CFAP-6: AUDIT, ASSURANCE AND

RELATED SERVICES
1st Edition (Summer 2025)

Volume – I
ISAs – Summaries and Application Guide

By: Muhammad Asif, FCA

 ALL RIGHTS RESERVED.

1st Edition: Summer 2025

CFAP-6: AUDIT, ASSURANCE AND RELATED SERVICES, 1/e

Volume – I

AUTHOR
Muhammad Asif, FCA
 ABOUT THE AUTHOR

The author, Muhammad Asif, FCA is a fellow member of Institute of Chartered

Accountants of Pakistan. After qualifying as a chartered accountant in 2008, he worked
with A. F. Ferguson & Co., Chartered Accountants (a member firm of the PwC network)
at managerial level. Having served the firm for more than a year at that level, he adapted
teaching as profession on full time basis in 2009.

He is also a certificate holder of International Standards on Auditing (ISAs)

Programme of Institute of Chartered Accountants in England & Wales (ICAEW).

Currently, he is working with Crescent College of Accountancy, Lahore. He teaches

following subjects to the students of chartered accountancy (ICAP):
 PRC 03: Principles of Economics
 CAF 04: Business Law
 CAF 06: Managerial and Financial Analysis
 CAF 07: Company Law
 CAF 08: Audit and Assurance
 CFAP 06: Audit, Assurance & Related Services

i
 TABLE OF CONTENTS (1/e, Volume – 1)

Sr. # Chapter Title Page Number

Grid A: Audit of Historical Financial Information-Planning and Others [25-30 Marks]

1 ISA 210: Agreeing the terms of audit engagement 1
2 ISA 230: audit documentation 7
ISA 250(revised): Consideration of Laws and regulations in an audit of
3 13
financial statements
4 ISA 260(revised): Communication with those charged with governance 19
ISA 265: Communicating deficiencies in internal control to those
5 25
charged with governance and management
6 ISA 300: Planning an audit of financial statements 29
ISA 402: Audit considerations relating to an entity using a service
7 35
organization
8 ISA 450: Evaluation of misstatements identified during the audit 41
9 ISA 500: Audit evidence 46
10 ISA 501: Audit evidence – specific considerations for selected items 53
11 ISA 505: External confirmations 58
12 ISA 510: Initial audit engagements – opening balances 64
13 ISA 520: Analytical procedures 69
14 ISA 530: Audit Sampling 73
ISA 540(revised): Auditing accounting estimates and related
15 83
disclosures
16 ISA 550: related parties 91
17 ISA 560: subsequent events 98
18 ISA 570(revised): Going concern 103
19 ISA 580: Written representations 110
ISA 600: Special considerations –Audit of Group Financial Statements
20 116
(including the work of component auditors)
21 ISA 610(revised 2013): Using the work of internal auditors 132
22 ISA 620: Using the work of an expert 138

Grid B: Audit of Historical Financial Information – Risks [15-20 Marks]

ISA 240: The auditor’s responsibilities relating to fraud in an audit of
1 143
financial statements
ISA 315(revised 2019): identifying and assessing the risk of material
2 156
misstatement through understanding the entity and its environment
3 ISA 320: Materiality in planning and performing an audit 179
4 ISA 330: The auditor’s response to assessed risk 182

ii
 Grid C: Audit Conclusion and Reporting [20-30 Marks]
ISA 700(revised): Forming an opinion and reporting on Financial
1 187
statements
ISA 701: Communicating Key audit matters in the Independent auditor’s
2 194
report
ISA 705 (revised): modifications to the opinion in the independent
3 199
auditor’s report
ISA 706 (revised): emphasis of matter paragraphs and other matter
4 206
paragraphs in the independent auditor’s report
ISA 710: Comparative information – Corresponding figures and
5 211
comparative financial statements
ISA 720(Revised): The auditor’s responsibilities relating to other
6 214
information

Grid D: Specialized Areas, Other Assurance Engagement and Related Services [15-20 Marks]
ISA 800 (revised): Special Considerations-Audits of Financial Statements
1 224
prepared in accordance with special purpose frameworks
ISA 805 (revised): Special Considerations-Audit of Single statements and
2 230
specific elements, accounts or items of a financial statements
ISA 810 (revised): Engagement to report on summary financial
3 235
statements
4 ISRE 2400: Engagements to review historical financial statements 243
ISRE 2410: Review of interim financial information performed by the
5 251
independent auditor of the entity
ISAE 3000: Assurance engagements other than audits or reviews of
6 264
historical financial information
7 ISAE 3400: The examination of prospective financial information 276
8 ISAE 3402: Assurance reports on controls at a service organization 283
9 ISAE 3410: Assurance engagements on Greenhouse Gas Statements 292
ISAE 3420: Assurance engagements on Report on the Compilation of
10 304
Pro-forma Financial Information included in a prospectus
11 ISRS 4400 (Revised): Agreed-Upon Procedures Engagements 312
12 ISRS 4410: Compilation engagement 323

Grid E: Ethical, Quality Control and Professional Requirements [10-15 Marks]

1 Code of Ethics(revised) 2019 issued by ICAP 331
2a ISQM 1 383
2b ISQM 2 394
2c ISA 220 (revised) 399
3 Chartered Accountant Ordinance, 1961 407

Miscellaneous
1 ISA 200: Overall Objectives of the Independent Auditor 413
2 Joint Audit 421
3 Due Diligence Engagements 423

iii
 ISAs – Summaries and Application Guide ISA 210

ISA 210
AGREEING THE TERMS OF AUDIT
ENGAGEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–5 A1

LO 2 PRECONDITIONS FOR AN AUDIT 6–8 A2 – A21
LO 3 AGREEMENT ON AUDIT ENGAGEMENT TERMS 9 – 12 A22 – A29
LO 4 RECURRING AUDITS 13 A30
ACCEPTANCE OF A CHANGE IN THE TERMS OF THE AUDIT
LO 5 14 – 17 A31 – A35
ENGAGEMENT
LO 6 ADDITIONAL CONSIDERATIONS IN ENGAGEMENT ACCEPTANCE 18 – 21 A36 – A39
APX 1 EXAMPLE OF AN AUDIT ENGAGEMENT LETTER
APX 2 DETERMINING THE ACCEPTABILITY OF GENERAL PURPOSE FRAMEWORKS

1
ISAs – Summaries and Application Guide ISA 210

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Objective of ISA 210

The auditor should only accept or continue an audit when:
• Preconditions for an audit are confirmed.
• A clear agreement exists on engagement terms.

LO 2: PRECONDITIONS FOR AN AUDIT:

Before accepting an audit engagement, auditor must ensure that Preconditions for audit are present i.e.
 Financial Reporting Framework is acceptable.
 Premise of Audit is present.

Financial Reporting Framework:

Factors to Consider in determining Acceptability of Framework:

 Type of Entity – Business, government, or non-profit.
 Purpose of Financial Statements – General use or specific users.
 Legal Requirements – Whether law mandates a specific framework.

If issues arise after acceptance, management may need to adopt a new framework.

Types of Frameworks:
 General Purpose Framework – Serves broad user needs.
 Special Purpose Framework – Designed for specific users.

Management’s Responsibilities:

What Must Management Acknowledge?

The auditor needs to confirm that management acknowledges and understands following responsibilities:
 Preparation of Financial Statements
 Internal Control
 Providing Information to Auditor (including Other Information as per ISA 720)

� What Happens if Management Refuses?

The auditor must not accept the engagement unless required by law.

Scope Limitations Before Audit Acceptance:

If management limits audit procedures to the extent that the auditor may need to issue a disclaimer, the
engagement must not be accepted (unless legally required).

Other Factors Affecting Audit Engagement Acceptance:

What if Preconditions Are Not Met?

The auditor must discuss issues with management and should not accept the engagement if:
1. The financial reporting framework is unacceptable.
2. Management refuses to acknowledge its responsibilities

2
ISAs – Summaries and Application Guide ISA 210

Internal Control Responsibilities:

 Internal control systems vary based on:
o Entity size and complexity.
o Risk levels and business operations.
o Legal or regulatory requirements.

 Management is responsible for internal controls, ensuring financial statements are free from
material misstatements.

 The auditor assesses internal control, but does not replace and does not provide opinion on internal
control systems.

Special Considerations for Smaller Entities

• Smaller entities may rely on third parties for financial statement preparation.
• Regardless, management remains responsible for ensuring compliance with reporting standards.

LO 3: AGREEMENT ON AUDIT ENGAGEMENT TERMS:

Agreement on Terms:
The auditor must agree on engagement terms with management or those charged with governance.

 An audit engagement letter must include:

 Objective & Scope – The purpose and coverage of the audit.
 Auditor’s Responsibilities – The role and obligations of the auditor.
 Management’s Responsibilities – Key duties such as preparing financial statements.
 Financial Reporting Framework – The accounting standards used.
 Audit Report Format – Expected content of the auditor’s report.
 Possible Report Modifications – Disclaimer that changes may occur.

 The engagement letter may also include:

 Audit scope details, including applicable laws and standards (e.g., ISAs, ethical codes).
 Communication of audit results beyond the main report.
 Requirement to report Key Audit Matters (KAMs) (ISA 701).
 Acknowledgment of audit limitations (some misstatements may remain undetected).
 Audit plan & team composition.
 Management’s responsibility to provide financial information on time.
 Management’s duty to disclose new facts affecting financial statements.
 Audit fee structure and billing arrangements.
 Management’s written acknowledgment of agreement terms.

Exceptions to a Written Agreement:

If laws or regulations fully define engagement terms, a separate agreement is not required. However:
 The auditor must document that management understands its responsibilities.
 If only some responsibilities are covered by law, the missing elements must be included in the
engagement letter.

3
ISAs – Summaries and Application Guide ISA 210

Engagements for Subsidiaries & Divisions:

If the auditor audits both a parent company and a subsidiary, they should decide whether to issue a separate
engagement letter based on:
 Who appoints the subsidiary’s auditor.
 Whether a separate report is needed.
 Legal audit appointment rules.
 Ownership level of the parent company.
 Subsidiary’s independence from the parent.

LO 4: RECURRING AUDITS:

A recurring audit is an audit performed on an entity regularly, such as annually. In these audits, auditors must
evaluate whether:
1. The terms of the engagement need revision.
2. The entity requires a reminder of existing engagement terms.

When to Revise or Remind Engagement Terms?

Auditors do not always need to issue a new engagement letter for every audit period. However, they must
revise or remind terms if any of the following occur:
• Misunderstanding of audit objectives or scope.
• Changes in audit engagement terms.
• Senior management changes.
• Significant ownership changes.
• Major business size or nature changes.
• New legal or regulatory requirements.
• Adoption of a different financial reporting framework.
• Changes in reporting requirements.

LO 5: ACCEPTANCE OF A CHANGE IN TERMS OF ENGAGEMENT:

Restrictions on Changing Audit Terms:

An auditor must not agree to changes in audit terms without a valid reason.

 If management requests to reduce the level of assurance, the auditor must evaluate if the request is
reasonable.
 Any changes must be documented in an engagement letter or other written agreement.
 If an auditor cannot accept the change and management refuses to proceed with the original
engagement, the auditor must:
o Withdraw from the engagement (if legally allowed).
o Determine if they must report the situation to governance, owners, or regulators.

� Exam Tip: If a company requests a change in audit terms, always check if the reason is valid before
agreeing. If the change is due to management trying to avoid a qualified opinion, it is not acceptable.

4
ISAs – Summaries and Application Guide ISA 210

Reasons for Changing Audit Terms:

Valid Reasons:
 Changes in company requirements (e.g., a shift in business operations no longer requires a full audit).
 Misunderstanding about the nature of the audit.

Invalid Reasons:
 Providing incorrect, incomplete, or unsatisfactory information.
 Requesting a review engagement instead of an audit to avoid a qualified or disclaimer opinion.

Request to Change to a Review or Related Service:

Before agreeing to a lower-level engagement (e.g., a review instead of an audit), the auditor must analyze
legal and contractual requirements.
• If the auditor agrees to the change, any prior audit work may still be useful.
• The new engagement report must not reference:
o The original audit engagement.
o Any previous audit procedures, unless part of an agreed-upon procedures engagement.

LO 6:ADDITIONAL CONSIDERATIONS IN ENGAGEMENT ACCEPTANCE:

Auditor’s Report Prescribed by Law or Regulation

Some laws mandate a specific audit report format that may differ from ISAs.

Auditor’s Responsibilities:
1. Evaluate if Users Might Misunderstand Assurance
2. Determine if Additional Explanations Can Prevent Confusion
o If yes → Include explanations in the auditor’s report.
o If no → Do NOT accept the engagement unless legally required. If engagement is required by
law, auditor shall not state compliance with ISAs in report.

Financial Reporting Framework Prescribed by Law or Regulation

If AFRF is not acceptable but is required by law, financial statements are misleading.

Conditions to Accept the Engagement:

1. Management Agrees to Extra Disclosures – To prevent misleading financial statements.
2. Engagement Terms Must Confirm:
o The audit report will include an Emphasis of Matter paragraph (ISA 706).
o The opinion will not use phrases like “true and fair view” unless legally required.

If These Conditions Are NOT Met:

 Evaluate effect of misleading financial statements on audit report.
 Include reference of this matter in terms of engagement.

5
ISAs – Summaries and Application Guide ISA 210

Financial Reporting Framework Supplemented by Law or Regulation

Some jurisdictions add legal requirements to financial reporting standards. Auditors must identify
conflicts and determine how to address them.

Steps for the Auditor:

Check for Conflicts:
Determine if legal requirements contradict financial reporting standards.

Discuss with Management:

If conflicts exist, explore two possible solutions:

 If conflict can be resolved through Additional Disclosures (or by narrowing choice):

 Management shall include additional disclosures in financial statements, or shall narrow
choice.
 Legal additions will become part of AFRF e.g. “International Financial Reporting Standards
and requirements of Companies Act, 2017 of Pakistan”.

 If conflict cannot be resolved through Additional Disclosures:

 Management shall amend description of AFRF e.g. “accounting and reporting standards as
applicable in Pakistan and requirements of Companies Act, 2017”.

APX 1: EXAMPLE OF AN AUDIT ENGAGEMENT LETTER:

For a complete and practical understanding of Audit Engagement Letter, students are advised to read
Example of an Audit Engagement Letter [Appendix 1 of ISA 210].

APX 2: DETERMINING THE ACCEPTABILITY OF GENERAL PURPOSE FRAMEWORKS:

In some jurisdictions, there is no legally prescribed financial reporting framework or recognized standard-
setting body. In such cases, management must identify an appropriate framework, and auditors must
determine its acceptability.

Characteristics/Attributes of an Acceptable Financial Reporting Framework:

A valid framework ensures financial statements provide useful information to users. It must exhibit:
✔ Relevance
• Information must be relevant to the entity’s nature and the financial statement’s purpose.
• For businesses, this includes presenting financial position, performance, and cash flows.
✔ Completeness
• Transactions, balances, and disclosures must be included to prevent misleading conclusions.
✔ Reliability
• Reflects economic substance over legal form.
• Ensures consistent evaluation, measurement, presentation, and disclosure.
✔ Neutrality
• Information must be free from bias.
✔ Understandability
• Information must be clear, comprehensive, and easy to interpret.

6
 ISAs – Summaries and Application Guide ISA 230

ISA 230
AUDIT DOCUMENTATION

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 N/A

LO 2 TIMELY PREPARATION OF AUDIT DOCUMENTATION 7 A1
DOCUMENTATION OF THE AUDIT PROCEDURES PERFORMED
LO 3 8 – 13 A2 – A20
AND AUDIT EVIDENCE OBTAINED
LO 4 ASSEMBLY OF THE FINAL AUDIT FILE 14 – 16 A21 – A24
APX SPECIFIC AUDIT DOCUMENTATION REQUIREMENTS IN OTHER ISAS

7
ISAs – Summaries and Application Guide ISA 230

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope and Applicability of ISA 230

ISA 230 sets the auditor’s responsibility for preparing audit documentation for an audit of financial
statements.

Purpose of Audit Documentation

Audit documentation serves two primary purposes:
(a) Provides evidence supporting the auditor’s conclusions on achieving overall audit objectives.
(b) Confirms that the audit was planned and performed according to ISAs and applicable laws or
regulations.

Additional Uses of Audit Documentation

Audit documentation also helps with:
• Planning and performing the audit.
• Guiding and supervising the engagement team (as per ISA 220 (Revised)).
• Ensuring team accountability.
• Retaining information important for future audits.
• Supporting engagement quality reviews, other internal reviews, and monitoring activities under the
firm’s system of quality management.
• Enabling external inspections required by law, regulation, or oversight bodies.

Key Definitions
Audit Documentation
• Records of procedures performed, audit evidence obtained, and conclusions reached.
• Also known as “working papers” or “workpapers.”

Audit File
One or more folders (physical or digital) that store all audit documentation for a specific engagement.

Experienced Auditor
A person (internal or external) with practical audit experience and reasonable understanding of:
• Audit processes
• ISAs and legal/regulatory requirements
• The entity’s business environment
• Financial reporting and audit issues relevant to the industry

LO 2: TIMELY PREPARATION OF AUDIT DOCUMENTATION:

The auditor shall prepare audit documentation on time.

• Timely preparation of sufficient and appropriate audit documentation improves audit quality.
• It supports effective review and evaluation of audit evidence and conclusions before finalizing the
auditor’s report.
• Delayed documentation is usually less accurate than documentation prepared during the audit
work.

8
ISAs – Summaries and Application Guide ISA 230

LO 3: DOCUMENTATION OF THE AUDIT PROCEDURES PERFORMED AND AUDIT EVIDENCE

OBTAINED:

Core Requirements for Audit Documentation

The auditor must prepare documentation that allows an experienced auditor, with no prior involvement, to
understand:
• The nature, timing, and extent of audit procedures performed to meet ISAs and legal/regulatory
requirements.
• The results of those procedures and the audit evidence obtained.
• Significant matters, the conclusions reached, and the professional judgments made.

Required Audit Records

The auditor shall document:
• The identifying details of tested items (e.g., document numbers, sample ranges, inquiry dates, etc.).
• Who performed the audit work and the date of completion.
• Who reviewed the work, the review date, and the extent of the review.
• Significant discussions with management, governance, or others (including what was discussed,
when, and with whom).
• How inconsistencies in information were resolved, if any were found.
• Use of significant professional judgment, especially when conclusions rely heavily on it (e.g.,
judgments on estimates, document authenticity, or audit matters).

Form, Content, and Extent of Documentation

Audit documentation varies based on:
• Entity size and complexity
• Nature of audit procedures
• Level of identified audit risk
• Exceptions or unusual findings
• Significance of audit evidence
• Audit methodology and tools used

Documentation examples include: Audit programs, analyses, summaries, confirmations, letters of

representation, checklists, significant correspondence, and relevant excerpts from entity records (e.g.,
contracts).

Not required: Superseded drafts, incomplete notes, corrected typos, or duplicate documents.

Oral explanations can clarify content but cannot replace documented procedures or conclusions.

Departure from ISA Requirements

If the auditor departs from a relevant ISA requirement, they shall document:
• The justification for the departure
• The alternative procedures performed
• How those procedures met the requirement's objective

9
ISAs – Summaries and Application Guide ISA 230

Matters Arising after the Date of the Auditor’s Report:

If exceptional circumstances occur after auditor’s report (e.g. subsequent event occurs, or misstatement is
identified), auditor may perform new audit procedures and may add new documents.
In this case, auditor shall document following:
 The specific reasons for making change.
 The new or additional audit procedures performed relating to event, audit evidence obtained and
conclusions reached, and their effect on the auditor’s report.
 Who made the changes, and when.
 Who reviewed the changes, and when.

Significant Matters and Professional Judgments

• Significant matters include high-risk areas, potential material misstatements, and issues that may
lead to a Modified Opinion or Emphasis of Matter.
• The auditor must document judgments and the reasoning behind conclusions, especially where
outcomes are subjective or require evaluation.
• Examples include assessing management’s estimates, document authenticity, or when the auditor is
required to “consider” specific factors.
• A summary or completion memorandum can help consolidate and explain how significant matters
were addressed, especially useful for complex or recurring audits.

Considerations for Smaller Entities

• Audit documentation for smaller entities is typically less detailed than for larger ones.
• If the Engagement Partner performs all audit work, there’s no need to document supervision or
team communications.
• Even in simple audits, documentation must still be clear enough for external review.
• The auditor may combine multiple elements (e.g., entity understanding, risk assessments,
materiality, audit strategy, and conclusions) into a single document for simplicity and efficiency.

LO 4: ASSEMBLY OF THE FINAL AUDIT FILE:

Timely Completion of Assembly:

• The auditor must complete assembling the final audit file soon after the auditor’s report date.
• As per ISQM 1 (or equivalent national standards), the final file should be assembled within 60 days of the
auditor’s report date.

Changes in documentation during file assembly period:

Assembly of audit file is an administrative process which includes following types of changes to audit file:
 Adding/replacing documentation for evidence which has been obtained prior to auditor’s report
 Deleting superseded/duplicate pages
 Sorting and cross- referencing working papers
 Sign-off completion checklist

Retention and Protection of Audit Documentation:

Audit documentation must be retained for at least 5 years from:
• The date of the auditor’s report, or
• The date of the group auditor’s report (if applicable), whichever is later.

The auditor must not delete or discard any documentation before this retention period ends.

10
ISAs – Summaries and Application Guide ISA 230

Changes After Final File Assembly

If changes are necessary after the final file is assembled (e.g. in response to monitoring reviews or external
inspection), the auditor must:
• Clearly document the reason for the change.
• Record when, by whom, and who reviewed the change.

APX 1: SPECIFIC AUDIT DOCUMENTATION REQUIREMENTS IN OTHER ISAs:

Standard Required matter to communicate to TCWG

ISA 210, Agreeing the Terms of  Agreed terms of the audit engagement shall be recorded in an
Audit Engagements audit engagement letter
 Conclusion regarding acceptance of audit client
ISA 220, Quality Control for an
 Issues relating to compliance with ethical requirements.
Audit of Financial Statements
 Information regarding performance of quality control review.
ISA 240, The Auditor’s  Assessed risk of material misstatement (at financial statement
Responsibilities Relating to level and at assertion level)
Fraud in an Audit of Financial  Response to assessed risk of material misstatement (overall, and
Statements specific audit procedures)
ISA 250, Consideration of Laws
and Regulations in an Audit of  identified or suspected non-compliance with laws and regulations
Financial Statements
ISA 260 (Revised),
Communication with Those  Copy (or other Record) of matters communicated with TCWG
Charged with Governance
 Audit strategy
ISA 300, Planning an Audit of
 Audit Plan
Financial Statements
 Any significant change alongwith reason
 Discussion among engagement team
ISA 315 (Revised), Identifying  Key elements of the understanding obtained regarding each
and Assessing the Risks of aspects of the entity and its internal control.
Material Misstatement”  identified and assessed risks of material misstatement at the
financial statement level and at the assertion level
“ISA 320, Materiality in Planning  Materiality, performance materiality
and Performing an Audit”  Any revision
 Overall response to risk at financial statements level.
ISA 330, The Auditor’s Responses  Nature, timing and extent of audit procedures and linking with
to Assessed Risks risk at assertion level.
 The results of the audit procedures
 The amount below which misstatements would be regarded as
clearly trivial;
ISA 450, Evaluation of
 All misstatements accumulated during the audit and whether they
Misstatements Identified during
have been corrected; and
the Audit
 The auditor’s conclusion as to whether uncorrected
misstatements are material, individually or in aggregate,
 The basis for the auditor’s conclusions about the reasonableness
ISA 540, Auditing Accounting of accounting estimates and their disclosure that give rise to
Estimates” significant risks; and
 Indicators of possible management bias, if any.
 names of the identified related parties and the nature of the
ISA 550, Related Parties
related party relationships

11
ISAs – Summaries and Application Guide ISA 230

 An analysis of components, indicating those that are significant,

and the type of work performed on the financial information of
the components.
ISA 600, Special
 The nature, timing and extent of the group engagement team’s
Considerations—Audits of Group
involvement in the work performed by the component auditors.
Financial Statements
 Written communications between the group engagement team
and the component auditors about the group engagement team’s
requirements
 Documentation regarding work of internal auditor used by
ISA 610 (Revised 2013), Using auditor
the Work of Internal Auditors  Documentation regarding internal auditor if direct assistance is
obtained.
ISA 720 (Revised), The Auditor’s
 final version of the other information on which the auditor has
Responsibilities Relating to Other
performed the work required under this ISA
Information

12
 ISAs – Summaries and Application Guide ISA 250

ISA 250
CONSIDERATION OF LAWS AND
REGULATIONS IN AN AUDIT OF
FINANCIAL STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A10

THE AUDITOR’S CONSIDERATION OF COMPLIANCE WITH LAWS
LO 2 13 – 18 A11 – A16
AND REGULATIONS
AUDIT PROCEDURES WHEN NON-COMPLIANCE IS IDENTIFIED
LO 3 19 – 22 A17 – A25
OR SUSPECTED
COMMUNICATING AND REPORTING IDENTIFIED OR SUSPECTED
LO 4 23 – 29 A26 – A34
NON-COMPLIANCE
LO 5 DOCUMENTATION 30 A35 – A36

13
ISAs – Summaries and Application Guide ISA 250

LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):

Purpose and Scope

This ISA explains the auditor's responsibilities for considering laws and regulations in a financial
statement audit.

Management’s Responsibility
Management, with oversight from those charged with governance, must ensure compliance with all
applicable laws and regulations.

This includes laws that:

• Directly affect financial statement disclosures (e.g., tax laws).
• Govern business operations without directly affecting financial statements (e.g., environmental,
licensing).

Auditor’s Responsibility
The auditor's role is to identify material misstatements caused by non-compliance.

The auditor:
• Is not responsible for preventing non-compliance.
• Cannot detect all non-compliance due to inherent limitations in audits.
• Must maintain professional skepticism during the audit.

Two Categories of Laws and Regulations

(a) Direct Impact on Financial Statements
• Examples: Tax laws, pension regulations.
• Auditor must obtain sufficient appropriate audit evidence of compliance.

(b) Indirect Impact but Operationally Critical

• Examples: Environmental laws, solvency regulations, licensing requirements.
• Auditor must perform limited procedures to identify potential non-compliance that could
materially affect the financial statements.

LO 2: THE AUDITOR’S CONSIDERATION OF COMPLIANCE WITH LAWS AND REGULATIONS:

Understanding the Legal and Regulatory Environment

The auditor shall understand the laws and regulations that apply to the entity and assess how the entity
complies with them.

Laws and Regulations with Direct Impact on Financial Statements

The auditor shall obtain sufficient appropriate audit evidence of compliance with laws that directly impact
material amounts or disclosures.

Examples:
• Laws on financial statement structure and content.
• Industry-specific financial reporting rules.
• Government contract accounting requirements.
• Tax and pension cost recognition.

14
ISAs – Summaries and Application Guide ISA 250

Identifying Non-Compliance with Other Laws and Regulations

The auditor shall perform procedures to identify non-compliance with laws that may materially affect the
financial statements.

Required Procedures
• Inquire from management and, if needed, those charged with governance.
• Inspect correspondence with regulatory bodies.

Examples of Critical Laws:

• Licensing or legal entitlements essential to business operations.
• Regulatory capital rules for banks.

Impact
Non-compliance may threaten the entity's ability to continue operations (i.e., Going Concern Risk).

Detecting Non-Compliance Through Other Audit Work

The auditor shall stay alert during the audit for signs of non-compliance revealed by other procedures.

Examples:
• Reading board meeting minutes.
• Discussing legal matters with management or legal counsel.
• Performing substantive tests on transactions and disclosures.

Written Representations from Management

The auditor shall obtain written representations confirming that management and governance disclosed all
known or suspected non-compliance with material impact.

No Further Work If No Non-Compliance Found

If the auditor finds no signs of non-compliance, no further procedures are required.

LO 3: AUDIT PROCEDURES WHEN NON-COMPLIANCE IS IDENTIFIED OR SUSPECTED:

Responding to Identified or Suspected Non-Compliance

When the auditor identifies or suspects non-compliance:
• Understand the nature and circumstances of the act.
• Obtain more information to assess its impact on financial statements.

Examples That May Indicate Non-Compliance

• Investigations or fines by regulators.
• Excessive commissions or unusual cash payments.
• Transactions with tax haven entities.
• Purchases at abnormal prices.
• Payments without proper documentation or outside originating countries.
• Unauthorized or poorly recorded transactions.
• Missing audit trails or weak system controls.
• Negative media coverage.

15
ISAs – Summaries and Application Guide ISA 250

Evaluating the Financial Impact

The auditor considers:
• Fines, penalties, lawsuits, forced shutdowns.
• Whether the matter requires disclosure.

Communication and Evidence Gathering

Discussing with Management or Governance
The auditor must Discuss the issue with management and governance (unless legally prohibited).

Legal Restrictions
• In some jurisdictions, auditors cannot communicate suspected illegal acts to management if it could
interfere with investigations (e.g., anti-money laundering laws).
• In such cases, auditors must seek legal advice before acting.

If Management Fails to Provide Sufficient Information

The auditor may:
• Consult internal or external legal counsel.
• Discuss confidentially within the audit firm or with professional bodies.
• Consider the possibility of fraud and impact on audit conclusions.

Doubts About Representations

If management is involved or fails to report non-compliance:
o The auditor must question the reliability of written representations.
o Consider broader integrity issues and risk implications.

Considering Withdrawal from the Engagement

• Withdrawal may be appropriate if:
o Management refuses to act.
o The issue raises serious doubts about integrity, even if not material.

• Before withdrawal:
o The auditor must seek legal advice.
o Understand that withdrawal does not replace other legal or ethical responsibilities.
o Follow ethical requirements under ISA 220 (Revised), which may include informing the
successor auditor of the non-compliance (if requested).

LO 4: COMMUNICATING AND REPORTING IDENTIFIED OR SUSPECTED NON-COMPLIANCE:

1. Communication Within the Entity

Reporting to Those Charged with Governance
The auditor must report identified or suspected non-compliance during the audit to those charged with
governance, unless:
• Law or regulation prohibits it.
• All governance members are involved in management and already know.
• The matter is clearly inconsequential.

If Non-Compliance Is Intentional and Material

The auditor must report the matter to governance as soon as possible.

16
ISAs – Summaries and Application Guide ISA 250

If Management or Governance Is Involved in Non-Compliance

• Report to a higher authority within the entity (e.g., audit committee).
• If no such authority exists or action is unlikely, the auditor must consider obtaining legal advice.

2. Implications for the Auditor’s Report

When Non-Compliance Affects the Financial Statements
If non-compliance has a material impact not reflected in the financial statements, the auditor must issue a
qualified opinion or adverse opinion under ISA 705 (Revised).

When Evidence Is Withheld by Management or Governance

If the auditor cannot obtain sufficient evidence to assess material non-compliance, the auditor must issue a
qualified opinion or disclaimer of opinion due to scope limitation.

When Circumstances (Not Management) Limit Evidence

The auditor must evaluate the impact on the audit opinion as per ISA 705 (Revised).

3. Describing Non-Compliance in the Auditor’s Report

The auditor may include details of non-compliance in the audit report when:
• The opinion is modified under ISA 705.
• The auditor has additional reporting duties (e.g., ISA 700 para. 43).
• The issue is identified as a Key Audit Matter (unless restricted by ISA 701 para. 14).
• Management or governance fails to act, and withdrawal is not an option. The auditor may use an
Other Matter paragraph under ISA 706 (Revised).

Important: Law or regulation may restrict public disclosure to protect investigations. The auditor should
seek legal advice before disclosing.

4. Reporting Outside the Entity

When External Reporting Is Required or Permitted
The auditor must determine whether law, regulation, or ethical standards:
• Require reporting to an external authority (e.g., a regulator).
• Allow or recommend reporting as an appropriate response.
• Give the right to report even if not mandatory.

LO 5: DOCUMENTATION:

When the auditor identifies or suspects non-compliance with laws or regulations, the auditor must
document:

1. Audit Work and Judgment

o What audit procedures were performed.
o Key professional judgments made.
o Final conclusions reached.

2. Discussions
o What was discussed with management, governance, or others.
o How management and governance responded to the issue.

17
ISAs – Summaries and Application Guide ISA 250

Study Tip for Case Studies:

In case of NOCLAR in exam question, discuss following impacts on audit:
 Impact on financial statements (due to legal actions and penalties)
 Impact on audit and audit report (including Withdrawal due to integrity)
 Communication to regulators (if required by law)

18
 ISAs – Summaries and Application Guide ISA 260

ISA 260
COMMUNICATION WITH THOSE
CHARGED WITH GOVERNANCE

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 10 N/A

LO 2 THOSE CHARGED WITH GOVERNANCE 11 – 13 A1 – A8

LO 3 MATTERS TO BE COMMUNICATED 14 – 17 A9 – A36

LO 4 THE COMMUNICATION PROCESS 18 – 22 A37 – A53

LO 5 DOCUMENTATION 23 A54
SPECIFIC REQUIREMENTS IN ISQM 1 AND OTHER ISAS THAT REFER TO COMMUNICATIONS
APX 1
WITH THOSE CHARGED WITH GOVERNANCE
APX 2 QUALITATIVE ASPECTS OF ACCOUNTING PRACTICES

19
ISAs – Summaries and Application Guide ISA 260

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose
ISA 260 sets out the auditor’s responsibility to communicate clearly and effectively with those charged with
governance during an audit of financial statements.

Key Definitions
• Those Charged with Governance: Individuals or groups overseeing the entity’s strategy and
financial reporting.
• Management: Individuals responsible for operating the entity (may overlap with governance in
some cases).

Scope:
 Focuses on communication with governance, not management.
 Other ISAs and laws or regulations may require additional communication.
 Auditor remains responsible even if management has already informed governance.

LO 2: THOSE CHARGED WITH GOVERNANCE:

Who to Communicate With

• The auditor shall identify the right person(s) in the governance structure to communicate with.
• Governance structures may be unclear or undefined in some entities (e.g., family businesses or small not-
for-profits).
• In such cases, the auditor should agree with the engaging party who to communicate with.

Communication with a Subgroup (e.g., Audit Committee):

 If the auditor communicates with a subgroup (like an audit committee or one individual), they must
assess whether direct communication with the full governing body is also needed.
 The auditor may rely on the subgroup if it communicates effectively with the full governing body.
 The engagement terms may include the auditor’s right to speak directly to the full governing body

Role of Audit Committees

Good governance practices suggest:
 The auditor attends audit committee meetings regularly.
 The audit committee chair and members interact with the auditor.
 The audit committee meets the auditor without management at least once a year.

When Governance and Management Overlap

• In small or owner-managed entities, management and governance may be the same person(s).
• Communication with these individuals in their management role doesn’t need to be repeated for
governance.
• However, the auditor must ensure that all relevant governance matters are properly conveyed to
everyone with governance responsibilities.

20
ISAs – Summaries and Application Guide ISA 260

LO 3: MATTERS TO BE COMMUNICATED:
1. Communicating Auditor’s Responsibilities:
 Auditor’s responsibility to form and express opinion on financial statements.
 Communicate Key Audit Matters (if ISA 701 applies).
 Specific matters as required by law or regulation.

2. Communicating the Planned Scope and Timing of the Audit:

 Significant risks identified.
 Planned response to fraud or error risks.
 Use of experts or internal auditors.
 Impact of environmental/reporting framework changes.
Note: Avoid revealing audit procedures in detail to maintain effectiveness.

3. Communicating Significant Findings from the Audit:

a) Accounting Practices and Estimates
 Qualitative aspects: policies, estimates, disclosures.

b) Significant Difficulties
 Management delays, restricted access, unwillingness to assess going concern.
 May lead to modified opinion.

c) Matters Discussed with Management (if not TCWG)

 Major transactions, disagreements, external consultations.

d) Circumstances Affecting Auditor’s Report

 Modified report (ISA 705), going concern (ISA 570), KAMs (ISA 701), EOM/OM (ISA 706), other info
issues (ISA 720).
 May share draft report.
 Communicate if engagement partner’s name is excluded.

e) Other Significant Matters

 Updates to audit plan/strategy.
 Corrected misstatements.
 QC reviewer input.

4. Communicating Auditor Independence (Listed Entities):

Required Communication
 Confirm compliance with independence requirements.
 Disclose relationships/services affecting independence.

Fee Disclosure
 Total audit and non-audit fees disclosed.

Threats to Independence
 Describe actions and safeguards if threats exist.

Applicable Ethics Code

 Follow IESBA or relevant code.
 Report breaches and responsive actions in writing.

5. Communicating Supplementary Matters

 Issues not directly related to financial reporting but relevant to governance.
 E.g., governance structure weaknesses, unauthorized decisions by senior management.

21
ISAs – Summaries and Application Guide ISA 260

LO 4: THE COMMUNICATION PROCESS:

Establishing the Communication Process

The auditor shall inform those charged with governance about the form, timing, and general content of
communication.

Communication with Management

• Auditors often discuss issues with management before informing those charged with governance.
• However, if the issue involves management’s integrity or competence, discussing it with them may
not be appropriate.

Communication with Third Parties

• Sometimes, governance bodies may give audit communications to banks or regulators. If allowed
by law, auditors must clearly state:
o The message is only for governance.
o No responsibility is accepted for third-party reliance.
o Disclosure restrictions may apply.

• In some jurisdictions, laws require auditors to:

o Report issues if governance fails to act.
o Send copies of audit reports to regulators or funding bodies.
o Make certain audit communications public.
If the law does not require it, auditors must get consent before sharing communications with third
parties.

Forms of Communication:
Auditors may use:
• Written reports, presentations, or oral discussions.
• Communication in an engagement letter.

Timing of Communication
The auditor shall communicate on a timely basis.

Examples:
• Audit planning should be discussed early.
• Significant difficulties or internal control deficiencies must be reported promptly.
• Key Audit Matters may be discussed at multiple stages.
• Independence issues should be communicated when relevant decisions are made.
• Audit findings can be shared during the final discussion.

22
ISAs – Summaries and Application Guide ISA 260

LO 5: DOCUMENTATION:

Recording Oral Communication

• When the auditor communicates required matters orally, the auditor must document:
o The details of the matter communicated,
o Who received the communication,
o And when the communication occurred.
• The auditor may use minutes prepared by the entity as audit documentation—if those minutes
accurately reflect the communication.

Retaining Written Communication

When required matters are communicated in writing, the auditor must retain a copy of that written
communication as part of the audit documentation.

APX 1: SPECIFIC REQUIREMENTS IN ISQM 1 AND OTHER ISAS THAT REFER TO

COMMUNICATIONS WITH THOSE CHARGED WITH GOVERNANCE:

Standard Required matter to communicate to TCWG

 Firms must have policies that cover communication with governance,
ISQM 1
external parties and what details to include.
 Inquiring TCWG whether they have knowledge of any actual, suspected
or alleged fraud affecting the entity
ISA 240 “Fraud”.  If auditor identifies fraud or obtains information indicating fraud.
 Decision of withdrawal and reason of withdrawal if auditor withdraws
from engagement
 Inquiring TCWG whether they have knowledge of any non-compliance
ISA 250 “Consideration with laws affecting the entity
of laws…”  If auditor identifies non-compliance or obtains information indicating
non-compliance.
ISA 265 “Communicating
Significant deficiencies in internal control identified during the audit
deficiencies in …”.
ISA 450 “Evaluation of Uncorrected misstatements affecting opinion, individually (if individually
misstatements…” material), or in aggregate (if individually immaterial).
ISA 505 “External If the auditor concludes that management’s refusal to allow the auditor to send a
confirmation” confirmation request is unreasonable
ISA 510 “Initial Audit
If misstatement in opening balance is identified which affects current period.
Engagement ….”
 Non-disclosure of significant related party or transaction.
 significant related party transactions that have not been appropriately
approved
ISA 550 “Related
 Disagreement with management regarding the accounting for and
Parties”
disclosure of significant related party transactions
 Non-compliance with applicable law or regulations prohibiting or
restricting specific types of related party transactions
 Inquiring TCWG whether they have knowledge of any subsequent event
affecting the entity
ISA 560 “Subsequent
 If auditor identifies subsequent event after the date of auditor’s report.
Event”
 If misstatement is identified after issuance of audit report or financial
statements.

23
ISAs – Summaries and Application Guide ISA 260

ISA 570 “Going

Events or conditions casting doubt on entity’s ability to continue as going concern.
Concern”.
Overview of work to be performed on components.
ISA 600 “Group Audit”
Planned use and involvement in work of component auditor
ISA 610 “Internal how the external auditor has planned to use the work of the internal audit
Auditor” function
ISA 701 “Key Audit
KAMs to communicate in audit report.
Matters”
 If management imposes scope limitation.
ISA 705 “Modified
 If auditor expects to modify his opinion + wording.
Opinion”
 If auditor withdraws from engagement.
ISA 706 “EOM/OM
If auditor expects to include EOM/OM + wording.
Paragraphs”
ISA 710 “Comparative
If a misstatement is identified in prior period financial statements.
Information…”
ISA 720 “Other
Uncorrected misstatement in other information.
Information”

Point to Note:
 In a given case study, examiner may require you to identify which matters are required to be reported
to TCWG.

APX 2: QUALITATIVE ASPECTS OF ACCOUNTING PRACTICES:

Auditors may discuss the quality of the entity’s accounting practices with those charged with governance. Key
areas include:

1. Accounting Policies
o Are the policies appropriate and consistent?
o Have there been changes or new standards applied?
o Do policies cover complex or unclear areas?

2. Accounting Estimates
o Are estimates reasonable and clearly disclosed?

3. Financial Statement Disclosures

o Are sensitive disclosures (like revenue or going concern) well-judged?
o Are disclosures clear, neutral, and consistent?

