive tests on classes of
transactions, account balances or disclosures.

REPORTING IDENTIFIED OR SUSPECTED NON-COMPLIANCE WITH LAWS AND REGULATIONS

Where the auditor discovers non-compliance with laws and regulations, the auditor must notify those
charged with governance.

However, care must be taken by the auditor because if the auditor suspects that those charged with
governance are involved, the auditor must then communicate with the next highest level of authority,
which may include the audit committee.

If a higher level of authority does not exist, the auditor will then consider the need to obtain legal advice.

Page 177 of 203

The auditor must also consider whether the non-compliance has a material effect on the financial
statements and, in turn, the impact the non-compliance will have on their report.

There may be occasions when the auditor’s duty of confidentiality may be overridden by law or statute.
This can be the case when the auditor discovers non-compliance with legislation such as drug trafficking
or money laundering.

Page 178 of 203

 Audit Documentation

Audit documentation’ means the record of audit procedures performed, relevant audit evidence obtained
and the conclusions the auditor reached.

Professional judgment is subjective. It needs to be supported by the facts and circumstances of the
engagement or by sufficient appropriate audit evidence.
Therefore, these matters need to be appropriately documented.

Need/ importance of documentation

1. Provides evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective of the audit.
2. Provides evidence that the audit was planned and performed in accordance with ISAs and applicable
legal and regulatory requirements.
3. Assists the engagement team to plan and perform the audit.
4. Assists members of the engagement team responsible for supervision to direct, supervise and review
the audit work.
5. Enables the engagement team to be accountable for its work.
6. Retains a record of matters of continuing significance to future audits.

Contents of a working paper

1. Name of client – identifies the client being audited.
2. Year-end date – identifies the year end to which the audit working papers relate.
3. Subject – identifies the area of the financial statements that is being audited, the topic area of the
working paper, such as receivables circularisation.
4. Working paper reference – provides a clear reference to identify the number of the working paper,
for example, R12 being the 12th working paper in the audit of receivables.
5. Preparer – identifies the name of the audit team member who prepared the working paper, so any
queries can be directed to the relevant person.
6. Date prepared – the date that the audit work was performed by the team member; this helps to
identify what was known at the time and what issues may have occurred subsequently.
7. Reviewer – the name of the audit team member who reviewed the working paper; this provides
evidence that the audit work was reviewed by an appropriate member of the team.
8. Date of review – the date the audit work was reviewed by the senior member of the team; this should
be prior to the date that the audit report was signed.
9. Objective of work/test – the aim of the work being performed, could be the related financial
statement assertion; this provides the context for why the audit procedure is being performed.
10. Details of work performed – the audit tests performed along with sufficient detail of items selected
for testing.
11. Results of work performed – whether any exceptions arose in the audit work and if any further work
is required.
12. Conclusion – the overall conclusion on the audit work performed, whether the area is true and fair.

Page 179 of 203

Audit documentation may be recorded on paper or on electronic or other media.

The working papers should be so prepared so as to enable an experienced auditor, with no previous
connection to the audit, to understand:
• The nature, timing and extent of the audit procedures performed to comply with the International
Standard on Auditing (ISA).
• The results of the audit procedures and audit evidence obtained.
• Significant matters resulting during the audit and the conclusions expressed thereon.

Types of audit files

The files in which all the working papers are put are termed audit files.

Permanent file papers (information of continuing importance)

The permanent file contains matters of continuing importance affecting the company or the audit. This
generally has future or long term use.
• Information concerning legal structure of entity (e.g., Memorandum and Articles of Association).
• Other documents of continuing importance:
o terms of engagement;
o minutes of important meetings;
o debenture deeds;
o title deeds and lease agreements;
o royalty agreements.
• Descriptions of nature and history of client's business, locations and products.
• A list of client's investments (if any).
• Organisation charts, with extra details for finance department.
• Main accounting records, showing where kept and of what type (e.g., handwritten, computerised).
• Copies of previous financial statements and auditor's reports thereon.
• Previous reports to management (detailing weaknesses found in the accounting system.
• Client's other professional advisers.
• Client's insurance cover details.
• Significant ratios and trends.
• Accounting systems descriptions in flow chart and narrative form.
• Internal controls evaluation data: questionnaires and checklists.
• Principal accounting policies.