4. Other Related Matters

o Are there major risks or uncertainties (like lawsuits)?
o Are unusual or one-time transactions explained and properly treated?
o Has management focused more on accounting rules than the actual economics?
o Are asset values and useful lives based on fair assumptions?
o Did management correct only favorable misstatements?

24
ISAs – Summaries and Application Guide ISA 265

ISA 265
COMMUNICATING DEFICIENCIES IN
INTERNAL CONTROL TO
TCWG AND MANAGEMENT

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 N/A

DETERMINATION OF WHETHER DEFICIENCIES IN
LO 2 7 A1 – A4
INTERNAL CONTROL HAVE BEEN IDENTIFIED
LO 3 SIGNIFICANT DEFICIENCIES IN INTERNAL CONTROL 8 A5 – A11
COMMUNICATION OF DEFICIENCIES IN INTERNAL
LO 4 9 – 11 A12 – A30
CONTROL

25
ISAs – Summaries and Application Guide ISA 265

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose and Scope of This ISA

This ISA outlines the auditor’s responsibility to communicate deficiencies in internal control to
management and those charged with governance during a financial statement audit.

Auditor's Responsibility
• Auditor must understand the system of internal control to assess the Risk of Material
Misstatement.
• The auditor does not express an opinion on internal control effectiveness.

Communication Requirements
• Significant deficiencies must be communicated to management and those charged with
governance.
• Other deficiencies may also be shared if relevant.

Deficiency in Internal Control:

A control that’s missing or not working well enough to detect or prevent misstatements in time.

Significant Deficiency in Internal Control?

A significant deficiency in internal control is a major weakness that may lead to material misstatements in
financial statements.

LO 2: DETERMINATION OF WHETHER DEFICIENCIES IN INTERNAL CONTROL HAVE BEEN

IDENTIFIED:

Auditor’s Responsibility
The auditor must assess whether the audit work has revealed any deficiencies in internal control.

Discussion with Management

The auditor may discuss findings with responsible management to:
• Inform them of issues they may not know.
• Understand causes and gather relevant information.
• Get a sense of how management plans to respond.

Smaller Entity Considerations

• Smaller entities may use less formal controls due to size and structure.
• Direct involvement by the owner-manager (e.g., in approvals) may reduce the need for detailed
controls.
• Limited staff can restrict segregation of duties, but close oversight may offset this.
• However, strong oversight also increases the risk of management override.

26
ISAs – Summaries and Application Guide ISA 265

LO 3: SIGNIFICANT DEFICIENCIES IN INTERNAL CONTROL:

Auditor’s Responsibility
The auditor must:
• Identify internal control deficiencies during the audit.
• Assess whether these are significant—individually or in combination.
• Communicate significant deficiencies to those charged with governance.

How to Assess Significance

Auditors consider:
• Likelihood of misstatement
• Magnitude of likely misstatements.
• Critical controls affected

Indicators of Significant Deficiencies

Red flags include:
• Management fraud or override.
• Unaddressed past deficiencies.
• Weak control environment or risk assessment process.
• Misstatements not prevented or detected.
• Restatements of prior financials due to error or fraud.

LO 4: COMMUNICATION OF DEFICIENCIES IN INTERNAL CONTROL:

Written Communication to Governance

• The auditor shall communicate in writing all significant deficiencies in internal control identified
during the audit.
• Communication must be timely to support governance in fulfilling oversight responsibilities.

Written Communication to Management

The auditor must also inform management (at the appropriate level):
• In writing, the same significant deficiencies already communicated or planned to be communicated
to governance.
• Unless inappropriate (e.g., involving fraud or non-compliance by management).

Content of Communication of Deficiencies:

Written communication of significant deficiencies shall include:
 A description of the deficiencies
 explanation of their potential effects

Written communication may also include:

• Suggested remedial actions.
• Management’s responses or plans.
• Whether the auditor has verified the responses.

27
ISAs – Summaries and Application Guide ISA 265

Timing and Method of Communication:

Oral Communication (Before Written)
• The auditor may first communicate orally to enable prompt action.
• However, written communication is still mandatory.

Written Communication
• For listed entities, governance may need written communication before approving financial
statements, as required by regulators.
• For other entities, later communication may be acceptable—but must be included in the final audit
file, completed within 60 days of the auditor’s report

Repeated Deficiencies
• If a significant deficiency was previously reported and remains unresolved, the auditor must
communicate it again.
• The auditor can either repeat the description or reference the earlier report.
• The auditor may ask management why it hasn’t been corrected. If there’s no valid reason, this
inaction may itself be a new significant deficiency.

Communicating Other Deficiencies

To Management
• The auditor shall report other internal control deficiencies (not significant) if:
o They are not already communicated by others (e.g., internal auditors), and
o The auditor believes they are important enough for management’s attention.
• Communication may be oral. If the issue was discussed with management during the audit, no formal
report is needed.
• If these deficiencies were reported in prior audits and not corrected, the auditor:
o Need not repeat the communication unless there’s new management or new
understanding.
o May need to reclassify it as a significant deficiency if the continued failure to act poses a
higher risk.

To Governance (Optional)
• Governance may ask to be informed about other deficiencies reported to management.
• The auditor may inform governance orally or in writing as appropriate.

Considerations When Not Communicating Directly with Management

If the deficiency suggests Fraud, or Intentional non-compliance by management, the auditor may avoid
direct communication and instead report to governance or regulators.

28
 ISAs – Summaries and Application Guide ISA 300

ISA 300
PLANNING AN AUDIT OF
FINANCIAL STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 A1 − A4

LO 2 INVOLVEMENT OF KEY ENGAGEMENT TEAM MEMBERS 5 A5
LO 3 PRELIMINARY ENGAGEMENT ACTIVITIES 6 A6 – A8
LO 4 PLANNING ACTIVITIES 7–10 A9 – A18
LO 5 DOCUMENTATION 11 A19 – A23
LO 6 ADDITIONAL CONSIDERATIONS IN INITIAL AUDIT ENGAGEMENTS 12 A24
APX CONSIDERATIONS IN ESTABLISHING THE OVERALL AUDIT STRATEGY

Effective Date: December 15, 2009

29
ISAs – Summaries and Application Guide ISA 300

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose and Scope

• This International Standard on Auditing (ISA) covers the auditor’s responsibility to plan an audit
of financial statements.
• It mainly applies to recurring audits. Specific guidance for initial audit engagements is provided
separately.

Key Elements of Audit Planning

Audit planning involves two main steps:
• Establish the overall audit strategy.
• Develop a detailed audit plan.

Benefits of Planning:
Planning supports quality management and strengthens audit effectiveness through:

a. Focus and Prioritization

• Directs auditor attention to important areas.
• Helps identify and solve potential problems early.

b. Engagement Management
• Organizes the audit for efficiency and effectiveness.
• Assigns responsibilities based on skills and competence.

c. Team Leadership and Supervision

• Supports clear direction and supervision of the engagement team.
• Ensures timely review of team members’ work.

d. Coordination with Others

• Facilitates collaboration with component auditors and experts, where relevant.

Timing of Planning Activities

Planning must cover specific activities that should be performed before other procedures,

Interaction with Management

The auditor may discuss planning elements with management to coordinate certain procedures with
management’s schedule.

However, auditors must avoid revealing detailed procedures or timing that could make the audit too
predictable.

LO 2: INVOLVEMENT OF KEY ENGAGEMENT TEAM MEMBERS:

The engagement partner and other key team members must be involved in audit planning.

30
ISAs – Summaries and Application Guide ISA 300

LO 3: PRELIMINARY ENGAGEMENT ACTIVITIES:

Preliminary Engagement Activities

At the start of the current audit engagement, the auditor shall:
• Perform procedures under ISA 220 (Revised) for accepting or continuing the client relationship and
the audit engagement.
• Evaluate compliance with relevant ethical requirements, including independence, as required by
ISA 220 (Revised).
• Establish an understanding of the engagement terms in line with ISA 210.

Timing of Initial Procedures

• The auditor must complete these initial procedures—especially on client continuance and ethical
compliance—before starting other key audit activities.
• In continuing audits, these procedures often take place soon after, or along with, the completion of
the previous audit.

LO 4: PLANNING ACTIVITIES:

Establishing the Overall Audit Strategy

The audit strategy defines the scope, timing, and direction of the audit. It guides the development of the
audit plan and ensures efficient use of audit resources.

Key Elements in Setting the Strategy:

The auditor shall:
• Consider requirements under ISA 220 (Revised).
• Identify engagement characteristics that define the audit’s scope.
• Understand reporting objectives to plan timing and communication.
• Determine key risk factors to guide audit efforts.
• Evaluate findings from preliminary engagement activities or prior audits of the same entity.
• Plan the nature, timing, and extent of resources required for the engagement.

Developing the Audit Plan

The audit plan includes more detail than the audit strategy. It describes the audit procedures to be
performed.

The Plan Shall Include:

• Direction, supervision, and review of team members' work.
• Planned risk assessment procedures under ISA 315.
• Planned further audit procedures at the assertion level under ISA 330.
• Other necessary procedures to comply with ISAs.

Updating the Strategy and Plan

The auditor shall revise the audit strategy and plan when:
• Unexpected events occur.
• Conditions change.
• New audit evidence alters the understanding of risk.

31
ISAs – Summaries and Application Guide ISA 300

LO 5: DOCUMENTATION:

Auditors must document the following:

• Overall Audit Strategy
• Audit Plan
• Significant Changes made during the engagement

Team Supervision and Review

Auditors must document how the engagement team was directed, supervised, and reviewed, in line with ISA
220 (Revised).

LO 6: ADDITIONAL CONSIDERATIONS IN INITIAL AUDIT ENGAGEMENTS:

The audit planning objective is the same for both initial and recurring audits. In an initial audit, the auditor
may need to do more planning due to the lack of prior knowledge of the entity.

For initial audits, the auditor may consider:

 Review of Predecessor Auditor’s Working Papers
If not restricted by law, arrange to review the predecessor auditor’s working papers to understand
prior audit work.

 Issues Discussed During Auditor Selection

o Consider any major issues discussed with management during appointment (e.g., accounting
principles or audit/reporting standards).
o Assess how these issues affect the audit strategy and plan.
o Ensure these matters were communicated to those charged with governance.

 Opening Balances Audit Procedures

Plan procedures to obtain sufficient appropriate audit evidence for opening balances.

 Firm-Level Responses for Initial Engagements

Apply quality management procedures e.g. QCR for initial audit.

32
ISAs – Summaries and Application Guide ISA 300

APX: CONSIDERATIONS IN ESTABLISHING THE OVERALL AUDIT STRATEGY:

Following matters should be considered in determining overall audit strategy.

1. Engagement Characteristics
These factors help shape the audit’s scope, approach, and logistics:
• Financial Reporting Framework: Identify the framework used and any reconciliations needed to
another framework.
• Industry-Specific Requirements: Consider any industry regulator-mandated reporting.
• Component Considerations:
o Number and location of components to be audited.
o Nature of control relationships (e.g., between parent and subsidiaries).
o Extent of involvement of other auditors.
• Business Segments: Identify areas needing specialized industry or technical knowledge.
• Statutory Audit Needs: Determine if standalone financial statements also require statutory audits.
• Reporting Currency: Consider if foreign currency translation is needed.
• Service Organizations: Identify use of third-party service providers and how to audit their control
environments.
• Internal Audit Function: Assess whether the auditor can use their work or direct assistance.
• Prior Audit Evidence: Evaluate usability of prior year’s evidence in risk assessment or tests of
controls.
• Effect of Information Technology:
o Assess IT systems and controls.
o Determine need for Computer-Assisted Audit Techniques (CAATs).
• Data and Personnel Availability: Evaluate client readiness for timely provision of information and
staff coordination.
• Coordination with Interim Reviews: Align timing and scope with any interim financial reviews.

2. Reporting Objectives, Timing, and Communication

These considerations ensure effective coordination and timely reporting:
• Client's Reporting Timetable: Match audit schedule with client’s internal deadlines (e.g., interim,
final).
• Meetings with Management and Governance: Plan and schedule meetings to discuss audit
objectives, scope, and timing.
• Communication of Reports and Updates:
o Types of reports: Auditor’s report, management letter, and governance communications.
o Timelines for report issuance and status updates.
• Component Auditor Coordination: Clarify expected reports and communication timelines with
component auditors.
• Engagement Team Communication:
o Schedule team meetings.
o Set review timelines.
• Third-Party Communication: Identify any required external communications (e.g., to regulators or
contractually obligated users).

33
ISAs – Summaries and Application Guide ISA 300

3. Risk Assessment and Audit Planning Inputs

These matters guide focus areas and team alignment during audit planning:
• Materiality Determination (ISA 320):
o Set overall and component materiality.
o Identify significant components and material items.
• Initial Risk Identification: Flag areas with higher risk of material misstatement.
• Impact on Audit Direction: Adjust team supervision and review based on risk at the financial
statement level.
• Professional Skepticism:
o Emphasize a questioning mindset across the team.
o Reinforce critical evaluation of evidence.
• Past Audit Results:
o Use results of previous evaluations of internal control effectiveness.
o Review actions taken to fix earlier deficiencies.
• Involvement of Non-Audit Services Staff: Identify potential conflicts or insights from firm staff
providing other services to the client.
• Internal Control Environment:
o Review management’s commitment to internal controls.
o Assess documentation quality.
o Evaluate the importance of internal control to business success.
• Accounting and Reporting Developments:
o Changes in standards or regulations that affect disclosures.
o Emerging business or industry trends.
• Management's Disclosure Process: Understand how management compiles required disclosures,
including those from outside the accounting system.
• Business Changes: Consider events like:
o Changes in IT systems or processes.
o Key personnel changes.
o Acquisitions, mergers, or divestitures.
• Legal and Regulatory Changes: Factor in any relevant laws or compliance risks.

4. Resources and Budgeting

Effective resource allocation ensures audit efficiency and coverage:
• Engagement Team Composition:
o Assign roles based on skill level.
o Deploy experienced staff in high-risk areas.
• Technology and Knowledge Resources: Include audit tools and subject matter experts, if needed.
• Audit Budgeting:
o Allocate sufficient time for complex or high-risk areas.
o Plan buffer for unforeseen issues.

34
 ISAs – Summaries and Application Guide ISA 402

ISA 402
AUDIT CONSIDERATIONS
RELATING TO AN ENTITY USING A
SERVICE ORGANIZATION
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–8 N/A

OBTAINING AN UNDERSTANDING OF THE SERVICES PROVIDED BY
LO 2 9–14 A1–A23
A SERVICE ORGANIZATION, INCLUDING INTERNAL CONTROL
RESPONDING TO THE ASSESSED RISKS OF MATERIAL
LO 3 15 – 17 A24–A39
MISSTATEMENT
TYPE 1 AND TYPE 2 REPORTS THAT EXCLUDE THE SERVICES OF A
LO 4 18 A40
SUBSERVICE ORGANIZATION
FRAUD, NON-COMPLIANCE WITH LAWS AND REGULATIONS AND
LO 5 UNCORRECTED MISSTATEMENTS IN RELATION TO ACTIVITIES AT 19 A41
THE SERVICE ORGANIZATION
LO 6 REPORTING BY THE USER AUDITOR 20–22 A42–A44

35
ISAs – Summaries and Application Guide ISA 402

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope
 Many entities outsource business functions to service organizations, which may range from specific
tasks to entire business units. Not all outsourced services impact financial statements.
 A service organization is relevant to an audit if its services impact the user entity’s financial
reporting.

User Auditor’s Responsibilities

The user auditor must:
• Understand the nature and significance of the service organization’s role.
• Assess its impact on the user entity’s internal control system.
• Identify and assess risks of material misstatement.
• Design and execute audit procedures to address these risks.

Roles in an Audit of a Service Organization

• User Entity: The entity being audited, which relies on a service organization.
• User Auditor: Audits the user entity’s financial statements.
• Service Organization: A third party that provides services impacting financial reporting.
• Service Auditor: Provides assurance reports on the service organization’s controls.
• Service Organization’s System: The policies and procedures it maintains to deliver services
covered by a service auditor’s report.
• Subservice Organization: A service provider used by another service organization.

LO 2: OBTAINING AN UNDERSTANDING OF THE SERVICES PROVIDED BY A SERVICE

ORGANIZATION, INCLUDING INTERNAL CONTROL:

Understanding the Service Organization’s Role

To assess the impact of a service organization on the user entity’s internal control and operations, the user
auditor must evaluate:
• Contractual Relationship: Review contract between user entity and service organization to
understand obligations, rights, and responsibilities. Contracts typically include:
o Information-sharing requirements.
o Compliance with regulatory requirements.
o Rights of access for auditors.
o Reporting obligations, including the provision of Type 1 or Type 2 reports.
• Nature of Services: Identify the services provided and their significance to the user entity.
• Transactions Affected: Determine which transactions, accounts, or reporting processes the service
organization handles.
• Interaction Level: Assess how closely the user entity interacts with the service organization.
o High Interaction: The user entity authorizes transactions, and the service organization only
processes them.
o Low Interaction: The service organization initiates, processes, and records transactions,
limiting user entity oversight.

36
ISAs – Summaries and Application Guide ISA 402

Evaluating Internal Control Over the Service Organization’s Services

The user auditor must:
• Identify User Entity Controls: Determine controls applied at the user entity over service
organization transactions.
• Evaluate Design and Implementation: Assess whether these controls are effective and
implemented properly.

Additional Procedures If Understanding Is Insufficient

If the user auditor cannot obtain enough information from the user entity, they must use one or more of the
following:
• Type 1 or Type 2 Report (if available).
• Direct Inquiry: Contact the service organization through the user entity.
• On-Site Visit: Assess the service organization’s internal controls directly.
• Engaging Another Auditor: Have an independent auditor perform necessary procedures at the
service organization.

Types of Audit Reports on Service Organizations

There are two types of reports of service auditor i.e.

(i) Type 1 Report:

It includes the service auditor’s opinion on:
 description of system and control objectives, and
 design of controls at service organization to achieve control objectives.
It does not provide any evidence of the operating effectiveness of the relevant controls.

(ii) Type 2 Report:

In this report, service auditor expresses opinion on:
 description of system and control objectives, and
 design of controls at service organization to achieve control objectives, and
 operating effectiveness of the relevant controls.
Report also describes tests of controls performed.

Using Type 1 or Type 2 Reports to Support Audit Procedures

User auditors should:
• Verify the Service Auditor’s Competence and Oversight.
• Confirm that the Report Addresses Relevant Controls.
• Determine Whether the Controls Align with Financial Statement Assertions.
• Identify Complementary User Entity Controls and Assess Their Effectiveness.

If the report is outdated, the auditor may update their understanding by:
• Discussing Changes with the user entity’s personnel.
• Reviewing Recent Reports or Documentation from the service organization.
• Communicating Directly with the Service Organization.

37
ISAs – Summaries and Application Guide ISA 402

LO 3: RESPONDING TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT:

Testing Controls at a Service Organization

If the audit plan assumes effective controls at the service organization, the user auditor must obtain
evidence by:
• Obtain evidence directory at the service organization.
• Using a Type 2 report (if available).
• Engaging another auditor to test controls at the service organization

Audit Evidence from Service Organizations:

To obtain evidence, the auditor may:
• Inspect records at the user entity (if available and reliable).
• Review service organization records (if contractual access exists).
• Request confirmations from the service organization to verify balances and transactions.
• Perform analytical procedures on the user entity’s records or reports from the service organization.

Evaluating a Type 2 Report as Audit Evidence

If user auditor relies on a Type 2 report, he must verify:
• The time period covered and whether it aligns with the financial reporting period.
• The scope of the service auditor’s work, including the controls tested.
• The test results, ensuring they provide enough evidence for risk assessment.
• The user auditor must check if these complementary controls exist and function effectively (e.g.
authorizing transactions before submission to service organization, or subsequent review).

Using Another Auditor for Audit Procedures

Another auditor may perform substantive procedures on behalf of the user auditor.

Additional Considerations for Type 2 Reports

If reporting period is different:
If the Type 2 report covers an earlier period, the auditor may
• Extend control testing over the remaining period.
• Request or Perform additional audit procedures to cover recent changes in controls.

If a Type 2 report includes exceptions or a modified opinion:

The user auditor must:
• Assess the significance of exceptions in the report.
• Discuss concerns with the service auditor (if permitted).
• Consider additional audit procedures for unresolved issues.

Communicating Internal Control Deficiencies:

The user auditor should inform management and those charged with governance about:
• Missing or weak monitoring controls that the user entity could implement.
• Gaps in service organization controls.

38
ISAs – Summaries and Application Guide ISA 402

LO 4: TYPE 1 AND TYPE 2 REPORTS THAT EXCLUDE THE SERVICES OF A SUBSERVICE

ORGANIZATION:

Understanding Service Organization Reporting Methods

A service organization may rely on a subservice organization for certain tasks. When reporting on controls,
the service auditor can use two approaches:
• Inclusive Method: The service auditor’s report includes the subservice organization’s controls.
• Carve-Out Method: The report excludes the subservice organization’s controls from the service
organization’s system description.

Audit Approach When Subservice Organization’s Controls Are Excluded

If a Type 1 or Type 2 report excludes a subservice organization’s controls, but its services impact the user
entity’s financial statements, the user auditor must:
• Assess its significance on user entity’s financial statements.
• Determine its relevance to the audit.
• Follow ISA 402 to evaluate risks and design audit procedures.

LO 5: FRAUD, NON-COMPLIANCE WITH LAWS AND REGULATIONS AND UNCORRECTED

MISSTATEMENTS IN RELATION TO ACTIVITIES AT THE SERVICE ORGANIZATION:

Service Organization’s Reporting Obligations

• A service organization may be contractually required to inform user entities about fraud, non-
compliance, or uncorrected misstatements related to its management or employees.
• The user auditor must:
o Confirm whether the service organization has disclosed such matters.
o Evaluate their significance for the audit procedures.

Identifying and Assessing Fraud, Non-Compliance, and Uncorrected Misstatements

User Auditor’s Inquiry
The user auditor must ask the user entity’s management whether:
• The service organization has reported any fraud, non-compliance with laws and regulations, or
uncorrected misstatements.
• The user entity is aware of any such issues affecting its financial statements.

Impact on the Audit

If fraud, non-compliance, or uncorrected misstatements exist, the user auditor must:
• Assess how they affect the audit approach, including the nature, timing, and extent of further audit
procedures.
• Determine their impact on audit conclusions and the audit report.

39
ISAs – Summaries and Application Guide ISA 402

LO 6: REPORTING BY THE USER AUDITOR:

Limitations in Obtaining Audit Evidence:

• When a user auditor cannot obtain sufficient appropriate audit evidence related to services provided
by a service organization, it creates a limitation on the audit scope.
• This occurs when there is a limitation on the audit scope, such as:
o Insufficient understanding of the service organization’s role, preventing risk assessment.
o Inability to obtain evidence on the effectiveness of service organization controls.
o Lack of direct access to service organization records.
• The user auditor may issue a qualified opinion (if effect is material) or disclaimer of opinion (if
effect is pervasive).

Reference to the Work of a Service Auditor:

General Rule
• A user auditor must not refer to a service auditor’s work when issuing an unmodified opinion, unless
required by law or regulation.
• If a reference is required, the user auditor must clarify that their responsibility for the audit opinion
remains unchanged.

When a Modified Opinion is Issued

• If the service auditor’s modified opinion affects the user auditor’s opinion, the user auditor may refer
to the service auditor’s report for clarification.
• In such cases, the user auditor may need the service auditor’s consent before making the reference.

40
 ISAs – Summaries and Application Guide ISA 450

ISA 450
EVALUATION OF MISSTATEMENTS
IDENTIFIED DURING THE AUDIT
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 A1

LO 2 ACCUMULATION OF IDENTIFIED MISSTATEMENTS 5 A2 – A6
CONSIDERATION OF IDENTIFIED MISSTATEMENTS AS THE AUDIT
LO 3 6-7 A7 – A9
PROGRESSES
LO 4 COMMUNICATION AND CORRECTION OF MISSTATEMENTS 8-9 A10 – A13
LO 5 EVALUATING THE EFFECT OF UNCORRECTED MISSTATEMENTS 10 – 13 A14 – A28
LO 6 WRITTEN REPRESENTATIONS 14 A29
LO 7 DOCUMENTATION 15 A30

41
ISAs – Summaries and Application Guide ISA 450

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose of the Standard

This International Standard on Auditing (ISA) outlines the auditor’s responsibilities in evaluating:
• The effect of identified misstatements on the audit.
• The impact of uncorrected misstatements on financial statements.

Definition of Misstatement
 A misstatement occurs when financial information is incorrect in terms of:
o Amounts
o Classification
o Presentation
o Disclosure
 Misstatements may result from errors or fraud.
 If financial statements must present a true and fair view, necessary adjustments to amounts,
classification, and disclosures are also considered misstatements.

LO 2: ACCUMULATION OF IDENTIFIED MISSTATEMENTS:

Requirement to Accumulate Misstatements

The auditor must accumulate all identified misstatements except those that are clearly trivial.

Definition of "Clearly Trivial"

• Clearly trivial does not mean not material.
• Clearly trivial misstatements are:
o Insignificant in size, nature, or circumstances (whether considered individually or
collectively).
o If any uncertainty exists, the misstatement is not considered trivial.

Types of Misstatements
To assess the impact of misstatements, the auditor categorizes them into three types:

Type of Misstatement Description

Factual Misstatements Clear errors with no doubt.
Judgmental Misstatements Differences in judgment.
Estimates based on sample findings extrapolated to the entire population. (Refer
Projected Misstatements
to ISA 530 for details).

Evaluating and Handling Accumulated Misstatements

• The auditor may set a threshold below which misstatements are deemed trivial and do not require
accumulation.
• If a misstatement exceeds this threshold, it must be accumulated to evaluate their impact on
financial statements.
• The auditor must evaluate misstatements individually and collectively to determine their material
impact.

The auditor communicates findings to management and governance, recommending necessary corrections.

42
ISAs – Summaries and Application Guide ISA 450

LO 3: CONSIDERATION OF IDENTIFIED MISSTATEMENTS AS THE AUDIT PROGRESSES:

Assessing the Impact of Misstatements on the Audit Plan and Strategy

The auditor must evaluate whether to revise the audit strategy and audit plan if:
• The total accumulated misstatements approach the materiality threshold.
• The nature and cause of misstatements suggest other misstatements may exist. If combined, they
could be material.

Management’s Role in Addressing Identified Misstatements

• The auditor may ask management to review a class of transactions, account balance, or
disclosure to:
o Identify the cause of the misstatement.
o Determine the actual amount of misstatements.
o Adjust the financial statements accordingly.
• Such requests often arise from audit sampling, where the auditor projects misstatements from a
sample to the entire population.

Auditor’s Response After Management’s Correction

If management corrects the misstatements, the auditor must conduct additional audit procedures to
ensure no misstatements remain.

When Management Fails to Correct Misstatements

Auditor’s Required Actions
If management refuses to correct material misstatements, the auditor must:
• Assess the impact on the audit report and inform those charged with governance.
• Consider if the refusal raises integrity concerns, potentially leading to a modified opinion or
disclaimer of opinion.
• Evaluate withdrawal from the engagement, if legally permitted.
• In the public sector, withdrawal may not be an option. Instead, the auditor may report the issue to
legislative authorities.

Widespread Misstatements
A misstatement may signal systemic issues. If these errors are widely applied, more misstatements may
exist.

LO 4: COMMUNICATION AND CORRECTION OF MISSTATEMENTS:

Communicating and Correcting Misstatements

• The auditor must inform management of all identified misstatements unless restricted by law.
• Management must correct the misstatements.
o If corrected → The auditor verifies the correction.
o If not corrected → The auditor informs those charged with governance and requests
correction.

43
ISAs – Summaries and Application Guide ISA 450

Actions When Misstatements Remain Uncorrected

Understanding Management’s Refusal
If management refuses to correct misstatements, the auditor must:
• Understand their reasons.
• Consider whether financial statements remain free from material misstatement.

Evaluating Audit Report Impact

• Assess the impact on the audit opinion.
• If management’s refusal indicates bias or dishonesty, the auditor may:
o Seek legal advice.
o Modify the audit opinion.
o In extreme cases, issue a disclaimer of opinion (if financial statements are unreliable).

Considering Withdrawal
• If allowed by law, the auditor may withdraw from the engagement.
• In the public sector, withdrawal may not be possible. Instead, the auditor may:
o Report the issue to legislative authorities.
o Take other necessary actions.

Legal and Regulatory Considerations

• Some laws (e.g. anti-money laundering laws) prevent auditors from informing management about
certain misstatements.
• If unsure, auditors should seek legal advice.

LO 5: EVALUATING THE EFFECT OF UNCORRECTED MISSTATEMENTS:

Reassessing Materiality
• Before evaluating uncorrected misstatements, the auditor must review materiality, as determined in
ISA 320, to ensure it aligns with actual financial results.
• If necessary, the auditor revises materiality levels, which may impact performance materiality and
audit procedures.

Assessing the Impact of Uncorrected Misstatements

Evaluating Materiality
The auditor determines whether uncorrected misstatements are material, either individually or collectively,
by considering the size and nature of the misstatements.

Offsetting Misstatements
• A material misstatement in one area cannot be offset by another (e.g., overstated revenue offset by
overstated expenses still results in misstatements).
• Offsetting within the same account may be acceptable, but the risk of undetected misstatements must
be considered.

Classification Errors
Some classification errors may affect key financial metrics (e.g., debt covenants, compliance).

Accumulated Prior Period Misstatements

The cumulative effect of uncorrected misstatements from previous periods may materially impact the current
period’s financial statements.

44
ISAs – Summaries and Application Guide ISA 450

Communicating with Those Charged with Governance

The auditor must:
• Inform governance about uncorrected misstatements and their effect on the audit opinion.
• Identify each material misstatement individually. However, for immaterial misstatements, the
auditor may communicate the total number and monetary effect rather than listing each one.
• Request correction of the misstatements.

Considering Nature/Qualitative Criteria:

In following cases, small misstatements may be considered material:
 Improper or Inadequate description of an Accounting policy, or Related party transactions
 Fraud
 Non-compliance of laws and regulations (NOCLAR) e.g. illegal payments, money laundering.
 Remuneration of management and TCWG.
 Failure to meet requirements of debt-covenants
 Key Performance Indicators of the company (e.g. a small misstatement converting loss into profit,
research & development cost for a pharmaceutical company)
 Affects key ratios focused by users.

LO 6: WRITTEN REPRESENTATIONS:

The auditor must request a written representation from management and, if necessary, those charged with
governance.
 This representation should confirm whether they believe uncorrected misstatements are immaterial,
both individually and in aggregate, to the financial statements.
 A summary of these uncorrected misstatements must be included in or attached to the written
representation.

LO 7: DOCUMENTATION:

The auditor must document key aspects of the audit, including:

• Clearly Trivial Misstatements Threshold – The amount below which misstatements are
insignificant.
• Accumulated Misstatements – A record of all misstatements found during the audit, specifying
whether they were corrected.
• Materiality Assessment – The auditor’s conclusion on whether uncorrected misstatements are
material, either individually or in total, along with supporting reasoning.

45
 ISAs – Summaries and Application Guide ISA 500

ISA 500
AUDIT EVIDENCE

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–5 A1 − A4

LO 2 SUFFICIENT APPROPRIATE AUDIT EVIDENCE 6 A5 – A29
LO 3 INFORMATION TO BE USED AS AUDIT EVIDENCE 7–9 A30 – A62
LO 4 SELECTING ITEMS FOR TESTING TO OBTAIN AUDIT EVIDENCE 10 A63 – A67
INCONSISTENCY IN, OR DOUBTS OVER RELIABILITY OF, AUDIT
LO 5 11 A68
EVIDENCE

Effective Date: December 15, 2009

46
ISAs – Summaries and Application Guide ISA 500

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What ISA 500 Covers

 Auditors must design and perform procedures to gather enough appropriate audit evidence to
support their conclusions and opinion.
 ISA 500 defines audit evidence, and how auditors obtain sufficient and appropriate evidence to form
an opinion.

Key Definitions:
• Audit Evidence: Information used to support the auditor’s conclusions, including data from
accounting records and external sources.
• Sufficiency: The quantity of audit evidence required, based on the risk of material misstatement and
evidence quality.
• Appropriateness: The quality of audit evidence, determined by its relevance and reliability.
• Accounting Records: Documents supporting financial transactions, such as invoices, contracts,
ledgers, reconciliations, and journal entries.
• External Information Source: An independent party providing information for financial statements
or audit evidence, made available to multiple users (e.g., stock exchanges, regulatory bodies).
• Management’s Expert: A non-accounting specialist whose work assists in preparing financial
statements.

Determining Suitability of External Information

• Reliable information is widely available, either freely or for a fee.
• The auditor must assess if an entity can influence the source’s information.

Distinguishing External Sources from Management’s Experts:

Understanding the distinction between external information sources and management’s experts is critical for
evaluating the reliability of audit evidence.

External Information Source Management’s Expert (Customized

Scenario
(General Data) Analysis)
Public market data on property
Real Estate Prices Entity-specific property valuation
values
Actuarial Data Standard mortality tables Custom pension liability estimates

Publicly available
Market Pricing Data Expert valuation for complex securities
stock/commodity prices

Industry Risk Reports General industry trends Tailored risk analysis for the entity

Economic Forecasts Public market trends Customized financial projections

47
ISAs – Summaries and Application Guide ISA 500

LO 2: SUFFICIENT APPROPRIATE AUDIT EVIDENCE:

Requirement for Audit Evidence

The auditor must design and perform appropriate audit procedures to obtain sufficient appropriate audit
evidence to support the audit opinion.

Purpose of Audit Evidence

• Audit evidence supports the auditor’s opinion and is collected through audit procedures, prior audits
(if relevant), client acceptance processes, and internal entity records.
• It includes information from management’s experts and external sources.
• Evidence can either support or contradict management’s assertions.
• The absence of evidence, such as management’s refusal to provide documents, is also considered
audit evidence.

Interrelationship Between Sufficiency and Appropriateness

• Sufficiency refers to the quantity of evidence needed, which depends on the risk of misstatement
and the quality of evidence.
• Appropriateness refers to the quality, relevance, and reliability of evidence.
• High-quality evidence reduces the amount required, but more evidence does not compensate for
poor quality.

Sources of Audit Evidence

Internal vs. External Evidence
• Internal sources: Accounting records, management representations, meeting minutes.
• External sources: Third-party confirmations, industry reports, benchmarking data.
• Cross-checking evidence from different sources increases reliability.

Relevance of Prior Audit Evidence

• Evidence from past audits may be relevant, but the auditor must verify its continuing validity.

Audit Procedures for Obtaining Evidence

Audit evidence is gathered through:
• Risk assessment procedures – Identifying areas prone to material misstatement.
• Tests of controls – Evaluating the effectiveness of internal controls.
• Substantive procedures – Detecting misstatements through:
o Tests of details – Verifying transactions and balances.
o Analytical procedures – Comparing financial and non-financial data.

Some data is available only electronically or for a limited time, requiring timely audit actions.

Methods for Gathering Audit Evidence

1. Inspection
• Examining records, documents, or physical assets.
• Reliability depends on the source and internal control effectiveness.

48
ISAs – Summaries and Application Guide ISA 500

2. Observation
• Watching a process, such as inventory counting or control execution.
• Limited to the observed moment and may influence behavior.

3. External Confirmation
• Direct written response from third parties verifying balances, agreements, or transactions.
• Can confirm existence or absence of certain conditions (e.g., undisclosed agreements).

4. Recalculation
• Checking the mathematical accuracy of financial records.
• Can be performed manually or electronically.

5. Reperformance
• Re-executing entity controls or procedures to verify their effectiveness.

6. Analytical Procedures
• Evaluating financial data by analyzing relationships between financial and non-financial information.
• Large deviations from expectations require further investigation.

7. Inquiry
• Seeking information from knowledgeable individuals inside or outside the entity.
• Ranges from informal discussions to formal written inquiries.

LO 3: INFORMATION TO BE USED AS AUDIT EVIDENCE:

Evaluating Information for Audit Evidence

The auditor must assess the relevance and reliability of all information used as audit evidence, including
internal and external sources.

Key Considerations for Reliability:

• External sources are generally more reliable than internal ones.
• Direct evidence (e.g., observation) is more reliable than indirect evidence (e.g., inquiry).
• Written documents are more reliable than oral representations.
• Original documents are more reliable than copies or electronic versions unless proper controls
exist.

If information is unreliable and no alternative evidence is available, the auditor may face a scope limitation
that could affect the audit opinion.

49
ISAs – Summaries and Application Guide ISA 500

Using a Management’s Expert for Audit Evidence

If information is based on a management’s expert, the auditor must:

Assess the Expert’s Qualifications

• Evaluate competence, capability, and objectivity.
• Verify professional standards, qualifications, and experience.
• Check for conflicts of interest that may impact objectivity.

Understand the Expert’s Work

• Review scope, assumptions, and methods used.
• Determine whether the expert follows industry standards.
• If the expert is an external consultant, review the engagement agreement.

Evaluate the Expert’s Work as Audit Evidence

• Ensure conclusions align with other audit evidence.
• Assess whether assumptions and methods are reasonable.
• Verify that source data is complete and accurate.

If expert’s work is unreliable, auditor must seek alternative evidence or reconsider reliance on that expert.

Evaluating Information from External Sources

The auditor must verify whether external information is relevant and reliable.

Factors Affecting Reliability:

• Authority of the source (e.g., government agencies are more reliable).
• Relationship between the entity and the source (potential bias).
• Reputation and track record of the source.
• Past reliability of the source in previous audits.
• Availability of alternative sources for cross-verification.

If an external source is the only provider of certain information (e.g., inflation rates from a central bank), the
auditor may need to:
• Confirm data on the official website or from other independent publications.
• Perform additional procedures to validate accuracy.

If no alternative source is available and the information is unreliable, the auditor may need to disclose a
scope limitation.

Assessing Information Produced by the Entity

The reliability of entity-generated data is crucial for an effective audit. The auditor must evaluate whether the
information is accurate, complete, and sufficiently detailed to support audit procedures.

Key Considerations for Reliability

• The accuracy and completeness of the data must be verified.
• The quality of the audit relies on the reliability of the entity's data.
• The information should be precise and detailed enough to be useful in audit procedures.

Verification Methods
To assess the reliability of the information, the auditor should:
• Compare financial records with independent external sources.
• Evaluate the entity’s internal controls over data preparation and maintenance.
• Test completeness by ensuring all relevant transactions are recorded.

50
ISAs – Summaries and Application Guide ISA 500

LO 4: SELECTING ITEMS FOR TESTING TO OBTAIN EVIDENCE:

Auditors use different methods to select items for testing when conducting tests of controls and tests of
details. The selection method should be effective in obtaining relevant and reliable audit evidence while
ensuring efficiency.

A. Examining All Items (100% Testing)

In some cases, auditors may review all items within a population. This method is rare in tests of controls but
more common in tests of details.

When to Use 100% Testing:

• The population consists of a few large-value items.
• The risk of material misstatement is high, and other methods do not provide sufficient audit
evidence.
• A system automatically processes transactions, making full examination cost-effective.

B. Selecting Specific Items

Auditors may select particular items based on judgment, focusing on high-risk or significant items.

Types of Specific Selections:

• High-value or key items – Large-value transactions or those with high risk.
• Items above a threshold – Testing only items exceeding a certain amount to cover most of the total
value.
• Items for obtaining information – Reviewing transactions to understand entity operations.

Limitations:
• Selecting specific items is not considered audit sampling.
• The results cannot be projected to the entire population.

C. Audit Sampling
Audit sampling allows auditors to draw conclusions about an entire population by testing a representative
sample instead of all items.

Purpose of Audit Sampling:

• To provide audit evidence that applies to the entire population.
• To assess whether material misstatements exist within financial statements.

Refer to ISA 530 for more details on audit sampling techniques.

Selection Strategy
Selection Strategy depends on the Nature of the population, Risk, Practicality and efficiency.

51
ISAs – Summaries and Application Guide ISA 500

LO 5: INCONSISTENCY IN, OR DOUBTS OVER RELIABILITY OF, AUDIT EVIDENCE:

1. Identifying and Addressing Inconsistency or Doubts in Audit Evidence

The auditor must take action if:
• Inconsistent Evidence: Information from different sources is inconsistent.
• Unreliable Information: Doubts arise regarding the reliability of evidence.

Examples of Inconsistency
• Conflicting responses from management, internal auditors, or those charged with governance may
indicate unreliable evidence.
• If governance responses contradict management’s statements, reliability must be reassessed.

2. Auditor’s Response to Inconsistent or Unreliable Evidence

If inconsistency or doubt exists, the auditor must:
• Modify or add audit procedures to resolve the issue.
• Assess the impact on other aspects of the audit (e.g. risk, procedures).

52
ISAs – Summaries and Application Guide ISA 501

ISA 501
AUDIT EVIDENCE

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–3 N/A

LO 2 INVENTORY 4–8 A1 – A16
LO 3 LITIGATION AND CLAIMS 9 – 12 A17 – A25
LO 4 SEGMENT INFORMATION 13 A26 – A27

Effective Date: December 15, 2009

53
ISAs – Summaries and Application Guide ISA 501

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope
This ISA provides guidance on obtaining sufficient and appropriate audit evidence in the following key areas:
• Inventory – Ensuring existence and assessing condition.
• Litigation and Claims – Verifying completeness of legal matters involving the entity.
• Segment Information – Ensuring proper presentation and disclosure under the applicable financial
reporting framework.