Page 180 of 203

Current audit file papers (information of relevance to current year’s audit)

The current file which is broadly concerned with the accounts being audited. This generally serves an
immediate purpose. It generally contains the following papers:

Examples of the working papers ordinarily contained in a typical current audit file include:
- Evidence of the planning process including audit programmes and any changes thereto.
- Evidence of the auditor’s consideration of the work of internal auditing and conclusions reached.
- Analyses of transactions and balances.
- Analyses of significant ratios and trends.
- The identified and assessed risks of material misstatements at the financial statement and assertion
level.
- A record of the nature, timing and extent of audit procedures performed in response to risks at the
assertion level and the results of such procedures.
- Evidence that the work performed by assistants was supervised and reviewed
- An indication as to who performed the audit procedures and when they were performed.
- Details of audit procedures applied regarding components whose financial statements are audited by
another auditor.
- Copies of communications with other auditors, experts and other third parties.
- Copies of letters or notes concerning audit matters communicated to or discussed with management
or those charged with governance, including the terms of the engagement and material weaknesses
in internal control.
- Letters of representation received from the entity.
- Conclusions reached by the auditor concerning significant aspects of the audit, including how
exceptions and unusual matters, if any, disclosed by the auditor’s procedures were resolved or
treated.
- Copies of the financial statements and auditor’s report.

Controls required to ensure the safe custody of audit documentation

1. Maintain a log
2. Prevent unauthorised changes to the documentation
3. Protection from theft: passwords, access restrictions
4. Retention of working papers: minimum 5 years

Page 181 of 203

 Quality Control for an Audit of Financial Statements

Quality control is important to ensure that the firm and the auditors have fulfilled responsibilities in
accordance with professional standards and that the engagement report is appropriate.

The updated ISA 220 revises the definition of the audit team:
Engagement Team: All partners and staff performing the audit engagement, and any other individuals
who perform audit procedures on the engagement, excluding an auditor’s external expert and internal
auditors who provide direct assistance on an engagement.

The new definition recognizes that, regardless of location or employment status, if an individual is
performing audit procedures, then that individual needs to be independent and their work needs to be
appropriately directed, supervised and reviewed.

ISA 220 (Revised) also recognizes that individuals involved in the audit engagement may not necessarily
be engaged or employed directly by the firm.

For example, the engagement team may include individuals such as:
• Individuals from firm’s Information Technology (IT) team;
• The firm’s experts in valuations;
• Individuals performing audit procedures relating to inventory at a warehouse or remote location

Remember, there are two types of individuals that are specifically excluded from the definition of the
engagement team, (1) an auditor’s external expert and (2) internal auditors who provide direct assistance
on an engagement

Page 182 of 203

1 Leadership • The engagement partner (EP) has overall responsibility for managing and
responsibilities for achieving quality and creating the right environment for the engagement
achieving quality team.
• EP responsibility includes being sufficiently and appropriately involved
throughout the audit.
• The engagement partner is also required to take responsibility for firm’s
commitment to quality and the expected behavior of the engagement
team.
• The engagement partner is also responsible for the direction and
supervision of the engagement team and the review of work.
2 Ethical requirements Engagement Partner to ensure independence not compromised
throughout the audit. The engagement partner should also identify and
evaluate threats to ensure compliance with relevant ethical requirements
and the firm’s policies and procedures and take appropriate actions with
regards to possible breaches of ethics.

3 Acceptance and The firm should also have policies and procedures to ensure that only
Continuance of client appropriate clients are accepted in the first place and retained.
relationships and
Audit Engagements If engagement team becomes aware of information that would have
caused the audit firm to decline the audit engagement, such information
should be communicated by the engagement partner on a timely basis to
the firm so that appropriate action can be taken.
4 Engagement Engagement Partner should have skills, authority, time required for audit.
Resources He should also ensure the team has appropriate competence and
capabilities. Important resources to consider are human resources,
technological resources and intellectual resources.
5 Engagement a) Direction-must be set by the engagement partner and communicated
performance to the team in the planning meeting. The following should be
communicated to audit team members:
- Personal conduct, communication and actions expected of the
team
- The importance of maintaining a questioning mind and exercising
professional skepticism.
- Objective of work to be done and detailed instructions on nature,
timing and extent of audit procedures.
- The importance of fulfilling ethical requirements
- Team should be instructed on how to deal with quality problems
as they arise