LO 2: INVENTORY:

Attendance at Physical Inventory Counting

If inventory is material to the financial statements, the auditor must obtain sufficient appropriate audit
evidence about its existence and condition by:

Procedures During Physical Inventory Counting

The auditor should:
• Evaluate Management’s Instructions
o Check if management has proper inventory counting procedures in place.
o Assess if controls exist to track inventory movement, condition, and completeness.

• Observe the Physical Count

o Ensure compliance with management’s instructions.
o Check controls over inventory movement before, during, and after the count.

• Inspect the Inventory

o Confirm inventory existence and assess its condition.
o Identify any obsolete, damaged, or slow-moving items.

• Perform Test Counts

o Verify accuracy by tracing count records to physical inventory and vice versa.
o Ensure the final inventory records reflect actual count results.

Inventory Count on a Different Date

If inventory is counted on a date other than the financial statement date, the auditor must:
• Perform additional audit procedures to ensure that changes in inventory between the count date and
financial statement date are properly recorded.
• Assess the reliability of the entity’s perpetual inventory records.
• Investigate any significant differences between physical count and records.

When the Auditor Cannot Attend Physical Inventory Count

Alternative Procedures If Attendance is Not Possible
If the auditor is unable to attend due to unforeseen circumstances, they must:
• Observe inventory counts on an alternative date.
• Perform audit procedures on intervening transactions to verify inventory movement.

54
ISAs – Summaries and Application Guide ISA 501

When Attendance is Impracticable

If attending is not feasible due to safety, location, or other valid reasons, the auditor must:
• Perform alternative audit procedures, such as:
o Inspecting subsequent sales invoices to confirm inventory movement.
o Reviewing inventory documentation for accuracy.
• If no alternative procedures provide sufficient evidence, the auditor must:
o Modify the audit opinion as per ISA 705 (Revised).

Inventory Held by Third Parties

If material inventory is under a third party’s custody, the auditor must obtain evidence about its existence
and condition through:

External Confirmation
Request confirmation from the third party regarding:
• Quantity of inventory held.
• Condition of the inventory.

Additional Audit Procedures

If confirmation is insufficient or unreliable, the auditor may:
• Attend the third party’s physical inventory count (if feasible).
• Obtain an independent auditor’s report on the third party’s controls.
• Inspect warehouse receipts and other supporting documents.
• Confirm inventory pledged as collateral with lenders or financial institutions.

LO 3: LITIGATION AND CLAIMS:

Identifying and Assessing Litigation and Claims

Procedures to Identify Legal Risks
The auditor must perform procedures to identify litigation and claims that could create a risk of material
misstatement, including:
• Inquiry → Asking management, in-house legal counsel, and relevant personnel.
• Document Review → Examining board meeting minutes and legal correspondence.
• Expense Analysis → Reviewing legal expense accounts and supporting invoices.

Communicating with External Legal Counsel

Seeking Direct Confirmation
If litigation or claims could materially affect financial statements, the auditor must seek direct communication
with external legal counsel. This is done through a letter of inquiry, prepared by management but sent by the
auditor.

Types of Inquiry Letters:

• General Inquiry Letter → Requests legal counsel to disclose known cases and assess their financial
impact.
• Specific Inquiry Letter (used when a general inquiry is unlikely to work) →
o Lists identified litigation and claims.
o Requests legal counsel to confirm management’s assessment.
o Asks legal counsel to disclose any missing or incorrect cases.

55
ISAs – Summaries and Application Guide ISA 501

Addressing Non-Response from Legal Counsel

If:
• Management denies permission for external legal confirmation.
• Legal counsel refuses to respond or is legally restricted.

and alternative procedures fail to provide sufficient evidence, then the auditor must:
• Modify the audit opinion in accordance with ISA 705 (Revised).
• Assess whether management’s refusal indicates integrity issues.
• Consider withdrawing from the engagement if permitted by law.

Written Representations from Management

The auditor must obtain written confirmation from management and governance bodies stating:
• All known litigation and claims have been disclosed.
• They have been accounted for in line with the applicable financial reporting framework.

This written representation supports the auditor’s conclusion about the completeness and accuracy of legal
disclosures.

Meetings with External Legal Counsel

A direct meeting may be required if:
• The case involves significant risk.
• The legal matter is complex.
• There is disagreement between management and legal counsel.
Such meetings typically require management’s permission, with a management representative present.

Updated Legal Information

The auditor must verify the latest status of litigation before finalizing the report.

LO 4: SEGMENT INFORMATION:

Understanding Segment Information

Entities may be required or permitted to disclose segment information under the applicable financial
reporting framework. The auditor’s responsibility is to assess the accuracy of segment disclosures within the
overall financial statements. The auditor is not required to express an opinion on segment information
separately.

Audit Procedures for Segment Information

To ensure segment disclosures comply with financial reporting standards, the auditor must:

Understanding Management’s Methods

The auditor assesses how management determines segment information, including:
• Inter-Segment Transactions: Reviewing sales, transfers, and elimination of inter-segment amounts.
• Comparisons with Budgets and Expectations: Evaluating whether segment results align with
expected figures, such as operating profit margins.
• Allocation Methods: Examining how assets and costs are distributed across segments.
• Consistency Over Time: Ensuring disclosures are consistent with prior periods and adequately
explain any inconsistencies.

56
ISAs – Summaries and Application Guide ISA 501

Testing the Methods

If necessary, the auditor verifies the accuracy of management’s approach by testing how segment information
is applied.

Performing Analytical and Other Audit Procedures

The auditor may use analytical procedures or other suitable audit techniques to confirm the accuracy of
segment information.

57
 ISAs – Summaries and Application Guide ISA 505

ISA 505
EXTERNAL CONFIRMATIONS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 N/A

LO 2 EXTERNAL CONFIRMATION PROCEDURES 7 A1 – A7
MANAGEMENT’S REFUSAL TO ALLOW THE AUDITOR TO
LO 3 8–9 A8 – A10
SEND A CONFIRMATION REQUEST
LO 4 RESULTS OF THE EXTERNAL CONFIRMATION PROCEDURES 10 – 14 A11 – A22
LO 5 NEGATIVE CONFIRMATIONS 15 A23
LO 6 EVALUATING THE EVIDENCE OBTAINED 16 A24 – A25

Effective Date: December 15, 2009

58
ISAs – Summaries and Application Guide ISA 505

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Importance of External Confirmations in Audits:

External Confirmation provides stronger evidence because:
✔ It comes from independent external sources.
✔ The auditor collects it directly.
✔ It is in documentary form (paper, electronic, or other formats).

Definitions in ISA 505

External Confirmation
Audit evidence received directly from a third party in written.

Positive Confirmation
A request where the third party must confirm agreement/disagreement or provide requested information.

Negative Confirmation
A request where the third party only responds if they disagree with the given information.

Non-Response
When the third party does not reply or provides an incomplete response to a positive confirmation.

Exception
A response that differs from the entity’s records.

LO 2: EXTERNAL CONFIRMATION PROCEDURES:

Auditor’s Control Over External Confirmations

When using external confirmation procedures, the auditor must maintain control by:
• Choosing the Information to Confirm – Deciding what needs verification.
• Selecting the Confirming Party – Ensuring the recipient has relevant knowledge.
• Designing the Confirmation Request – Properly addressing and formatting the request to get
accurate responses.
• Sending and Following Up – Sending requests and following up when necessary.

Key Aspects of External Confirmation Procedures

Choosing the Information to Confirm
• External confirmations verify account balances, contract terms, agreements, or confirm the absence
of specific conditions like "side agreements."

Selecting the Right Confirming Party

• Confirmation responses are more reliable when the request is sent to someone knowledgeable, such
as a financial institution official handling the transaction.

59
ISAs – Summaries and Application Guide ISA 505

Designing Effective Confirmation Requests

• Well-designed requests improve response rates and reliability.
• Important factors include:
o Audit assertions being tested.
o Identified risks, including fraud risks.
o Layout and presentation of the request.
o Previous audit experience.
o Communication method (paper, electronic, etc.).
o Management authorization, which may encourage responses.
o The confirming party’s ability to provide accurate details (e.g., invoice vs. total balance).

Types of Confirmation Requests:

o Positive Confirmation Requests – Require a response, confirming agreement or providing
information.
o Blank Confirmation Requests – Ask the recipient to fill in details instead of verifying pre-
filled information. These improve accuracy but may lower response rates.

Follow-Up Procedures
• Before sending requests, auditors should verify addresses to prevent errors.
• If no response is received within a reasonable time:
o Re-check the accuracy of the recipient’s details.
o Send additional follow-up requests.

LO 3: MANAGEMENT’S REFUSAL TO ALLOW THE AUDITOR TO SEND A CONFIRMATION

REQUEST:

Evaluating Management’s Refusal

When management refuses to allow the auditor to send a con�irmation request, the auditor must:
• Investigate the Reason for Refusal
o Ask management for reasons and assess their validity.
o Determine if the refusal is genuine or an attempt to hide fraud or errors.
o Common reasons include legal disputes or ongoing negotiations that could be affected by the
con�irmation request.

• Assess the Risk of Material Misstatement

o If the refusal is unreasonable, it may indicate a fraud risk factor that requires further
examination under ISA 240.
o Adjust audit procedures based on the revised risk assessment.

• Perform Alternative Audit Procedures

o If con�irmation is not possible, use other methods to gather suf�icient and reliable audit
evidence.
o Alternative procedures should align with the risk assessment and be similar to those used
for non-responses.

60
ISAs – Summaries and Application Guide ISA 505

Actions When Management’s Refusal is Unreasonable

If the refusal appears unreasonable, or if alternative procedures fail to provide suf�icient evidence, the
auditor must:
• Communicate with Those Charged with Governance
o Inform governance as required by ISA 260 (Revised).
o Explain the impact of the refusal on the audit and potential consequences.

• Assess the Impact on the Audit Opinion

o Determine if the refusal affects the auditor’s ability to form an opinion.
o If suf�icient evidence cannot be obtained, consider modifying the audit opinion under ISA
705 (Revised).
o In rare cases, if the refusal raises doubts about management’s integrity, the auditor may issue
a disclaimer of opinion (i.e., stating they cannot provide an opinion due to unreliable
�inancial information).

• Withdrawal from the Engagement

o If allowed by law, the auditor may withdraw from the engagement.
o In the public sector, withdrawal may not be an option. Instead, the auditor may report the
issue to the legislature or take other appropriate actions.

LO 4: RESULTS OF THE EXTERNAL CONFIRMATION PROCEDURES:

Evaluating Reliability of Responses:

Factors Indicating Unreliable Responses
• Response was received indirectly or from an unexpected source.
• Electronic responses (e.g., emails, faxes) lack veri�ication of origin and authority.
• A third party is used for response coordination, creating risks like:
o Incorrect source.
o Unauthorized respondent.
o Compromised transmission integrity.

Auditor’s Actions for Unreliable Responses

• Contact the con�irming party directly to verify authenticity.
• Request direct written con�irmation if the response was received indirectly.
• If a response is only provided orally, seek written con�irmation.
• Evaluate if unreliable responses indicate fraud risk, requiring further investigation under ISA 240.

Handling Non-Responses to Con�irmation Requests

Alternative Audit Procedures
• If no response is received, the auditor must perform alternative procedures to obtain reliable audit
evidence.
• Common alternative procedures:
o Accounts receivable: Check subsequent cash receipts, shipping records, or sales documents.
o Accounts payable: Review subsequent payments, supplier correspondence, or goods
received notes.

Implications of Non-Responses
• If the number of non-responses is unusually high, it may indicate fraud risk, requiring further
investigation.

61
ISAs – Summaries and Application Guide ISA 505

When Positive Con�irmation Responses Are Essential

• In some cases, only a response to a positive con�irmation request can provide suf�icient audit
evidence.
• Alternative procedures are not suf�icient when:
o The required evidence is only available outside the entity.
o Fraud risks (e.g., management override or collusion) prevent reliance on internal evidence.
• If the auditor does not receive a necessary con�irmation, they must assess the impact on the audit
opinion in line with ISA 705 (Revised).

Investigating Exceptions in Con�irmation Responses

Identifying Misstatements
• If responses contain discrepancies (exceptions), auditors must determine if they indicate
misstatements.
• If a misstatement is found, auditors must:
o Assess if it is a fraud indicator under ISA 240.
o Investigate whether similar con�irming parties or accounts may also contain misstatements.
o Determine if the exception signals de�iciencies in internal controls.

When Exceptions Are Not Misstatements

• Some differences arise from timing, measurement variances, or clerical errors in con�irmation
procedures.
• The auditor must carefully evaluate whether an exception is a genuine misstatement or an acceptable
variance.

LO 5: NEGATIVE CONFIRMATIONS:

Understanding Negative Con�irmations

• Negative con�irmations provide weaker audit evidence than positive con�irmations.
• A lack of response does not con�irm that the intended recipient received the request or veri�ied the
information.

Conditions for Using Negative Con�irmations as the Sole Substantive Procedure

The auditor should not rely solely on negative con�irmations to address the risk of material misstatement
unless all of the following conditions are met:
1. Low Risk of Material Misstatement
o The auditor assesses the risk as low.
o The auditor has obtained suf�icient evidence about the effectiveness of relevant controls.

2. Large, Homogeneous Population

The items subject to negative con�irmations consist of numerous small, similar account balances,
transactions, or conditions.

3. Very Low Expected Exception Rate

The likelihood of discrepancies is minimal.

4. Reliable Responses
There are no factors that would cause recipients to ignore the con�irmation requests.

62
 ISAs – Summaries and Application Guide ISA 505

Limitations of Negative Con�irmations

• Recipients often respond only if they perceive errors that are unfavorable to them.
• Example:
o A bank account holder is more likely to respond if they believe their balance is understated.
o If they believe the balance is overstated, they may ignore the con�irmation request.
• Due to this limitation, negative con�irmations are more useful for detecting understated bank
balances but are ineffective for identifying overstatements in case of bank account holders.

LO 6: EVALUATING THE EVIDENCE OBTAINED:

Auditor may receive one of the following types of responses. These responses need to be carefully evaluated
to ensure they provide sufficient evidence for the audit.

Response Type What it Means Example Action Required by Auditor

The bank confirms the account No further action required; the
The third party agrees
Agreement balance matches the auditor's response provides reliable audit
with the information.
records. evidence.
A supplier does not respond to a
The third party fails to Follow up with the third party, and
Non-Response request for confirmation of
reply. perform alternative procedures.
outstanding balance.
A customer confirms a balance that Investigate the difference and perform
The response shows
Exception is lower than what the company’s procedures [depending on specific
discrepancies.
financial records show. reason of exception].
The response appears
The confirmation comes from a Investigate the reliability of the source
Unreliable manipulated, incomplete,
suspicious email or lacks important and use other procedures to confirm the
Response or from untrustworthy
details. information (e.g., call the third party).
source.

Some specific cases of Exceptions and Auditor’s Course of Action:

Reply of confirmation Interpretation and Audit Procedures

This account is probably valid; however, auditor should verify date of receipt:
This amount was paid on – if date of receipt is before year end, cut-off on cash receipts is not proper (i.e.
December 28 this year’s collection is not recorded).
– if date of receipt is after year end, this indicates timing difference.
This account is probably valid; however, auditor should verify date of
shipment:
We received these goods on – if date of shipment is before year end, this indicates timing difference. Ensure
January 3 that inventory is also excluded from closing stock.
– if date of shipment is after year end, cut-off on sales is not proper (i.e. next
year’s sale is recorded this year).
We have paid this amount This indicates misstatement and auditor should investigate it and should:
since long. OR ̶ Discuss it with client and confirming party.
We have returned these ̶ Test internal control over transactions.
goods since long. OR ̶ If there is misstatement in client’s record, propose adjustment and re-
We never ordered/received assesses risk (including risk of fraud i.e. existence of Teeming and
these goods. Lading).
We are unable to confirm this This should be treated same as non-response. Auditor should perform
amount (for certain reasons) alternative audit procedures to obtain evidence.
Confirmation returned This indicates either wrong address or non-existent customer. Address should
undelivered be rechecked or alternative audit procedures should be applied.

63
 ISAs – Summaries and Application Guide ISA 510

ISA 510
INITIAL AUDIT ENGAGEMENTS —
OPENING BALANCES

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 N/A

LO 2 AUDIT PROCEDURES 5–9 A1 – A7
LO 3 AUDIT CONCLUSIONS AND REPORTING 10 – 13 A8 – A9
APX ILLUSTRATIONS OF AUDITORS’ REPORTS WITH MODIFIED OPINIONS

64
ISAs – Summaries and Application Guide ISA 510

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Objective of the Auditor

During an initial audit engagement, the auditor must obtain sufficient appropriate audit evidence to
determine whether:
� Opening balances contain material misstatements that affect the current period’s financial statements.
� Accounting policies applied to opening balances are consistent, or any changes are properly accounted
for and disclosed.

Initial Audit Engagement

An audit where either:
� Prior-period financial statements were not audited.
� Prior-period financial statements were audited by a another firm (predecessor auditor).

LO 2: AUDIT PROCEDURES:
Understanding Opening Balances:
The auditor must review the latest financial statements and predecessor auditor’s report (if available)
for relevant information on opening balances.

How to Obtain Audit Evidence for Opening Balances:

� Checking if last year’s closing balances were carried forward correctly.
� Ensuring correct application of accounting policies.
� Performing at least one of the following audit procedures:
• Reviewing the predecessor auditor’s working papers (if available). The reliability of this work
depends on the competence and independence of the predecessor auditor.
• Evaluating whether current audit procedures provide relevant evidence.
• Conducting specific audit procedures to obtain additional evidence.

Collecting Evidence for Assets & Liabilities:

Review predecessor auditor’s working papers:
 Auditor shall evaluate professional competence and independence of the predecessor auditor, and shall
also evaluate quality of working papers.

Evaluate if current period audit procedures provide evidence for opening balances:
 For example, collection of opening debtors (or payment of opening creditors) during the year will provide
some audit evidence.

Specific procedures to verify opening balances:

 Opening Inventory:
 Observe physical inventory count during current year, and roll-back to opening quantities.
 Perform procedures on valuation of opening inventory items.
 Perform procedures on gross profit and cut-off.

 Non-Current Assets and Liabilities:

 Physically inspect non-current assets appearing in opening balances.
 Examine accounting records and other information underlying opening balances (e.g. PPE).
 Send confirmation letter to third parties (e.g. in Long-term loan, and investments).

65
 ISAs – Summaries and Application Guide ISA 510

 Share Capital and Reserves etc.:

 Share capital, reserves and movements during the year can be verified by inspection of statutory
filing with SECP.

Ensuring Consistency of Accounting Policies:

The auditor must ensure that:
� Accounting policies from prior periods are consistently applied in the current period.
� Any changes in accounting policies are correctly accounted for and disclosed in compliance with the
financial reporting framework.

Considering the Predecessor Auditor’s Report

If the prior period’s financial statements had a modified opinion, the auditor must:
• Assess the impact of the issue that caused the modification.
• Consider its effect on the risk of material misstatement in the current financial statements, as per ISA
315

LO 3: AUDIT CONCLUSIONS AND REPORTING:

Evidence obtained on opening balances:

Auditor shall express Unmodified Opinion and shall include this in Key Audit Matter.

There is scope limitation on opening balances:

The auditor may issue:
� A qualified (if effect is material) or disclaimer of opinion (if effect is pervasive) on financial statements.
� If allowed by law, a mixed opinion:
• Qualified/Disclaimer for operations and cash flows
• Unmodified for financial position

� The appendix in ISA 510 includes sample auditor reports.

There is Misstatement in opening balances:

 Qualified Opinion (if effect is material) or
 Adverse Opinion (if effect is pervasive).

Consistency of Accounting Policies:

Change in accounting policy is correctly applied.  Unmodified Opinion and Key Audit Matter
Change in accounting policy is not correctly accounted  Qualified Opinion (if effect is material) or
for, or disclosed.  Adverse Opinion (if effect is pervasive).

Modification in the Predecessor Auditor’s Report:

Modification in Predecessor Auditor Report resolved.  Unmodified Opinion

Modification in Predecessor Auditor Report NOT resolved*.  Modified Opinion.

Not resolved means last year’s issue (whether misstatement or scope limitation) is still there.

66
ISAs – Summaries and Application Guide ISA 510

APX: ILLUSTRATIONS OF AUDITORS’ REPORTS WITH MODIFIED OPINIONS:

Illustration 1:

Facts: Auditor is unable to physically count opening inventory, and effect is Material
Balance Sheet is fairly presented and local laws prohibit split of opinion
Qualified Opinion:
We have audited the ……………….

In our opinion, except for the (possible) effects of the matter described in the Basis for Qualified Opinion
section of our report, financial statements give true and fair view of financial position of ABC Limited at
December 31, 2020 and its financial performance and cash flow for the year then ended in accordance with
IFRS.

Basis for Qualified Opinion:

We were appointed as auditors of the company on June 30, 20X1 and thus did not observe the counting of the
physical inventories at the beginning of the year. We were unable to satisfy ourselves by alternative means
concerning inventory quantities held at December 31, 20X0. Since opening inventories enter into the
determination of the financial performance and cash flows, we were unable to determine whether
adjustments might have been necessary in respect of the profit for the year reported in the statement of
comprehensive income and the net cash flows from operating activities reported in the statement of cash
flows.

We conducted our audit in accordance with …………

Other Matter
The financial statements of the Company for the year ended December 31, 20X0 were audited by another
auditor who expressed an unmodified opinion on those statements on March 31, 20X1.

67
ISAs – Summaries and Application Guide ISA 510

Illustration 2:

Facts: Auditor is unable to physically count opening inventory, and effect is Material
Balance Sheet is fairly presented and local laws do not prohibit split of opinion
Qualified Opinion:
We have audited the ……………….

Qualified Opinion on the Financial Performance and Cash Flows

In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion
section of our report, the accompanying statement of comprehensive income and statement of cash flows
present fairly, in all material respects (or give a true and fair view of), the financial performance and cash
flows of the Company for the year ended December 31, 20X1 in accordance with International Financial
Reporting Standards (IFRSs).

Opinion on the Financial Position

In our opinion, the accompanying statement of financial position presents fairly, in all material respects (or
gives a true and fair view of), the financial position of the Company as at December 31, 20X1 in accordance
with IFRSs.

Basis for Opinions, Including Basis for Qualified Opinion on Financial Performance and Cash Flows:
We were appointed as auditors of the Company on June 30, 20X1 and thus did not observe the counting of
the physical inventories at the beginning of the year. We were unable to satisfy ourselves by alternative
means concerning inventory quantities held at December 31, 20X0. Since opening inventories enter into the
determination of the financial performance and cash flows, we were unable to determine whether
adjustments might have been necessary in respect of the profit for the year reported in the statement of
comprehensive income and the net cash flows from operating activities reported in the statement of cash
flows.

We conducted our audit in accordance with …………

Other Matter
The financial statements of the Company for the year ended December 31, 20X0 were audited by another
auditor who expressed an unmodified opinion on those statements on March 31, 20X1.

68
 ISAs – Summaries and Application Guide ISA 520

ISA 520
ANALYTICAL PROCEDURES

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 A1 – A3

LO 2 SUBSTANTIVE ANALYTICAL PROCEDURES 5 A4 – A16
ANALYTICAL PROCEDURES THAT ASSIST WHEN FORMING AN
LO 3 6 A17 – A19
OVERALL CONCLUSION
LO 4 INVESTIGATING RESULTS OF ANALYTICAL PROCEDURES 7 A20 – A21

Effective Date: December 15, 2009

69
ISAs – Summaries and Application Guide ISA 520

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope and Purpose of Analytical Procedures

Definition: Analytical procedures involve evaluating financial information by analyzing relationships
between financial and non-financial data. These procedures help auditors identify inconsistencies or
significant deviations from expected values.

Types and Applications of Analytical Procedures

Comparative Analysis
Auditors compare financial data with:
• Prior-period financial statements to identify trends.
• Budgets or forecasts to check alignment with expected results.
• Industry benchmarks to evaluate financial ratios (e.g., sales-to-receivables ratio).

Evaluating Relationships in Financial Data

• Financial vs. Financial Data: Checking if elements of financial statements follow predictable trends
(e.g., gross margin percentage).
• Financial vs. Non-Financial Data: Comparing payroll costs with the number of employees to detect
anomalies.

Methods of Performing Analytical Procedures

• Simple Comparisons: Basic trend analysis.
• Ratio Analysis: Comparing financial ratios across periods or with industry standards.
• Complex Statistical Techniques: Using regression analysis or data analytics for deeper insights.

Purpose in Auditing:
During Risk Assessment (As per ISA 315)
• Helps identify areas of high risk by detecting unusual trends or inconsistencies.
• Used in planning audit procedures to focus on key risk areas.

During Substantive Testing (As per ISA 330)

• Confirms audit findings by validating financial data against expectations.
• Identifies potential misstatements that require further investigation.

At the Final Stage of the Audit

• Supports the auditor in forming an overall conclusion on the financial statements.
• Ensures that reported figures align with the auditor’s understanding of the entity.

70
ISAs – Summaries and Application Guide ISA 520

LO 2: SUBSTANTIVE ANALYTICAL PROCEDURES:

Choosing Between Analytical Procedures and Tests of Details

• Auditors use either substantive analytical procedures, tests of details, or both, based on their
effectiveness in reducing audit risk.
• If internal data is used, the auditor must verify its accuracy and reliability.

When Analytical Procedures Are More Effective

• When data trends are predictable and stable, analytical procedures can provide strong evidence.
• Simple predictive models (e.g., payroll estimation based on employee count and salary rates) can
replace tests of details.
• Industry-standard ratios (e.g., profit margins) help verify recorded amounts.

When Tests of Details Are Necessary

• If internal controls over sales processing are weak, tests of details are more reliable than analytical
procedures.
• When testing accounts receivable, auditors may combine analytical procedures (aging analysis) with
tests of details (reviewing cash receipts).

Designing and Performing Substantive Analytical Procedures

When using substantive analytical procedures (alone or with tests of details) under ISA 330, the auditor
must:

Selecting Suitable Analytical Procedures for given Assertion

• Choose procedures based on the risk of material misstatement and the effectiveness of tests of
details.
• Analytical procedures work best for large, predictable transaction volumes.
• The effectiveness depends on data reliability and whether relationships between data remain
consistent over time.

Evaluating the Reliability of Data

• The source, comparability, nature, and controls over data preparation determine reliability.
• Independent external data is more reliable than internally prepared information.
• If internal data is used, strong controls over its preparation must be in place.
• Auditors may test internal controls to ensure data accuracy.

Developing Precise Expectations

• The auditor forms an expectation of amounts or ratios to detect material misstatements.
• Higher accuracy is expected when analyzing consistent trends (e.g., gross margins) rather than
variable expenses (e.g., advertising costs).
• Expectations improve when analyzing disaggregated data (e.g., by department rather than company-
wide).

Determining Acceptable Differences

• The auditor sets an acceptable difference between expected and actual amounts before requiring
further investigation.
• This threshold depends on materiality and the level of audit assurance needed.
• Higher audit risk requires more precise expectations and lower tolerance for differences.

71
ISAs – Summaries and Application Guide ISA 520

LO 3: ANALYTICAL PROCEDURES THAT ASSIST WHEN FORMING AN OVERALL CONCLUSION:

Purpose of Analytical Procedures

• At the end of the audit, the auditor must perform analytical procedures to verify that the financial
statements align with their understanding of the entity.
• These procedures help confirm conclusions drawn during the audit of individual financial statement
components.
• The auditor uses this analysis to form a reasonable conclusion as a basis for the audit opinion.

Identifying and Responding to New Risks

• Analytical procedures may uncover a previously unrecognized risk of material misstatement.
• If new risks are identified, ISA 315 requires the auditor to:
o Revise the risk assessment.
o Adjust planned audit procedures accordingly

LO 4: INVESTIGATING RESULTS OF ANALYTICAL PROCEDURES:

Identifying Unexpected Fluctuations or Inconsistencies

• If analytical procedures reveal unexpected fluctuations, inconsistencies with other information, or
significant differences from expected values, the auditor must investigate further.

Steps for Investigation

Inquiry with Management
• Ask management to explain the identified differences.
• Obtain relevant audit evidence to support management’s response.

Evaluating Management’s Responses

Compare management’s explanations with:
• The auditor’s understanding of the entity and its environment.
• Other audit evidence obtained during the audit.

Performing Additional Audit Procedures

If management’s explanation is inadequate or unsupported by evidence, the auditor must conduct further
procedures to resolve discrepancies.

When Additional Procedures are Necessary

If management cannot explain the differences or provides insufficient evidence, the auditor must:
• Perform additional audit tests.
• Consider potential risks, including fraud risk factors.
• Assess the impact on the risk of material misstatement.

72
ISAs – Summaries and Application Guide ISA 530

ISA 530
AUDIT SAMPLING

ISA 530
LO # LEARNING OBJECTIVE
REFERENCE

LO 1 INTRODUCTION, OBJECTIVES, DEFINITION 1 – 5, A1 – A3

REQUIREMENTS:
LO 2 SAMPLE DESIGN, SIZE AND SELECTION OF ITEMS FOR TESTING 6−8, A4−A13
LO 3 PERFORMING AUDIT PROCEDURES 9−11, A14−A16
LO 4 NATURE AND CAUSE OF DEVIATIONS AND MISSTATEMENTS 12−13, A17
LO 5 PROJECTING MISSTATEMENTS 14, A18−A20
LO 6 EVALUATING RESULTS OF AUDIT SAMPLING 15, A21−A23
APPENDIX:
APX 1 STRATIFICATION AND VALUE-WEIGHTED SELECTION
APX 2 EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF CONTROLS
APX 3 EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF DETAILS
APX 4 SAMPLE SELECTION METHODS

73
ISAs – Summaries and Application Guide ISA 530

LO 1: INTRODUCTION :

Scope:
• This standard applies when an auditor uses audit sampling in audit procedures.
• It covers:
o Statistical and non-statistical sampling.
o Designing and selecting audit samples.
o Performing tests of controls and tests of details.
o Evaluating sample results.
• ISA 530 complements ISA 500, which guides auditors on obtaining sufficient appropriate audit
evidence. Audit sampling is one method of selecting items for testing.

Definitions
Audit Sampling
• Selecting less than 100% of a population where each item has a chance of selection.
• Ensures a reasonable basis for conclusions about the entire population.

Population
• The entire dataset from which a sample is selected.

Sampling Unit
Individual items in a population, such as:
o Checks on cheque book.
o Credit entries in bank statements.
o Sales invoices.
o Debtor balances.

Stratification
Dividing a population into smaller sub-populations with similar characteristics (e.g., monetary value).

Risks in Audit Sampling

Sampling Risk
The risk that conclusions based on a sample differ from those based on the entire population.

Types of Sampling Risk:

1. Risk of Over-reliance or Incorrect Acceptance → Affects audit effectiveness and may lead to an
inappropriate audit opinion.
2. Risk of Under-reliance or Incorrect Rejection → Affects audit efficiency and may lead to unnecessary
additional work.

Non-Sampling Risk
The risk of erroneous conclusions due to factors other than sampling, such as:
• Using inappropriate procedures.
• Misinterpreting audit evidence.
• Failing to detect misstatements.

74
ISAs – Summaries and Application Guide ISA 530

Sampling Approaches
Statistical Sampling
Involves:
• Random selection of items.
• Use of probability theory to evaluate sample results and measure sampling risk.

Non-Statistical Sampling
Any sampling method that does not involve both random selection and probability-based evaluation.

Tolerable Misstatement
• The maximum misstatement an auditor allows in a population without affecting audit conclusions.
• Ensures minor misstatements do not cause material misstatements in financial statements.
• Related to performance materiality under ISA 320.

Tolerable Rate of Deviation

The highest deviation rate from prescribed internal controls that the auditor accepts without affecting audit
conclusions.

Anomalies
Misstatements or deviations that are not representative of the population.

LO 2: SAMPLE DESIGN, SIZE AND SELECTION OF ITEMS FOR TESTING:

Designing the Audit Sample

The auditor must design the sample based on the purpose of the audit procedure and the characteristics of
the population.

Key Considerations in Sample Design:

• Audit Sampling Approach:
The auditor can use statistical sampling (probability-based) or non-statistical sampling (judgment-
based).

• Defining Deviations or Misstatements:

The auditor must clearly define what qualifies as a misstatement or deviation to ensure relevant
conditions are included in evaluation.

• Population Characteristics:
o For tests of controls, the auditor estimates the expected rate of deviation. A high rate may
indicate that testing controls is ineffective.
o For tests of details, the auditor estimates the expected misstatement. If misstatements are
significant, the auditor may opt for 100% testing or a larger sample.

• Stratification and Value-Weighted Selection:

If the population varies significantly, the auditor may group similar items (stratification) or select
based on value to improve sampling efficiency.

75
ISAs – Summaries and Application Guide ISA 530

Determining Sample Size

The sample size must be large enough to reduce sampling risk to an acceptably low level.

Selecting Items for Testing

Every sampling unit in the population should have a chance of selection to ensure a fair representation.

Selection Methods:
• Statistical Sampling: Items are selected based on a known probability.
• Non-Statistical Sampling: The auditor selects items using judgment, ensuring the sample represents
the population.

Common Selection Techniques:

• Random Selection: Each item has an equal chance of selection.
• Systematic Selection: Items are chosen at fixed intervals.
• Haphazard Selection: Items are picked randomly, avoiding bias.

LO 3: PERFORMING AUDIT PROCEDURES:

Conducting Audit Procedures

The auditor performs appropriate audit procedures on each selected item.

If audit procedure is not applicable to selected item:

• If a procedure does not apply to a selected item, the auditor tests a replacement item.
• Example: If a voided check is selected for payment authorization testing, the auditor examines a valid
replacement check.

If auditor is unable to apply desired or alternative procedures on selected item:

• If the auditor cannot perform the planned procedure or an alternative, the item is:
o A deviation in tests of controls.
o A misstatement in tests of details.
• Example: If the documentation for an item is lost, the auditor may not be able to test it.

LO 4: NATURE AND CAUSE OF DEVIATIONS AND MISSTATEMENTS:

The auditor must analyze any deviations or misstatements found.

Determining Common Patterns

• Some misstatements may share common characteristics, such as:
o Type of transaction
o Specific location
o Product line
o Time period
• If patterns emerge, the auditor should:
o Identify all similar items in the population
o Expand audit procedures to cover those items

76
ISAs – Summaries and Application Guide ISA 530

Handling Anomalies
If a misstatement or deviation is considered an anomaly (a rare, isolated case), the auditor must confirm that
it does not represent the entire population.

Addressing Potential Fraud Risks

• If deviations or misstatements appear intentional, the auditor must consider the possibility of fraud.
• If fraud is suspected, the auditor should:
o Investigate further.
o Consider reporting the issue to regulators or governance bodies.

LO 5: PROJECTING MISSTATEMENTS :

Projection in Tests of Controls

No explicit projection is needed for tests of controls because the sample deviation rate equals the projected
deviation rate for the population.

Projecting Misstatements (for T.O.D.):

 Auditor is required to project misstatement for the population. Projected Misstatements are not
adjusted (unless identified).
 If a misstatement is an anomaly, the auditor may exclude it from projection, but its uncorrected
impact must still be evaluated.

Auditor’s best estimate of misstatements in the population = Projected misstatement + Anomalous

misstatement

LO 8: EVALUATING RESULTS OF AUDIT SAMPLING:

Evaluating results of Tests of Controls:

If Projected Deviation Rate is below Tolerable Rate of Deviation:
Controls are operating effectively. Auditor can rely on internal control, and can decrease substantive testing.

If Projected Deviation Rate is above Tolerable Rate of Deviation:

If projected deviation rate is unexpectedly high, auditor shall increase his assessment of control risk, and may
place no reliance on controls.

Evaluating results of Tests of Details:

If Projected Misstatement is above Expected Misstatement:
Expected Misstatements were used to determine sample size. Therefore, now there is a risk that sample size
was not correctly calculated. This risk can be reduced if additional evidence is obtained.

If Projected Misstatement is below Tolerable Misstatement:

Population is not materially misstated. No further work necessary.

If projected misstatement is close to tolerable misstatement:

A projected misstatement close to tolerable misstatement increases the risk that actual misstatements may
exceed the acceptable limit. Auditor should increase sample size to reduce this risk.

77
ISAs – Summaries and Application Guide ISA 530

If Projected Misstatement is above Tolerable Misstatement:

Sample has not provided a reasonable basis for conclusion about population that has been tested. In this
situation, auditor may:
 request management to investigate identified misstatements and search further misstatements to
make adjustments.
 shall revise the nature, timing and extent of further audit procedures e.g. in tests of controls extend
the sample size, test alternative control, modify related substantive procedures.

Points to Note:
In Sampling, conclusion drawn is NOT whether to express unmodified opinion or qualified opinion. Here,
conclusion means whether there is need to work more or not.

Numeric Example on Projection and Evaluation of Results

Number of Transactions Amount of Transactions

(For Tests of Controls) (For Tests of Details)
Population 550 10,000,000
Sample Size 50 2,000,000
Tolerable Rate of Deviation 10% N/A
Tolerable Misstatement N/A 175,000

Required:
(a) Assume you are performing tests of controls:
(i) Calculate projected rate of deviation and evaluate result if 4 deviations are found in the sample.
(ii) Calculate projected rate of deviation and evaluate result if 6 deviations are found in the sample.

(b) Assume you are performing tests of details:

(i) Calculate projected misstatements and evaluate result if misstatements of Rs. 25,000 are found in the
sample.
(ii) Calculate projected misstatements and evaluate result if misstatements of Rs. 45,000 are found in the
sample.

Solution:
(a)
(i) Projected rate of deviation is 8% (= 4/50*100). As projected rate of deviation is less then Tolerable rate of
deviation, controls are operating effectively and auditor can rely on them.
(ii) Projected rate of deviation is 12% (= 6/50* 100). As projected rate of deviation is more than Tolerable
rate of deviation, controls are not operating effectively. Auditor should not rely on controls and should
increase control risk.

(b)
(i) Projected misstatements are 125,000 (= 25,000/2,000,000 * 10,000,000). As projected misstatements are
less than Tolerable misstatements, auditor concludes that population is not materially misstated.
(ii)Projected misstatements are 225,000 (= 45,000/2,000,000* 10,000,000). As projected misstatements are
more than Tolerable misstatements, sampling does not provide reasonable basis about population that has
been tested. Auditor shall perform further audit procedures.

78
ISAs – Summaries and Application Guide ISA 530

APPENDIX

APX 1: STRATIFICATION AND VALUE-WEIGHTED SELECTION :

When selecting a sample, auditors may use stratification or value-weighted selection to improve efficiency
and accuracy. These techniques help direct audit effort toward high-risk areas while minimizing sampling
risk.

Stratification
Definition and Benefits
• Stratification divides a population into sub-groups (strata) based on specific characteristics.
• This reduces variability within each group, allowing for a smaller sample size without increasing
sampling risk.

Common Applications
• By Monetary Value
o High-value items are tested more thoroughly.
o Example: In accounts receivable, larger balances receive more scrutiny.
• By Risk Factors
o Auditors may stratify based on risk indicators.
o Example: When testing allowances for doubtful accounts, balances can be grouped by age.

Projecting Misstatements
• If an account is stratified, misstatements are projected separately for each stratum.
• The auditor combines these projections to assess the overall impact on financial statements.

Value-Weighted Selection
Definition and Efficiency
• Value-weighted selection considers monetary amounts as sampling units rather than entire
transactions.
• This method ensures that larger-value items have a higher chance of selection, reducing the sample
size needed for effective testing.

Selection Process
• The auditor selects specific monetary units within a population (e.g., accounts receivable balances).
• The corresponding transactions containing these units are then examined.

Benefits
• Focus on high-risk items → Larger-value transactions receive more attention.
• More efficient sampling → Fewer items need to be tested to identify potential misstatements.

79
ISAs – Summaries and Application Guide ISA 530

APX 2: EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF CONTROLS

Auditors determine sample size for tests of controls based on multiple factors.

Factors That Increase Sample Size

These factors require auditors to select a larger sample to ensure reliable conclusions:
✔ Higher reliance on control effectiveness in risk assessment
• When auditors depend more on controls to reduce the risk of material misstatement, a larger sample
is needed to verify effectiveness.

✔ Higher expected deviation rate

• If auditors expect more deviations in controls, they must increase the sample size to get a reliable
estimate.
• Expected deviations depend on prior audit results, changes in personnel, or modifications to internal
controls.

✔ Higher desired assurance level

• If auditors need greater confidence that control deviations do not exceed the tolerable rate, a larger
sample is required.

Factors That Decrease Sample Size

These factors allow auditors to use a smaller sample:
✔ Higher tolerable deviation rate
If auditors can accept more deviations, they need a smaller sample to reach conclusions.

Factors With Minimal Effect on Sample Size

✔ Increase in population size
• For large populations, sample size remains relatively unchanged.
• For small populations, auditors may use alternative procedures instead of sampling.

80
ISAs – Summaries and Application Guide ISA 530

APX 3: EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF DETAILS:

Auditors determine sample size for tests of details based on multiple factors.

Factors That Increase Sample Size

Higher Risk of Material Misstatement
• A higher risk of material misstatement requires a larger sample size.

Higher Assurance Level Needed

• When auditors need more confidence that actual misstatements do not exceed tolerable
misstatements, the sample size increases.

Higher Expected Misstatements

• If auditors expect more misstatements, they need a larger sample size to estimate total
misstatements accurately.
• Factors influencing expected misstatements include prior audit results, risk assessment findings, and
the subjectivity of item valuations.