Page 183 of 203

b) Supervision-Main responsibility: Engagement Partner
The audit supervisor should keep track of the progress of the audit
engagement to ensure that the audit timetable is met and should
ensure that the audit manager and partner are kept updated of
progress. Supervision should:
- Should be continuous
- Consider competence and capabilities of individual members of the
engagement team, including whether they have sufficient time to
carry out work, whether they understand instructions and whether
the work is being carried out in accordance with the planned
approach to the audit.)
- Ensure important matters communicated to seniors
- Ensure audit approach modified if needed (based on any significant
matters that may arise during the audit)
- Consider if consultation is needed.
c) Consultation (use of experts) where needed
The engagement partner shall take responsibility for the engagement
team undertaking consultation on difficult matters or where
consultation is necessary in the partner’s judgment. Appropriate
consultation should be taken during the audit engagement both within
the audit team and between the engagement team and others at the
appropriate level.
d) Review-
The engagement partner is required to review audit documentation
specifically audit documentation relating to significant matters and
significant judgements.

The engagement partner should consider whether evidence gathered

is sufficient and appropriate and supports the conclusions. The partner
should also check if objective of work has been achieved
e) Engagement Quality Review
The engagement partner shall:
- Determine that an engagement quality reviewer has been
appointed;
- Discuss significant matters and significant judgments arising during
the audit engagement, including those identified during the
engagement quality review, with the engagement quality reviewer;
and
- Not date the auditor’s report until the completion of the
engagement quality review

Page 184 of 203

6 Monitoring and - The firm should ensure quality control procedures are adequate and
Remediation complied with.
7. Documentation The engagement partner shall be responsible for the following:
- Maintain and retain all documentation related to fulfillment of ethical
requirements, the acceptance and continuation of client relationship,
the nature and scope of, and conclusions resulting from, consultations
undertaken during the audit engagement and how such conclusions
were implemented.
- If the audit engagement is subject to an engagement quality review,
that the engagement quality review has been completed on or before
the date of the auditor’s report.
- Ensure confidentiality

Page 185 of 203

 Corporate Governance

Corporate governance is the system by which companies are directed and controlled.

Good corporate governance ensures that stakeholders with a relevant interest in the company are fully
taken into account

According to the UK Corporate Governance Code the ‘purpose of corporate governance is to facilitate
effective, entrepreneurial and prudent management that can deliver the long-term success of the
company’.

Corporate governance considers the responsibilities of directors, how the board of directors should be
run and structured, the need for good internal controls and the relationship with external auditors.

It is important for companies to consider good corporate governance principles as often it is management
or those charged with governance who run the company, but the owners are the shareholders and they
are not involved in the running of the business.

For these shareholders their only opportunity to raise concerns is at the annual general meeting, which
only occurs once a year and often attendance is low.

Shareholders need to ensure that their needs are taken into account by management, and that there is a
process in place for them to be informed as to how the business is operating.

Corporate governance represents the set of policies and procedures that determine how an organisation
is directed, administered and controlled.

Although the contents of corporate governance will vary from organisation to organisation, almost all will
have the following components: Accountability, compliance, transparency and integrity

TCWG: Those “charged with governance” are defined as the persons who are “accountable for ensuring
that the entity achieves its objectives, with regard to reliability of financial reporting, effectiveness and
efficiency of operations, compliance with applicable laws, and reporting to interested parties.”

Although there is no universal rule, in most instances these persons will either be the board of directors
and/or the audit committee

Page 186 of 203

An Exam focused summary

Can be principles based or rules based

Board of Directors
The ENTIRE board responsible for F/S, fraud prevention and detection, ICS, ethics, compliance etc.

Executive Directors: Remuneration package ( Basic Salary, Benefits in kind, Performance linked
elements in short term as well as long term, Retirement benefits)

Non-Executive Directors ( should be independent: No familiarity with the executive management, no

financial interest in company except a fixed fee for directors’ duties, not business relationship, not been
an employee in the recent past, can serve for maximum 9 years)

Appoint NEDs to protect SH interest. They also bring external expertise.

1. CEO and Chairman roles should be segregated ( Chairman should be an NED)

2. Balance in the board: equal number of EDs and NEDs excluding the independent Chairman
3. Variety of skills, cultural and gender diversity in the board
4. There should be FOUR sub-committees of the board
a) Audit Committee
b) Remuneration Committee
c) Risk Committee
d) Nomination Committee
5. For ALL directors:
- Induction
- CPD
- Annual performance appraisal
- Re-election ever 3 years ( retirement by rotation)
Regular board meetings ( with agenda and minutes). No single individual should dominate
discussions.
6. The company should have a sound system of internal control.
7. There should be adequate risk management in the company.
8. There should be an internal audit department
9. Transparency in the annual report is important.
10. Institutional shareholders should intervene in the company when needed.