Factors That Decrease Sample Size

Greater Use of Other Substantive Procedures
• If auditors rely on additional substantive procedures (e.g., substantive analytical procedures), they
require less assurance from sampling, reducing the sample size.

Increase in Tolerable Misstatement

• A higher tolerable misstatement means that a smaller sample size is acceptable.

Stratification of the Population

• When monetary values vary significantly, stratifying the population enhances efficiency, allowing for
a smaller sample size while maintaining reliability.

Factors with Minimal Effect on Sample Size

Number of Sampling Units in the Population
• For large populations, the total number of items has little impact on sample size.
• For small populations, alternative audit procedures may be more efficient than sampling.
• In monetary unit sampling, an increase in the population’s total monetary value may increase sample
size unless offset by a proportional rise in materiality.

81
ISAs – Summaries and Application Guide ISA 530

APX 4: SAMPLE SELECTION METHODS :

Random Selection
• Uses random number generators or tables to select items.
• Ensures each item has an equal chance of selection.

Systematic Selection
• Divides the total population by the sample size to determine a fixed interval (e.g., every 50th item).
• The starting point is randomly selected within the first interval.
• Auditors must check that the population structure does not create selection bias.

Monetary Unit Sampling (MUS)

• A value-weighted method where items with higher monetary amounts have a greater chance of
selection.
• Sample size and evaluation lead to conclusions in monetary terms.

Haphazard Selection
• The auditor selects samples without a structured technique.
• The selection must be free from conscious bias (e.g., avoiding difficult-to-find items).
• Not suitable for statistical sampling.

Block Selection
• A group of consecutive items is selected.
• Not ideal for drawing conclusions about the entire population because adjacent items often share
similar characteristics.
• May be used for specific audit procedures but is not appropriate for audit sampling when making
generalizations.

82
 ISAs – Summaries and Application Guide ISA 540

ISA 540
AUDITING ACCOUNTING
ESTIMATES AND
RELATED DISCLOSURES

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A18

LO 2 RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES 13–15 A19–A63
IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL
LO 3 16–17 A64–A80
MISSTATEMENT
RESPONSES TO THE ASSESSED RISKS OF MATERIAL
LO 4 18–30 A81–A132
MISSTATEMENT
LO 5 DISCLOSURES RELATED TO ACCOUNTING ESTIMATES 31
LO 6 INDICATORS OF POSSIBLE MANAGEMENT BIAS 32 A133–A136
OVERALL EVALUATION BASED ON AUDIT PROCEDURES
LO 7 33–36 A137–A144
PERFORMED
LO 8 WRITTEN REPRESENTATIONS 37 A145
COMMUNICATION WITH THOSE CHARGED WITH
LO 9 38 A146–A148
GOVERNANCE, MANAGEMENT, OR OTHER RELEVANT PARTIES
LO 10 DOCUMENTATION 39 A149–A152
APX 1 INHERENT RISK FACTORS
APX 2 COMMUNICATIONS WITH THOSE CHARGED WITH GOVERNANCE

Effective Date: December 15, 2009

83
ISAs – Summaries and Application Guide ISA 540

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of ISA 540:

This standard focuses on auditing accounting estimates and related disclosures in financial statements.

Understanding Accounting Estimates

What Are Accounting Estimates?
Accounting estimates are monetary amounts which are subject to estimation uncertainty.

Examples of Accounting Estimates

Common accounting estimates include:
 Inventory obsolescence
 Depreciation or Impairment of property and equipment
 Valuation of financial instruments
 Outcome of pending litigation
 Provision for expected credit losses
 Warranty obligations
 Employee retirement benefits liabilities
 Share-based payments
 Fair value of assets or liabilities.
 Revenue recognized for long-term contracts

Factors Affecting Estimates

• Estimation Uncertainty: Inherent lack of precision in measurement.
• Complexity: Difficulty in selecting the method and processing data.
• Subjectivity: The level of judgment required in making estimates.
• Management Bias: Risk of intentional or unintentional influence on estimates.

LO 2: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:

To assess risk of material misstatement relating to Estimates, auditor shall perform following procedures:

Procedure Explanation

Understanding the business environment helps auditors figure out why estimates are
needed and what factors affect them.

Key areas to consider:

 Transactions and Events: Which transactions require accounting estimates or
changes therein? For example, new credits given, or changes in market
Understand the Entity
conditions.
and Its Environment
 Financial Reporting Framework: Know requirements of AFRF (e.g. IFRS)
regarding recognition, measurement and disclosure of estimates.
 Regulatory Factors: Know industry-specific regulatory requirements regarding
estimates (e.g., banking or insurance regulations)?
 Expected Accounting Estimates: Identify the types of estimates likely to
appear in financial statements.

84
ISAs – Summaries and Application Guide ISA 540

Procedure Explanation

Once the auditor understands the environment and controls, the next step is to evaluate
how the entity actually makes its estimates. Estimation Process includes Method,
Assumptions, and Data.

Key areas to evaluate:

• Method: A method is the technique to calculate estimates e.g. Capital Asset
Evaluate Estimation
Pricing Model for valuing Equity Shares. Auditors must ensure that the method
Process
used to calculate estimate is appropriate for the situation.
• Assumptions: Assumptions (like future interest rates, information rate or
market conditions) can heavily affect estimates. Auditors must check if these
assumptions are reasonable and consistent with the entity’s business.
• Data: Reliable data leads to reliable estimates. Auditors must assess whether
the data used is accurate, complete, and relevant.

Some estimates involve more uncertainty than others, such as fair value estimates or
complex financial instruments.

The auditor should evaluate how management understands and addresses uncertainty:
Evaluating
• Check Alternative Approaches – Did management consider different methods
Management’s
and assumptions?
Response to Estimation
• Test Sensitivity – How do changes in assumptions affect estimates?
Uncertainty
• Assess Reasonableness – Does the final estimate make sense based on
available data?
• Review Disclosures – Are estimation methods, assumptions, and uncertainties
clearly explained?

Reviewing Past Auditors should also look back at prior estimates to assess their accuracy and
Estimates management’s estimation process. For example, if an entity consistently underestimates
[Retrospective Review] bad debt expenses, this may indicate management bias, or wrong data/method.

In complex cases (e.g., insurance liabilities, credit losses), the management might need
specialized skills or the help of an expert.
Involvement of
Specialists
Examples of Specialized Fields: Mineral reserves, insurance contract liabilities, and
complex financial instruments.

To assess an entity’s internal controls, auditors focus on five main areas:

1. Governance & Oversight – Do those in charge understand and oversee
management’s estimation process?
2. Management’s Expertise & Risk Handling – Does management have the right
skills or experts to assess risks in estimates?
Understand the System
3. Data & IT Systems – Is financial data processed accurately and securely? How
of Internal Control
complex are the IT systems?
4. Estimation Methods & Assumptions – How does management choose
estimation methods, and do they consider uncertainties properly?
5. Controls Over Estimates – Are estimates reviewed properly, with clear
approval processes and security measures in place?

85
ISAs – Summaries and Application Guide ISA 540

LO 3: IDENTIFYING AND ASSESSING RISKS OF MISSTATEMENT:

Factors That Influence Risk Assessment

Estimation Uncertainty
Some estimates are more uncertain than others. Uncertainty increases when:
• The estimate is based on unobservable data or future conditions.
• The business operates in a volatile or unpredictable market.
• The financial reporting framework allows broad judgment rather than specific rules.

Complexity in Accounting Estimates

Some estimates are difficult to calculate due to:
• The need for advanced models requiring specialized knowledge.
• The use of multiple data sources that may be inconsistent or difficult to verify.
• Complex contractual terms that require careful interpretation.
For example, expected credit loss models require analyzing past data and making predictions about future
loan defaults.

Subjectivity and Management Bias

Estimates involving significant judgment create opportunities for management bias or fraud.
Bias may occur when:
• Management selects an estimate that favors their interests.
• Future projections are optimistic without sufficient basis.
• Prior audits indicate a pattern of biased estimates.

What Happens When Risk Levels Vary?

Low-Risk Estimates
If an estimate is simple and has little uncertainty, the risk of material misstatement is low. Example: A
straightforward bonus accrual based on a fixed percentage of salaries. The auditor may use basic audit
procedures

High-Risk Estimates
If an estimate is complex, uncertain, or highly subjective, the auditor may:
• Use specialized procedures to test its accuracy.
• Require stronger evidence to support the estimate.
• Apply professional skepticism to detect potential bias or fraud.

LO 4: RESPONSES TO ASSESSED RISKS OF MISSTATEMENT:

The auditor can choose one or more of the following approaches:

1. Obtaining audit evidence from events occurring up to the auditor’s report date.
2. Testing how management made the accounting estimate.
3. Developing an auditor’s point estimate or range.

Using Events After Period-End as Audit Evidence

 The auditor may assess post-period events to verify estimates.

86
ISAs – Summaries and Application Guide ISA 540

Testing Management’s Process for Making Estimates

The auditor must evaluate:
1. Methods – Is the selected method appropriate? Any unjustified changes from prior periods?
2. Significant Assumptions – Are they reasonable, unbiased, and consistent with other estimates?
3. Data – Is it accurate, relevant, and appropriately interpreted?

Developing an Auditor’s Point Estimate or Range

When Should the Auditor Develop an Estimate?
The auditor may develop a point estimate or range when:
• Prior audits indicate that management’s process is unreliable.
• Controls over estimates are ineffective.
• Post-period events contradict management’s estimate.

Ensuring the Auditor’s Estimate is Reliable

• The auditor must use appropriate methods, assumptions, and data.
• The estimate must only include values supported by sufficient appropriate audit evidence.

Evaluating and Reporting Estimation Uncertainty

Assessing Management’s Disclosures
The auditor must check if disclosures clearly explain:
• The estimate’s nature and limitations.
• The range of reasonably possible outcomes.

The auditor may classify Estimates with high uncertainty as a Key Audit Matter.

LO 5: DISCLOSURES RELATED TO ACCOUNTING ESTIMATES:

The auditor must design and perform further audit procedures to obtain sufficient appropriate evidence
regarding the risk of material misstatement in disclosures related to accounting estimates.

LO 6: INDICATORS OF POSSIBLE MANAGEMENT BIAS:

Evaluating Management Bias in Accounting Estimates

Auditors must assess whether management’s judgments in accounting estimates indicate possible bias, even
if individual estimates appear reasonable. If bias is intentional, it is considered fraudulent financial
reporting.

Indicators of Possible Management Bias

Management bias may not be evident in a single account but can be detected through trends over time or
across multiple estimates. Possible indicators include:

• Frequent Changes in Estimates

Management alters estimates or methods based on subjective assessments rather than actual
changes in circumstances.

• Selection of Favorable Assumptions or Data

Key assumptions and data used for estimates consistently support management’s financial
objectives.

• Consistent Optimism or Pessimism in Estimates

Point estimates repeatedly lean towards a pattern that benefits management.

87
ISAs – Summaries and Application Guide ISA 540

Audit Actions When Bias Indicators Are Found

If management bias is suspected, auditors must take the following steps:

 Reassessing Risk and Audit Procedures

If bias significantly affects estimates, auditors may revise risk, and may challenge management’s
judgments more rigorously.

 Evaluating the Impact on Financial Statements

Assess whether financial statements as a whole remain free from material misstatements, as
required by ISA 700 (Revised).

 Considering Fraud Risks

Under ISA 240, auditors must determine if management bias is linked to fraudulent financial
reporting.

LO 7: OVERALL EVALUATION BASED ON PROCEDURES PERFORMED:

Evaluating Risks and Audit Evidence

The auditor must evaluate whether:
• Risk Assessments at the assertion level remain appropriate, especially if Management Bias is
detected.
• Management’s recognition, measurement, presentation, and disclosure of Accounting Estimates
comply with the Financial Reporting Framework.
• Sufficient and Appropriate Audit Evidence has been obtained.

Assessing the Reasonableness of Estimates

• If the audit evidence supports a range of values, and that range is very wide, the auditor should
reassess whether enough audit evidence has been obtained.
• If the Auditor’s Estimate differs from Management’s Estimate, the difference is a Misstatement.
• If management’s estimate falls outside the Auditor’s Range, the misstatement is measured as the
difference between Management’s Estimate and the closest point within the auditor’s range.

Audit Opinion:
If disclosures are inadequate or misleading, ISA 705 (Revised) guides the auditor on potential modifications
to the Audit Opinion.

LO 8: WRITTEN REPRESENTATIONS:

The written representations should cover the following aspects:

Source Information
Management has considered all relevant information while making judgments
Significant Judgments
for accounting estimates.
Methods, Assumptions, Confirmation of consistency and appropriateness in choosing methods,
and Data assumptions, and data for estimates.
Management’s Intent Assumptions made reflect management's genuine intentions and capability to
and Ability implement specific actions, relevant to estimates and disclosures.
Disclosures about accounting estimates, especially concerning estimation
Complete Disclosures
uncertainty, are complete and reasonable within the framework.

88
ISAs – Summaries and Application Guide ISA 540

Specialized Skills or Assurance that necessary expertise was utilized while making the accounting
Expertise estimates.
Confirmation that no events after the reporting period require changes to the
Subsequent Events
estimates or related disclosures.
Recognition and If some estimates are not recognized or disclosed, a representation is needed
Disclosure Criteria about why they don’t meet the criteria of the applicable framework.

LO 9: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE, MANAGEMENT, OR

OTHER RELEVANT PARTIES:

Communication with Those Charged with Governance

Refer Para A146.

Communication with Regulators:

• Auditors may be required or permitted to communicate with regulators.
• Regulators may seek auditor insights on:
o Financial instrument controls and valuation.
o Expected credit losses.
o Insurance reserves.

LO 10: DOCUMENTATION:

Documentation What to Include

Requirement
Understanding the Entity and The auditor must document key elements of the entity’s business, industry,
Its Environment and internal controls related to accounting estimates.
 The documentation must explain how audit procedures address the
assessed risks of material misstatement.
Linking Audit Procedures to
 The auditor must consider whether risks arise due to inherent risk
Risk Assessment
factors or control risk but is not required to document every
inherent risk factor separately.
Auditor’s Response to If management does not properly assess and address estimation uncertainty,
Management Actions the auditor must document their response.
If there are indicators of management bias in accounting estimates, the
Identifying and Evaluating
auditor must document the observations and assess their impact on the
Management Bias
audit
The auditor must record key judgments on whether accounting estimates
Significant Judgments on
and disclosures comply with the financial reporting framework or are
Accounting Estimates
misstated.

APX 1: INHERENT RISK FACTORS:

Factors affecting Inherent Risk in Estimates:

1. Estimation Uncertainty
2. Complexity
3. Subjectivity

89
ISAs – Summaries and Application Guide ISA 540

APX 2: COMMUNICATIONS WITH THOSE CHARGED WITH GOVERNANCE:

Following is the list of key matters (regarding estimates) which may be communicated with TCWG.
_____________________________________________________________________________________

 Identification of Estimates: How  Significant Assumptions: Assessing key

management identifies the need for new assumptions used in estimates, including their
accounting estimates or changes in existing impact and subjectivity.
ones.  Consistency of Assumptions: Ensuring
 Management’s Understanding: Assessing if assumptions are consistent with each other
management fully understands the nature, and with other areas of the business.
extent, and risks involved in accounting  Management's Intent and Ability:
estimates. Confirming if management intends and is
 Use of Expertise: Whether management has capable of executing specific actions relevant
used appropriate skills or engaged experts to to significant assumptions.
make accurate estimates.  Consideration of Alternatives: How
 Risks of Material Misstatement: Potential management considered alternative
risks that could lead to significant errors in assumptions and addressed estimation
accounting estimates affecting the financial uncertainties.
statements.  Data Appropriateness: Whether data and
 Materiality of Estimates: The overall assumptions used align with the applicable
importance of these estimates in the context of financial reporting framework.
the entire financial statements.  External Information Sources: Evaluating the
 Auditor’s Evaluation: The auditor's relevance and reliability of external
assessment of whether management’s information sources used in estimates.
estimation methods or models are appropriate.  Challenges in Evidence: Difficulties
 Differences in Estimates: Highlighting encountered in obtaining sufficient audit
discrepancies between the auditor's estimate evidence related to estimates.
and management's estimate.  Differences in Judgments: Significant
 Accounting Policies: Appropriateness of the judgment differences between the auditor and
accounting policies chosen for estimates and management or experts regarding valuations.
their presentation in financial statements.  Impact on Financial Statements: Potential
 Indicators of Bias: Identifying possible signs effects of accounting estimates on the financial
of management bias in accounting estimates. statements, including associated risks.
 Consistency of Methods: Whether  Disclosure Reasonableness: Adequacy of
management has maintained consistency in disclosures about estimation uncertainty in
estimation methods across periods. financial statements.
 Outcome of Past Estimates: Reviewing the  Compliance with Reporting Framework:
accuracy of previous estimates to evaluate Verification that accounting estimates and
current estimate reliability. disclosures meet the requirements of the
 Appropriateness of Methods: Suitability of applicable financial reporting framework.
management's methods in the context of
applicable financial reporting standards.
_____________________________________________________________________________________

90
 ISAs – Summaries and Application Guide ISA 550

ISA 550
RELATED PARTIES

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 10 A1 – A7

LO 2 RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES 11 – 17 A8 – A28

IDENTIFICATION AND ASSESSMENT OF THE RISKS OF MATERIAL
LO 3 MISSTATEMENT ASSOCIATED WITH RELATED PARTY 18 – 19 A29 – A30
RELATIONSHIPS AND TRANSACTIONS
RESPONSES TO THE RISKS OF MATERIAL MISSTATEMENT
LO 4 ASSOCIATED WITH RELATED PARTY RELATIONSHIPS AND 20 – 24 A31 – A45
TRANSACTIONS
EVALUATION OF THE ACCOUNTING FOR AND DISCLOSURE OF
LO 5 IDENTIFIED RELATED PARTY RELATIONSHIPS AND 25 A46 – A47
TRANSACTIONS
LO 6 WRITTEN REPRESENTATIONS 26 A48 – A49
LO 7 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE 27 A50

LO 8 DOCUMENTATION 28 N/A

Effective Date: December 15, 2009

91
ISAs – Summaries and Application Guide ISA 550

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Why Related Party Transactions Matter?

Most related party transactions occur under normal business conditions, but some pose a higher risk of
misstatement due to:
• Complexity: Some related parties have complex structures that may make their transactions difficult
to understand their true nature.
• Weak Systems: Information systems may fail to detect related party transactions and balances.
• Non-Market Terms: Some transactions do not follow normal business conditions (e.g., no exchange
of consideration).

Responsibilities of the Auditor:

If the Financial Reporting Framework Requires Disclosure
The auditor must verify that related party transactions are properly identified, recorded, and disclosed.

If the Framework Has Minimal or No Disclosure Requirements

The auditor assesses whether financial statements fairly present related party transactions.

Limitations of an Audit
Despite a well-planned audit, inherent limitations may prevent detection of all misstatements, especially with
related parties. Risks include:
• Management being unaware of all related party relationships.
• Increased opportunities for collusion, concealment, or manipulation.

Auditors must apply professional skepticism to detect undisclosed related party transactions.

Definition of Related Parties

A related party is:
1. Defined by the financial reporting framework OR
2. If no clear definition exists:
o A person or entity with control or significant influence over the reporting entity.
o Another entity controlled or significantly influenced by the reporting entity.
o Entities under common control through ownership, family ties, or key management.

Indicators of Control or Influence

Auditors assess related party influence using these factors:
• Equity Ownership: Direct or indirect financial interest.
• Key Common Management: Persons responsible for entity decisions.
• Family Ties: Close relatives of key decision-makers.
• Significant Business Relationships: With key management or governance.

92
ISAs – Summaries and Application Guide ISA 550

LO 2: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:

Understanding the Entity’s Related Party Relationships and Transactions

Engagement Team Discussion on Related Party Risks:

The engagement team must assess risks of material misstatements due to fraud or error in related party
transactions.

Discussions should emphasize professional skepticism and consider:

• The entity’s relationships and transactions with related parties.
• Possible undisclosed related party transactions.
• Complex structures that may conceal related party dealings.

Auditor’s Inquiry on Related Parties

The auditor must inquire management about:
• Identification of Related Parties
• Nature of Relationships
• Transactions and Their Purpose

Assessing Controls Over Related Party Transactions:

The auditor must evaluate whether management has effective controls to:
• Identify, record, and disclose related party relationships and transactions.
• Authorize and approve significant transactions with related parties.
• Approve transactions outside normal business operations.

Examples of good Control Environment Examples of Weak Control Environment

 A code of conduct for related party transactions is  No disclosure requirements in accounting
established, communicated, and enforced. standards.
 Responsibilities for identifying, recording, and  Management’s lack of understanding of
disclosing related party transactions are clearly disclosure rules.
assigned.  Low priority given to identifying and disclosing
 There are policies for disclosing interests in related party transactions.
transactions.  Lack of oversight by those charged with
 Guidelines exist for disclosing and approving governance.
transactions involving conflicts of interest or  Intentional non-disclosure due to conflicts of
those outside normal business activities. interest.
 Internal audits review related party transactions
regularly.
 Whistle-blowing policies are in place.

Implication on Report
If these controls are ineffective, there may be scope limitation and auditor may express
Qualified Opinion or Disclaimer of Opinion.

93
ISAs – Summaries and Application Guide ISA 550

Maintaining Alertness for Related Party Information When Reviewing Records or Documents:

Auditors must stay alert while reviewing records/documents to identify related party relationships or
transactions that management has not disclosed. Key procedures include:
• Inspecting bank and legal confirmations.
• Reviewing meeting minutes of shareholders and governance bodies.
• Examining other relevant records deemed necessary e.g.
o Third-party confirmations (beyond bank and legal confirmations).
o Income tax returns and regulatory filings.
o Shareholder registers to identify major shareholders.
o Conflict of interest statements from management and governance.
o Investment records, pension plans, and insurance policies.
o Contracts with key management or governance members.
o Significant agreements outside the entity’s normal business.
o Internal audit reports and securities regulator filings.

If significant transactions outside the entity’s normal course of business are found, auditors must:
• Inquire about the nature of these transactions.
• Assess whether related parties are involved

Common examples of significant transactions outside normal course of business include:

• Complex equity transactions, such as mergers and acquisitions.
• Deals with offshore entities in weak legal jurisdictions.
• Leasing of property or management services without compensation.
• Sales with large discounts or frequent returns.
• Circular transactions, such as sales with a repurchase commitment.
• Contracts modified before expiry.

If related parties influence these transactions, whether directly or through intermediaries, the auditor must
assess this as fraud risk factor.

Sharing Related Party Information Within the Audit Team

The auditor must share relevant related party information with the engagement team.

Key Information to Be Shared

• Identity of related parties.
• Nature of relationships and transactions.
• Significant or complex related party transactions, especially those involving management or
governance with financial interests.

94
ISAs – Summaries and Application Guide ISA 550

LO 3: IDENTIFICATION AND ASSESSMENT OF RISKS OF MATERIAL MISSTATEMENT

ASSOCIATED WITH RELATED PARTY:

If fraud risk factors exist, such as a related party with dominant influence, auditors must evaluate these risks
when assessing material misstatement due to fraud (ISA 240).

Fraud Risk Factors in Related Party Transactions

Indicators of Dominant Influence
A related party with following indicators may have dominant influence:

Indicators Explanation
The related party has the authority to override significant business decisions made
Veto Power
by management or the board.
Final Approval Major transactions are subject to final approval from the related party.
Business proposals initiated by the related party face little to no opposition or
Lack of Debate
debate among management and governance members.
Lack of Independent Transactions involving the related party or their close family members are rarely
Review independently reviewed or approved.
Founder and A dominant influence can also exist if the related party played a significant role in
Manager founding the entity and continues to manage it.

Dominant Influence + Other Risk Factors = Fraud Risk

A related party’s dominant influence, along with other risk factors, may indicate fraud risks, such as:
• Frequent senior management turnover → Could signal fraudulent activities benefiting the related
party.
• Unjustified business intermediaries → Suggests hidden fraudulent control over transactions.
• Excessive involvement in financial reporting → Raises concerns of fraudulent financial statements.
• Significant transactions outside normal course of business

LO 4: RESPONSES TO THE RISKS OF MATERIAL MISSTATEMENT ASSOCIATED WITH RELATED

PARTY:

Identification of Previously Unidentified or Undisclosed Related Parties or Significant Related Party

Transactions:

If the auditor finds undisclosed related parties or significant related party transactions, he must confirm its
existence, and then perform following procedures:

Informing the Engagement Team

• Promptly communicate newly identified related parties to the engagement team.
• This helps reassess risk assessment conclusions and adjust the audit approach.

Investigating the Non-Disclosure

If related parties or transactions were not disclosed, the auditor must:
• Request management to provide a full list of transactions involving these related parties.
• Investigate control failures to understand why management’s internal controls did not detect or
disclose these relationships.
• Perform substantive audit procedures on the newly identified related party transactions (e.g.
analyzing accounting records, verify terms and conditions).
• Assess the risk of additional undisclosed related parties and expand audit procedures as
necessary.

95
ISAs – Summaries and Application Guide ISA 550

Evaluating Fraud Risk

• If the non-disclosure appears intentional, it may indicate a risk of material misstatement due to
fraud.
• The auditor must assess the impact on the audit and determine appropriate responses.

Identified Significant Related Party Transactions outside the Entity’s Normal Course of Business:
For significant related party transactions outside normal operations, the auditor must:
• Review Contracts and Agreements:
o Assess whether the transaction suggests fraudulent financial reporting or asset
misappropriation.
o Check if transaction terms align with management’s explanations.
o Verify that the transaction is properly recorded and disclosed per the financial reporting
framework.

• Obtain Evidence of Authorization:

o Confirm that the transaction was approved by management or governance bodies.

Assertions That Related Party Transactions Were Conducted on Terms Equivalent to Those Prevailing
in an Arm’s Length Transaction

Management’s Assertion and Auditor’s Responsibility

If management states that a related party transaction occurred on arm’s length terms, the auditor must obtain
sufficient appropriate audit evidence to verify this claim.

It is relatively easy to compare the price of a related party transaction with similar market transactions.
However, auditor has to confirm all aspects of the transaction—such as credit terms, securities requirements.

How Management Supports the Assertion

To substantiate the claim, management may:
• Compare the related party transaction to a similar transaction with an independent third party.
• Engage an external expert to determine the market value and confirm whether the terms align with
market conditions.
• Compare the transaction’s terms with known market terms for similar transactions in an open
market.

Auditor’s Evaluation of Management’s Support

The auditor must assess the reliability of management’s assertion by:
• Reviewing the appropriateness of management’s process for supporting the claim.
• Verifying the accuracy, completeness, and relevance of internal or external data.
• Evaluating the reasonableness of key assumptions used in management’s assessment.

LO 5: EVALUATION OF ACCOUNTING FOR AND DISCLOSURE OF IDENTIFIED RELATED PARTY

RELATIONSHIPS AND TRANSACTIONS:
Evaluating Related Party Transactions
When forming an opinion under ISA 700 (Revised), the auditor must determine whether related party
relationships and transactions are properly accounted for and disclosed under the applicable financial
reporting framework.

Failure to adequately disclose a related party transaction is a misstatement, leading to a Qualified or Adverse
Opinion.

96
ISAs – Summaries and Application Guide ISA 550

Materiality in Related Party Transactions

Related party transactions are always considered material, regardless of size.

LO 6: WRITTEN REPRESENTATIONS:

Auditor’s Requirement for Written Representations

The auditor must obtain written representations from management (and TCWG, if needed) to confirm:
• All related parties, relationships, and transactions have been disclosed.
• Transactions are properly accounted for per the financial reporting framework.

Specific Assertions from Management

The auditor may seek written confirmation that certain related party transactions do not involve undisclosed
agreements.

When to Obtain Additional Representations

The auditor may request written representations from TCWG when:
• They approve significant related party transactions.
• They provide verbal statements about related party transactions.
• They have financial or other interests in related parties.

LO 7: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE:

The auditor must inform them about significant matters related to the entity’s related parties.

Examples of Significant Related Party Matters:

• Undisclosed Related Parties or Transactions: Management’s failure to disclose related parties
(intentional or not) may signal unknown relationships and transactions.
• Unauthorized Transactions: If significant related party transactions lack proper approval, this
could indicate fraud risks.
• Accounting or Disclosure Disagreements: If management and the auditor disagree on how to
account for or disclose related party transactions under the financial reporting framework.
• Legal or Regulatory Violations: Non-compliance with laws regarding certain related party
transactions.
• Challenges in Identifying Ultimate Control: Difficulty in determining who ultimately controls the
entity.

LO 8: DOCUMENTATION:

The auditor must document:

• The names of identified related parties.
• The nature of their relationships with the entity.

97
 ISAs – Summaries and Application Guide ISA 560

ISA 560
SUBSEQUENT EVENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–5 A1 – A5

EVENTS OCCURRING BETWEEN THE DATE OF THE FINANCIAL
LO 2 6−9 A6 – A10
STATEMENTS AND THE DATE OF THE AUDITOR’S REPORT
FACTS WHICH BECOME KNOWN TO THE AUDITOR AFTER THE
LO 3 DATE OF THE AUDITOR’S REPORT BUT BEFORE THE DATE THE 10 – 13 A11 – A17
FINANCIAL STATEMENTS ARE ISSUED
FACTS WHICH BECOME KNOWN TO THE AUDITOR AFTER THE
LO 4 14 – 17 A18 – A20
FINANCIAL STATEMENTS HAVE BEEN ISSUED

Effective Date: December 15, 2009

98
ISAs – Summaries and Application Guide ISA 560

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What are Subsequent Events?

Events that occur between the financial statement date and the auditor’s report date that may impact the
financial statements.

Why Are They Important?

• Some events require adjustments in the financial statements.
• Others may require disclosure to provide clarity to users.

Types of Subsequent Events:

Type Description Example

Adjusting Provide additional evidence about conditions Lawsuit settled after year-end confirming
Events that existed at the financial statement date. a liability that existed before year-end.
Relate to conditions that arose after the
Non-Adjusting A fire destroys the company's warehouse
financial statement date and require
Events after the financial statement date.
disclosure.

Key Definitions:
1. Date of the Financial Statements
• The end date of the financial period covered by the statements.

2. Date of Approval of the Financial Statements

• The date when all financial statements and notes are finalized and approved by those with
authority.

3. Date of the Auditor’s Report

• The date the auditor signs the report after obtaining sufficient audit evidence.
• The auditor’s report date must be the same or later than the financial statement approval date.

4. Date the Financial Statements Are Issued

• The date the audited financial statements and auditor’s report are made available to third parties.

5. Subsequent Events
• Events occurring after the financial statement date but before the auditor’s report date.
• Also includes facts discovered after the auditor’s report date that may impact the audit opinion.

Types of Subsequent Events:

Adjusting Events:
These are the events for which condition existed at F/S date.

Examples of Adjusting Events:

 Subsequent decision of a legal case
 Subsequent bankruptcy of debtors.
 Subsequent sale of inventory below cost.
 Subsequent finalization of purchase/sale price of assets which are purchased/sold before year end.
 Subsequent discovery of errors or fraud in F/S.
 Return of defective inventory after year end.
 Change in going concern assumption after the year end.

99
ISAs – Summaries and Application Guide ISA 560

Non-Adjusting Events:
These are Events for which condition did not exist at F/S date.

Examples of Non-Adjusting Events:

 Destruction of assets by natural disaster (e.g. fire/flood).
 Sale or purchase of significant assets or business units.
 major restructuring, discontinuance of operations,
 Issue of shares or debentures.
 Appropriate of assets by government.
 Issuance of guarantees or commitments.
 Major litigation started after reporting period.
 Changes in tax law (or foreign exchange rates if abnormally large change).
 Customer cancelled order due to change in law.

LO 2: EVENTS OCCURRING BETWEEN THE DATE OF THE FINANCIAL STATEMENTS AND THE
DATE OF THE AUDITOR’S REPORT:

Auditor’s Responsibility: (Active Review)

The auditor must obtain sufficient appropriate audit evidence to identify all relevant subsequent events.

Auditor’s Procedures to identify subsequent events affecting financial statements:

� Understanding Management’s Procedures:
• Assess how management identifies subsequent events.

� Inquiring with Management and Governance Bodies:

• Ask about any events that might impact financial statements.

Examples of Inquiries from Management:

 Have there been any new commitments, borrowings, or guarantees?
 Are there any asset purchases or sales planned or completed after year-end?
 Has there been any issuance of debt or equity instruments?
 Have any assets been damaged or seized (e.g., fire, flood, or government action)?
 Are there any unusual accounting adjustments planned?
 Has anything occurred that affects the company’s going concern assumption?

� Reviewing Meeting Minutes:

• Examine minutes of meetings held after the financial statement date.
• Inquire about discussions where minutes are unavailable.

� Reviewing Latest Interim Financial Statements (If Available)

• Check financial data after the financial statement date.

� Written Representations
• Management and governance bodies must provide written confirmation that all required
subsequent events have been adjusted or disclosed.

Auditor may also perform following Additional procedures:

 Read budgets, cash flow forecasts, management reports (for period after B/S date).
 Inquire entity’s legal counsel.

100
ISAs – Summaries and Application Guide ISA 560

If subsequent event is identified

If any subsequent event is identified, auditor shall perform specific substantive
procedures (depending on event).

LO 3: FACTS WHICH BECOME KNOWN TO AUDITOR AFTER THE DATE OF AUDITOR’S REPORT
BUT BEFORE THE DATE F/S ARE ISSUED:

Auditor’s Responsibilities After the Auditor’s Report Date:

• After date of auditor’s report, the auditor has no obligation to perform further audit procedures.
• However, if new facts arise that could affect the auditor’s report, the auditor must:
o Discuss the matter with management and TCWG.
o Determine if the financial statements require amendment.
o Inquire how management plans to address the issue.

Actions if management amends financial statement:

Auditor shall carry out audit procedures on amendment.

Where law or framework prohibits (i.e. do not allow) restricted-amendment:

 Provide new audit report on amended financial statements.
 New audit report should be dated on or after the date of approval of amended financial statements.
 Auditor shall extend his procedures for subsequent events up to the date of new audit report.

Where law or framework does not prohibit (i.e. allow) restricted-amendment:

Auditor can restrict audit procedures only to subsequent amendment in financial statements, and shall
communicate this to users by:
 Dual dating audit report (e.g. March 25, 2020 except as to Note Y, which is dated March 30, 2020), or
 By including such statement in Emphasis of Matter Paragraph, or in separate Other Matter
paragraph.

Actions if management does NOT amend financial statement:

Before Issuing the Auditor’s Report
• Modify the opinion as per ISA 705 (Revised).

After Issuing the Auditor’s Report

1. Notify management and governance that the financial statements should not be issued until
corrected.
2. If financial statements are issued without amendments:
o Seek legal advice if necessary.
o Take legal/professional action to prevent reliance on the auditor’s report e.g. auditor can
speak at AGM.

101
ISAs – Summaries and Application Guide ISA 560

LO 4: FACTS WHICH BECOME KNOWN TO THE AUDITOR AFTER THE FINANCIAL

STATEMENTS HAVE BEEN ISSUED:

Auditor’s Responsibility After Issuing Financial Statements

• After issuing financial statements, the auditor has no obligation to perform further audit procedures.
• However, if new facts arise that could affect the auditor’s report, the auditor must:
o Discuss the matter with management and TCWG.
o Determine if the financial statements require amendment.
o Inquire how management plans to address the issue.

Actions if management amends financial statement:

Auditor shall carry out necessary audit procedures on amendment.

Where law or framework prohibits restricted-amendment:

 Auditor shall review the steps taken by management to ensure that misstatement in financial
statements is communicated to users.
 Auditor shall provide a new audit report on amended financial statements. New audit report should
be dated on or after the date of approval of amended financial statements by directors. Auditor shall
extend his review of subsequent events up to the date of new audit report.
 The auditor must include an Emphasis of Matter or Other Matter paragraph in the audit report.
This paragraph should:
a. Refer to a financial statement note explaining the amendment.
b. Mention the previously issued audit report and the reasons for the amendment.

Where law or framework does not prohibit restricted-amendment:

(same as described in LO 2)

Auditor’s Procedures if management does NOT amend financial statement:

1. Auditor shall notify management and TCWG that the auditor will seek actions to prevent users from
relying on auditor’s report.
2. If despite such notification, management or TCWG do not take necessary steps, auditor shall take
appropriate action to communicate misstatement in financial statements to users (considering legal
advice).

Where management is not required to issue amended financial statements:

No need to provide new or amended audit report.
(e.g. when issuance of financial statements of following period is imminent, then
Corresponding figures will be restated instead of re-issuing previous F/S)

102
 ISAs – Summaries and Application Guide ISA 570

ISA 570
GOING CONCERN

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–9 A1−A2

LO 2 RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES 10−11 A3−A7
LO 3 EVALUATING MANAGEMENT’S ASSESSMENT 12−14 A8−A13
LO 4 PERIOD BEYOND MANAGEMENT’S ASSESSMENT 15 A14−A15
ADDITIONAL AUDIT PROCEDURES WHEN EVENTS OR
LO 5 16 A16−A20
CONDITIONS ARE IDENTIFIED
LO 6 AUDITOR CONCLUSIONS 17−20 A21−A25
LO 7 IMPLICATIONS FOR THE AUDITOR’S REPORT 21−24 A26−A35
LO 8 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE 25 N/A
SIGNIFICANT DELAY IN THE APPROVAL OF FINANCIAL
LO 9 26 N/A
STATEMENTS
APPENDIX: ILLUSTRATIONS OF AUDITOR’S REPORTS RELATING
APX 1
TO GOING CONCERN

103
ISAs – Summaries and Application Guide ISA 570

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What is ISA 570?

ISA 570 outlines the auditor’s responsibilities in assessing whether an entity can continue as a going concern
and how this impacts the audit report.

Management’s Responsibility for Assessing Going Concern

Management must assess whether the entity can continue operating and disclose any risks.

Auditor’s Responsibilities
The auditor must:
� Gather sufficient evidence on whether management’s use of the going concern basis is appropriate.
� Assess material uncertainties that may cast doubt on the entity’s survival.
� Report findings in line with ISA 570.

� Auditors cannot predict future events, so an audit report without reference to going concern does not
guarantee the entity’s survival.

LO 2: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:

Assessing Going Concern:

Auditors must evaluate whether events or conditions could cast significant doubt on an entity’s ability to
continue as a going concern.

� If management has assessed going concern:

• Discuss findings with management.
• Identify risks that may indicate financial distress.
• Review management’s plans to address risks.

� If management has NOT assessed going concern:

• Ask why the entity assumes it will continue as a going concern.
• Identify any potential financial, operational, or external risks.

Events & Conditions That May Indicate Going Concern Issues

A. Financial Indicators
� Negative financial position (net liabilities or negative working capital).
� High reliance on short-term loans to finance long-term assets.
� Failure to renew loans or repay debts on time.
� Withdrawal of creditor support.
� Negative operating cash flows from financial statements.
� Declining financial ratios.
� Significant losses or asset impairments.
� Failure to comply with loan agreements.
� Switching from credit transactions to cash-on-delivery payments.
� Inability to raise funding for essential projects.

104
ISAs – Summaries and Application Guide ISA 570

B. Operational Indicators
� Management’s intent to close or liquidate the business.
� Loss of key management personnel without replacement.
� Loss of major customers, suppliers, or licenses.
� Labor strikes, shortages, or disputes.
� Supply chain disruptions.
� Emergence of a strong competitor that threatens the business.

C. Regulatory & External Indicators

� Failure to meet regulatory requirements (capital, solvency, or legal).
� Pending lawsuits that could cause financial losses.
� Government policy or law changes that negatively impact operations.
� Uninsured or underinsured catastrophic events.

Risk Mitigation Strategies

If risks exist, management may counteract them with:
� Asset disposals to generate cash.
� Rescheduling debt or restructuring loans.
� Raising new capital from investors.
� Finding alternative suppliers/customers to replace lost business.

LO 3: EVALUATING MANAGEMENT’S ASSESSMENT:

Auditor’s Responsibility
The auditor must evaluate management’s assessment of whether the entity can continue as a going concern.
This includes verifying the process followed, assumptions made, and management’s future plans to ensure
they are reasonable and feasible.

� When the entity has a history of profitability and sufficient financial resources, auditor may conclude
on going concern without requiring a detailed evaluation.

Determining the Appropriate Assessment Period:

Management’s assessment must cover a period set by financial reporting frameworks or legal requirements.
If the assessment period is less than 12 months, the auditor must request an extension.

Ensuring Completeness of Management’s Assessment:

The auditor must check if management’s assessment considers all known risks and information gathered
during the audit.

Special Considerations for Small Businesses:

✔ If no formal assessment exists, discuss finances with management and review documents.
✔ Verify the owner-manager’s ability and commitment to provide financial support.
✔ Obtain written confirmation of financial support terms.

105
ISAs – Summaries and Application Guide ISA 570

LO 4: PERIOD BEYOND MANAGEMENT’S ASSESSMENT:

Auditor’s Responsibility
The auditor must ask management about any events or conditions beyond their assessment period that could
raise doubts about the entity’s ability to continue as a going concern.

LO 5: ADDITIONAL AUDIT PROCEDURES WHEN EVENTS OR CONDITIONS ARE IDENTIFIED:

When an auditor identifies events or conditions that raise significant doubt about an entity’s ability to
continue as a going concern, they must gather sufficient appropriate audit evidence to assess whether a
material uncertainty exists. This requires performing additional audit procedures, including evaluating
mitigating factors.

Additional Audit Procedures:

To assess management’s going concern evaluation, the auditor may:
• Evaluating management’s plans for future actions.
o Auditor must review management’s plans and
o Assess the likelihood of success of these plans.
• Review the latest interim financial statements.
• Examine debt agreements (e.g., loans, debentures) to check for breaches.
• Review minutes of meetings of shareholders and governance bodies for financial distress indicators.
• Consult legal counsel to assess litigation risks and financial implications.
• Confirm financial support agreements with related or third parties and evaluate their ability to
provide funds.

The auditor must request written representations from management regarding their plans and their
feasibility.

Specific Procedures for Plans of Action by Management

In exam question, you have to specifically comment on feasibility of each and every plan of action mentioned
in question (in addition to above general procedures) e.g. it could be support from a related party,
temporarily closing plant, investment in capital expenditure.

Strategy/Plan How to assess likelihood of success

 Review marketability of assets: Check if assets are easily sellable,
considering market conditions and liquidity.
Liquidation of Assets
 Examine valuation reports: Ensure the assets’ fair value is
reasonable and aligned with expected sale proceeds.
Financial support by a  Documentary evidence of Intention (e.g. agreement, written
related party confirmation) and Ability of supporter (e.g. his financial position).
 Review loan agreements and covenants: Identify any breaches or
conditions that may affect the feasibility of restructuring.
Borrowing or Restructuring
 Obtain confirmation from lenders: Check for formal agreements,
Debt
term sheets, or written intentions from lenders regarding
borrowing or restructuring.
 Inquiry from lawyer
Legal cases
 Subsequent decision of the case.
 Analyze cost-cutting feasibility: Review expense breakdowns to
assess whether reductions are practical without harming
Reducing or Delaying operations.
Expenditures  Review board-approved budgets and plans: Ensure management
has formally documented and approved expenditure reduction
strategies.

106
 ISAs – Summaries and Application Guide ISA 570

 Assess financial health and market conditions – Analyze the

company's financial position, and economic conditions to determine
Raising Additional Capital
the feasibility of securing additional capital.
 Review documented commitments or expressions of interest
.

LO 6: AUDITOR CONCLUSIONS:

When No Material Uncertainty Exists:

If doubt exists but does not reach the level of material uncertainty, the auditor should still check whether
financial statements:
✔ Disclose relevant events or conditions.
✔ Explain management’s evaluation of the risks and how they plan to address them.

When a Material Uncertainty Exists

If management's use of the going concern assumption is valid but a material uncertainty exists, the auditor
must ensure that the financial statements:
✔ Clearly disclose key events or conditions causing doubt.
✔ Explain management’s plans to address the situation.
✔ Explicitly state that material uncertainty exists and may impact asset realization and liability settlement.

LO 7: IMPLICATIONS FOR THE AUDITOR’S REPORT:

Conclusion on Going
Effect on Audit Report
Concern

Appropriate Going Concern  Unmodified opinion, provided disclosures are adequate.

(No Material Uncertainty)  Events may be noted as Key Audit Matters.

Adequate Disclosure:
 Unmodified opinion.
 Include "Material Uncertainty Related to Going Concern" paragraph
which:
 Gives reference to notes to the accounts explaining the uncertainty.
Appropriate Going Concern  States that material uncertainty exists.
(Material Uncertainty  Opinion remains unmodified because of this
Exists)
Inadequate Disclosure:
 Qualified or Adverse opinion (depending on the extent).
 In the Basis for Qualified (or Adverse) Opinion section, state that:
 A material uncertainty exists.
 The financial statements fail to disclose this issue properly.

If financial statements are prepared on going concern basis:

 Adverse opinion.
Inappropriate Going
Concern Assumption If F/S are prepared on alternate basis (e.g. liquidation, break-up basis):
 Unmodified opinion and
 Emphasis of Matter paragraph in his report to draw users’ attention.

107
ISAs – Summaries and Application Guide ISA 570

Management Unwilling to Assess or Extend Its Assessment

• If management refuses to assess or extend its evaluation of going concern, the auditor must consider
the impact on the report.
• If this prevents the auditor from obtaining sufficient evidence, a qualified opinion or disclaimer of
opinion may be necessary.

Additional Considerations
Multiple Uncertainties: If multiple significant uncertainties affect the financial statements, the auditor may
issue a disclaimer of opinion instead of just highlighting one uncertainty.

Exam Tip
It is usually specified in exam question whether:
 going concern assumption is appropriate or not, and
 whether material uncertainty exists or not.
If not mentioned, cover all possible situations. Do not make any assumption on the basis of your judgment.

LO 8: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE:

Communication on Going Concern Issues

If those charged with governance do not manage the entity, the auditor must inform them about any events or
conditions that could raise significant doubt about the entity’s ability to continue as a going concern.

Key Areas of Communication

The auditor must discuss the following:
 Material Uncertainty – Do the identified events or conditions indicate a material uncertainty?
 Going Concern Basis of Accounting – Is management correct in using the going concern basis for
preparing financial statements?
 Adequacy of Disclosures – Are the financial statement disclosures about going concern sufficient?
 Impact on the Auditor’s Report – Will the audit opinion require modifications?

LO 9: SIGNIFICANT DELAY IN THE APPROVAL OF FINANCIAL STATEMENTS:

If there is a significant delay in approving the financial statements, the auditor must:
 Investigate the Reason – Ask management and those charged with governance why the approval is
delayed.
 Assess Going Concern Impact – If the delay relates to going concern issues, perform extra audit
procedures.
 Evaluate Material Uncertainty – Review whether new findings affect the auditor’s conclusion about
material uncertainty.

108
ISAs – Summaries and Application Guide ISA 570

APX 1: ILLUSTRATIONS OF AUDITOR’S REPORTS RELATING TO GOING CONCERN:

Illustration 1 (ISA 570) : A material uncertainty exists and disclosure in the F/S is adequate
Material Uncertainty Related to Going Concern:
We draw attention to Note XXX in the financial statements, which indicates that the Company
incurred a net loss of ZZZ during the year ended December 31, 20X1 and, as of that date, the
Company’s current liabilities exceeded its total assets by YYY. As stated in Note 6, these events or
conditions, along with other matters as set forth in Note 6, indicate that a material uncertainty
exists that may cast significant doubt on the Company’s ability to continue as a going concern. Our
opinion is not modified in respect of this matter.

Illustration 2 (ISA 570): A material uncertainty exists and disclosure in the F/S is not
adequate
Basis for Qualified Opinion:
As discussed in Note yy, the Company’s financing arrangements expire and amounts outstanding
are payable on March 19, 20X2. The Company has been unable to conclude re-negotiations or
obtain replacement financing. This situation indicates that a material uncertainty exists that may
cast significant doubt on the Company’s ability to continue as a going concern. The financial
statements do not adequately disclose this matter.

109
 ISAs – Summaries and Application Guide ISA 580

ISA 580
WRITTEN REPRESENTATIONS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–8 A1

MANAGEMENT FROM WHOM WRITTEN REPRESENTATIONS
LO 2 9 A2 – A6
REQUESTED
WRITTEN REPRESENTATIONS ABOUT MANAGEMENT’S
LO 3 10 – 12 A7 – A9
RESPONSIBILITIES
LO 4 OTHER WRITTEN REPRESENTATIONS 13 A10 – A14
DATE OF AND PERIOD(S) COVERED BY WRITTEN
LO 5 14 A15 – A18
REPRESENTATIONS
LO 6 FORM OF WRITTEN REPRESENTATIONS 15 A19 – A22
DOUBT AS TO THE RELIABILITY OF WRITTEN
LO 7 REPRESENTATIONS AND REQUESTED WRITTEN 16 – 20 A23 – A27
REPRESENTATIONS NOT PROVIDED
APX 1 LIST OF ISAs CONTAINING REQUIREMENTS FOR WRITTEN REPRESENTATIONS
APX 2 ILLUSTRATIVE REPRESENTATION LETTER

Effective Date: December 15, 2009

110
ISAs – Summaries and Application Guide ISA 580

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What This ISA Covers

• This standard explains the auditor’s responsibility to obtain written representations from
management and, when necessary, from those charged with governance.
• Other ISAs also require written representations for specific matters.

Definition of Written Representation

• A written representation is a formal statement from management confirming specific matters or
supporting other audit evidence.

Why Written Representations Matter

• Written representations act as audit evidence, similar to responses to auditor inquiries.
• They help confirm management’s fulfillment of responsibilities related to financial statement
preparation and information completeness.
• However, they are not sufficient as standalone audit evidence. The auditor must still obtain
additional evidence.

Exam Tip
Sufficient Appropriate Evidence = Written Representation (if requested) + Other evidence

LO 2: MANAGEMENT FROM WHOM WRITTEN REPRESENTATIONS REQUESTED

Who Provides Written Representations?

• Management, typically the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) or
equivalent roles, prepares financial statements.
• In some cases, those charged with governance may also be responsible.

If necessary, they may seek input from experts such as Actuaries, Engineers, Internal legal counsel.

Qualifying Language in Representations

• Management may include phrases like "to the best of our knowledge and belief" in their
representations.
• The auditor can accept this if the statements come from appropriate and knowledgeable individuals.

111
ISAs – Summaries and Application Guide ISA 580

LO 3: WRITTEN REPRESENTATIONS ABOUT MANAGEMENT’S RESPONSIBILITIES:

Key Areas of Written Representations

There are two main things management needs to confirm in writing:
1. Responsibility for Preparing Financial Statements
Management must confirm that they have prepared the financial statements according to the
applicable financial reporting standards (e.g., IFRS).

2. Providing Information and Recording Transactions

Management should confirm that:
 They have provided the auditor with all necessary information as agreed in the audit terms.
 All financial transactions have been properly recorded in the financial statements.

LO 4: OTHER WRITTEN REPRESENTATIONS:

Besides the required written representation, the auditor may ask for additional representations e.g. on:
 Appropriateness of Accounting Policies.
 Plans or intentions affecting asset and liability valuation or classification.
 Recognition and measurement of actual and contingent liabilities.
 Ownership, control, or restrictions on assets, including liens and pledged assets.

Evaluating representations about Judgments, Intentions, Plans of Management

Even if a matter relates to management’s judgments or intention, auditor has to evaluate them and
obtains evidence e.g. by considering
①Past history in carrying out stated intentions,
②Reason of choosing particular course of action,
③Ability to pursue a specific course of action,
④Any other information which is consistent or inconsistent with entity’s judgment and intention.

LO 5: DATE OF AND PERIOD(S) COVERED BY WRITTEN REPRESENTATIONS:

Timing of Written Representations

The representations must be dated as close as possible to, but not after, the auditor’s report date.

Period covered by Written Representations:

They must cover all financial statements and periods included in the auditor’s report.

Updated Representation:
In some cases, the auditor may request a written representation on a specific assertion during the audit. In
such case, an updated representation should be obtained if necessary.

Responsibilities of New Management

• New management may claim they cannot provide representations for periods before their tenure.
• However, they are still responsible for the financial statements as a whole and must provide
necessary representations.

112
ISAs – Summaries and Application Guide ISA 580

LO 6: FORM OF WRITTEN REPRESENTATIONS:

Purpose and Structure of Written Representations

• Management must provide a written representation letter addressed to the auditor.
• If law or regulation requires public statements on management’s responsibilities, and these
statements cover the required representations, they do not need to be repeated in the letter. The
auditor may consider a public statement as a valid written representation.

LO 7: DOUBT AS TO THE RELIABILITY OF WRITTEN REPRESENTATIONS AND REQUESTED

WRITTEN REPRESENTATIONS NOT PROVIDED:

Doubt as to the Reliability of Written Representations:

Situation Implication for Management Representation

 If management's lack of competence or integrity creates a high risk of
misrepresentation in financial statements, the auditor may conclude
that a reliable audit is not possible.
Concerns about
 In such cases, the auditor may consider withdrawing from the
management’s
engagement, if allowed by law, unless governance implements
competence, integrity
corrective actions.
 However, even with corrective actions, the auditor may not be able to
issue an unmodified audit opinion.
If written representations contradict audit evidence, the auditor must perform
additional audit procedures to resolve the issue.
Written representation is
If unresolved, the auditor must:
inconsistent with other
 Reassess management’s competence, integrity, ethical values, and
audit evidence
diligence.
 Revise risk.
 Modify audit procedures based on the revised risk assessment.

Requested Written Representations Not Provided:

If management fails to provide the requested written representations, the auditor must:
• Discuss the Issue with Management
Attempt to understand why management is unwilling or unable to provide the representations.

• Assess Management’s Integrity

Consider whether this refusal raises concerns about management’s honesty and the reliability of
other audit evidence.

• Determine the Audit Impact

o This will be a scope limitation by management.
o Auditor shall express:
 Qualified Opinion (if effect is material), or
 Disclaimer of Opinion (if effect is pervasive).

113
ISAs – Summaries and Application Guide ISA 580

Modification in Representation and its Implication:

A written representation that differs from what the auditor requested may still be valid, but its implications
must be analyzed

Modification in Representation Implication

If management states that financial statements Management has provided reliable written representations.
comply with the reporting framework except However, the auditor is required to consider the effect of the
for a specific material non-compliance. non-compliance on the opinion in the auditor’s report.

Management has provided reliable written representations.

If management claims that certain records
However, the auditor is required to consider the effect of
were destroyed (e.g., due to a fire) but has
information destroyed in the fire on the opinion in the
provided all other relevant information.
auditor’s report.

APX 1: LIST OF ISAs CONTAINING REQUIREMENTS FOR WRITTEN REPRESENTATIONS:

ISA Representation Required

ISA 540: Auditing Significant assumptions and accounting estimates are reasonable.
Estimates
1. All related party relationships and transactions have been disclosed to the
auditor.
ISA 550: Related Parties
2. All related party relationships and transactions have been accounted for and
disclosed in accordance with AFRF.
ISA 560: Subsequent All events subsequent to the date of financial statements, have been adjusted or
Events disclosed.
ISA 450: Evaluation of The effects of uncorrected misstatements are immaterial, both individually and in
Misstatements the aggregate.
Management has disclosed to auditor:
 results of risk assessment relating to fraud.
ISA 240: Fraud  fraud or suspected fraud that management is aware and that affects the
entity whether involving management, employees or others.
 alleged fraud communicated by others.
ISA 250: Non- Management has disclosed to auditor non-compliance or suspected non-compliance
compliance with laws with laws and regulations affecting financial statements.
1. All litigation and claims have been disclosed to the auditor.
ISA 501: Specific Items 2. All litigation and claims have been accounted for and disclosed in accordance
with AFRF.
ISA 570: Going Concern Whether assessment of going concern is appropriate.
ISA 710: Comparative Representation on the accuracy of comparative figures in the financial statements
Information
ISA 720: Other Representation on the accuracy of Other Information.
Information

114
ISAs – Summaries and Application Guide ISA 580

APX 2: ILLUSTRATIVE REPRESENTATION LETTER:

ABC COMPANY LIMITED

(40 – The Mall, Lahore)
March 28, 2024
Zaheer & Co. Chartered Accountants
Lahore
Dear Sir,

This representation letter is provided in connection with your audit of the financial statements of ABC Company for the
year ended December 31, 2023 for the purpose of expressing an opinion as to whether the financial statements are
presented fairly, in all material respects, (or give a true and fair view) in accordance with International Financial Reporting
Standards.
We confirm that (to the best of our knowledge and belief, having made such inquiries as we considered necessary for the
purpose of appropriately informing ourselves):

Representations about Financial Statements:

1. Representations about Management’s Overall Responsibilities i.e.
a. Management has fulfilled its responsibility for the preparation of financial statements in accordance
with the AFRF
b. Management has provided the auditor with all relevant information and access
c. All transactions have been recorded in financial statements.
2. Significant assumptions and accounting estimates are reasonable. (ISA 540)
3. Related party relationships and transactions have been approved, appropriately accounted for and disclosed in
accordance with the requirements of AFRF and legal requirements. (ISA 550)
4. All events subsequent to the date of financial statements for which AFRF requires adjustment or disclosure, have
been adjusted or disclosed. (ISA 560)
5. The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the financial
statements as a whole. A summary of such items shall be attached to the written representation. (ISA 450)

Representations about Information Provided to Auditor:

1. We have disclosed to you the results of our assessment of the risk that the financial statements may be materially
misstated as a result of fraud. (ISA 240)
2. We have disclosed to you all information in relation to fraud or suspected fraud that we are aware of and that
affects the entity involving management, employees or others. (ISA 240)
3. We have disclosed to you the identity of the entity’s related parties and all the related-party relationships and
transactions of which we are aware. (ISA 550)
4. We have disclosed to you all known instances of non-compliance or suspected non-compliance with laws and
regulations affecting financial statements. (ISA 250)

Auditor may also obtain additional representations if he considers necessary (e.g. on Litigations, Going Concern).
Chief Financial Officer Chief Executive Officer

115
 ISAs – Summaries and Application Guide ISA 600

ISA 600
SPECIAL CONSIDERATIONS —
AUDIT OF GROUP FINANCIAL
STATEMENTS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 15 A1 – A28

LEADERSHIP RESPONSIBILITIES FOR MANAGING AND ACHIEVING
LO 2 16 A29 – A31
QUALITY ON A GROUP AUDIT
LO 3 ACCEPTANCE AND CONTINUANCE 17 – 21 A32 – A46
LO 4 OVERALL GROUP AUDIT STRATEGY AND GROUP AUDIT PLAN 22 – 29 A47 – A87
UNDERSTANDING THE GROUP AND ITS ENVIRONMENT, THE
LO 5 APPLICABLE FINANCIAL REPORTING FRAMEWORK AND THE GROUP’S 30 – 32 A88 – A107
SYSTEM OF INTERNAL CONTROL
IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL
LO 6 33–34 A108 – A115
MISSTATEMENT
LO 7 MATERIALITY 35 – 36 A116 – A123
LO 8 RESPONDING TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT 37 – 44 A124 – A143
EVALUATING THE COMPONENT AUDITOR’S COMMUNICATIONS AND
LO 9 45 – 48 A144 – A149
THE ADEQUACY OF THEIR WORK
LO 10 SUBSEQUENT EVENTS 49 – 50 A150
EVALUATING THE SUFFICIENCY AND APPROPRIATENESS OF AUDIT
LO 11 51 – 52 A151 – A156
EVIDENCE OBTAINED
LO 12 AUDITOR’S REPORT 53 A157 – A158
COMMUNICATION WITH GROUP MANAGEMENT AND THOSE CHARGED
LO 13 54 – 58 A159 – A165
WITH GOVERNANCE OF THE GROUP
LO 14 DOCUMENTATION 59 A166 – A182
ILLUSTRATION OF INDEPENDENT AUDITOR’S REPORT WHEN GROUP AUDITOR IS NOT ABLE TO
APX 1
OBTAIN SUFFICIENT APPROPRIATE EVIDENCE ON WHICH TO BASE THE GROUP AUDIT OPINION
APX 2 UNDERSTANDING THE GROUP’S SYSTEM OF INTERNAL CONTROL
EXAMPLES OF EVENTS OR CONDITIONS THAT MAY GIVE RISE TO RISKS OF MATERIAL
APX 3
MISSTATEMENT OF THE GROUP FINANCIAL STATEMENTS

116
ISAs – Summaries and Application Guide ISA 600

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Overview of Group Audits:

Scope of ISA 600
ISA 600 applies to audits of group financial statements, which include multiple entities or business units. It
provides guidance on:
• Special considerations in group audits.
• The role of component auditors when involved.

Definition of Group Financial Statements

• Group financial statements consolidate the financial information of multiple entities.
• The consolidation process includes combining financial statements, applying equity accounting, and
aggregating financial data from branches or divisions.
• Groups may be structured as parent-subsidiary relationships, joint ventures, or business units
operating in different locations.

Key Participants in a Group Audit

Group Auditor
The group auditor is responsible for:
• Planning and supervising the group audit.
• Directing and reviewing the work of component auditors.
• Evaluating audit evidence to form an opinion on the group financial statements.

Component Auditor
A component auditor:
• Performs audit procedures for a component (subsidiary, division, or business unit).
• Has local knowledge of regulations, culture, and risks.
• Works under the direction and review of the group auditor.

Component Management vs. Group Management

• Component management oversees financial reporting at a specific subsidiary or business unit.
• Group management is responsible for preparing the group financial statements.

Planning and Performing a Group Audit:

Aggregation Risk
Aggregation risk arises when uncorrected or undetected misstatements across multiple components exceed
materiality for the group as a whole.
• The group auditor sets component performance materiality to reduce this risk.

Determining Components for Audit Work

The group auditor decides which components require audit work based on:
• The financial significance of the component.
• The risk of material misstatement at the component level.
• The centralization of processes, such as a shared service center.

117
ISAs – Summaries and Application Guide ISA 600

Involvement of Component Auditors

Determining the Need for Component Auditors
The group auditor involves component auditors when:
• A component has specific risks requiring local expertise.
• Laws or regulations mandate a local audit of the component.

Supervising Component Auditors

The group auditor ensures audit quality by:
• Establishing clear instructions for component auditors.
• Reviewing component auditors' work for sufficiency and accuracy.
• Maintaining two-way communication to address audit issues.

Using Work of Component Auditors

If a component auditor has already conducted a statutory or regulatory audit, the group auditor can use this
work if:
• It aligns with group audit objectives.
• The group auditor is satisfied with its quality and completeness.

If the group auditor performs all audit procedures centrally, some ISA 600 requirements (such as component
auditor involvement) may not apply.

LO 2: LEADERSHIP RESPONSIBILITIES FOR MANAGING AND ACHIEVING QUALITY ON A

GROUP AUDIT:

Group Engagement Partner's Role

The group engagement partner must ensure quality in the group audit by:
1. Setting the Right Environment – Promoting expected behaviors among the engagement team.
2. Active Involvement – Overseeing the audit process, including work done by component auditors, to
confirm that significant judgments and conclusions are appropriate.

Delegation and Oversight

• Due to the complexity of group audits, the group engagement partner may assign tasks to other
engagement team members, including those at component auditors.
• Despite delegation, the group engagement partner remains responsible for overall audit quality.

LO 3: ACCEPTANCE AND CONTINUANCE:

Evaluating Acceptance and Continuance of a Group Audit:

Before accepting or continuing a group audit, the group engagement partner must determine if they can
obtain sufficient appropriate audit evidence to issue an opinion on the group financial statements.

If audit evidence cannot be obtained after accepting the engagement, the group engagement partner must
evaluate the impact on the audit.

118
ISAs – Summaries and Application Guide ISA 600

Handling Restrictions on Access to Information or People

External Restrictions (Beyond Group Management’s Control)
If access to information or personnel is limited due to external factors (e.g., laws, political issues, war,
regulatory restrictions), the auditor must:
• Assess the impact on audit procedures.
• Consider alternative sources of evidence (e.g., publicly available financial reports, regulatory filings).
• Determine if they can perform the audit without compromising quality.

Internal Restrictions (Imposed by Group Management)

If management intentionally restricts access, preventing the auditor from obtaining sufficient audit evidence,
the auditor must:
• Reject the engagement (for new audits) or withdraw (if legally allowed).
• If withdrawal is not an option due to legal constraints, issue a disclaimer of opinion on the financial
statements.

LO 4: OVERALL GROUP AUDIT STRATEGY AND GROUP AUDIT PLAN:

Developing and Updating the Group Audit Strategy

The group auditor must establish and continuously update the group audit strategy and plan in accordance
with ISA 300. This involves:
• Identifying components where audit work is required.
• Determining the resources necessary, including the involvement of component auditors.

Component Auditors' Role and Supervision

Assessing Component Auditors' Cooperation
The group engagement partner must evaluate whether the group auditor can effectively:
• Supervise and direct the component auditor’s work.
• Obtain confirmation from component auditors regarding their willingness to cooperate and perform
the requested audit work.

Ensuring Ethical Compliance and Independence

The group engagement partner is responsible for ensuring that component auditors:
• Understand and comply with all relevant ethical and independence requirements.
• Confirm their commitment to these standards.

Competence and Resource Assessment

The group engagement partner must ensure that component auditors:
• Have the skills and experience required for their assigned tasks.
• Have enough time and resources to conduct the audit.
• Have no ethical violations that could compromise audit quality.
• Are subject to adequate monitoring and quality control.

If a component auditor fails to meet these criteria, the group auditor must obtain audit evidence without their
involvement.

119
ISAs – Summaries and Application Guide ISA 600

Managing the Group Audit Engagement

Direction and Supervision of Component Auditors
The group engagement partner must:
• Oversee the nature, timing, and extent of the component auditors' work.
• Focus on high-risk areas and significant judgments in the group financial statements.
• Conduct timely reviews of the component auditors' documentation and findings.

Handling Concerns About Component Auditors

If serious concerns arise regarding a component auditor's:
• Competence, ethical conduct, or independence,
• Access to audit documentation,
• Ability to perform assigned procedures,

The group engagement partner must take appropriate action, which may include:
• Modifying the audit approach.
• Increasing supervision and review.
• Excluding the component auditor from the engagement.

4. Communication Between Group Auditor and Component Auditors

Effective two-way communication ensures a smooth group audit process. The group auditor must:
• Clearly define expectations and responsibilities.
• Ensure ongoing communication at key audit stages.
• Provide clear instructions, especially when working with auditors from other firms.
• Discuss risks, findings, and key issues.

Forms of Communication
• Written instructions for audit scope and procedures.
• Meetings and calls for discussing significant matters.
• Review of documentation, either in person or remotely.

Addressing Non-Compliance and Ethical Breaches

If a Component Auditor Fails to Meet Ethical Requirements:
If a component auditor violates ethical or independence requirements, the group auditor must:
• Exclude their work from the group audit.
• Obtain audit evidence through alternative means.

120
ISAs – Summaries and Application Guide ISA 600

LO 5: UNDERSTANDING THE GROUP AND ITS ENVIRONMENT:

Understanding the Group and Its Environment

The group auditor must obtain a clear understanding of the group's structure, operations, and financial
reporting framework under ISA 315. This understanding helps in identifying risks and planning audit
procedures effectively.

Key Areas of Understanding

1. Organizational Structure and Business Model
o Locations of operations and activities
o Nature of business and similarity across the group
o Use of Information Technology (IT) in financial processes

2. Regulatory Environment
o Laws and regulations affecting the group
o Industry-specific compliance requirements

3. Financial Performance Metrics

o Key indicators used by group management to assess performance
o Potential pressure points leading to fraud risk factors

4. Applicable Financial Reporting Framework

o Consistency in accounting policies across entities
o Adjustments made during consolidation

Understanding the Group’s Internal Control System

The group auditor must evaluate the design, implementation, and effectiveness of internal controls across the
group. This includes:

Common Controls Across Entities

• Some controls may be standardized across multiple business units (e.g., IT-based inventory controls).
• Shared service centers may process financial transactions centrally, impacting audit procedures.

Centralized Activities in Financial Reporting

• Some financial activities (e.g., revenue processing, payroll, tax reporting) may be centralized.
• The auditor must assess whether these activities affect risk of material misstatement.

Consolidation Process
• Review of group-wide reporting instructions
• Adjustments made for intercompany transactions and financial statement alignment

Communication of Key Financial Information

• How group management ensures financial reporting accuracy across subsidiaries
• Adequacy of instructions provided to business units on financial reporting

121
ISAs – Summaries and Application Guide ISA 600

Coordination Between Group and Component Auditors

In a group audit, the group auditor works with component auditors to ensure risks are properly assessed.
Effective communication is critical.

What the Group Auditor Must Communicate to Component Auditors

• Risk Assessment Matters
o Identified risks that affect the component’s financial statements
o Instructions for audit procedures
• Related Party Transactions
o Transactions that may affect financial statements or pose fraud risks
• Going Concern Issues
o Conditions that may raise significant doubt about the group’s financial stability

What the Component Auditors Must Report Back

• Material Misstatements
o Any risk of fraud or error affecting the component’s financial statements
• Undisclosed Related Party Transactions
o Transactions not identified by group management
• Newly Identified Going Concern Issues
o Any conditions that indicate financial instability in the group

Risk Assessment and Fraud Considerations in a Group Audit

Group auditors must evaluate fraud risk and apply professional skepticism in planning and performing the
audit.

Key Fraud Risk Factors

• Complex group structures
o Multiple subsidiaries in different jurisdictions may create opportunities for fraud
• Non-integrated IT systems
o Lack of a centralized system may lead to undetected transactions
• Management Override of Controls
o Inconsistent application of internal controls across subsidiaries

Fraud Detection and Professional Judgment

• Identify policies that may encourage earnings manipulation
• Assess whether management bias influences financial reporting
• Consider incentives or pressures on management that may lead to fraudulent financial reporting

Reporting Considerations
If risks or misstatements are identified, the group auditor must take appropriate action.

Actions if Misstatements Are Found

• Before the Auditor’s Report [deal in accordance with ISA 705]
• After the Auditor’s Report [deal in accordance with ISA 560]
• Non-compliance with laws or regulations exists [deal in accordance with ISA 250]
• Risk of Fraud exists [deal in accordance with ISA 240]

122
ISAs – Summaries and Application Guide ISA 600

LO 6: IDENTIFYING AND ASSESSING RISKS OF MATERIAL MISSTATEMENT:

Group Auditor’s Responsibility in Risk Assessment

• The group auditor is responsible for identifying and assessing the risks of material misstatement in
the group financial statements, including risks related to the consolidation process.
• This process follows ISA 315 and requires a thorough understanding of:
o The group and its environment.
o The financial reporting framework.
o The group’s internal control system.

Steps in the Risk Assessment Process

A. Establishing Initial Expectations
The auditor develops initial expectations about potential risks in the financial statements based on:
• The group’s business structure and operations.
• The industry and locations in which the group operates.
• The significant transactions, account balances, and disclosures.
• The group’s internal controls and how they function.

B. Identifying High-Risk Areas

• Risks may only apply to specific components of the group.
o Example: A legal claim risk might exist only in entities operating in a specific jurisdiction.
• The auditor considers:
o The likelihood and magnitude of a misstatement.
o The factors that increase inherent risk, such as complexity or past issues.

C. Evaluating the Role of Component Auditors

• The group auditor may involve component auditors for risk assessment.
• Component auditors provide valuable insights due to their direct knowledge of specific entities.
• However, the group auditor remains responsible for the overall assessment.

Addressing Fraud Risks in the Risk Assessment Process

As per ISA 240, the group auditor must assess fraud risks and design further procedures to respond to those
risks.

LO 7: MATERIALITY:

Determining Component Performance Materiality

When a group's financial information is broken down into different components, the group auditor must
establish:
• Component Performance Materiality
o This must be lower than group performance materiality to address aggregation risk
(misstatements accumulating unnoticed).
• Misstatement Reporting Threshold
o Component auditors must report misstatements above a certain threshold to the group
auditor.
o This threshold must not exceed the amount considered clearly trivial for the group financial
statements.

123
ISAs – Summaries and Application Guide ISA 600

Setting Component Performance Materiality

Key Considerations for Component Performance Materiality
• Extent of Financial Disaggregation
More components → Lower component materiality to reduce aggregation risk.

• Component Significance
A large component relative to the group may justify a higher materiality level.

• Risk Factors
Industry-specific risks, unusual transactions, and historical misstatements affect materiality
decisions.

• Ownership Considerations
For equity-method investments, auditors may adjust materiality based on ownership percentage and
share of profits/losses.

• Aggregation Risk
If multiple components’ financial data are combined, a lower component materiality is necessary to
prevent undetected misstatements.

Exceptions Where Higher Component Materiality May Apply

• If a single large component represents a substantial portion of the group, aggregation risk is lower,
allowing for higher component performance materiality.
• In some cases, audit procedures are performed on a single, significant class of transactions or
account balance across multiple components. Here, group performance materiality may be used.

Trivial Misstatement Threshold

• Component auditors must report misstatements above a clearly trivial threshold.
• According to ISA 450, misstatements below this threshold do not accumulate because they are
unlikely to impact the group financial statements.

Considerations When Component Auditors Are Involved

Communicating Component Performance Materiality
• The group auditor must inform component auditors about materiality thresholds.
• In some cases, component auditors' expertise helps determine appropriate materiality for their
respective components.
• The group auditor may also share group performance materiality to align expectations.

Ongoing Communication for Unexpected Misstatements

• If a component auditor identifies more misstatements than expected, they must promptly inform the
group auditor.
• Collaboration ensures adjustments to materiality decisions if necessary.

124
ISAs – Summaries and Application Guide ISA 600

LO 8: RESPONDING TO ASSESSED RISKS OF MATERIAL MISSTATEMENT:

Group Auditor’s Responsibility

The group auditor is responsible for:
• Designing and performing further audit procedures.
• Determining where and how audit procedures will be conducted.
• Ensuring the consolidation process is free from material misstatements.

Addressing Material Misstatements in the Consolidation Process

Assessing Risks in the Consolidation Process
The group auditor must:
• Ensure all entities and business units are included in the group financial statements.
• Evaluate the accuracy, completeness, and appropriateness of consolidation adjustments and
reclassifications.
• Assess whether management’s judgments in the consolidation process indicate bias.

Adjustments for Inconsistent Accounting Policies

If a component applies different accounting policies, adjustments must be made for consistency with the
group financial statements.

Adjustments for Different Reporting Periods

If a component’s financial reporting period differs from the group, the auditor must verify that appropriate
adjustments align with the financial reporting framework.

Involvement of Component Auditors

When Component Auditors Assist, the group auditor must:
• Communicate relevant risks and audit procedures.
• Evaluate the design and execution of audit procedures for high-risk areas.
• Direct, supervise, and review component auditors’ work.

Performing Further Audit Procedures

Centralized Audit Procedures
The group auditor may conduct centralized audit procedures when:
• Financial records (e.g., revenue transactions) are maintained at a shared service center.
• Activities and controls are centralized across multiple components.
• Business lines across the group share similar characteristics and risks.

Even with centralized procedures, component auditors may assist, especially if:
• The group operates multiple shared service centers.
• Certain transactions need local verification.

Component-Level Audit Procedures

Some audit procedures are best performed at the component level, especially when there are multiple
locations, or operations are decentralized.

125
ISAs – Summaries and Application Guide ISA 600

Addressing Risks in Large Groups

• If a group has many small components, their financial information may be individually immaterial
but material in total.
• The group auditor may:
o Use centralized substantive analytical procedures.
o Select specific components for additional testing.

Audit Approaches for Components

The group auditor determines the appropriate audit scope at each component:

1. Full Financial Audit of a Component

• Used when a component’s financial impact is significant.
• Required if risks affect the group’s going concern assessment.

2. Targeted Audit on Specific Accounts

• Performed on key classes of transactions, balances, or disclosures.
• Example: If a small subsidiary holds a large share of land and buildings, targeted procedures will
focus on valuation.

3. Specific Procedures for High-Risk Areas

Focuses on selected assertions, such as:
• Litigation claims in specific jurisdictions.
• Existence of high-value assets.

4. Incorporating Unpredictability
To help detect fraud, auditors introduce randomized testing by:
• Changing which components are tested.
• Varying audit procedures used.
• Modifying sampling methods.

Evaluating Internal Controls

Reliance on Internal Controls
The group auditor may rely on common internal controls when designing audit procedures.

Handling Control Deficiencies

If weaknesses are found in internal controls:
• The auditor may increase substantive testing.
• Alternative controls may be tested.
• Additional components may be selected for testing.

Testing Controls in Shared Service Centers

If shared controls are tested centrally, the group auditor must inform component auditors of the results.

Addressing Risks in the Consolidation Process

Key Audit Steps for the Consolidation Process
• Ensuring all necessary journal entries are included.
• Testing the effectiveness of consolidation controls.
• Assessing adjustments and reclassifications.

126
ISAs – Summaries and Application Guide ISA 600

Reviewing Consolidation Adjustments

The group auditor evaluates:
• If intercompany transactions and unrealized profits are properly eliminated.
• Whether adjustments are properly calculated, authorized, and documented.

LO 9: EVALUATING THE COMPONENT AUDITOR’S COMMUNICATIONS AND THE ADEQUACY

OF THEIR WORK:

Communication from the Component Auditor:

The group auditor must obtain information from the component auditor to assess the adequacy of their work.
The component auditor must report on:
• Audit Scope
o The financial data subject to audit procedures.
o Confirmation that the requested work was completed.
• Compliance and Ethical Requirements
o Adherence to ethical standards, including independence.
o Instances of non-compliance with laws and regulations.
• Findings and Misstatements
o Identified corrected and uncorrected misstatements above the threshold.
o Signs of management bias affecting financial reporting.
• Internal Control and Fraud Risks
o Deficiencies in the system of internal control.
o Fraud or suspected fraud by key personnel leading to material misstatements.
• Other Significant Matters
o Key issues reported to component management or governance.
o Additional concerns relevant to the group audit, including exceptions noted in written
representations.
o The component auditor’s overall findings and conclusions.

Evaluating the Component Auditor’s Communication and Work

The group auditor must assess whether the component auditor's communication and work are sufficient for
the group audit. This involves:

• Reviewing Significant Matters

o Discussing key issues with the component auditor, component management, or group
management.
o Analyzing how these findings impact the overall audit.

• Assessing Adequacy of Communication

If the component auditor’s communication is inadequate, the group auditor must determine how this
affects the group audit.

Addressing Deficiencies in the Component Auditor’s Work

If the group auditor finds that the component auditor’s work is inadequate, they must determine:
• Additional Audit Procedures
o Identify further procedures required to resolve deficiencies.
o Decide if these procedures should be performed by the component auditor or the group
auditor.

127
ISAs – Summaries and Application Guide ISA 600

• Reassessment of Audit Reliance

o Consider whether continued reliance on the component auditor is appropriate.
o If serious concerns exist, reassess engagement continuation or perform direct audit
procedures at the component level.

LO 10: SUBSEQUENT EVENTS:

Responsibility of the Group Auditor

The group auditor is responsible to perform procedures and identify subsequent events that may require
Adjustment or Disclosures in the group financial statements.

Involvement of Component Auditors

When component auditors are involved, the group auditor:
 must request them to notify the group auditor if they become aware of any subsequent events
needing adjustment or disclosure in the group financial statements.
 may request them to perform procedures to identify subsequent events.

LO 11: EVALUATING THE SUFFICIENCY AND APPROPRIATENESS OF AUDIT EVIDENCE

OBTAINED:

Assessing Audit Evidence for the Group Audit

The group auditor must determine whether the audit procedures—including those performed by component
auditors—provide sufficient and appropriate evidence for the group audit opinion.

Reviewing Component Auditors' Work

The engagement partner must confirm that audit evidence collected by component auditors is sufficient for
the group audit opinion.

Key Considerations
• Communications from component auditors about findings and conclusions.
• Supervision and review of component auditors’ work.
• In some cases, a summary memorandum from the component auditor may be enough to confirm that
the audit procedures and findings are adequate.

LO 12: AUDITOR’S REPORT:

Responsibility for the Group Audit Opinion

• The group engagement partner or firm is responsible for the group audit opinion.
• Component auditors perform work on specific components, but their findings do not reduce the
group auditor’s responsibility.

Reference to Component Auditors in the Auditor’s Report

• The auditor’s report should not mention a component auditor unless required by law or regulation.
• If required, the report must clearly state that referencing the component auditor does not reduce the
responsibility of the group engagement partner or firm for the group audit opinion.

128
ISAs – Summaries and Application Guide ISA 600

When the Group Audit Opinion is Modified

If the auditor cannot obtain sufficient appropriate audit evidence for one or more components, the report
must explain the reason in the appropriate section:
• Basis for Qualified Opinion (if the issue is material but not pervasive).
• Basis for Disclaimer of Opinion (if the issue is material and pervasive).

In certain cases, referencing a component auditor may be necessary, such as:

• When the component auditor cannot complete the required work.
• When circumstances beyond the control of component management prevent the audit from
proceeding.

LO 13: COMMUNICATION WITH GROUP MANAGEMENT AND THOSE CHARGED WITH

GOVERNANCE OF THE GROUP:

Issue Action by Group Auditor Recipient

Share audit scope, timing, and component audit
Audit Scope & Timing Group Management
plans.

Fraud or Suspected Fraud Inform relevant management level immediately. Group Management

Significant Matters Affecting Ensure management informs component entities

Group Management
Components about financial statement impacts.

Group Management Refuses Escalate to governance. If unresolved, consider Those Charged with
to Inform Components advising component auditors to delay reports. Governance

Quality Issues in Component Those Charged with

Report concerns and resolution steps.
Audits Governance
Those Charged with
Limitations on Audit Scope Report restrictions affecting the audit.
Governance
Fraud Involving Key Those Charged with
Communicate fraud or suspected fraud.
Management Governance
Deficiencies in Internal Determine if reported deficiencies require Group Management &
Control governance attention. Governance

Confidentiality & Significant Matters

• Group management may keep sensitive information confidential.
• Examples of significant matters that component management may not be aware of include:
o Legal disputes
o Plans to close or abandon assets
o Subsequent events
o Major contracts or agreements

129
ISAs – Summaries and Application Guide ISA 600

Timing of Communication
• Scope and component audit plans → Communicated early in the audit.
• Quality concerns in component audits → Addressed towards the end of the audit.
• Fraud and audit limitations → Reported immediately when identified.

Handling Non-Compliance with Laws and Regulations

• If group management informs the auditor of non-compliance within a group entity, the group
engagement partner must consider professional and legal obligations.

LO 14: DOCUMENTATION:

Pre-Audit Documentation (Before Accepting or Continuing the Engagement)

The group auditor must document:
• Access Restrictions – Any limitations on accessing people or information that may affect the audit.
• Component Identification – The method used to determine audit components for planning and
execution.
• Competence of Component Auditors – How the group auditor assessed whether component auditors
have the required expertise, resources, and time.