Page 187 of 203

Provisions of international codes of corporate governance (such as OECD) that are most relevant to
auditors.

The Principles cover six key areas of corporate governance:

1. Ensuring the basis for an effective corporate governance framework (should promote transparent
and efficient markets, be consistent with the rule of law and have a clear division of responsibilities among
different supervisory, regulatory and enforcement authorities)
2. The rights of shareholders and key ownership functions
3. The equitable treatment of shareholders
4. The role of stakeholders in corporate governance
5. Disclosure and transparency
6. The responsibilities of the board

Important terms in corporate governance

An executive director: an executive director is a director responsible for the administration of a company.

They are primarily responsible for carrying out the strategic plans and policies as established by the board
of directors.

A non-executive director (NED): a non-executive director is a director without day-to-day operational

responsibilities of the company.

Responsibilities of the board of directors in corporate governance

- Establish a code of corporate ethics
- Ensure that that the organisation establishes policies, procedures and controls to manage the
potential risks it will face
- Ensure compliance with laws and regulations
- Ensuring that an effective system of internal controls is in place and functioning
- Ensuring that a high quality and timely independent audit is conducted
- Establish and oversee the work of audit and remuneration committee

The board of directors - The board should meet regularly.

- The roles of chairman and CEO should not be performed by the same
individual. The roles of chairman (NED) and chief executive (ED) are both
very important and carry significant responsibilities; hence this prevents
too much power residing in the hands of one individual.

Page 188 of 203

 - At least half of the board should be comprised of NEDs: There should be
an appropriate balance of executives and non-executives (excluding the
chairman), to ensure that the board makes the correct objective
decisions, which are in the best interest of the stakeholders of the
company, and no individual or group of individuals dominates the board’s
decision-making

- Non-executives need to be independent of the executive management so

that they can exercise judgment without bias or self interest

- All directors should receive induction training when they first join the
board so that they are fully aware of their responsibilities.

- The shareholders should review on a regular basis that the composition

of the board of directors is appropriate, and they do this by re-electing
directors every three years (retirement by rotation).

- The directors need to consider, on an annual basis, whether the company

requires an internal audit department. Internal audit helps the director in
monitoring the company.

- The performance of each board member should be appraised on an

annual basis.

- There should be an on-going process of board development through

continuous professional development (CPD) of all board members.

- Board sub-committees with appropriate composition should be made

(Audit and Remuneration committee should only have NEDs whereas Risk
and Nomination should have a majority of NEDs)

Director’s No director should be involved in setting their own remuneration as this may
remuneration result in excessive levels of pay being set.

Levels of remuneration should be sufficient to attract and retain the directors

needed to run the company successfully, but companies should avoid paying
more than is necessary for this purpose. A proportion of executive directors’
remuneration should be structured so as to link rewards to corporate and
individual performance.

Page 189 of 203

 Non-executive directors’ pay should not be based on meeting company
targets as their pay should be independent of how the company performs.
Accountability and The board should present a balanced and understandable assessment of the
audit company’s position and prospects.
Internal control The board should maintain a safe and registered system of internal control to
safeguard the shareholders’ investment and the company’s assets.

Audit committee and i. The board should establish an audit committee of at least three
auditors directors, all non-executive, with written terms of reference which
deal clearly with its authority and duties.
ii. The audit committee should monitor and review the internal audit
and the reports prepared by the internal audit team.
iii. With regard to the external auditors, the audit committee should
• Recommend their appointment.
• Approve their remuneration and terms of engagement.
• Monitor and review their independence, objectivity and
effectiveness.

Relations with All members of the board should be involved in ensuring that satisfactory
shareholders dialogue occurs with shareholders (for example all should attend meetings
with shareholders).

Dialogue with institutional shareholders: Companies should be ready, where

practicable, to enter into a dialogue with institutional shareholders based on
mutual understanding of objectives.

Constructive use of the AGM: Boards should use the AGM to communicate
with private investors and encourage their participation.