Audit Execution Documentation

During the audit, documentation must include:
• Materiality and Misstatements
o The basis for setting performance materiality at the component level.
o The threshold for reporting misstatements from component audits to the group auditor.

• Understanding Internal Controls

o Key elements of the group’s internal control system evaluated during the audit.

• Supervision and Review of Component Auditors

o The nature, timing, and extent of direction, supervision, and review of component auditors.
o The rationale for selecting specific component auditors for review or site visits.
o Any changes made to the planned supervision approach based on audit findings.

• Communications with Component Auditors

o Fraud risks, related party transactions, and going concern matters discussed.
o Significant issues affecting the group audit and how they were resolved.

• Evaluation of Component Auditors’ Findings

o How the group auditor assessed component auditors’ conclusions and their impact on the
group financial statements.

Retention and Compliance with Firm Policies

• Group audit documentation must align with firm policies under ISQM 1.
• The group auditor may provide specific instructions to component auditors on assembling and
retaining audit records.
• The group auditor’s file includes their own documentation as well as references to component
auditors’ records.

130
ISAs – Summaries and Application Guide ISA 600

Handling Documentation Access Restrictions

Reasons for Access Restrictions
Component auditor documentation access may be restricted due to:
• Legal or regulatory barriers preventing cross-border information sharing.
• External circumstances such as war, civil unrest, or disease outbreaks.

Strategies to Overcome Restrictions

The group auditor may:
• Visit the component auditor’s location to review documentation.
• Use remote technology to access records (if legally permitted).
• Request a summary memorandum from the component auditor.
• Hold discussions with the component auditor to understand their work and conclusions.

Consequences of Unresolved Access Restrictions

• Group auditors must still comply with ISA documentation requirements even if full access is not
available.
• If access restrictions prevent obtaining sufficient audit evidence, a scope limitation may arise,
requiring a modified audit opinion on the group financial statements.

131
 ISAs – Summaries and Application Guide ISA 610

ISA 610
USING THE WORK OF INTERNAL
AUDITORS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 14 A1 − A4

DETERMINING WHETHER, IN WHICH AREAS, AND TO WHAT
LO 2 EXTENT THE WORK OF THE INTERNAL AUDIT FUNCTION CAN 15 − 20 A5 −A23
BE USED
LO 3 USING THE WORK OF THE INTERNAL AUDIT FUNCTION 21 − 25 A24 −A30
DETERMINING WHETHER, IN WHICH AREAS, AND TO WHAT
LO 4 EXTENT INTERNAL AUDITORS CAN BE USED TO PROVIDE 26 − 32 A31 − A39
DIRECT ASSISTANCE
LO 5 USING INTERNAL AUDITORS TO PROVIDE DIRECT ASSISTANCE 33 − 35 A40 − A41
LO 6 DOCUMENTATION 36 − 37 N/A

Effective Date: December 15, 2014

132
ISAs – Summaries and Application Guide ISA 610

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Applicability
• This ISA applies when the external auditor considers using:
o The internal audit function’s work as audit evidence.
o Internal auditors for direct assistance under external auditor supervision.
• If the entity has no internal audit function, this ISA does not apply.

Direct Assistance: Internal auditors performing audit procedures under supervision of external auditor.

Conditions for Using Internal Audit Work

The external auditor must assess whether the internal audit function is:
• Objective and free from management influence.
• Competent and adequately resourced.
• Following a structured and disciplined audit approach.

LO 2: DETERMINING WHETHER, IN WHICH AREAS, AND TO WHAT EXTENT THE WORK OF

THE INTERNAL AUDIT FUNCTION CAN BE USED:

Evaluating the Internal Audit Function

Criteria for Using Internal Audit Work

The external auditor determines whether the internal audit function’s work can be used based on:
• Objectivity – Internal auditors must be free from bias, conflicts of interest, or management influence.
• Competence – Internal auditors must have the necessary skills, qualifications, and resources.
• Systematic Approach – The function should follow structured procedures, including quality control.

If the internal audit function lacks objectivity, competence, or a systematic approach, the external auditor
cannot use its work.

Factors Affecting Objectivity

• Internal auditors should report to those charged with governance, not management.
• They should not have operational responsibilities that could compromise independence.
• The governance body should oversee hiring, training, and remuneration of internal auditors.
• Internal auditors should comply with professional ethics and objectivity standards.

Factors Affecting Competence

• The function must have sufficient resources relative to the entity’s size and operations.
• Internal auditors must have relevant training, experience, and professional certifications.
• They should understand financial reporting frameworks and industry-specific risks.

Assessing a Systematic Approach

• Internal audit must follow documented procedures for risk assessment, audit planning, execution,
and reporting.
• Quality control measures should be in place, including external assessments of internal audit
effectiveness.

133
ISAs – Summaries and Application Guide ISA 610

Determining the Scope and Extent of Internal Audit Work That Can Be Used

Deciding When to Use Internal Audit Work

The external auditor assesses whether internal audit work is relevant to the audit strategy and plan. More
reliance on internal audit is possible when:
• The work involves low judgment (e.g., compliance testing).
• The assessed risk of material misstatement is low.
• Internal auditors demonstrate strong objectivity and competence.

Examples of Internal Audit Work That Can Be Used

• Testing of control effectiveness
• Substantive procedures involving limited judgment
• Observations of inventory counts
• Tracing transactions through financial systems
• Compliance testing with regulations
• Review of financial information for non-significant subsidiaries

LO 3: USING THE WORK OF THE INTERNAL AUDIT FUNCTION:

Planning and Coordination with the Internal Audit Function

To ensure effective collaboration, the external auditor must:
• Discuss the planned use of internal audit work with the internal audit function.
• Coordinate activities, including:
o Timing and scope of work.
o Materiality levels and sampling methods.
o Documentation and review procedures.

Evaluating the Quality and Reliability of Internal Audit Work

The external auditor must assess whether the internal audit function:
• Properly planned, performed, reviewed, and documented its work.
• Obtained sufficient appropriate evidence to support its conclusions.
• Reached appropriate conclusions, ensuring consistency with the audit findings.

Assessing the Adequacy of Internal Audit Work

To confirm the reliability of internal audit work, the external auditor must:
• Inquire with internal auditors about their procedures.
• Observe their audit procedures.
• Review their work programs and documentation.
• Reperform some internal audit procedures.

The higher the judgment involved or the greater the risk of material misstatement, the more procedures the
external auditor must perform to verify the adequacy of internal audit work.

Factors affecting evaluation:

• Judgment level involved in internal audit procedures.
• Risk of material misstatement.
• Objectivity and independence of the internal audit function.
• Competence of internal auditors.

134
ISAs – Summaries and Application Guide ISA 610

More extensive procedures are needed if:

• The risk of material misstatement is high.
• Internal auditors lack objectivity.
• Internal audit work involves significant judgment.

LO 4: DETERMINING WHETHER, IN WHICH AREAS, AND TO WHAT EXTENT INTERNAL

AUDITORS CAN BE USED TO PROVIDE DIRECT ASSISTANCE:

Legal and Regulatory Restrictions

If laws or regulations prohibit the use of internal auditors for direct assistance, the external auditor cannot
use internal auditors for direct assistance.

Assessing Objectivity and Competence

If internal auditors can be used, the external auditor must evaluate:
• Threats to Objectivity
o The external auditor must ensure internal auditors are free from bias, conflicts of interest, or
external influence.
o Internal auditors must disclose any relationships or financial interests that could impact
objectivity.
• Competence
o The external auditor must assess whether internal auditors have the necessary skills,
experience, and training to perform audit tasks.

The external auditor must not use internal auditors if:

• Significant threats to objectivity exist and cannot be mitigated.
• Internal auditors lack sufficient competence to perform the assigned work.

Assigning Work to Internal Auditors

Determining the Nature and Extent of Work
When assigning work to internal auditors, the external auditor must consider:
• The level of judgment required in audit procedures.
• The risk of material misstatement associated with the audit area.
• The objectivity and competence of the internal auditors.

Prohibited Tasks for Internal Auditors

Internal auditors cannot perform tasks that involve:
• Significant judgment, such as assessing estimates or making key audit decisions.
• Higher-risk audit areas, where extensive professional judgment is needed.
• Self-review threats, including reviewing their own work or reporting findings to management.
• Decisions on external audit procedures, such as reliance on internal audit work or direct assistance.

Specific Restrictions
• Fraud Discussions: Internal auditors cannot assess fraud risks but may answer inquiries from
external auditors.
• Unannounced Audit Procedures: Internal auditors cannot determine surprise audit procedures.
• External Confirmations: Internal auditors cannot control or evaluate external confirmation requests,
but they may help gather necessary information.

135
ISAs – Summaries and Application Guide ISA 610

Supervision and Review

• The external auditor remains responsible for the audit and must supervise and review all work
performed by internal auditors.
• Excessive use of internal auditors may compromise audit independence.

Communicating with Governance

The external auditor must:
• Inform those charged with governance about the planned use of internal auditors.
• Ensure there is a mutual understanding that reliance on internal auditors is not excessive.

Ensuring Sufficient Involvement in the Audit

• The external auditor must remain actively involved in the audit and maintain full responsibility for
the audit opinion.
• If reliance on internal auditors is excessive, it may undermine audit independence and require
reassessment.

LO 5: USING INTERNAL AUDITORS TO PROVIDE DIRECT ASSISTANCE:

Preconditions for Using Internal Auditors

Before involving internal auditors in the audit, the external auditor must obtain written agreements from:
• Management: Confirming that internal auditors will follow the external auditor's instructions
without interference.
• Internal Auditors: Ensuring confidentiality and requiring them to report any threats to their
objectivity.

External Auditor's Responsibilities

The external auditor must direct, supervise, and review the work performed by internal auditors as per ISA
220 (Revised). This includes:

Direction and Supervision

• Internal auditors lack independence, so they require more oversight than engagement team
members.
• The level of supervision should align with ISA 610, paragraph 29 evaluation factors.
• The external auditor should remind internal auditors to report any accounting or auditing issues.

Review Procedures
• The external auditor must verify some of the internal auditors’ work against underlying audit
evidence.
• The audit evidence collected by internal auditors must be sufficient and appropriate to support
conclusions.

Ongoing Evaluation
The external auditor must stay alert for any signs that the initial assessment of using internal auditors is no
longer valid. If risks arise, the auditor should reconsider the extent of reliance on internal auditors or make
adjustments to the audit plan.

This structured approach ensures that internal auditors contribute effectively while maintaining audit quality
and integrity.
136
ISAs – Summaries and Application Guide ISA 610

LO 6: DOCUMENTATION:

Using the Work of the Internal Audit Function

Evaluation of the Internal Audit Function

The external auditor must assess whether the internal audit function is reliable by evaluating:
• Objectivity: The function’s organizational status and policies that support auditor independence.
• Competence: The expertise and skills of the internal audit team.
• Systematic Approach: Whether internal audit follows structured procedures, including quality
control.

Decision on Using Internal Audit Work

If the external auditor decides to rely on internal audit work, they must document:
• Nature and Extent of Work Used: The type of work relied upon and reasons for doing so.
• Audit Procedures Performed: Steps taken to evaluate whether the internal audit work is sufficient
and appropriate.

Using Internal Auditors for Direct Assistance

Evaluation Before Assigning Direct Assistance
The external auditor must assess:
• Threats to Objectivity: Any risks affecting the internal auditors’ independence.
• Competence: The qualifications and skills of internal auditors assisting in the engagement.

Decision on Assigned Work

If internal auditors provide direct assistance, documentation must include:
• Nature and Extent of Assigned Work: The tasks performed and reasons for selection.
• Review Process:
o Name of the reviewer.
o Date and extent of the review (as per ISA 230).

Required Documentation
The external auditor must also include:
• Written Agreements:
Approvals from an authorized entity representative and internal auditors (as per paragraph 33 of ISA
610).

• Working Papers:
Documentation prepared by internal auditors who provided direct assistance.

137
 ISAs – Summaries and Application Guide ISA 620

ISA 620
USING THE WORK OF AN AUDITOR’S
EXPERT

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 A1 – A3

LO 2 DETERMINING THE NEED FOR AN AUDITOR’S EXPERT 7 A4 – A9
LO 3 NATURE, TIMING AND EXTENT OF AUDIT PROCEDURES 8 A10 – A13
THE COMPETENCE, CAPABILITIES AND OBJECTIVITY OF THE
LO 4 9 A14 – A20
AUDITOR’S EXPERT
OBTAINING AN UNDERSTANDING OF THE FIELD OF
LO 5 10 A21 – A22
EXPERTISE OF THE AUDITOR’S EXPERT
LO 6 AGREEMENT WITH THE AUDITOR’S EXPERT 11 A23 – A31
EVALUATING THE ADEQUACY OF THE AUDITOR’S EXPERT’S
LO 7 12 – 13 A32 – A40
WORK
REFERENCE TO THE AUDITOR’S EXPERT IN THE AUDITOR’S
LO 8 14 – 15 A41 – A42
REPORT
CONSIDERATIONS FOR AGREEMENT BETWEEN THE AUDITOR AND AN AUDITOR’S
APX
EXTERNAL EXPERT

Effective Date: December 15, 2009

138
ISAs – Summaries and Application Guide ISA 620

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of this ISA

This ISA applies when the auditor relies on an expert’s work in a non-accounting field to obtain audit
evidence.

This ISA does not cover Experts hired by management to assist in financial statement preparation, covered
under ISA 500.

Key Objectives
The auditor must:
1. Decide whether an expert is needed.
2. Assess if the expert’s work is appropriate for audit purposes.

Understanding an Auditor’s Expert

Types of Expertise an Auditor’s Expert May Have
• Valuation: Financial instruments, real estate, machinery, antiques, intangible assets.
• Actuarial Calculations: Insurance liabilities, employee benefits.
• Natural Resources: Oil and gas reserve estimations.
• Environmental Assessments: Liability and cleanup costs.
• Legal Expertise: Contract interpretation, regulatory compliance, tax law.

Distinguishing Between Accounting/Auditing and Other Expertise

• A tax accountant is not an expert under this ISA, but a taxation lawyer is.
• A financial instrument accountant differs from a valuation modeling expert.
• In new or complex areas, professional judgment may be needed to differentiate between accounting
and other expertise.

LO 2: DETERMINING THE NEED FOR AN AUDITOR’S EXPERT:

When an Auditor May Not Need an Expert

An auditor may acquire sufficient knowledge through:
• Experience auditing similar entities.
• Education or professional training in specialized areas.
• Discussions with experienced auditors in the relevant field.

LO 3: NATURE, TIMING AND EXTENT OF AUDIT PROCEDURES:

Situations Requiring More Extensive Procedures

The auditor may need more detailed procedures if:
• The expert’s work involves complex or subjective judgments.
• The auditor has not previously worked with the expert and is unsure of their competence,
capabilities, and objectivity.
• The expert's work is integral to the audit, not just an advisory role.
• The expert is external and not covered by the firm’s quality management system.

139
ISAs – Summaries and Application Guide ISA 620

Key Differences Between Internal and External Experts & Impact on Audit:

Aspect Internal Expert External Expert

Independent specialist, not part of the
Employment Part of the audit firm or network firm.
audit firm.
Covered under the firm's system of May not follow the firm’s quality system,
Quality Management
quality management. requiring additional auditor evaluation.
May need to comply with legal and ethical
Subject to firm’s ethical and independence
Independence requirements, but not bound by the firm’s
policies.
policies unless required.
Familiarity with Trained in audit-specific procedures and May lack direct audit experience,
Audit Process risks. requiring more guidance and oversight.
Auditor has direct oversight of the Auditor must independently assess the
Level of Control
expert’s work. expert’s competence and objectivity.

LO 4: THE COMPETENCE, CAPABILITIES AND OBJECTIVITY OF THE AUDITOR’S EXPERT:

The auditor must determine whether the expert has the required competence, capabilities, and objectivity for
the audit.

Evaluating Expert’s Competence/Suitability:

The auditor must evaluate whether:
• The expert complies with technical standards, industry guidelines, or regulatory requirements.
• The expert has specialized knowledge relevant to the audit (e.g., an actuary specializing in property
insurance may not be suitable for pension calculations).
• The expert understands accounting and auditing requirements, including methods and assumptions
consistent with the applicable financial reporting framework.
• Changing conditions or audit findings require the expert’s initial evaluation to be reconsidered.

Evaluating an External Expert’s Objectivity

When using an external expert, the auditor should:
• Inquire with the entity about any existing relationships with the expert that could impact
objectivity.
• Discuss with the expert whether they have safeguards in place (e.g., professional codes of conduct).
• Evaluate factors such as:
o Financial interests.
o Business and personal relationships.
o Other services provided to the entity.
• Obtain a written representation from the expert regarding any potential conflicts.

Sources for Evaluating an Expert

Auditors can assess an expert’s competence, capabilities, and objectivity by considering:
• Past experience working with the expert.
• Discussions with the expert or professionals familiar with their work.
• Qualifications, licenses, and memberships in professional organizations.
• Published research such as books or papers.
• Quality management systems within the auditor’s firm.

140
ISAs – Summaries and Application Guide ISA 620

LO 5: OBTAINING AN UNDERSTANDING OF THE FIELD OF EXPERTISE OF THE AUDITOR’S

EXPERT:

Purpose of Understanding the Expert’s Field

The auditor must gain a sufficient understanding of the auditor’s expert’s field to:
• Define the nature, scope, and objectives of the expert’s work for audit purposes.
• Assess whether the expert’s work is adequate and reliable for the audit.

Key Aspects to Consider

The auditor should focus on these areas when evaluating the expert’s field:
• Specialization – Identify relevant areas within the expert’s field that apply to the audit.
• Standards and Regulations – Check if any professional, legal, or regulatory rules affect the expert’s
work.
• Methods and Assumptions – Assess the expert’s assumptions, models, and methods to ensure they
align with financial reporting standards.
• Data Sources – Understand what internal and external data the expert uses and verify its reliability.

LO 6: AGREEMENT WITH THE AUDITOR’S EXPERT:

Establishing an Agreement with the Auditor’s Expert
The auditor must agree on key terms with the auditor’s expert, preferably in writing. This agreement ensures
clarity on:
• Work Scope & Objectives
o De�ine the expert’s responsibilities and audit objectives.
o Specify any technical or industry standards the expert must follow.

• Roles & Responsibilities

o Clarify the duties of both the auditor and the expert.
o Determine whether the auditor or expert will test source data.
o Establish whether the auditor can discuss the expert’s �indings with the entity or others.
o Agree on access and retention of working papers.
 If the expert is part of the engagement team, their work forms part of audit
documentation.
 If the expert is external, their working papers remain their own unless otherwise
agreed.

• Communication Protocol
o De�ine how and when the auditor and expert will communicate.
o Specify the format of reports (formal written reports or periodic updates).
o Identify key personnel for communication, particularly in large engagements.

• Con�identiality Requirements
o The expert must comply with the same con�identiality standards as the auditor.
o Additional legal or regulatory con�identiality requirements may apply.
o The entity may impose speci�ic con�identiality agreements with external experts.

Alternative Documentation if No Formal Written Agreement Exists

If no formal agreement is made, documentation can include:
• Audit planning memoranda and related working papers.
• The audit firm’s quality management policies covering expert involvement.
• Established protocols detailing how the auditor engages with experts.

141
ISAs – Summaries and Application Guide ISA 620

LO 7: EVALUATING THE ADEQUACY OF THE AUDITOR’S EXPERT’S WORK:

Evaluating the Auditor’s Expert’s Work

The auditor must ensure that the auditor’s expert’s work is appropriate by evaluating:
• The relevance and reasonableness of the expert’s findings and their consistency with other audit
evidence.
• The assumptions and methods used if they involve significant judgment.
• The accuracy, completeness, and relevance of source data used by the expert.

Addressing Inadequate Expert Work

• If the expert’s work is not sufficient and cannot be resolved through additional procedures, the
auditor may:
o Request the expert to perform more work.
o Conduct further audit testing.
o Engage another expert if necessary.

• If the issue remains unresolved, the auditor may need to issue a Modified Opinion due to a lack of
sufficient appropriate audit evidence.

LO 8: REFERENCE TO THE AUDITOR’S EXPERT IN THE AUDITOR’S REPORT:

General Rule for Referring to an Auditor’s Expert

• The auditor should not mention the auditor’s expert in the audit report if issuing an unmodi�ied
opinion, unless required by law or regulation.
• If reference is required, the auditor must clarify that it does not reduce their responsibility for the
opinion.

Reference to an Auditor’s Expert in a Modi�ied Opinion

• If the auditor’s expert is referenced to explain a modi�ication in the audit opinion, the report must
state that the auditor remains fully responsible for the opinion.
• In such cases, the auditor may need permission from the expert before making the reference.

APX: CONSIDERATIONS FOR AGREEMENT BETWEEN THE AUDITOR AND AN AUDITOR’S

EXTERNAL EXPERT:

Refer ISA 620 Appendix for detailed matters which can be included in agreement.

142
 ISAs – Summaries and Application Guide ISA 240

ISA 240
FRAUD IN AN AUDIT OF FINANCIAL
STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A7

LO 2 PROFESSIONAL SKEPTICISM 13 – 15 A8 – A10
LO 3 DISCUSSION AMONG THE ENGAGEMENT TEAM 16 A11 – A12
LO 4 RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES 17 – 25 A13 – A28
IDENTIFICATION AND ASSESSMENT OF THE RISKS OF MATERIAL
LO 5 26 – 28 A29 – A33
MISSTATEMENT DUE TO FRAUD
RESPONSES TO THE ASSESSED RISKS OF MATERIAL
LO 6 29 – 34 A34 – A49
MISSTATEMENT DUE TO FRAUD
LO 7 EVALUATION OF AUDIT EVIDENCE 35 – 38 A50 – A54
LO 8 AUDITOR UNABLE TO CONTINUE THE ENGAGEMENT 39 A55 – A58
LO 9 WRITTEN REPRESENTATIONS 40 A59 – A60
COMMUNICATIONS TO MANAGEMENT AND WITH THOSE
LO 10 41 – 43 A61 – A66
CHARGED WITH GOVERNANCE
REPORTING FRAUD TO AN APPROPRIATE AUTHORITY OUTSIDE
LO 11 44 A67 – A69
THE ENTITY
LO 12 DOCUMENTATION 45 – 48 N/A
APX 1 EXAMPLES OF FRAUD RISK FACTORS
EXAMPLES OF POSSIBLE AUDIT PROCEDURES TO ADDRESS THE ASSESSED RISKS OF
APX 2
MATERIAL MISSTATEMENT DUE TO FRAUD
APX 3 EXAMPLES OF CIRCUMSTANCES THAT INDICATE THE POSSIBILITY OF FRAUD

143
ISAs – Summaries and Application Guide ISA 240

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope
ISA 240 outlines the auditor’s responsibilities related to fraud in a financial statement audit.
It builds on the requirements of ISA 315 (Revised 2019) and ISA 330, focusing on the risk of material
misstatement due to fraud.

Fraud vs. Error

• Fraud involves intentional misstatements.
• Error involves unintentional misstatements.

Responsibility of Management and Governance

• Management and those charged with governance are responsible for preventing and detecting fraud.
• They must:
o Promote a culture of honesty and ethics.
o Monitor for override of controls or manipulation of financial reporting.
o Address pressures like managing earnings to influence external perception.

Auditor’s Responsibilities
• The auditor must obtain reasonable assurance that the financial statements are free from material
misstatement, whether due to fraud or error.
• Because of audit limitations, some frauds may go undetected even with a properly conducted audit.

Why Fraud is Harder to Detect

Fraud is harder to detect than error due to:
• Complex schemes
• Collusion
• Forgery
• Concealment

Fraud detection depends on:

• The skills of the fraudster
• The extent and frequency of manipulation
• Collusion level
• The amounts involved
• The seniority of the fraudster

Key Definitions
• Fraud: Intentional deception by management, employees, governance, or third parties for unfair or
illegal gain.
• Fraud Risk Factors: Conditions or events that create pressure, opportunity, or motivation to commit
fraud.

144
ISAs – Summaries and Application Guide ISA 240

LO 2: PROFESSIONAL SKEPTICISM:

Maintaining Professional Skepticism Throughout the Audit

• The auditor shall maintain professional skepticism during the entire audit.
• Even if past experience suggests management and governance are honest, the auditor must still consider the
risk of fraud.
• The auditor should stay alert to any signs that may suggest a material misstatement due to fraud.

Accepting Documents as Genuine

• The auditor may accept documents as genuine unless there is reason to doubt them.
• If audit conditions raise concerns that a document is fake or has undisclosed changes, the auditor shall
investigate further.

Investigation Procedures May Include:

• Confirming the document’s validity directly with third parties.
• Using an expert to assess document authenticity.

Investigating Inconsistent Information

If management and those charged with governance provide inconsistent responses, the auditor shall
investigate the differences.

LO 3: DISCUSSION AMONG THE ENGAGEMENT TEAM:

Auditors must hold a team discussion to assess how fraud might cause material misstatement in the
financial statements.

Purpose of the Discussion

• Identify where and how fraud could occur.
• Share insights among team members, especially from senior auditors.
• Plan audit responses to address fraud risks.
• Reinforce professional skepticism, regardless of trust in management.

LO 4: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:

Inquiries of Management
The auditor shall ask management about:
• Fraud risk assessment – how management evaluates the risk of fraud (frequency, depth, scope).
• Fraud identification and response process – whether specific risks or fraud-prone areas have
been identified.
• Communication with governance – if and how management informs them about fraud risk
processes.
• Communication with employees – what messages management shares about ethics and business
practices.

145
ISAs – Summaries and Application Guide ISA 240

Inquiries of Others Within the Entity

The auditor shall ask both management and others in the entity if they know of any Actual, Suspected, or
Alleged fraud.

Others may include:

• Operating staff not involved in financial reporting,
• Supervisors of complex transactions,
• In-house legal counsel,
• Ethics officers or those handling fraud reports.

Inquiries of Internal Audit Function (if available)

The auditor shall ask internal auditors:
• If they know of any fraud.
• What fraud detection procedures they performed.
• Whether management acted on any internal audit findings.

Oversight and Governance Role

If governance and management are separate, the auditor shall understand how those charged with
governance:
• Oversee fraud risk identification and response,
• Monitor controls management put in place to address fraud risks.

The auditor shall ask if governance is aware of any Actual, Suspected, or Alleged fraud.

Identifying Red Flags and Fraud Risk Indicators

The auditor shall evaluate unusual relationships in analytical procedures, especially in revenue accounts,
as potential fraud indicators.

LO 5: IDENTIFICATION AND ASSESSMENT OF THE RISKS OF MATERIAL MISSTATEMENT DUE

TO FRAUD:

Identifying and Assessing Fraud Risks

The auditor must identify and assess fraud-related risks of material misstatement:
• At the financial statement level
• At the assertion level for classes of transactions, account balances, and disclosures

Presumed Fraud Risk in Revenue Recognition

• The auditor must presume that revenue recognition involves a fraud risk.
• The auditor may rebut the presumption in rare cases e.g. an entity with simple, single-type revenue,
like rental income from a single unit. If rebutted, the auditor must document the reasoning.

Treating Assessed Fraud Risks as Significant

All fraud-related risks of material misstatement are considered significant risks.

146
ISAs – Summaries and Application Guide ISA 240

LO 6: RESPONSES TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT DUE TO FRAUD:

1. Overall Responses at the Financial Statement Level

To address fraud risks at the financial statement level, the auditor must:
• Assign Skilled Personnel
Assign experienced team, supervise them. In high-risk areas, include specialists like forensic or IT
auditors.

• Evaluate Accounting Policies

Review if the entity's accounting choices (especially subjective or complex ones) suggest earnings
management or fraudulent financial reporting.

• Introduce Unpredictability
Add unpredictability to audit procedures (e.g., test less risky accounts, change timing, or visit
locations unannounced). This helps detect fraud when entity staff are familiar with standard audit
routines.

Audit Procedures at the Assertion Level

To respond to specific fraud risks at the assertion level, the auditor must adjust procedures by:
• Changing Nature of Procedures
Choose procedures that offer stronger, more reliable evidence e.g., physical inspections, external
confirmations with detailed terms.

• Modifying Timing
Perform more tests near period-end or throughout the year, depending on when fraud could occur.

• Adjusting Extent
Increase sample sizes, use more detailed analytics, or test entire populations using audit software.

• Focusing on Specific Accounts

Target areas like:
o Inventory quantities and locations.
o Estimates involving valuations, pensions, or restructurings.
o High-risk transactions (e.g., large acquisitions).

Responding to Risks of Management Override of Controls

Management override is a significant fraud risk present in all audits. The auditor must perform these
procedures:

A. Journal Entries and Adjustments

• Test appropriateness of journal entries and adjustments.
• Select entries:
o Made at period-end.
o With unusual characteristics (e.g., round numbers, made by unauthorized staff, posted to
seldom-used accounts).
o Processed outside normal business cycles.
• Use professional judgment to test entries throughout the year, especially if fraud may occur mid-
period.

147
ISAs – Summaries and Application Guide ISA 240

B. Review of Accounting Estimates

• Check for bias in management’s estimates (even if individually reasonable).
• Perform a retrospective review of prior-year judgments to detect patterns.
• Coordinate this with the procedures under ISA 540 on accounting estimates.

C. Evaluating Significant or Unusual Transactions

• Investigate transactions outside the normal course of business.
• Assess if they lack clear rationale or appear overly complex.
• Watch for signs of fraud, such as:
o Undocumented deals.
o Pressure for specific accounting treatment.
o Related parties not properly disclosed.
o Use of weak or unfamiliar third parties.

If the auditor identifies other fraud risks not addressed by the standard procedures above, additional audit
procedures must be designed and performed accordingly.

LO 7: EVALUATION OF AUDIT EVIDENCE:

Auditors must assess audit evidence critically—especially near the end of the audit—to detect potential
fraud-related misstatements.

1. Analytical Procedures at the End of the Audit

• Performed to confirm consistency of financial statements with the auditor’s understanding.
• Unusual trends (e.g., sudden income spikes) may indicate fraud.

2. Assessing Misstatements for Fraud Indicators

• Every misstatement is evaluated to determine if it may be fraud-related.
• Fraud is rarely isolated. Multiple small errors in one location can signal fraud risk.

3. Responding to Suspected Fraud

If management—especially senior management—is involved:
o Reevaluate fraud risk (even if amount is small)
o Modify audit procedures.
o Reassess reliability of prior evidence.
o Consider possible collusion.

4. Material Misstatements Due to Fraud

If fraud causes (or may cause) material misstatement, evaluate the impact on the audit and auditor’s opinion.

LO 8: AUDITOR UNABLE TO CONTINUE THE ENGAGEMENT:

Exceptional Circumstances Triggering Auditor’s Concern
The auditor may question whether to continue the audit if any of the following occur:
• Management or those charged with governance fail to take appropriate action on known fraud,
even if immaterial.
• Audit tests and risk assessment indicate a high risk of material and pervasive fraud.
• The auditor has serious concerns about the integrity or competence of management or
governance.

148
ISAs – Summaries and Application Guide ISA 240

Evaluating the Possibility of Withdrawal

In such exceptional cases, the auditor shall:
• Assess professional and legal responsibilities, including if there's a duty to report the issue to:
o The appointing party, or
o Regulatory authorities.
• Consider withdrawal from the audit engagement, if allowed under applicable law or regulation.

Steps if the Auditor Withdraws

If withdrawal is necessary, the auditor shall:
• Discuss the withdrawal and its reasons with management and those charged with governance.
• Determine legal or professional reporting obligations, which may include reporting to:
o The appointing party, or
o Regulatory authorities.

LO 9: WRITTEN REPRESENTATIONS:
The auditor shall obtain a written statement from management and, where appropriate, from those charged
with governance, confirming:

Responsibility for Internal Controls

They are responsible for designing, implementing, and maintaining internal controls to prevent and detect
fraud.

Fraud Risk Assessment

They have shared with the auditor the results of their assessment of the risk of material misstatement due to
fraud.

Knowledge of Fraud
They have disclosed any known or suspected fraud involving:
• Management,
• Employees with key internal control responsibilities,
• Others whose fraud could materially affect the financial statements.

Allegations of Fraud
They have disclosed any fraud allegations made by Employees, Former employees, Analysts, Regulators, Or
others.

LO 10: COMMUNICATIONS TO MANAGEMENT AND WITH THOSE CHARGED WITH

GOVERNANCE:

Communication with Management

• Required when fraud is identified or suspected (unless law prohibits it).
• Report to the appropriate management level, typically above those involved.
• Communicate even if the fraud seems immaterial.

Communication with Those Charged with Governance

Auditor must communicate when:
• Fraud involves management.
• Fraud involves key internal control personnel.
• Fraud causes a material misstatement.

149
ISAs – Summaries and Application Guide ISA 240

Format and Timing

• Communication may be oral or written.
• For sensitive issues, written communication is recommended.
• Communication should be timely and agreed upon early in the audit.

Legal Restrictions and Judgment

• Some laws may prohibit communication to avoid interfering with investigations.
• The auditor may need to seek legal advice, especially if integrity of management or governance is in
doubt.

LO 11: REPORTING FRAUD TO AN APPROPRIATE AUTHORITY OUTSIDE THE ENTITY:

Auditor’s Responsibility When Fraud Is Identified or Suspected

If the auditor identifies or suspects fraud, the auditor shall assess whether:
• Reporting is required by law, regulation, or ethical standards.
• Reporting is appropriate based on the specific circumstances.

Steps to Determine Whether to Report Externally

This decision often involves complex professional judgment. The auditor may:
• Consult internally within the audit firm or network firm.
• Seek confidential advice from a regulator or professional body, unless this violates laws or
confidentiality rules.
• Obtain legal advice to understand the legal and professional consequences of reporting or not
reporting.

LO 12: DOCUMENTATION:
Auditors must maintain clear and structured documentation regarding fraud risks and responses during the
audit. This includes:

1. Identifying and Assessing Fraud Risks:

• Record key decisions made by the engagement team on fraud risks.
• Document identified and assessed risks at both the financial statement and assertion levels.
• Note any internal controls that address these risks.

2. Responding to Assessed Fraud Risks (ISA 330)

• Describe the overall audit response and link it to the specific fraud risks.
• Detail the nature, timing, and extent of procedures performed.
• Record the results of audit procedures, including responses to the risk of management override.

3. Fraud-Related Communications
Document all communications about fraud with:
o Management
o Those charged with governance
o Regulators or others, if applicable

150
ISAs – Summaries and Application Guide ISA 240

4. Revenue Recognition Fraud Risk Conclusion

If the presumed fraud risk related to revenue recognition is not applicable, clearly document the justification.

APX 1: EXAMPLES OF FRAUD RISK FACTORS:

1. Risk Factors – Fraudulent Financial Reporting

Incentives/Pressures
• Financial instability due to:
o High competition or low margins
o Technological changes or obsolescence
o Declining customer demand or rising failures in the industry
o Losses, bankruptcy risk, or negative cash flows
o Fast growth or unusually high profits compared to competitors
o New regulatory or accounting rules
• Pressure to meet expectations from:
o Investors, analysts, creditors, or other parties
o Financing needs for R&D or capital spending
o Listing requirements or loan covenants
o Pending transactions affected by poor results
• Management’s personal finances at risk:
o Large personal financial interests in the entity
o Compensation linked to performance (bonuses, stock options)
o Personal guarantees on entity debts
• Pressure to hit internal financial targets

Opportunities
• Industry or operations allow fraud through:
o Unusual related-party transactions
o Dominant market position leading to non-arm’s-length deals
o High-use of estimates and judgments
o Complex or last-minute transactions
o Cross-border operations with inconsistent regulations
o Business intermediaries without clear purpose
o Offshore accounts with no clear business reason
• Weak management monitoring:
o One-person control without checks
o Ineffective governance oversight
• Complex or unstable structure:
o Unclear ownership or authority
o Use of complex legal entities
o Frequent changes in leadership or legal counsel
• Control deficiencies:
o Weak monitoring of controls
o High turnover or unqualified staff in finance or IT
o Ineffective systems or reporting processes

151
ISAs – Summaries and Application Guide ISA 240

Attitudes/Rationalizations
• Weak or inappropriate ethical values from management
• Non-financial managers involved in accounting choices
• History of law violations or fraud allegations
• Focus on stock price or earnings trends
• Unrealistic promises to investors or analysts
• Ignoring known control deficiencies
• Manipulating earnings to reduce taxes
• Low morale among leadership
• No separation of personal and business activities
• Disputes among shareholders
• Using materiality to justify borderline accounting
• Strained relationship with auditor, including:
o Frequent disputes
o Unreasonable deadlines
o Restricted access to information
o Controlling or manipulative behavior toward auditors

2. Risk Factors – Misappropriation of Assets

Risk factors for asset misappropriation are also categorized under incentives, opportunities, and
rationalizations. Many overlap with those in fraudulent financial reporting.

Incentives/Pressures
• Personal financial needs of staff with access to assets
• Poor employee relations, such as:
o Expected layoffs
o Cuts in pay or benefits
o Unfair rewards or promotions

Opportunities
• High-risk asset types:
o Large cash amounts
o Valuable or high-demand inventory
o Easily sold items like bearer bonds or tech equipment
o Small, untagged fixed assets
• Weak asset controls:
o Poor segregation of duties or checks
o Lack of oversight on executive expenses
o Weak supervision of remote staff
o Inadequate background checks
o Poor recordkeeping
o Weak approval systems for spending
o No physical safeguards
o Missing reconciliations
o Delayed or missing transaction documentation
o No enforced vacation policies
o Poor IT understanding among management
o Weak access controls over automated systems or logs

152
ISAs – Summaries and Application Guide ISA 240

Attitudes/Rationalizations
• Ignoring the need to monitor fraud risks
• Overriding or ignoring internal controls
• Visible frustration or resentment by staff
• Lifestyle changes suggesting theft
• Tolerance of minor theft

APX 2: EXAMPLES OF POSSIBLE AUDIT PROCEDURES TO ADDRESS THE ASSESSED RISKS OF

MATERIAL MISSTATEMENT DUE TO FRAUD:

Audit Procedures for Both types of Fraud Risks:

Auditors may apply the following procedures depending on the fraud risk:
• Perform surprise audits (e.g., unannounced inventory counts or cash counts).
• Request inventory counts at or near period-end to reduce manipulation.
• Change audit approach (e.g., verbal confirmation with suppliers or customers, target specific
individuals).
• Review adjusting entries for unusual nature or size.
• Investigate unusual or significant transactions, especially near year-end.
• Use substantive analytical procedures on detailed data (e.g., sales trends by location or month).
• Interview employees in high-risk areas to evaluate controls and risk awareness.
• Coordinate with component auditors when subsidiaries or branches are involved.
• Evaluate the work of a management’s expert, or engage another expert, if the expert’s opinion
significantly affects high-risk items.
• Analyze opening balances to assess management’s past judgment on estimates (e.g., allowances).
• Review reconciliations prepared during or before period-end.
• Use data analytics (e.g., data mining) to detect anomalies or outliers.
• Test computer-generated data and system integrity.
• Obtain corroborative evidence from external parties.

Area-specific Procedures for Fraudulent Financial Reporting

A. Revenue Recognition
• Perform analytical procedures using disaggregated data (e.g., monthly or segmental comparisons).
• Use CAATs to detect unusual revenue trends.
• Confirm key contract terms with customers, especially to check for side agreements, rebates, or
return rights.
• Interview sales, marketing, or legal personnel about year-end transactions.
• Observe physical shipment activity or pending returns at period-end and apply cutoff procedures.
• Test IT system controls to ensure revenue is recognized correctly.

B. Inventory Quantities
• Identify high-risk locations or items for focused observation.
• Conduct unannounced inventory counts, or simultaneous counts across all sites.
• Schedule counts at period-end to reduce manipulation risks.
• Intensify observation efforts by checking product content, labeling, and presentation. Use experts
when needed.
• Compare inventory trends across periods or locations.
• Apply CAATs (e.g., sort by tag or serial numbers to detect omissions or duplications).

153
ISAs – Summaries and Application Guide ISA 240

C. Management Estimates
• Use an independent expert to validate estimates.
• Interview non-accounting personnel to confirm management’s intent and ability to execute relevant
plans.

Area-specific Procedures for Misappropriation of Assets

These procedures are usually focused on specific balances or transactions. Examples include:

Cash and Receivables

• Count cash and securities near year-end.
• Confirm customer balances and activity, including returns and payment dates.
• Analyze recovered written-off accounts.

Inventory
• Analyze shortages by product or location.
• Compare inventory ratios with industry norms.
• Review support for changes to perpetual inventory records.

Payroll and Vendor Fraud

• Match vendor and employee details (e.g., addresses or phone numbers) to detect conflicts.
• Search payroll for duplicate employee IDs, addresses, or bank accounts.
• Review inactive personnel files for red flags (e.g., no evaluations).

For Other Incomes/Expenses:

• Analyze sales returns and discounts for unusual trends.
• Confirm contract terms directly with third parties.
• Verify that contracts are performed as agreed.
• Review large or unusual expenses for justification.
• Check approval and balances of management or related party loans.
• Review management expense reports for propriety.

APX 3: EXAMPLES OF CIRCUMSTANCES THAT INDICATE THE POSSIBILITY OF FRAUD:

1. Discrepancies in Accounting Records

• Transactions recorded late, incompletely, or with incorrect amounts, periods, classifications, or
policies.
• Unsupported or unauthorized account balances or transactions.
• Last-minute adjustments that significantly impact financial results.
• Employees accessing systems or records beyond their authorized roles.
• Tips or complaints to the auditor alleging fraud.