Institutional investors Shareholder voting: Institutional shareholders have a responsibility to make

careful use of their votes.
Code provisions
i. Institutional shareholders should, on request, make available to their
clients the information on the proportion of resolutions on which
votes were cast and non-discretionary proxies lodged.
ii. Institutional shareholders should take steps to ensure that their
voting intentions are being translated into practice.

Dialogue with companies: Institutional shareholders should be ready, where

practicable, to enter into a dialogue with companies based on the mutual
understanding of objectives.

Page 190 of 203

 Evaluation of governance disclosures: When evaluating companies’
governance arrangements, particularly those relating to board structure and
composition, institutional investors should give due weight to all relevant
factors drawn to their attention.

Roles of the Audit Committee

Composition: entirely NEDs-at least one of them should have recent and relevant financial experience.

1. With regards to Financial statements, the Audit committee:

o reviews integrity of financial statements (including reviewing significant judgments)
o checks the clarity and completeness of the disclosures in the financial statements.
o monitors formal announcement regarding financial performance

2. With regards to Internal audit, it

o monitors effectiveness of IA, review their plan and ensure their recommendations are actioned
o ensures IA is accountable to AC and preserve their independence + Chief Internal auditor has
access to Chairman
o approves appointment/termination of Chief Internal Auditor

3. With regards to External auditors, it

o Is responsible for oversight of the company’s relations with its external auditors.
o Nominates the external audit firm for appointment by shareholders.
o Recommends remuneration and terms of engagement of EA
o Reviews and monitors independence of EA
o Develops and implements policy on EA providing non-audit services
o Reviews qualification and expertise of the EA

4. It reviews control systems (internal controls, internal financial controls, risk management)

5. It monitors compliance with laws and regulations

6. The audit committee should also review the procedures in place for whistle-blowing within the
company.

Advantages of audit committee

1. Improves Public confidence in the credibility and objectivity of the financial statements. (They can
create a climate of discipline and control and reduce the opportunity for fraud)
2. It will help to improve the quality of the financial reportingguidance to BOD
3. An audit committee can help to improve the internal control environment of the company. The audit
committee is able to devote more time and attention to areas such as internal controls.

Page 191 of 203

4. Helps in risk management: The audit committee can also provide advice on risk management to the
executive directors.
5. The audit committee will be responsible for recommending appointment of the external auditors and
this will strengthen the auditors’ independence and contribute to a channel of communication and
forum of issues.
6. The NEDs bring considerable external experience to the board as well as challenging the decisions of
executive directors and contributing to independent judgements.
7. Senior management in the accounting and finance function can raise concerns and discuss accounting
issues with the audit committee.
8. The independence of the internal audit department is improved The audit committee will assume
responsibility for appointing and liaising with the external audit firm, thus ensuring the independence
of the external auditor especially in cases of dispute with management.

Limitations of audit committee

1. Although audit committees do oversee the work of auditors (both internal and external) they do not
have the authority to appoint or dismiss external auditors. This limits the amount of power the
committee has over the organisation’s auditors.

2. Audit committees generally do not have as much technical expertise and knowledge as the auditors
they are overseeing.

3. Independent directors often do not have as thorough a knowledge of the organisation’s operations
and functioning as executive directors.

4. Most of the members of the audit committee are non-executive directors. The board may feel that
the audit committee has been formed to limit its powers and allow outsiders to run the company.

5. The non-executive directors have to be paid more for carrying out the responsibilities associated with
the audit committee. Hence, it increases the cost of the organisation.

Page 192 of 203

 Internal Audit

An independent appraisal activity established within an organization as a service to it. A control in itself
which functions by examining and evaluating the adequacy and effectiveness of other controls.

It functions by, amongst other things, examining, evaluating and reporting to management and the
directors on the adequacy and effectiveness of components of the accounting and internal control
systems

(Internal Audit is NOT a regulatory requirement BUT is a corporate governance best practice guideline)
There is NO requirement for internal auditor to be professionally qualified.

INDEPENDENCE

Internal auditors should:

• monitor and review controls, not design and implement them;
• report to the audit committee
• be free to decide on the nature and scope of their work;
• be free to communicate fully with the external auditors.

Steps to conduct internal audit

1. Identify the risks which may occur if there are no controls in place
2. Identify controls in place
3. Evaluate whether the controls in place reduce the risk to an acceptable level, i.e. they are adequate.
4. Evaluate whether the controls are working effectively.
5. Report

Functions of Internal Audit

1. Reviewing adequacy and effectiveness of financial and operational internal control systems
2. Helping management with risk assessment
3. Examining operating and financial information (is it reliable, adequate, timely? How is it identified and
communicated?)
4. Review of compliance with laws, regulations and other external requirements and with management
policies and directives and other internal requirements.