2. Conflicting or Missing Evidence

• Missing documents.
• Documents that seem altered.
• Only photocopies or electronic versions available when originals are expected.
• Unexplained items in reconciliations.
• Unusual changes in the balance sheet or key financial ratios, such as receivables increasing faster
than revenue.
• Vague, inconsistent, or implausible responses from management or staff during inquiries or
analytical procedures.

154
ISAs – Summaries and Application Guide ISA 240

• Differences between the entity’s records and confirmation replies.

• Many credit entries or adjustments in accounts receivable.
• Differences between sub-ledgers and control accounts or between customer statements and sub-
ledgers.
• Missing cancelled checks when normally returned with bank statements.
• Missing significant inventory or assets.
• Missing or inconsistent electronic evidence, contrary to record retention policies.
• Fewer or more confirmation responses than expected.
• No evidence of testing or implementation for key system changes in the current year.

3. Unusual Auditor–Management Relationships

• Management denies access to records, facilities, employees, or third parties needed for evidence.
• Management imposes undue pressure to resolve complex issues quickly.
• Management complains about the audit or intimidates audit team members, especially when auditors
assess critical evidence or address disagreements.
• Delays in providing requested information.
• Refusal to provide auditor access to key electronic files for computer-assisted audit techniques.
• Denial of access to IT staff or facilities, including security and systems personnel.
• Refusal to update disclosures to improve clarity and completeness.
• Delay in correcting identified internal control deficiencies.

4. Other Warning Signs

• Management refuses to let the auditor meet privately with those charged with governance.
• Use of accounting policies that differ from industry norms.
• Frequent changes in accounting estimates without valid reasons.
• Management tolerates violations of the entity’s code of conduct.

155
 ISAs – Summaries and Application Guide ISA 315

ISA 315
RISK ASSESSMENT

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A10

LO 2 RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES 13 – 18 A11 – A47
OBTAINING AN UNDERSTANDING OF THE ENTITY AND
LO 3 19 – 27 A48 – A183
INTERNAL CONTROL
IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL
LO 4 28 – 37 A184 – A236
MISSTATEMENT
LO 5 DOCUMENTATION 38 A237 – A241
APX 1 CONSIDERATIONS FOR UNDERSTANDING THE ENTITY AND ITS BUSINESS MODEL
APX 2 UNDERSTANDING INHERENT RISK FACTORS
APX 3 UNDERSTANDING THE ENTITY’S SYSTEM OF INTERNAL CONTROL
APX 4 CONSIDERATIONS FOR UNDERSTANDING AN ENTITY’S INTERNAL AUDIT FUNCTION
APX 5 CONSIDERATIONS FOR UNDERSTANDING INFORMATION TECHNOLOGY (IT)
APX 6 CONSIDERATIONS FOR UNDERSTANDING GENERAL IT CONTROLS

156
ISAs – Summaries and Application Guide ISA 315

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Objective:
The objective is to identify and assess risks of material misstatement—whether from fraud or error—at
both the financial statement and assertion levels.

Key Concepts from ISA 200

Audit risk includes:
• Risks of material misstatement (inherent + control risk)
• Detection risk

Levels of Risk
• Financial Statement Level: Risks affecting the entire set of financial statements.
• Assertion Level: Risks linked to specific classes of transactions, account balances, or disclosures.

Inherent Risk vs. Control Risk

• Inherent risk: Risk of misstatement without considering controls.
• Control risk: Risk that internal controls fail to prevent or detect misstatements.

Scalability of ISA 315

This ISA applies to all entities, whether small or large, whether less or more complex.

Definitions of Key Terms:

Term Definition
Representations by management in financial statements. Used to identify and assess
Assertions
misstatements.
Business Risk Risks that affect an entity’s ability to achieve objectives or implement strategies.
Controls Policies and procedures established to achieve management’s control objectives.
General IT Controls over IT processes to ensure proper and consistent functioning of IT systems
Controls and data integrity.
Includes IT applications, infrastructure, processes, and personnel supporting the
IT Environment
entity’s operations.
Significant Risk A risk with high inherent risk or deemed significant under other ISAs.

LO 2: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:

Purpose of Risk Assessment Procedures

The auditor shall design and perform risk assessment procedures to:
• Identify and assess risks of material misstatement due to fraud or error at both financial statement
and assertion levels.
• Design further audit procedures as required by ISA 330.

157
ISAs – Summaries and Application Guide ISA 315

Required Risk Assessment Procedures

The auditor shall include the following procedures:

• Inquiries of management, internal auditors, and other relevant personnel.

o Examples: Ask management, legal counsel, marketing, IT, sales, and risk management.
o Use internal audit function (if present) to understand risks and internal controls.

• Analytical procedures to detect unusual trends or inconsistencies.

o Use automated tools and techniques (e.g., data analytics) to handle large datasets.
o Use both financial and non-financial data (e.g., sales per square foot).

• Observation and inspection of operations, documents, and physical assets.

o Use tools like drones for remote asset observation.

Use of Information from Other Sources

The auditor shall consider information from:
• Client acceptance or continuance procedures.
• Other engagements performed by the engagement partner for the same entity.

When using prior audit information (e.g. evidence, misstatements, deviations), the auditor shall evaluate
whether it remains relevant and reliable.

Engagement Team Discussion

The engagement partner and key team members shall discuss:
• The applicable financial reporting framework.
• How the financial statements could be materially misstated.

The engagement partner shall decide what to communicate to team members not involved in the discussion.

LO 3: OBTAINING AN UNDERSTANDING OF THE ENTITY AND INTERNAL CONTROL:

Understanding the Entity and Its Environment, and the Applicable Financial Reporting Framework

The auditor shall perform risk assessment procedures to obtain understand of entity’s following aspects:

1. Understanding the Entity and Its Environment:

Element Explanation
Organizational Structure
• Understand complexity (e.g., subsidiaries, divisions)
• Legal vs. operational structure
• Related party relationships
Structure, Ownership, and
Governance Structure
Governance
• Identify distinction between management and those charged with
governance
• Presence of audit committees or board sub-groups
• Oversight of financial reporting

158
ISAs – Summaries and Application Guide ISA 315

Why It Matters
• Business risks often impact financial reporting
• Strategy and operations shape accounting estimates and disclosures
Business Model and
Risks to Consider
Strategic Objectives
• New products or markets
• Regulatory challenges
• Failure to adapt
• Management incentives and pressures

Industry Factors
• Demand, competition, seasonality, technology

Regulatory Factors
Industry, Regulatory, and • Legal and tax compliance
External Factors • Environmental and government policies
• Sector-specific rules

Other External Factors

• Economic trends, interest rates, inflation, or currency risk

Why It Matters
• Performance targets can create pressure
• May indicate possible misstatements or management bias
Measures Used to Assess
Financial Performance Common Measures
• KPIs, ratios, budgets, variance analysis
• Incentive plans
• External comparisons

Note: Performance review ≠ Control Monitoring

Performance measures assess results; control monitoring evaluates control effectiveness.

2. Understanding the Applicable Financial Reporting Framework:

Key Areas to Understand

• Accounting principles and industry practices
• Revenue recognition
• Financial instruments and credit loss provisions
• Foreign currency transactions.
• Complex or emerging areas (e.g., cryptocurrency)

Accounting Policies
• Review policy selection, application, and changes
• Evaluate how the framework applies in current conditions

Example: Business combinations may result in change in policies, or new disclosures.

159
ISAs – Summaries and Application Guide ISA 315

3. Understanding Inherent Risk Factors:

Why They Matter
• These factors increase the likelihood or magnitude of misstatements.
• Help identify Risk of Material Misstatement at assertion level

Key Factors
• Complexity, subjectivity, and uncertainty increase susceptibility.
• Such situations need more professional skepticism.

Example: Accounting estimates based on subjective assumptions are high-risk.

Understanding the Components of the Entity’s System of Internal Control

1. Control Environment
The auditor must understand the control environment relevant to the preparation of financial statements.
This includes:
• How management enforces integrity, ethical values, and oversight responsibilities.
• The independence and oversight provided by those charged with governance.
• Assignment of authority and responsibility across the entity.
• How the entity hires, trains, and retains competent staff.
• How the entity holds staff accountable for their duties.

The auditor evaluates whether:

• Management promotes a culture of honesty and ethics.
• The control environment supports the functioning of other internal control components.
• Any control deficiencies in the environment undermine other controls.

2. Risk Assessment Process

The auditor must understand how the entity:
• Identifies risks related to financial reporting.
• Assesses the significance and likelihood of those risks.
• Develops responses to address them.

The auditor evaluates if the risk assessment process is suitable for the entity’s size and complexity. If the
auditor identifies risks not recognized by management, the auditor must find out why management’s process
failed and consider its impact on audit procedures.

3. Monitoring the System of Internal Control

The auditor must understand how the entity monitors its internal controls. This includes:
• Ongoing or periodic evaluations of control effectiveness.
• Identifying and correcting deficiencies.
• The role, scope, and responsibilities of the internal audit function, if it exists.
• Sources of monitoring information and whether they are reliable.
The auditor evaluates whether the monitoring process is adequate for the entity’s nature and complexity.

160
ISAs – Summaries and Application Guide ISA 315

4. Information System and Communication

The auditor must understand:
• How transactions and other financial data flow through the system—from initiation to recording and
reporting.
• How the entity maintains accounting records and prepares financial statements.
• The IT environment and resources used to support these processes.
• How responsibilities and financial reporting roles are communicated within the entity and to
external parties.

The auditor evaluates whether the system and communication processes support reliable financial reporting.

5. Control Activities
The auditor must identify and understand controls that address the risk of material misstatement at the
assertion level. This includes:
• Controls over significant risks and journal entries.
• Controls the auditor plans to test for effectiveness.
• Other relevant controls based on professional judgment.

The auditor also identifies IT applications and general IT controls that address risks arising from the use of
IT. This involves understanding:
• Risks related to unauthorized access or program changes.
• Whether the entity relies on general IT controls for accurate financial reporting.
• How management configures and manages IT systems.

The auditor evaluates whether the controls are designed effectively and have been implemented. If not,
testing them is not useful. For automated controls, testing general IT controls may be more appropriate than
testing each control directly.

Control Deficiencies
After evaluating all components, the auditor determines if there are any control deficiencies. If deficiencies
are found, the auditor:
• Considers how they affect audit procedures.
• Assesses whether they are significant.

Examples of significant deficiencies include:

• Fraud involving senior management.
• Ignored internal audit findings.
• Repeated failures to fix known problems.
• Lack of response to significant risks.
• Restatements of prior financial statements.

161
ISAs – Summaries and Application Guide ISA 315

LO 4: IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT:

The auditor shall identify risks of material misstatement at two levels:

• At the financial statement level, where risks may affect overall financial reporting.
• At the assertion level, where risks relate to specific classes of transactions, account balances, or
disclosures.

Assessing Risks at the Financial Statement Level

For risks identified at the financial statement level, the auditor shall:
• Assess whether these risks influence risks at the assertion level.
• Evaluate their overall impact on the financial statements.

These risks are often pervasive and may arise from management override, fraud risk, weak internal controls,
or uncertain going concern situations.

Assessing Risks at the Assertion Level

The auditor shall assess inherent risk by evaluating the likelihood and potential size of misstatements. This
includes:
• How inherent risk factors make certain assertions more prone to misstatement.
• How financial statement level risks affect assertion-level risks.

The auditor shall identify any significant risks that require special audit attention and determine if
substantive procedures alone can provide sufficient evidence. If not, the auditor shall plan to test relevant
controls.

Assessing Inherent Risk

Inherent risk depends on both how likely a misstatement is and how large it could be. The higher this
combination, the higher the inherent risk.

The auditor considers:

• The complexity and subjectivity of accounting treatments.
• The presence of management bias or fraud risk factors.
• How changes in the business or accounting systems increase susceptibility to misstatement.

Determining Significant Risks

Significant risks lie at the upper end of the inherent risk spectrum. The auditor shall:
• Identify and evaluate controls addressing significant risks.
• Plan and perform targeted substantive procedures.
• Communicate significant risks to those charged with governance.
• In group audits, ensure proper direction and involvement of component auditors.

Examples include goodwill impairment, complex estimates, or accounting for unusual transactions.

162
ISAs – Summaries and Application Guide ISA 315

6. Risks Requiring More Than Substantive Procedures

Some risks cannot be addressed by substantive procedures alone. These include:
• Highly automated processes with no manual oversight.
• Systems where data is only available electronically.
• Complex or integrated IT systems where evidence of transactions isn’t visible.

In such cases, the auditor must test operating effectiveness of controls to obtain sufficient audit evidence.

Material But Not Significant Items

Some items may be material to users but not significant in terms of audit risk. Examples include:
• Executive compensation disclosures.
• Share-based payments.

The auditor shall evaluate whether these remain appropriately classified and plan suitable audit procedures.

Revising Risk Assessments

If the auditor obtains new or inconsistent information during the audit, the auditor must revise risk
assessments.

Examples include:
• Controls that were expected to work but failed during testing.
• Misstatements found during procedures that are larger or more frequent than expected.

In such cases, the auditor must adjust planned procedures and address updated risks effectively.

LO 5: DOCUMENTATION:

The auditor shall document the following:

(a) Discussions among the engagement team and key decisions made.
(b) Key elements of understanding, sources of that understanding, and risk assessment procedures
performed.
(c) Evaluation of control design and confirmation of control implementation.
(d) Identified and assessed risks of material misstatement at both financial statement and assertion levels,
including:
• Significant risks
• Risks where substantive procedures alone are not enough
• Rationale behind significant judgments

163
ISAs – Summaries and Application Guide ISA 315

APX 1: CONSIDERATIONS FOR UNDERSTANDING THE ENTITY AND ITS BUSINESS MODEL:

Auditors must understand how the entity operates to identify risks that may lead to material misstatements
in the financial statements.

What is a Business Model?

• Explains how the entity creates value through its operations, structure, strategy, and resources.
• Covers activities like production, sales, financing, and investing.

Why It Matters to Auditors

• Helps auditors spot business risks that may affect financial reporting.
• Supports the assessment of risks like valuation errors, going concern issues, or credit losses.

What Auditors Look At

• Operations: Products, revenue sources, markets, customer and supplier info.
• Investments: Acquisitions, loans, partnerships.
• Financing: Ownership, debt, use of derivatives.
• Technology: How IT supports business and reporting.

Special-Purpose Entities (SPEs)

• Created for specific tasks (e.g., leases, R&D).
• May involve asset transfers or financing.
• May require consolidation depending on control rules.

APX 2: UNDERSTANDING INHERENT RISK FACTORS:

What Are Inherent Risk Factors?

Inherent risk factors are characteristics of events or conditions that make an assertion more likely to be
misstated—before considering internal controls. These factors include:
 Complexity Occurs when financial information is hard to prepare due to complicated processes or
data.
 Subjectivity Arises when management must use judgment because clear or complete data is not
available.
 Change Results from shifts in business, accounting rules, or the external environment that affect
financial reporting.
 Uncertainty Exists when precise data is unavailable, requiring estimates based on assumptions.
 Management Bias or Fraud Risk Refers to the risk of misstatements due to intentional or
unintentional bias or fraud by management.

164
ISAs – Summaries and Application Guide ISA 315

Examples Indicating Inherent Risk (by Risk Factor)

Inherent Risk
Examples Indicating Risk of Material Misstatement
Factor
- Complex regulations
- Complex alliances or joint ventures
Complexity
- Off-balance sheet financing
- Special-purpose entities
- Multiple valid methods for depreciation or revenue recognition
Subjectivity
- Choice of valuation models for assets
- Operating in unstable economies
- Customer loss, supply chain changes
Change - Expanding to new regions
- Installing new IT systems
- Regulatory investigations
- Estimates with uncertain outcomes
Uncertainty - Pending litigation or warranties
- Environmental obligations
- Omission or misstatement in disclosures
Management Bias / - Related party transactions
Fraud Risk - Unusual or large transactions near period end
- Transactions based on intent (e.g., classification decisions)

APX 3: UNDERSTANDING THE ENTITY’S SYSTEM OF INTERNAL CONTROL:

5 Components of the System of Internal Control

A. Control Environment
Sets the foundation and culture for the entire system.

Key Elements:
1. Integrity and Ethical Values
o Management establishes and communicates standards through policies and actions.
o Eliminates incentives for unethical behavior.
2. Governance Oversight
o Those charged with governance must be independent and informed.
o Oversee the system, including whistleblower policies.
3. Assignment of Authority and Responsibility
o Clear roles, reporting lines, and business practice policies.
o Staff understand objectives and accountability.
4. Competence of Personnel
o Hiring based on skills, experience, ethics.
o Ongoing training and performance reviews support development.
5. Accountability
o Performance monitored and corrective actions enforced.
o Performance incentives and consequences aligned with objectives.

Note: The design and application vary based on the entity’s size, complexity, and operations.

165
ISAs – Summaries and Application Guide ISA 315

B. Risk Assessment Process

Identifies and assesses risks to achieving objectives.
Steps:
• Identify business risks that affect financial statements.
• Estimate significance and likelihood.
• Decide on responses to manage risks.
Examples of Risk Triggers:
• Changes in operations, IT, personnel, or regulations.
• Rapid growth, restructuring, or entering new markets.
• Use of new technology or business models.
• Adoption of new accounting standards or IT risks.

C. Monitoring the System of Internal Control

Ensures controls remain effective over time.
Types of Monitoring:
• Ongoing Activities: Built into daily operations (e.g., management reviews).
• Separate Evaluations: Periodic internal audit reviews.
Monitoring Activities May Include:
• Verifying timely reconciliations.
• Checking compliance with policies.
• Using external feedback (e.g., customer complaints or regulator input).
Automated Monitoring Example:
• System flags unusual access; management investigates manually.
Monitoring vs Control Activity:
• Control fixes an error (e.g., correcting reconciliation).
• Monitoring analyzes why errors occur and prevents future ones.

D. Information System and Communication

Supports transaction processing and financial reporting.
Key Features:
• Records transactions, events, and conditions.
• Handles overrides and corrections.
• Transfers data to ledgers and disclosures.
• Ensures complete and accurate reporting.
Business Processes Covered:
• Sales, purchases, production, compliance, and data recording.
Communication:
• Includes manuals, memos, electronic updates, and management behavior.
• Ensures personnel know their roles and how to report issues.

E. Control Activities
Policies and procedures to ensure management directives are carried out.
Examples:
1. Authorizations and Approvals
o Validates transactions (manual or automated).
o Example: Supervisor reviews expenses or system flags invoices.
2. Reconciliations
o Compares data sets to confirm accuracy.
3. Verifications
o Compares items to policies, triggering follow-up if mismatched.

166
ISAs – Summaries and Application Guide ISA 315

4. Physical and Logical Security

o Secures assets and restricts access.
o Includes physical counts and IT access controls.
5. Segregation of Duties
o Different people authorize, record, and safeguard assets.
o Prevents fraud by reducing control concentration.
Smaller entities may use alternative controls if segregation is impractical (e.g., independent reviews).
6. Supervisory Controls
o High-level oversight of significant transactions.
o Some may require shareholder or board approval.

Limitations of Internal Control

• Internal control provides reasonable, not absolute, assurance.
• Limitations include:
o Human error or poor judgment.
o Misuse of reports due to misunderstanding.
o Collusion or management override (e.g., side agreements, disabling IT checks).
o Decisions to accept certain risks or limit controls due to cost.

APX 4: CONSIDERATIONS FOR UNDERSTANDING AN ENTITY’S INTERNAL AUDIT FUNCTION:

Role of Internal Audit in the Monitoring of Internal Control

When internal audit work relates to financial reporting, it may help auditors adjust the nature, timing, or
extent of audit procedures.

Auditor Inquiries and Use of Internal Audit Insights:

If an entity has internal auditors, auditors should ask them questions. Internal auditors may identify control
deficiencies or risks useful for assessing risk of material misstatement.

If internal audit findings relate to financial reporting, the auditor may review their Reports to management or
those charged with governance.

Management’s Response to Internal Audit

Auditors should assess how management responds to internal audit findings on control deficiencies related
to financial reporting.

APX 5: CONSIDERATIONS FOR UNDERSTANDING INFORMATION TECHNOLOGY (IT):

Understanding IT in the System of Internal Control

a. How IT Affects Internal Control
• IT is part of the entity’s system of internal control—alongside manual processes.
• IT influences how financial data is processed, stored, and communicated.
• Each component of internal control may use some level of IT.

167
ISAs – Summaries and Application Guide ISA 315

b. Benefits of Using IT in Internal Controls

IT helps the entity:
• Apply business rules and perform complex calculations consistently.
• Improve speed, availability, and accuracy of information.
• Support data analysis and monitoring.
• Strengthen segregation of duties through access controls.
• Reduce chances of controls being bypassed.

2. Automated vs. Manual Controls

• Automated controls are more reliable and efficient, especially for high-volume or recurring
transactions.
• Less prone to error and harder to override than manual controls.

3. Understanding the Information System

• The auditor assesses how transactions are initiated, processed, and reported.
• Involves evaluating IT applications, infrastructure, and data sources.

4. Types of IT Environments
• IT environments range from simple (non-complex software) to complex (custom ERPs).
• Complexity affects the extent of automation, data volume, integration, customization, and risk.

5. Emerging Technologies
• Entities may use tools like AI, blockchain, or robotics to improve operations or reporting.
• These technologies introduce new IT risks.
• Auditor’s responsibilities under ISA 315 remain the same.

6. Scalability
• Less complex entities: Use standard software, limited IT personnel.
• Complex entities: Use customized systems and require dedicated IT support.

7. Identifying IT Applications with Audit Relevance

• Auditor focuses on applications relied upon for financial processing and automated controls.
• Determines if those applications are subject to IT-related risks.

8. System-Generated Reports as Audit Evidence [e.g. Receivable aging, inventory valuation]

• Auditor evaluates controls over report preparation, with particular focus on Input and Output.

9. End-User Computing Tools (e.g., Spreadsheets)

• These tools are not formal IT applications.
• Controls are often weak or informal.
• Auditor may test:
o Data input and output controls.
o Logic verification (e.g., reconciling data, formula checks).
o Use of spreadsheet integrity tools.

10. Common IT Risks

• Inaccurate data processing.
• Unauthorized access or changes.
• Weak segregation of duties.
• Manual overrides.
• Data loss or unavailability.

168
ISAs – Summaries and Application Guide ISA 315

APX 6: CONSIDERATIONS FOR UNDERSTANDING GENERAL IT CONTROLS:

Key IT Processes and Related General IT Controls

1. Access Management

Risk General IT Control (How the Risk is Managed)

- Access rights are approved by management based on job roles.
Users have too much access, which - Periodic review of user access.
may lead to improper segregation of
- Terminated users’ access is removed quickly.
duties.
- Conflicting roles are monitored and controlled.
- Only authorized users can access or modify data directly.
Unauthorized direct access to
financial data. - Access is granted based on job responsibilities and approved by
management.
System settings are not secure or - Access requires unique user IDs and passwords.
updated. - Passwords follow company standards (e.g., complexity, expiration).

2. Change Management:

Risk General IT Control (How the Risk is Managed)

- Changes are tested and approved before going live.
Unauthorized or incorrect
- Development and production environments are separated.
application changes.
- Only approved users can move changes to production.
Unauthorized or incorrect database
- Database changes are tested and approved before deployment.
changes.
Improper system software updates
- Software changes are reviewed, tested, and approved before
(e.g., OS, networks, security
implementation.
software).
Data errors during system or data - Management approves and reviews results of conversions (e.g.,
conversion (e.g., from legacy balancing, reconciliation).
systems). - Conversion follows established policies and procedures.

3. IT Operations:

Risk General IT Control (How the Risk is Managed)

- Users authenticate via IDs and passwords.
Weak network security could allow - Passwords follow security standards.
unauthorized access. - Network is segmented between public and internal areas.
- Regular scans and alerts detect threats.
Financial data cannot be recovered
- Regular backups are performed based on a defined schedule.
in time if data is lost.
Scheduled jobs may process data - Only authorized users can modify job schedules.
incorrectly or without authorization. - Critical jobs are monitored and errors are resolved quickly.

169
ISAs – Summaries and Application Guide ISA 315

APX: FREQUENTLY TESTED RISKS IN CASE STUDIES AND THEIR RESPONSES:

SALES ***
*** Similar approach is applicable on Purchases.

Occurrence of Sales:
Circumstances which increases risk:
 Unusual growth of sales
 Bonus on achievement of sale target

Evaluation of Risk Key Audit Procedures

 Perform tests of controls over recording of revenue.
 Checked sales recorded at year end and credit notes issued after the year
Revenue may be overstated to meet end, to assess whether these have been recorded in appropriate periods.
expectations or targets.  For sales recorded during the year, select a sample of significant sales
recorded, and inspect sales orders, sales invoices, GDN and other underlying
documents.

Completeness of Sales:
Circumstances which increases risk:
 Unusual decrease in sales

Evaluation of Risk Key Audit Procedures

 Select a sample of Goods Desptach Notes and check their recording in sales
There is a risk that some of the goods
account.
despatched may not have been
 Perform cut-off test on sales.
recorded.
 Send confirmation letters to major debtors with low balance.

Accuracy of sales:
Income is received (or expense is paid) in advance:

Evaluation of Risk Key Audit Procedures

 Perform tests of controls to ensure that cash received is recorded as
Income may be recorded when cash is
deferred revenue, and subsequently recorded as sales when risks and
received, instead of when risk and
rewards are transferred.
rewards are transferred.
 Perform cut-off tests on sales.

170
ISAs – Summaries and Application Guide ISA 315

INVENTORY

Valuation of inventory:
Circumstances which increases risk:
 Decrease in sales/demand (due to change in fashion/technology or launch of new products)
 Long-standing inventory/increase in inventory turnover ratio
 Defective goods in inventory
 Cost of production increases, or Sale price decreases.
 If product is malfunctioning,
 New products are launched by company or competitor.
 Contract of specialized inventory is cancelled or customer goes bankrupt.
 Defective goods returned by customers.

Evaluation of Risk Key Audit Procedures

 Inquire client about calculation of NRV of inventory, and check
reasonableness of the basis of calculations (e.g. subsequent sale price of
inventory).
Due to ______, there is risk that NRV of  Obtain the aging analysis of inventory. Test its accuracy and identify any
inventory may be lower than its cost. slow-moving/obsolete inventory which needs to be written down to its
NRV.
 Compare NRV of each inventory item to its cost.
 Physical verification for damaged items.

Existence of Inventory:
Circumstances which increases risk:
 Inventory is held at various locations or
 Inventory is held with third party or

Evaluation of Risk Key Audit Procedures

 Select a sample of locations to be physically inspected by auditor.
Conduct simultaneous stock checking for selected locations.
It is difficult to verify existence and
 For locations not selected for stock-count, compare inventory level
completeness of inventory if ……………
with previous periods. Obtain working papers of internal auditors, if
relevant.

FIXED ASSETS

Additions to fixed assets:

Circumstances which increases risk:
 Major fixed assets purchased during the year.
 Significant capital expenditures incurred during the year.

Evaluation of Risk Key Audit Procedures

 Check approval of fixed assets acquired purchased or capital
expenditure incurred during the year.
 Perform tests of details on additions to PPE, and perform physical
There may be misclassification
verification of PPE acquired.
between capital and revenue
 Select a sample of cost incurred, and check with supporting
expenditure. Further, there may also be
documents to ensure expense has been properly classified.
implications on depreciation expense
 Inspected supporting documents to ensure it has been capitalized
because of this misclassification.
from date when asset was ready for intended use.
 Assessed reasonableness of useful life of fixed asset.
 Tested calculation of depreciation expense.
171
ISAs – Summaries and Application Guide ISA 315

Revaluation of PPE:
Circumstances which increases risk:
 Revaluation policy adapted by management.

Evaluation of Risk Key Audit Procedures

Process of valuation is a highly  Assessed competence, capability and objectivity of expert.
complex and judgmental process which  Obtained revaluation report from valuer and check source data,
involves assumptions and methods assumptions and methodologies used, and conclusions.
affected by future economic and  Ensured that revaluation is properly accounted for and disclosed in
market conditions. financial statements.

Impairment of Machinery:
Circumstances which increases risk:
 Decrease in sales/demand of inventory
 Faults in production process (e.g. increase in scrap/wastage of inventory during production)
 Destroyed or Unused or Under-utilized Fixed Assets.

Evaluation of Risk Key Audit Procedures

 Ask management to carry out impairment review.
Due to ____, Value in use of asset may
 Obtain working of client relating to impairment and review source data and
have decreased which is an indication
assumptions to check their reasonableness.
of impairment.
 Consider involving use of expert to verify working of impairment loss.

Classification as Non-current assets held for sale under IFRS – 5:

Circumstances which increases risk:
 Closure of a factory

Evaluation of Risk Key Audit Procedures

 Read minutes of board meeting to check approval to sell assets.

Due to closure of a factory, there may
 Review steps taken by management to sell the assets e.g. any
be non-current assets held for sale.
correspondence or agreement with prospective buyer.
This is a non-routine transaction,
 Check whether non-current assets held for sale are
involving significant management
o Measured at lower of carrying amount and fair value less costs to sell.
judgments. Further, there are also
o Presented separately in balance sheet under Current Assets.
requirements regarding determination
o No more depreciated.
of fair value, presentation and
 Obtain valuation report of expert to confirm fair value of assets.
disclosures relating to assets held for
 Check that discontinued operations are separately presented, and disclosed.
sale.

DEBTORS

Valuation of debtors:
Circumstances which increases risk:
 Increase in Debtors’ turnover ratio
 Increase in Debtors/Receivables
 Dispute with debtors

Evaluation of Risk Key Audit Procedures

 Obtain understanding and test internal controls over debtors (e.g. approval
and review of credit limit, receivables’ aging report, and credit period).
Receivables have become doubtful and
 Checked subsequent receipts of cash.
full recovery is not expected.
 Assess appropriateness of provision for bad debts by comparing it with
previous years, with industry and with subsequent status.

172
ISAs – Summaries and Application Guide ISA 315

Valuation of Foreign Currency Receivables/Payables:

Circumstances which increases risk:
 Imports and Exports

Evaluation of Risk Key Audit Procedures

 If there are goods in transit at year end, inspect their respective purchase
orders and ensure that rights and rewards have been transferred in respect
Changes in rates of FCY at year end of inventory.
may not be recorded, or may be  Perform tests of controls to ensure that appropriate exchange rates are used
wrongly recorded in Purchases/Sales in translation of foreign currency.
instead of charging as income/expense  Ensure that any gain/loss on closing balances of foreign currency are
in P & L. correctly recognized as per IFRS.
 Review the insurance policies at year end to ensure they Goods-in-transit are
adequately covered.

CREDITORS

Completeness of creditors:
Circumstances which increases risk:
 Decrease in creditors’ ratio.
 Decrease in creditors.

Evaluation of Risk Key Audit Procedures

 Send confirmation letters to major creditors having low balance.
 Perform cut-off test on purchases.
Decrease indicates understatement of  Review pending Goods Received Note, to identify any purchase not
creditors. recorded.
 Review significant payments made after the year to identify if any payment
relates to current year.

PROVISIONS

Provision for warranty:

Circumstances which increases risk:
 Company provides warranty to its customers.
 Increase in warranty period/complains.
 Malfunctioning of products
 Not in alignment with sales

Evaluation of Risk Key Audit Procedures

Estimated expense for provision of  Review warranty claims after the year.
warranty may not be reasonable  Review client’s working for warranty provision, and check appropriateness
considering warranty period, level of of assumptions in the current situations.
sales, or complains by customers.  Consider need to engage an expert to calculate warranty provision.

Provision for restructuring/ staff termination:

Circumstances which increases risk:
 Closure of a factory.

Evaluation of Risk Key Audit Procedures

 Obtain working papers prepared by client for restructuring provision.
Due to announcement of closure of a  Obtain list of redundant employees and ensure all of them are included in
factory before year-end, there is a risk calculation.
that restructuring provision is not  Inquire from terminated employees/labour union regarding agreed
appropriately recorded in respect of termination payments.
employees who were made redundant.  Inspect appointment letters.

173
ISAs – Summaries and Application Guide ISA 315

Provision for Onerous contracts:

Circumstances which increases risk:
 Loss making non-cancellable contracts

Evaluation of Risk Key Audit Procedures

 Review the sale agreement to confirm sale price.
 Review purchase agreement and other components of cost to confirm the
Management may not have recorded
purchase price.
appropriate amount of loss on non-
 Ensure cost exceeds sale price.
cancellable contract.
 Review sale agreement to confirm if there is any right to cancel the
agreement and any penalty clause.

Provision for Legal cases:

Circumstances which increases risk:
 unfair dismissal of staff
 serious accident damaging environment or injuring people
 malfunctioning of product

Evaluation of Risk Key Audit Procedures

 Circularize confirmation to company’s external legal consultants for their
views on pending litigations, and discussed the rationale and justification of
There is judgment involved to assess their views.
the outcome (i.e. level of provisions  Use our own legal expert to consider the level of provision required
and disclosures) of pending litigations. considering nature of case, legal precedents, and company’s
Complete provision or disclosure may correspondence with opponents.
not have been recorded by client.  Analyze significant changes from prior period.
 Assess the adequacy of disclosures related to pending litigations in notes to
the accounts.

INTANGIBLE ASSETS

Existence and Valuation of Goodwill:

Circumstances which increases risk:
 Business purchased during the year.

Evaluation of Risk Key Audit Procedures

For recognition:
 Inspect the sale agreement and agree cost of acquisition paid to cash book
Goodwill may not have been
and bank statement, and
recognized and measured at
 Inspect due-diligence report for the acquisition, and ensure that all
appropriate amount.
identifiable assets have been included and are reasonably valued.
Further, annual testing of impairment
For impairment testing:
of goodwill is a highly complex and
 Evaluate appropriateness of assumptions (e.g. sales volume, prices,
judgmental process
operating cost, growth rates) by comparing with our own assessment based
on our knowledge of client and industry.

174
ISAs – Summaries and Application Guide ISA 315

Recognition of Development Cost:

Circumstances which increases risk:
 Product developed/launched during the year.

Evaluation of Risk Key Audit Procedures

 Ensure that development cost is recognized only if criteria is met as
required by IAS – 38.
 Discuss the project with management to assess the feasibility of the project,
There may be misclassification
and obtain representation from management regarding intention to
between Research and Development
complete the project.
costs. Further, development cost may
 For a sample of costs, inspect supporting documents e.g. development
not have met recognition criteria.
contracts, billing and timesheets
 Review development cost to verify that cost is appropriately classified and
does not include research expenses.

YOU ARE APPOINTED THIS YEAR (FIRST YEAR OF AUDIT)

Risk (What) and Explanation (Why) Key Audit Procedures (How)

Opening Balances:
 Review predecessor auditor’s working papers (if applicable).
There may be misstatements in
 Evaluate whether audit procedures performed in current year provide
opening balances, and balances may
evidence about opening balances.
not be correctly brought forward.
 Perform specific procedures to verify opening balances (e.g. review of
Further, accounting policies may not be
previous period's accounting records).
consistently applied.

GOING CONCERN UNCERTANITY

Going Concern Uncertainty:

Circumstances which increases risk:
 Loss during the year,
 Bankruptcy of major customer.
 Adverse key financial ratios (e.g. Current ratio, Quick-asset ratio, Debt-equity ratio)
 Ceased substantial manufacturing activities
 Serious accident damaging environment or injuring people

Evaluation of Risk Key Audit Procedures

 Inquire management about its plan to resolve the liquidity issues.
 Review management’s plan and analyze the assumptions used by
There is a risk that entity may not be
management to ensure their reasonableness.
able to continue as a going concern.
 Ensure proper disclosure in management regarding material
uncertainty.

RISK OF FRAUD

Risk of Overstatement of Revenue/ Understatement of expenses:

Circumstances which increases risk:
 Issue of Shares is planned.
 Sale of business is planned.
 Contingent remuneration of CFO/CEO.
 Other fraud risk factors

175
ISAs – Summaries and Application Guide ISA 315

Evaluation of Risk Key Audit Procedures

 Perform analytical review of income and expenses.
 Perform cut-off test to ensure transactions have been recorded in correct
period.
Company may be inclined to show
 Review accounting estimates for reasonableness.
better results to ………….
 Evaluate selection and application of accounting policies, particularly those
related to subjective measurements..
 Check transactions outside the normal course of business.

TAX

Tax litigation/Contingencies:

Risk (What) and Explanation (Why) Key Audit Procedures (How)

 Circularize confirmation to company’s external tax consultants for their
views on tax assessment, and discussed the rationale and justification of
their views.
 Use our own tax specialist to consider the level of provision required
There are judgments involved to assess
considering nature of case, legal precedents, and company’s
the outcome (i.e. level of provisions
correspondence with the tax authorities.
and disclosures) of tax litigations.
 Analyze significant changes from prior period.
 Assess the adequacy of disclosures related to tax contingencies in notes to
the accounts.
 Review calculation.

Deferred tax assets:

Circumstances which increases risk:
 Deferred tax recognized.

Evaluation of Risk Key Audit Procedures

Recognition of deferred tax is a highly  Performed substantive procedures on calculation of deferred tax balances,
complex and judgmental area which based on tax regulations.
involves assumptions about future.  Performed analysis of recoverability of deferred tax assets, and evaluated
Further, it may be difficult for to company’s assumptions and estimates in generating sufficient future
generate future taxable profits to taxable profits.
utilize deferred tax asset.  Used an internal tax specialist to support us in these procedures.

CUSTOMER LOYALTY PROGRAMS

Risk (What) and Explanation (Why) Key Audit Procedures (How)

Improper recognition and
 Obtain understanding of management’s process to record revenue and
measurement of Revenue &
related liability.
Provision:
 Evaluate reasonableness of management assumption regarding redemption
Due to customer loyalty points, there is
of points.
risk that provision for loyalty points
 Obtain valuation report of expert to confirm amount of liability relating to
may not be estimated and recorded
loyalty points.
correctly as per IFRS 15.

176
ISAs – Summaries and Application Guide ISA 315

NON-COMPLIANCE WITH LAWS AND REGULATIONS

Risk of Non-compliance with laws and regulations:

Circumstances which increases risk:
 New accounting or legal regulations/guidelines.
 Implementation of new IT system)
 Change in accounting policies

Risk (What) and Explanation (Why) Key Audit Procedures (How)

Changes in reporting and legal
requirements may not be appropriately  Review the accounting and reporting requirements according to
met by financial reporting system. new/changed accounting policy or regulatory requirements.
Further, non-compliance may result in  Ensured appropriateness of accounting treatment and disclosures made.
misstatement or penalties.

NON-COMPLIANCE OF CODE OF CORPORATE GOVERNANCE

Risk (What) and Explanation (Why) Key Audit Procedures (How)

Ineffective Governance Structure:
 Obtain minutes of BOD meeting and audit committee meetings to evaluate
Management decisions are not
their involvement and role in decision making process.
overseen by directors, therefore,
 Inquire about the competencies, skills, knowledge and experience of the
governance structure is likely to be
board of directors.
ineffective.

BANK LOAN

Evaluation of Risk Key Audit Procedures

 Ensure proper classification of borrowings between current and non-
There may be misclassification of loan, current portion by reviewing loan agreement.
incorrect recording of interest or  Send confirmation letter to confirm outstanding amounts and other
inadequate disclosures. terms and conditions.
Further, there may be breaches of debt-  Test calculation of markup.
covenants requirements.  Assess adequacy of compliance with debt-covenant requirements.
 Assess adequacy of disclosures in financial statements.

RELATED PARTY TRANSACTIONS

Evaluation of Risk Key Audit Procedures

 Obtained understanding of controls over identification, recording and
disclosure of related party transactions. Also, tested such controls.
 Inspected minutes of BOD meetings and shareholders’ meetings to
understand nature and approval of transactions.
There is inherent risk in related party
 On a sample basis, compared transactions with related parties with
transactions due to its nature and
underlying supporting documents and agreements.
significance.
 Obtained confirmation (on sample basis) from related parties for
transactions and balances.
 Assessed the adequacy of disclosures related to related parties in notes to
the accounts.

177
ISAs – Summaries and Application Guide ISA 315

INCORRECT RECORDING OF TRANSACTIONS

Risk of incorrect recording of transactions:

Circumstances which increases risk:
 Few/overburdened staff in accounting and finance department.
 Finance department is working without financial controller (or IT department working without IT manager).
 Introduction of new IT system.

Evaluation of Risk Key Audit Procedures

There is a risk of errors due to lack of
 Auditor shall place less reliance on internal controls and shall
segregation of duties/supervision, or
increase substantive testing.
due to inexperienced staff.

OTHER RISKS

Circumstances which increases risk:

 Company deals in large number of products (addressed in ISA 501: Segment Reporting)
 Recording contingent asset as receivable.
 Weak internal controls: e.g. Reconciliations not being prepared (in bank, debtors, creditors, inventory)
 Predecessor auditor did not wish to be reappointed (This is an indication of disagreement and/or inappropriate
scope limitation.)
 Restricted time schedule for audit (Audit team may not have time to obtain sufficient appropriate audit
evidence.)
 Predecessor auditor expressed modified opinion.

Tips:
One information may lead to many risks.

178
 ISAs – Summaries and Application Guide ISA 320

ISA 320
MATERIALITY IN PLANNING AND
PERFORMING AN AUDIT
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–9 A1 – A2

DETERMINING MATERIALITY AND PERFORMANCE
LO 2 10–11 A3–A13
MATERIALITY WHEN PLANNING THE AUDIT
LO 3 REVISION AS THE AUDIT PROGRESSES 12 – 13 A14
LO 4 DOCUMENTATION 14 N/A

179
ISAs – Summaries and Application Guide ISA 320

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose of the ISA

• This International Standard on Auditing (ISA) explains the auditor’s responsibility in applying
materiality when planning and conducting an audit of financial statements.
• ISA 450 describes how materiality is used to evaluate the impact of identified and uncorrected
misstatements on financial statements.