Page 193 of 203

5. Special assignments- some examples
- Value for Money audit (VFM)
- Mystery shopping
- Financial audit
- Financial statement audit
- IT system audit
- HR audit
- Undertake inventory counts
6. Internal audit’s role in preventing and detecting fraud and error
- Can help by assessing the main areas of fraud risk
- Can help by assessing the adequacy and effectiveness of control systems.
- Can undertake regular reviews of compliance of these controls.
- Where fraud is suspected, the internal audit department can undertake a detailed fraud
investigation to identify who is involved, likely sums stolen and gather evidence for any
subsequent police investigation.
- The presence of an internal audit department can itself act as a fraud deterrent, as the risk of
being discovered means individuals are less likely to undertake fraudulent activities.

Factors determining need of internal audit

Before establishing an internal audit department, consider the following:

✓ Will it be cost-beneficial?
✓ Consider the size and complexity of operations as well as number of employees- is more monitoring
needed due to increased chances of fraud and error?
✓ Have key risks and processes changed? Internal audit can help in risk assessment and in reviewing
controls.
✓ Problems with existing controls- is there a history of control deficiencies?
✓ Need of special assignments that normally internal audit carries out. The ability of current
management to carry out these assignments will need to be considered. If they do not have the ability,
an IA department may be needed.

What does corporate governance say about Internal Audit?

• IA should report to the Audit Committee. The AC will monitor if internal audit is effective. If there is
no IA department, the AC should determine whether there is need for one. In case they believe the
internal audit department is not required, it needs to explain the reason for this in the annual report.
• Assistance to the board of directors:
The IA department checks reports that are not audited by the external auditors.
It can help the board with regards to accounting and auditing standards when required.
IA can liaison with external auditors which can reduce the time and cost of external audit.

Page 194 of 203

Differences between external and internal audit
Internal Audit External Audit
Appointment process Determined by management; Determined by statute; appointed by
appointed by members. Formal auditing
management. qualifications are required.

Objective The main objective of internal audit is to The main objective of the external
improve a company’s operations, auditor is to express an opinion on
primarily in terms of validating the the truth and fairness of the financial
efficiency and effectiveness of the statements, and other jurisdiction
internal control systems of a company. specific requirements.

Report to Internal audit reports are normally External audit reports are provided to
addressed to the board of directors, or the shareholders of a company. The
other people charged with governance report is attached to the annual
such as the audit committee. Those financial statements of the company
reports are not publicly available, being and is therefore publicly available to
confidential between the internal the shareholders and any reader of
auditor and the recipient. the financial statements.

Scope The work of the internal auditor The work of the external auditor
normally relates to the operations of relates only to the financial
the organisation, including the statements of the organisation.
transaction processing systems and the
systems to produce the annual financial However, the internal control
statements. The internal auditor may systems of the organisation will be
also provide other reports to tested as these provide evidence on
management, such as value for money the completeness and accuracy of the
audits which external auditors rarely financial statements.
become involved with.

Relationship with the In most organisations, the internal The external auditor is appointed by
organization auditor is an employee of the the shareholders of an organisation,
organisation, which may have an providing some degree of
impact on the auditor’s independence. independence from the company and
However, in some organisations the management
internal audit function is outsourced.

Page 195 of 203

 Planning and evidence No materiality Materiality
collection Procedural or risk based Risk based
Primarily internal sources of evidence Internal and external sources of
evidence

IA and risk management

IA ensures risk management systems are operating effectively and that the strategies implemented for
business risks are operating effectively.
Business risk (risk that the company’s objectives are not met or strategy not executed properly or
inappropriate objectives and strategies were set).

Limitations of IA
- independence issues as employees so may be concerned about job security
- if it is not reporting to the AC, management can influence them (they will be checking the work of the
people they are reporting to).

Outsourcing Internal Audit

Advantages
- Greater expertise, specialist skills and access to better audit technology without extra cost available
- Cost:
- The risk of staff turnover is passed on to the firm
- Lesser cost of training staff and retaining permanent staff
- Can budget better.
- May be more independent
- Lesser management time consumed in administering the department
- IA will be immediately available (also good for short term)
- The contract can be set for an appropriate time scale
- Flexibility in terms of that the staff can be called in according to workload

Disadvantages
1. May not be independent if the same firm is offering external audit and internal audit
2. May be more expensive
3. The firm will not have in-depth knowledge of the company
4. Lesser control by the management over the standard of service
5. May have confidentiality issues
6. If the company has an existing IA department:
- they may face opposition from the other staff
- In-house skills will be lost
- Redundancy costs if these staff members cannot be re-allocated other roles

Page 196 of 203

Internal Audit assignments- examples to read through
1. VFM audit: A value for money audit focuses on whether the best combination of services has been
obtained for the lowest level of resources. In performing a value for money audit there are three areas
which an auditor will commonly focus on being economy, efficiency and effectiveness, and these are
known as the three Es.

Economy – Keeping the cost of resources used to a minimum.

Efficiency – The relationship between the output from goods and services and the resources used to
produce them.

Effectiveness – How well the organisation’s objectives have been achieved.

• Economy: attaining the appropriate quantity and quality of physical, human and financial
resources at the lowest cost
• Efficiency: this is a measure of the relationship between goods and services produced (outputs)
and the resources used to produce them (inputs)
• Effectiveness: how well an activity is achieving its policy objectives or other intended effects

2. IT audit
An information technology audit is an examination of the controls within an information technology
infrastructure. This determines if the information systems are:
− safeguarding assets,
− maintaining data integrity and
− operating effectively and efficiently to achieve the organisation’s goals or objectives.

3. Best value audit

A best value review involves the following:
- Reviewing whether the products / services meet the requirements of the customers
- Determining whether there is balance between the cost and quality of the service or not
- Comparing product / service with competitors to find out the best and the worst features in the
products of the entity so as to make improvements.
-

4. Financial audit
The scope of internal audit for financial functions may involve internal control topics such as the
efficiency of operations, the reliability of financial reporting, deterring and investigating fraud,
identifying errors, safeguarding assets and compliance with laws and regulations.

5. Operational audit (procurement, marketing, HR)

6. Mystery shopper reviews

7. Regulatory compliance review

Page 197 of 203

EXTERNAL AUDIT RELIANCE ON INTERNAL AUDITWORK

Reliance on internal audit

ISA 610 Using the Work of Internal Auditors details the factors the external auditors should consider in
order to place reliance on the work of the internal audit (IA) department as follows:

1. Objectivity: They should consider the status of IA within the company and if they are independent of
other departments, in particular the finance department. In addition, consideration should be given
as to who IA reports to, whether this is directly to those charged with governance or to a finance
director.

2. Technical competence: The technical competence of IA staff should be considered. Consideration

should be given to whether they are members of a professional body and have relevant qualifications
and experience.

3. Due professional care: The external auditors should consider if the IA department have exercised due
professional care, the work would need to have been properly planned including detailed work
programmes, supervised, documented and reviewed.

4. Communication: In order to place reliance there needs to be effective communication between the
internal auditors and the external auditor. This is most likely to occur when the IA department is free
to communicate openly and regular meetings are held throughout the year.

Areas where external auditor can rely on/use internal auditor’s work:

- External Auditors could look to rely on any internal control documentation produced by internal audit
for changes in the control environment.
- If the IA department has performed test of controls during the year, such as the payroll, sales and
purchase systems, then external auditors could review and possibly place reliance on this work. This
may result in the workload reducing and possibly a decrease in the external audit fee.
- IA department may have conducted a risk assessment which external auditors could use as part of
their initial planning process.
- External auditors would need to consider the risk of fraud and error and non-compliance with law
and regulations resulting in misstatements in the financial statements. This is also an area for IA to
consider, hence there is scope for the external auditor to review the work and testing performed by
IA to assist in this risk assessment.
- It is possible that the IA department may assist with year-end inventory counting and controls and
so external auditors can place some reliance on the work performed by them, however, they would
still need to attend the count and perform their own reduced testing.

Page 198 of 203

 Not for Profit Organizations

Examples: charities, housing associations, clubs. local authorities/councils, government bodies.

Charities
Unlike publicly traded companies, charities are not required by the Securities and Exchange Commission
to undergo annual audits. Many not-for-profit organizations, however, are required to receive an audit if
they accept certain types of funding or earn a large amount of revenue. A positive audit opinion can
increase donor and board member confidence in the non-profit's operations. An audit may also be
required by the regulators ( the charity commission for example).

The auditor should clarify who the addresses of the report will be along with the scope of the engagement

Important features to remember:

❖ There are no external shareholders therefore no dividends

❖ Income likely to be from donations/grants.
❖ Likely additional reporting/accounting rules.
❖ Their activities may be restricted by regulators
❖ They are NOT forbidden from engaging in commercial activities
❖ 3Es very important for them.
❖ Normally managed by a council made up entirely of volunteers ( like NEDs)

- Inherent risk can be high in not-for-profit organizations that must report certain results to continue
receiving grants.
- Non-profits that pay low wages may have trouble attracting qualified accountants
- Higher level of cash transactions.
- Income – completeness problem.
- Lack of predictability regarding future income/expenditure. (analytical procedures aren’t very useful
here!)
- Potential restrictions regarding activities/use of income.
- Restricted number of employees so segregation of duties difficult
- Auditors should evaluate not only the number of people involved in the accounting process but the
level of supervision. If no one is approving junior-level accounting staff entries, mistakes are less likely
to be caught.
- Volunteer staff: Risks regarding their competence, training, lack of trust
- Informal environment
- Trustees (the time they give to the org, skills, qualifications, frequency of meetings, independence
from each other)
- Auditors typically test a variety of accounts and transactions. They should pay special attention to
revenue accounts when auditing a nonprofit. Nonprofit entities have different sources of revenue

Page 199 of 203

 than their for-profit counterparts, and all employees may not be familiar with the revenue recognition
rules for donations and grants. Auditors should check to see if the nonprofit has adequate supporting
documentation and determine the correct timing of revenue recognition for grants that have strings
attached. The auditors should give special attention to:
- Completeness of income
- Misuse of funds/ misappropriation of assets

Planning the audit

The planning procedures undertaken for not-for-profit organisations will differ very little from those for
profit making organisations.

However, the auditor should have specific regard to any laws, regulations or guidelines imposed on the
entity by any regulatory body.

The scope of the auditor's work will be detailed in the engagement letter.

Risk assessment

The auditor should, during the planning stage, fully assess the risks associated with the not-for-profit
organisation.

INHERENT RISK

Key factors to consider include:

- The complexity and extent of regulation
- The significance of donations and cash receipts
- Restrictions imposed by the objectives and powers given by the entity’s governing documents
- The sensitivity of certain key statistics such as proportion of resources used in administration
- The need to maintain adequate resources whilst avoiding the buildup of resources which could appear
excessive

CONTROL RISK
Key factors to consider include:
- Competence, training and qualification of paid staff and volunteers
- Segregation of duties
- Reliability of accounting systems / computer systems
- Controls over compliance with laws and regulations
- Power of trustees

Page 200 of 203

Audit evidence
When designing substantive procedures for not-for-profit organisations, the auditor should give special
attention to the possibility of:

 Understatement of income, including gifts in kind, cash donations and legacies

 Incorrect accounting treatment of lifetime subscriptions
 Overstatement of cash grants or expenses
 Misanalysis or misuse of funds
 Misstatement or omission of assets including donated properties
 Misallocation of expenses to disguise excessive administration expenditure

Reporting
For incorporated not-for-profit organisations, the reporting requirements of ISA 700 the independent
auditor's report on a complete set of general-purpose financial statements apply.

Additionally, the reporting requirements of the governing body will need to be encompassed in the
auditor's report.

For organisations not incorporated under statute, the auditor or review report will be determined in
accordance with the terms of appointment detailed in the letter of engagement.

Page 201 of 203

 Common formats

Management letter
Weakness Implication (Possible effect) Recommendation

Report (with Cover letter)

Board of Directors
XYZ Co
Address line 1
Address line 2
Address line 3
8 August 20XX
Dear Sirs,
Audit of XYZ Co for year ended 30th September 20XX
Please find enclosed the report to management on……

This report is solely for the use of management and if you have any further questions, then please do
not hesitate to contact us.

Yours faithfully
An audit firm

Page 202 of 203

 Formal business letter
ABC plc
Address line 1
Address line 2
Address line 3
Date

Dear Shareholders,

Subject

Do not start the letter right away. You need to have a formal introduction

Thank you
Yours sincerely
Mr. A
(Designation)

Memorandum
From:
To:
CC:
Date: DD/MM/YYYY
Subject: _____________________________:
Introduction
Explanation

Sincerely
AB

Page 203 of 203