Definition of Performance Materiality

• Performance materiality is set below overall materiality to reduce the risk that uncorrected and
undetected misstatements exceed the materiality level for the financial statements.
• It may also apply to specific transactions, balances, or disclosures.

Concept of Materiality in Financial Reporting

• A misstatement (including omissions) is material if it could reasonably influence users' economic
decisions.
• Materiality depends on:
o The size of the misstatement.
o The nature of the misstatement.
• Materiality judgments focus on the common needs of users as a group, not individual needs.

LO 2: DETERMINING MATERIALITY AND PERFORMANCE MATERIALITY WHEN PLANNING

THE AUDIT:

Establishing Materiality
Determining Overall Materiality
• The auditor sets materiality for the financial statements as a whole to guide audit planning.
• If some transactions, balances, or disclosures require stricter thresholds due to their significance in
users’ decisions, the auditor must set specific materiality levels for them.

Benchmarks for Determining Materiality

Materiality is often based on a percentage of a chosen benchmark, such as:
• Profit before tax (for profit-driven entities).
• Total revenue or gross profit (if profit before tax is unstable).
• Total equity or net assets (e.g., debt vs. equity-funded).

Setting Performance Materiality

Why Performance Materiality is Needed
Performance materiality accounts for the risk that multiple small misstatements could collectively result in a
material misstatement.

Factors Affecting Performance Materiality

• Prior audit results, including the nature and extent of past misstatements.
• The auditor’s updated understanding of the entity.
• The likelihood of misstatements occurring in the current period.

Materiality determination is not a mechanical calculation but requires professional judgment.

180
ISAs – Summaries and Application Guide ISA 320

LO 3: REVISION AS THE AUDIT PROGRESSES:

Revising Materiality During the Audit

The auditor must update materiality if new information arises that would have changed the initial
assessment.

Factors Leading to Materiality Revision

Materiality may require revision due to:
• Significant Business Changes (e.g., a major business segment is sold).
• New Information affecting financial assessments.
• Updated Understanding of the entity from additional audit procedures.
• Actual Financial Results differing significantly from initial expectations.

Impact of Lower Materiality on Audit Procedures

If the auditor determines that materiality should be lower than initially set, they must:
• Reassess performance materiality to ensure it aligns with the revised materiality.
• Evaluate if current audit procedures (nature, timing, and extent) are still appropriate.
• Adjust audit risk assessments.

LO 4: DOCUMENTATION:

The auditor must include the following materiality levels in audit documentation:
• Overall Financial Statement Materiality – The threshold set for the financial statements as a
whole.
• Materiality for Specific Transactions, Balances, or Disclosures – If applicable, materiality levels
for individual financial statement elements.
• Performance Materiality – The level set to reduce the risk of undetected misstatements.
• Revisions to Materiality – Any changes made during the audit based on new information.

181
 ISAs – Summaries and Application Guide ISA 330

ISA 330
RESPONSE TO RISKS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 N/A

LO 2 OVERALL RESPONSES 5 A1 – A3
AUDIT PROCEDURES RESPONSIVE TO THE ASSESSED RISKS OF
LO 3 6–23 A4–A60
MATERIAL MISSTATEMENT AT THE ASSERTION LEVEL
ADEQUACY OF PRESENTATION OF THE FINANCIAL
LO 4 24 A61
STATEMENTS
EVALUATING THE SUFFICIENCY AND APPROPRIATENESS OF
LO 5 25–27 A62–A64
AUDIT EVIDENCE
LO 6 DOCUMENTATION 28–30 A65

182
ISAs – Summaries and Application Guide ISA 330

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Objective
The auditor’s objective is to obtain sufficient appropriate audit evidence by designing and implementing
suitable responses to assessed risks of material misstatement.

Definitions
The ISAs define the following terms:
• Substantive Procedure: An audit procedure to detect material misstatements at the assertion level.
It includes:
o Tests of Details – Checking specific transactions, account balances, and disclosures.
o Substantive Analytical Procedures – Using data analysis to identify misstatements.

• Test of Controls: An audit procedure to assess whether internal controls work effectively to prevent,
or detect and correct, material misstatements at the assertion level.

LO 2: OVERALL RESPONSES:
The auditor shall design and implement overall responses to address assessed risks of material misstatement
at the financial statement level.

Examples of Overall Responses

To respond to financial statement-level risks, the auditor may:
• Remind the engagement team to apply professional skepticism.
• Assign more experienced staff, specialists, or use experts.
• Change how the team is directed, supervised, or how their work is reviewed.
• Add unpredictability when choosing audit procedures.
• Adjust the overall audit strategy or planned audit procedures under ISA 300. Changes may
include:
o Revising performance materiality (ISA 320).
o Updating plans to test control effectiveness, especially when control environment or
monitoring deficiencies exist.
o Changing the nature, timing, or extent of substantive procedures. For example, perform
procedures closer to the financial statement date if risk is higher.

LO 3: AUDIT PROCEDURES RESPONSIVE TO THE ASSESSED RISKS OF MATERIAL

MISSTATEMENT AT THE ASSERTION LEVEL:

The auditor must design and perform audit procedures based on the assessed risks of material
misstatement at the assertion level.

Based on risk assessment, the auditor may:

• Perform only substantive procedures.
• Perform only tests of controls (if controls are essential to address the risk).
• Use a combined approach (both controls and substantive procedures).

Nature, Timing, and Extent of Audit Procedures:

• Nature: Type of procedure (e.g., inspection, inquiry).
• Timing: When the procedure is performed.
• Extent: How much testing (e.g., sample size).

183
ISAs – Summaries and Application Guide ISA 330

Tests of Controls
When Tests of Controls Are Required
The auditor must test controls if:
• The audit approach relies on the operating effectiveness of controls.
• Substantive procedures alone are not enough.

Extent of Control Testing

The extent increases if:
• The control is applied frequently.
• The auditor relies on the control for a longer period.
• There is a higher expected deviation rate.
• The auditor seeks stronger evidence (e.g., automated vs manual controls).
• The audit uses Computer-Assisted Audit Techniques (CAATs) for larger data sets.

Timing of Control Tests

• The auditor tests controls during the period they are relied upon.
• If testing is done at an interim date, the auditor must:
o Check for changes since that date.
o Decide what additional evidence is needed for the rest of the period.

Use of Past Audit Evidence

Past audit evidence may be reused if The control hasn’t changed, and The system of internal control is strong.
• If controls have changed, re-test in the current audit.
• If controls have not changed, test at least once every 3 years. Always test some controls every
audit, to support continued reliance.

Controls Over Significant Risks

If a significant risk is identified, the auditor must test the related controls in the current period.

Evaluating Operating Effectiveness

If misstatements are found during substantive procedures, the auditor must assess if related controls are
ineffective.

Substantive Procedures

Regardless of risk, the auditor must perform substantive procedures for all:
• Material classes of transactions
• Account balances
• Disclosures

Types of Substantive Procedures

• Tests of details
• Substantive analytical procedures
• Both may be used, based on assessed risk.

When to Perform Substantive Procedures

If performed at an interim date, the auditor must:
• Cover the remaining period with further testing or control reliance.
• If unexpected misstatements arise, the plan must be updated.

184
ISAs – Summaries and Application Guide ISA 330

Required Substantive Procedures for Financial Statement Closing Process:

• Match financial statement amounts and disclosures with the underlying records.
• Review journal entries and adjustments made during financial statement preparation.

Use of Technology
Use Computer-Assisted Audit Techniques (CAATs) for:
• Large data analysis.
• Identifying unusual transactions.
• Testing full populations.

LO 4: ADEQUACY OF PRESENTATION OF THE FINANCIAL STATEMENTS:

The auditor shall evaluate whether the overall presentation of the financial statements complies with the
applicable financial reporting framework.

LO 5: EVALUATING THE SUFFICIENCY AND APPROPRIATENESS OF AUDIT EVIDENCE:

Concluding on Sufficiency and Appropriateness

• The auditor shall decide whether sufficient appropriate audit evidence has been obtained.
• All relevant audit evidence must be considered, even if it contradicts management’s assertions in
the financial statements.

If Evidence Is Insufficient
If evidence is lacking for a class of transactions, account balance, or disclosure, the auditor shall:
• Perform further audit procedures to obtain necessary evidence.
• If still unable to gather sufficient appropriate audit evidence, the auditor shall issue a qualified
opinion or disclaim an opinion on the financial statements.

LO 6: DOCUMENTATION:

Core Audit Documentation Requirements

Auditors must document the following:
• Overall Audit Responses
Record how the auditor responded to the assessed risks of material misstatement at the financial
statement level.

• Further Audit Procedures

Document the nature, timing, and extent of additional audit procedures.

• Link to Assertion-Level Risks

Show how each audit procedure addresses specific risks at the assertion level.

• Results and Conclusions

Include the results of audit procedures and the conclusions, unless they are already clear from the
context.

185
ISAs – Summaries and Application Guide ISA 330

Using Past Audit Evidence on Controls

If the auditor uses audit evidence from previous audits about the operating effectiveness of controls, they
must document the conclusion to rely on those controls again in the current audit.

Reconciliation with Financial Statements

The audit file must show that Figures and disclosures in the financial statements agree or reconcile with:
• Underlying accounting records
• Information from inside or outside the general and subsidiary ledgers

186
 ISAs – Summaries and Application Guide ISA 700

ISA 700
FORMING AN OPINION AND
REPORTING ON FINANCIAL
STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–9 N/A

LO 2 FORMING AN OPINION ON THE FINANCIAL STATEMENTS 10 − 15 A1 − A15
LO 3 FORM OF OPINION 16 − 19 A16 − A17
LO 4 AUDITOR’S REPORT 20 − 52 A18 − A77
SUPPLEMENTARY INFORMATION PRESENTED WITH THE
LO 5 53 − 54 A78 − A84
FINANCIAL STATEMENTS
ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON
APX 1
FINANCIAL STATEMENTS

187
ISAs – Summaries and Application Guide ISA 700

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What ISA 700 discusses?:

ISA 700 guides auditors in:
• Forming an opinion on financial statements.
• Preparing the auditor’s report based on audit findings.
• Ensuring consistency in audit reports globally while allowing jurisdictional flexibility.

Scope:
ISA 700 deals with audit of General Purpose & Complete Set of Financial Statements.
 If financial statements are Special Purpose, ISA 800 applies.
 If financial statements are not Complete Set (e.g Single F/S or Element), ISA 805 applies.
 If it is summary financial statements, ISA 810 applies.

Types of Financial Statements:

 General Purpose Financial Statements – Prepared for a wide range of users. These are prepared
using general purpose framework e.g. IFRS.

 Special Purpose Framework – Prepared for a specific user. These are prepared using special
purpose framework e.g. Tax Framework, Regulatory Framework.

Types of Frameworks:
Fair Presentation Framework:
 Requires meeting the framework’s rules.
 Allows extra disclosures or departure to achieve fair presentation

Compliance Framework:
 Requires meeting the framework’s rules.
 Does not allow extra disclosures or departures.

LO 2: FORMING AN OPINION ON THE FINANCIAL STATEMENTS:

Forming an Opinion
The auditor evaluates whether the financial statements comply with the applicable financial reporting
framework and are free from material misstatement due to fraud or error.

Key Considerations:
• Sufficient Audit Evidence– Ensure enough appropriate evidence is obtained.
• Material Misstatements – Assess if uncorrected misstatements (individually or collectively) are
material.
• Management Bias – Watch for selective corrections or aggressive estimates.

Evaluating Audit Evidence:

To ensure financial statements comply with reporting standards, the auditor must assess:
• Accounting policies: Are they appropriately disclosed and relevant to the entity?
• Accounting estimates: Are they reasonable and properly explained?
• Presentation and disclosure: Is the financial information clear, comparable, and relevant?

188
ISAs – Summaries and Application Guide ISA 700

Multiple Framework Compliance

Financial statements must clearly define the financial reporting framework used. The auditor must check
whether the description of the framework is accurate and does not mislead users.

Evaluating Compliance with Reporting Framework:

• If financial statements claim to follow two frameworks (e.g., IFRS and a national framework), both
must be fully complied with, without the need for reconciliations.

• Partial compliance statements (e.g., "substantial compliance with IFRS") are misleading and not
acceptable.

• If compliance with another framework is mentioned in supplementary notes, it must be clearly

distinguished from the main financial statements.

LO 3: FORM OF OPINION:

Unmodified Opinion
The auditor expresses an unmodified opinion when the financial statements comply, in all material
respects, with the applicable financial reporting framework.

Modified Opinion
The auditor modifies the opinion if:
• The financial statements contain material misstatements.
• The auditor cannot obtain sufficient appropriate audit evidence.
A modified opinion follows the guidelines of ISA 705 (Revised).

Financial Statements prepared under Fair Presentation Framework:

If financial statements follow a fair presentation framework but fail to present fairly, the auditor must:
• Discuss the issue with management. Management may resolve it by Adding additional disclosures
or Departing from a framework requirement (in rare cases) to ensure fair presentation.
• Assess whether a modified opinion is necessary based on the financial reporting framework.

Financial Statements prepared under Fair Compliance Framework:

 When financial statements follow a compliance framework, the auditor does not need to assess fair
presentation.
 However, in rare cases, if the auditor believes the financial statements are misleading, they must:
o Discuss the matter with management.
o Determine whether and how to report it in the audit report.

� It is extremely rare for financial statements prepared under a compliance framework to be misleading
if the auditor has already assessed the framework as acceptable under ISA 210.

189
ISAs – Summaries and Application Guide ISA 700

LO 4: AUDITOR’S REPORT:

The auditor’s report must be in writing.

 It can be issued in hard copy or electronic format.
 The Appendix provides sample formats.

Title of the Auditor’s Report:

 The title must clearly indicate that the report is from an independent auditor.
 Example: “Independent Auditor’s Report” ensures distinction from other reports.

Addressee
• The report must be addressed to the appropriate party (e.g., shareholders, governance bodies).
• The addressee is often specified by law, regulation, or engagement terms.

Auditor’s Opinion
 The first section must be titled “Opinion” and include:
• The entity whose financial statements were audited.
• A statement that the audit was conducted.
• The titles of financial statements.
• A reference to the notes and significant accounting policies.
• The period covered by the financial statements.

 Types of Unmodified Opinions

• Fair Presentation Framework: The opinion must state one of the following:
1. “The financial statements present fairly, in all material respects, in accordance with
[framework].”
2. “The financial statements give a true and fair view in accordance with [framework].”
• Compliance Framework: The opinion states that the financial statements are prepared in all
material respects as per the framework.

 Additional Considerations
• If the framework is not IFRS or IPSAS, the jurisdiction of origin must be mentioned.
• Audited financial statements should be clearly identifiable within the document (e.g., referencing
page numbers in an annual report).
• The terms “present fairly” and “give a true and fair view” are considered equivalent.
• The auditor must avoid terms like “subject to” or “with the foregoing explanation”, which may
suggest a modified opinion.

Basis for Opinion:

The “Basis for Opinion” section must follow the Opinion section.

It must state:
• The audit was conducted under ISAs.
• A reference to the section explaining auditor’s responsibilities.
• A statement confirming independence and compliance with ethical requirements.
• A statement that sufficient and appropriate audit evidence was obtained.

190
ISAs – Summaries and Application Guide ISA 700

Going Concern
• If applicable, the auditor must report going concern matters in line with ISA 570 (Revised).
• The auditor evaluates:
o Whether the going concern assumption is appropriate.
o Whether there is any material uncertainty that could affect the entity’s ability to continue
operations.

Key Audit Matters (KAM)

• Required for audits of listed entities as per ISA 701.
• If required by law or auditor’s decision, KAMs must be disclosed.
• Public Interest Entities (PIEs) (e.g., banks, charities) may also require KAM disclosure.

Special Cases
If an entity voluntarily discloses KAMs, the audit engagement letter should address this possibility.

Other Information
If the financial statements are included in a broader report (e.g., annual report), the auditor must comply with
ISA 720 (Revised).

Responsibilities for the Financial Statements

• The section must be titled “Responsibilities of Management for the Financial Statements.”
• Management’s Responsibilities:
o Prepare financial statements as per applicable framework.
o Implement internal controls to prevent material misstatements.
o Assess whether the entity can continue as a going concern.
• If governance oversight differs from management, the responsible individuals must be identified.

Special Cases
• If legal frameworks mandate specific wording, the auditor may adapt the description.

Auditor’s Responsibilities for the Audit

• The section must be titled “Auditor’s Responsibilities for the Audit of the Financial Statements.”
• Key Responsibilities:
o Obtain reasonable assurance that financial statements are free from material
misstatement.
o Identify and assess fraud and error risks.
o Evaluate the going concern assumption.
o Assess the fair presentation of financial statements.
o Communicate audit findings to governance.

Group Audits
• The report must clarify the auditor’s responsibility in group audits, including:
o Supervision of component auditors.
o The sole responsibility of the group auditor for the final opinion.

Location of Auditor’s Responsibilities

The description of responsibilities can be:
1. Within the main report.
2. In an appendix, with a reference in the main report.
3. On an official website of an appropriate authority, if law allows.

191
ISAs – Summaries and Application Guide ISA 700

Example: If auditor elects to refer to website of appropriate authority*

Auditor’s Responsibilities for the Audit of the Financial Statements:
Our objectives are to obtain reasonable assurance about ……….

A further description of the auditor’s responsibilities for the audit of the financial
statements is located at [authority’s] website at: [website link].This description forms part of
our auditor’s report.

Other Reporting Responsibilities

• Additional reporting requirements (e.g., regulatory compliance audits) must be in a separate section
titled:
o “Report on Other Legal and Regulatory Requirements.”

Name of the Engagement Partner

The engagement partner’s name must be disclosed in reports for listed entities, except when a significant
personal security threat exists.

Signature of the Auditor

• The auditor’s report must be signed.
• The signature can be:
o Firm’s name.
o Auditor’s personal name.
o Both, as per jurisdictional requirements.

Auditor’s Address
The report must state the location where the auditor practices.

Date of the Auditor’s Report

• The auditor cannot date the report earlier than when:
o All financial statements and disclosures are prepared.
o Management has accepted responsibility.
• In some cases, legal or regulatory approval processes must be considered.

Auditor’s Report Prescribed by Law

If law mandates a specific format, reference to ISAs is allowed only if:
• The report includes all key ISA-required elements.
• The wording is not inconsistent with ISA standards.

Audits Conducted Under Both ISAs and National Standards

If an audit follows both ISAs and national standards, the report may reference both only if:
o No conflict exists between the two.
o The report includes all ISA-mandated elements.

Order of Elements
ISAs do not require ordering of elements of audit report, except for Opinion (first) and Basis for
Opinion (after opinion) Sections. However, ISAs require use of specific headings.

192
ISAs – Summaries and Application Guide ISA 700

LO 5: SUPPLEMENTARY INFORMATION PRESENTED WITH THE FINANCIAL STATEMENTS:

Definition:
Supplementary information is the additional information which is not required by AFRF but is presented
with financial statements.

Examples:
1. Extent of compliance with another framework, or
2. Reconciliation between profits of two frameworks.

Auditor’s Responsibilities:
1. If supplementary information is clearly differentiated, it shall not be audited, and shall be treated as
“Other Information”.
2. If supplementary information becomes integral part of financial statements (due to its nature or
presentation):
a. it shall be audited, or
b. auditor shall state in audit report that it is not audited.

How to differentiate supplementary information:

 By Removing cross reference with financial statements.
 By placing it outside financial statements (e.g. as Appendix), or
 By placing it at end of the required notes and labeling it “unaudited”.

APX 1: ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON FINANCIAL

STATEMENTS:
[Pakistan Specific] Audit Report Attached.

193
 ISAs – Summaries and Application Guide ISA 701

ISA 701
KEY AUDIT MATTERS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–8 A1 – A8

LO 2 Determining Key Audit Matters 9–10 A9−A30
LO 3 Communicating Key Audit Matters 11−16 A31−A59
LO 4 Communication with Those Charged with Governance 17 A60–A63
LO 5 Documentation 18 A64

194
ISAs – Summaries and Application Guide ISA 701

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Why Key Audit Matters Are Important to Users?

KAMs help users understand:
• How auditors addressed complex or high-risk areas.
• The nature of significant judgments made by both the auditor and management.

What KAMs Are Not?

Reporting KAMs is not a replacement for:
 Financial statement disclosures required by reporting frameworks.
 A Modified Opinion under ISA 705 (Revised).
 Reporting material uncertainties about Going Concern under ISA 570 (Revised).
 A separate audit opinion on individual matters.

When Does ISA 701 Apply?

This ISA applies to:
 Listed entities (mandatory).
 Other audits where the auditor chooses to report KAMs.
 Audits where law or regulation requires KAM reporting.

Exception:
If the auditor issues a Disclaimer of Opinion, ISA 705 (Revised) prohibits KAM reporting unless required by
law.

Objectives of the Auditor

The auditor must:
 Identify Key Audit Matters based on professional judgment.
 Report them clearly in the auditor’s report, after forming an opinion on the financial statements.

Definition of Key Audit Matters

Key Audit Matters (KAMs) are those issues that were most significant in the audit of the financial
statements. They are selected from matters communicated with those charged with governance.

LO 2: DETERMINING KEY AUDIT MATTERS:

Determining Key Audit Matters

1. The auditor must identify KAMs from matters discussed with those charged with governance.

2. These matters require significant auditor attention based on:

a. Higher risk of material misstatement or significant risks identified under ISA 315
(Revised 2019).
b. Complex auditor judgments in financial statements, especially accounting estimates with
high uncertainty.
c. Significant transactions or events impacting the audit during the period.

3. After identifying such matters, the auditor determines which ones were of most significance in the
current period audit. These become KAMs.

195
ISAs – Summaries and Application Guide ISA 701

KAMs apply only to the current period audit, even when comparative statements exist. Auditors may check
if previous period KAMs remain significant.

Factors That Increase the Likelihood of a KAM:

A. High-Risk Areas Under ISA 315 (e.g. risk of fraud, risk of management override of controls)
B. Complex Auditor Judgments and Accounting Estimates (e.g. fair value or impairment testing)
C. Impact of Significant Events on the Audit (e.g. related party transactions, unusual business activities,
economic/accounting/regulatory changes)

Selecting the Most Significant Matters as KAMs:

Indicators That a Matter is a KAM:

• Frequent discussions with governance on complex matters.
• Materiality of the issue to the financial statements.
• Complexity of the underlying accounting policy.
• Significance of misstatements (corrected or uncorrected) due to fraud or error.
• Audit effort required, including:
o Specialized knowledge or expertise needed.
o Consultations with external experts.
o Challenges in applying audit procedures or obtaining evidence.
Control weaknesses related to a matter may also increase its likelihood of being a KAM.

Balancing the Number of KAMs:

• The entity’s size and complexity influence how many KAMs should be reported.
• Too many KAMs dilute their significance.
• Auditors refine their list to focus on only the most critical areas.

LO 3: COMMUNICATING KEY AUDIT MATTERS:

Key Audit Matters in the Auditor’s Report

• The auditor must present each Key Audit Matter (KAM) in a separate section under the heading
“Key Audit Matters”, unless exceptions apply (see Para. 14-15).
• The introductory statement in this section must include:
o KAMs are the most significant matters in the audit based on the auditor’s professional
judgment.
o These matters were considered within the audit of the financial statements but do not
represent a separate opinion.

 Positioning KAMs: Placing the KAM section near the audit opinion emphasizes its importance.
 Order of KAMs: The auditor decides the order of presentation based on:
• Relative significance in the audit.
• Alignment with disclosures in the financial statements.

KAMs vs. Modified Opinion

 A KAM cannot replace a modified opinion.
 If a matter leads to a modified opinion (ISA 705 Revised), it must not be included as a KAM.

196
ISAs – Summaries and Application Guide ISA 701

Describing Key Audit Matters

Each KAM description must include:
1. A reference to related disclosures in the financial statements.
2. Why the matter was significant in the audit.
3. How the auditor addressed the matter.

How the Auditor Describes a Key Audit Matter:

 Auditors must not disclose new information. Instead, they should encourage management to provide
disclosures.
 KAM descriptions should avoid generic wording.
 Industry-wide KAMs should include entity-specific details.
 Recurring KAMs should highlight unique aspects of the current year’s audit.

How the Auditor Addressed a Key Audit Matter:

The description may include:
 Key audit procedures performed.
 Outcomes of these procedures.
 Key observations made by the auditor.

The description must not imply that a KAM remains unresolved.

If an expert was used, the auditor can mention it, but responsibility remains with the auditor.

When a Key Audit Matter is Not Disclosed

A KAM may not be disclosed if:
• Laws or regulations prohibit disclosure.
• Exceptional circumstances exist where disclosure causes more harm than benefits. However, if
the entity already disclosed the matter, the auditor must communicate it.

Interaction Between KAMs and Other Required Sections

• If a matter results in a modified opinion (ISA 705) or going concern uncertainty, it is inherently a
KAM.
• However, instead of including it in the KAM section, the auditor must:
1. Report it separately in the Basis for Modified Opinion or Going Concern section.
2. Reference these sections in the KAM section.

What Happens If No Key Audit Matters Exist?

If no KAMs exist or only modified opinion matters are present, the auditor must state this explicitly in the
report.

Possible situations:
1. The auditor determines no KAMs
2. A KAM exists but cannot be disclosed.
3. The only KAMs relate to modified opinions.

Most listed entities will have at least one KAM due to the complexity of their operations. If no KAMs exist, the
auditor should justify why no matter required significant audit attention.

Example Statement in the Auditor’s Report:

Key Audit Matters:
Except for the matter in the Basis for Qualified (Adverse) Opinion section or Material Uncertainty Related to
Going Concern section, we determined that there are no other key audit matters to communicate in our report.

197
ISAs – Summaries and Application Guide ISA 701

LO 4: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE:

The auditor must communicate with those charged with governance about:
• Key Audit Matters (KAMs) identified during the audit.
• The absence of KAMs, if no such matters exist in the auditor’s report.

Timing of Communication:
• The timing of discussions varies based on the audit engagement.
• The auditor may discuss preliminary KAMs when planning the audit's scope and timing.
• Further discussions may occur when reporting audit findings.
• Early communication prevents last-minute issues when finalizing financial statements.

LO 5: DOCUMENTATION:

The auditor must document the following:

• Significant Matters and Key Audit Matters
o Identify matters requiring significant attention.
o Explain why each matter is or is not a Key Audit Matter (KAM).
• Rationale for No Key Audit Matters (if applicable)
o Justify why no KAMs were identified or why only those in paragraph 15 apply.
• Decision Not to Communicate a Key Audit Matter (if applicable)
o Provide reasons for excluding a determined KAM from the auditor’s report.

198
 ISAs – Summaries and Application Guide ISA 705

ISA 705
MODIFICATIONS TO THE
OPINION IN AUDITOR’S REPORT

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–5 A1

CIRCUMSTANCES WHEN A MODIFICATION TO THE AUDITOR’S
LO 2 6 A2 − A12
OPINION IS REQUIRED
DETERMINING THE TYPE OF MODIFICATION TO THE
LO 3 7 − 15 A13 − A16
AUDITOR’S OPINION
FORM AND CONTENT OF THE AUDITOR’S REPORT WHEN THE
LO 4 16 − 29 A17 − A26
OPINION IS MODIFIED
LO 5 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE 30 A27
APPENDIX: ILLUSTRATIONS OF AUDITOR’S REPORTS WITH MODIFICATIONS TO THE
LO 6
OPINION

199
ISAs – Summaries and Application Guide ISA 705

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Pervasive Misstatement
A misstatement is considered pervasive if it:
• Affects multiple elements, accounts, or disclosures.
• Represents a significant portion of the financial statements.
• Is fundamental to users’ understanding of the financial statements.

Modified Opinion
A modified opinion includes:
• Qualified Opinion
• Adverse Opinion
• Disclaimer of Opinion

When to express which opinion:

1. Qualified Opinion
An auditor issues a qualified opinion when:
• The financial statements contain material misstatements, but they are not pervasive.
• The auditor cannot obtain sufficient appropriate audit evidence, but the possible misstatements
could be material but not pervasive.

2. Adverse Opinion
An auditor issues an adverse opinion when:
• The financial statements contain misstatements that are both material and pervasive.

3. Disclaimer of Opinion
An auditor disclaims an opinion when:
• The auditor cannot obtain sufficient appropriate audit evidence and the potential misstatements
could be both material and pervasive.
• In rare cases with multiple uncertainties, even if individual uncertainties are properly assessed, their
combined effect makes it impossible to form an overall opinion.

Nature of Issue Material but Not Pervasive Material and Pervasive

Misstatement in Financial
Qualified Opinion Adverse Opinion
Statements
Inability to Obtain Audit Evidence Qualified Opinion Disclaimer of Opinion

LO 2: CIRCUMSTANCES WHEN A MODIFICATION TO THE AUDITOR’S OPINION IS REQUIRED:

Nature of Material Misstatements:

1. Inappropriate Accounting Policies: Selected policies do not align with financial reporting
standards or fail to provide a fair presentation of transactions.
2. Incorrect Application of Policies: Management does not apply policies consistently across periods
or similar transactions, or applies them incorrectly.
3. Inadequate or Misleading Disclosures: Required disclosures are missing, incorrect, or insufficient
for fair presentation.

200
ISAs – Summaries and Application Guide ISA 705

Nature of an Inability to Obtain Sufficient Appropriate Audit Evidence:

1. Circumstances Beyond the Entity’s Control:
• Destruction of accounting records.
• Government seizure of significant component records.

2. Audit Timing or Nature Constraints:

• Late appointment preventing physical inventory observation.
• Inability to verify an associated entity’s financials under the equity method.
• Entity’s controls are ineffective, and substantive procedures alone are insufficient.

3. Management-Imposed Limitations:
• Preventing observation of inventory counts.
• Restricting external confirmations of account balances.

Alternative Procedures in case of inability:

1. If the auditor can obtain sufficient evidence through other means, the limitation does not affect the
audit opinion.
2. If alternative procedures are not possible, a modified opinion is necessary.
3. Management-imposed limitations may also indicate fraud risks or impact the auditor’s decision to
continue the engagement.

LO 3: DETERMINING THE TYPE OF MODIFICATION TO THE AUDITOR’S OPINION:

Impact of Management-Imposed Limitations

If management restricts the audit scope after the engagement has begun, the auditor must:
1. Request Management to Remove the Limitation.
2. If Management Refuses:
o Inform those in charge of governance (unless they are also managing the entity).
o Assess if alternative procedures can provide sufficient audit evidence.
3. If Alternative Procedures Do Not Provide Enough Evidence:
o Issue a qualified opinion if the misstatements are material but not pervasive.
o If the scope limitation is both material and pervasive:
 Withdraw from the audit (if allowed by law or regulations).
 If withdrawal is not possible, issue a disclaimer of opinion.
4. Before Withdrawal:
o Inform those in charge of governance about any misstatements found that would have led to
a modified opinion.

Additional Considerations Relating to an Adverse Opinion or Disclaimer of Opinion:

If auditor expresses disclaimer of opinion, auditor report shall not include:
 Key Audit Matter (ISA 701)
 Other Information Section (ISA 720)

If auditor expresses Disclaimer of Opinion or Adverse Opinion, auditor report shall not include:
 Unmodified opinion on single F/S or element (ISA 805)

Exceptions to Contradictory Reporting

An auditor can issue:
• An unmodified opinion on financial statements under one reporting framework and an adverse
opinion under another framework.
• A disclaimer of opinion on results of operations and cash flows, while giving an unmodified opinion
on the financial position.

201
ISAs – Summaries and Application Guide ISA 705

LO 4: FORM AND CONTENT OF THE AUDITOR’S REPORT WHEN THE OPINION IS MODIFIED:

When modifying an opinion, the auditor must:

1. Change the heading “Basis for Opinion” to match the type of modification:
o Basis for Qualified Opinion
o Basis for Adverse Opinion
o Basis for Disclaimer of Opinion
2. Describe the reason for the modification.

Misstatement Related to Specific Amounts

• If possible, the auditor quantifies the financial effects of the misstatement.
• An example of quantification is effect on net income, taxes, equity.
• If quantification is impractical, the auditor must state this.

Misstatement Related to Qualitative Disclosures

The auditor explains how disclosures are misstated.

Omission of Required Disclosures

The auditor must:
• Discuss the issue with those charged with governance.
• Describe the missing information.
• If legally allowed, include the omitted disclosure unless impracticable.

Disclosure is impractical if:

• The client did not prepare the disclosures.
• The information is too detailed for the report.

Insufficient Audit Evidence

The auditor must explain why sufficient audit evidence could not be obtained.

Impact on the Auditor’s Statement

• If issuing a Qualified or Adverse opinion, the auditor includes the term "qualified" or "adverse" in
the statement about audit evidence.
• If issuing a Disclaimer of Opinion, the report must exclude:
o Reference to the section describing the auditor’s responsibilities.
o The statement on sufficient audit evidence.

Other Matters Requiring Modification

Even when issuing an Adverse Opinion or Disclaimer of Opinion, the auditor must disclose any other
material issues that would have required modification.

Key Audit Matters and Other Information

If a Disclaimer of Opinion is issued, the auditor must not include:
• A Key Audit Matters section (unless required by law).
• An Other Information section.

202
ISAs – Summaries and Application Guide ISA 705

LO 5: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE:

Auditor’s Obligation to Communicate Modifications

If the auditor expects to modify the audit opinion, they must inform those charged with governance
about:
• The reasons for the modification.
• The wording of the modification.

Purpose of Communication:
This communication ensures that:
1. Advance Notice: Governance members are aware of the modification and its reasons.
2. Fact Confirmation: The auditor can verify facts with governance and clarify any disagreements
with management.
3. Additional Information: Governance members can provide further explanations or evidence that
may impact the modification.

LO 6: APPENDIX: ILLUSTRATIONS OF AUDITOR’S REPORTS WITH MODIFICATIONS TO THE

OPINION:

Illustration 1: An auditor’s report containing a qualified opinion due to a material misstatement of the
financial statements.

Drafting of Qualified Opinion

Facts: Inventory is not stated at lower of cost & NRV, and effect is Material
Qualified Opinion:
We have audited the ……………….

In our opinion, except for the (possible) effects of the matter described in the Basis for Qualified
Opinion section of our report, financial statements give true and fair view of financial position of
ABC Limited at December 31, 2020 and its financial performance and cash flow for the year then
ended in accordance with IFRS.

Basis for Qualified Opinion:

Management has not stated the inventories at the lower of cost and net realizable value but has
stated them solely at cost, which is a departure from IFRS. Had management stated the inventories
at the lower of cost and net realizable value, inventories would have been written down by xxx,
cost of sales would have been increased by xxx, and income tax, net income and shareholders’
equity would have been reduced by xxx, xxx and xxx, respectively.

We conducted our audit in accordance with …………

Exam Tips
Wording of opinion is given by ISAs and is standardized. However, wording of basis for opinion is not
standardized and may vary from situation to situation.

203
ISAs – Summaries and Application Guide ISA 705

Illustration 2: An auditor’s report containing an adverse opinion due to a material misstatement of

the consolidated financial statements.

Drafting of Adverse Opinion

Facts: A subsidiary is not consolidated, and effect is Pervasive
Adverse Opinion
We have audited the ……………….

In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion
section of our report, financial statements do not give true and fair view of financial position of
ABC Limited at December 31, 2020 and its financial performance and cash flow for the year then
ended in accordance with IFRS.

Basis for Adverse Opinion

The company has not consolidated the financial statements of subsidiary XYZ Company which it
acquired during 20X1, because it has not yet been able to ascertain the fair values of certain of the
subsidiary’s assets and liabilities at the acquisition date. Under IFRS, the subsidiary should have
been consolidated because it is controlled by the company.

We conducted our audit in accordance with …………

Illustration 3: An auditor’s report containing a qualified opinion due to the auditor’s inability to
obtain sufficient appropriate audit evidence.

Drafting of Qualified Opinion

Facts: Auditor is unable to physically count the inventory, and effect is Material
Qualified Opinion:
We have audited the ……………….

In our opinion, except for the (possible) effects of the matter described in the Basis for Qualified
Opinion section of our report, financial statements give true and fair view of financial position of
ABC Limited at December 31, 2020 and its financial performance and cash flow for the year then
ended in accordance with IFRS.

Basis for Qualified Opinion:

We did not observe the counting of the physical stock as of December 31, 20X1 because we were
appointed after the year end. We were unable to obtain sufficient appropriate audit evidence by
performing alternative audit procedures. Consequently, we were unable to verify whether
inventory is stated fairly in financial statements.

We conducted our audit in accordance with …………

Illustration 4: An auditor’s report containing a disclaimer of opinion due to the auditor’s inability to
obtain sufficient appropriate audit evidence about a single element of the consolidated financial
statements.
 Disclaimer of Opinion is same as in illustration 5.
 Basis of Disclaimer of Opinion is same as in illustration 3.

204
ISAs – Summaries and Application Guide ISA 705

Illustration 5: An auditor’s report containing a disclaimer of opinion due to the auditor’s inability to
obtain sufficient appropriate audit evidence about multiple elements of the financial statements.

Drafting for Disclaimer of Opinion

Facts: Auditor is unable to physically count the inventory, and to confirm accounts
receivables, and effect is Pervasive
Disclaimer of Opinion
We were engaged to audit the ……………….

Because of the significance of the matter described in the Basis for Disclaimer of Opinion section of
our report, we have not been able to obtain sufficient appropriate audit evidence to provide a basis
for an audit opinion on these financial statements. Consequently, we do not express an opinion on
the accompanying financial statements of the company.

Basis for Disclaimer of Opinion

We were unable to obtain sufficient appropriate audit evidence about the carrying amount of
ABC’s inventory as at December 31, 20X1 because we did not observe the counting of the physical
stock as of December 31, 20X1 since that date was prior to our appointment as auditor of the
company. We were also unable to obtain sufficient appropriate audit evidence about the carrying
amount of company’s accounts receivables amounting Rs. XXX million because we were prohibited
to obtain confirmation of certain accounts receivables due to introduction of a new computerized
accounts receivable system during the year which resulted in numerous errors in accounts
receivable. We were unable to obtain sufficient appropriate audit evidence by using other
alternative procedures. Consequently, we were unable to verify whether these amounts are stated
fairly in financial statements.

Other Drafting examples:

Nature of Misstatement/ Scope

Basis for Opinion
Limitation

Basis for Qualified Opinion:

The Company’s short-term marketable securities are carried in the statement of
financial position at xxx. Management has not marked these securities to market but
Short-term marketable securities
has instead stated them at cost, which constitutes a departure from IFRSs. The
are not marked to market, effect
Company’s records indicate that had management marked the marketable securities
is material and quantifiable
to market, the Company would have recognized an unrealized loss of xxx in the
statement of comprehensive income for the year. The carrying amount of the
[Reference: ISA 706, Appendix 4]
securities in the statement of financial position would have been reduced by the
same amount at December 31, 20X1, and income tax, net income and shareholders’
equity would have been reduced by xxx, xxx and xxx, respectively.

Basis for Disclaimer of Opinion:

The Group’s investment in its joint venture XYZ Company is carried at xxx on the
Group’s consolidated statement of financial position, which represents over 90% of
the Group’s net assets as at December 31, 20X1. We were not allowed access to the
Auditor is unable to obtain
management and the auditors of XYZ Company, including XYZ Company’s auditors’
evidence about investment in
audit documentation. As a result, we were unable to determine whether any
joint venture; effect is pervasive
adjustments were necessary in respect of the Group’s proportional share of XYZ
Company’s assets that it controls jointly, its proportional share of XYZ Company’s
[Reference: ISA 705, Illustration 4]
liabilities for which it is jointly responsible, its proportional share of XYZ’s income
and expenses for the year, and the elements making up the consolidated statement of
changes in equity and the consolidated cash flow statement.

205
 ISAs – Summaries and Application Guide ISA 706

ISA 706
EMPHASIS OF MATTER AND
OTHER MATTER PARAGRAPHS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–7 A1– A3

LO 2 EMPHASIS OF MATTER PARAGRAPHS 8–9 A4– A8
LO 3 OTHER MATTER PARAGRAPHS 10 – 11 A9– A17
COMMUNICATION WITH THOSE CHARGED WITH
LO 4 12 A18
GOVERNANCE
Appendix ILLUSTRATIONS

206
ISAs – Summaries and Application Guide ISA 706

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of ISA 706

The auditor must include additional communication in the auditor’s report when necessary to:
• Highlight a matter that is already disclosed in the financial statements but is fundamental for users'
understanding.
• Draw attention to any other matter that helps users understand the audit, auditor’s
responsibilities, or the auditor’s report.

Example:
A matter such as a significant subsequent event that affects users’ decisions but does not qualify as a Key
Audit Matter can be included in an Emphasis of Matter paragraph.

Interrelation with Key Audit Matters:

If a Key Audit Matter is also fundamental to users' understanding of the financial statements, the auditor
may:
• Present it first in the KAM section.
• Add further explanation to highlight its importance.

If a matter is not a KAM but is still critical, it should be included in an Emphasis of Matter paragraph (e.g., a
major subsequent event).

LO 2: EMPHASIS OF MATTER PARAGRAPHS:

When to Include an Emphasis of Matter Paragraph

Emphasis of Matter paragraph is included in auditor’s report if:
 auditor considers it necessary to draw users’ attention to matter adequately disclosed in financial
statements; and
 is fundamental to users’ understanding of the financial statements;
 provided:
i. matter is not a misstatement or scope limitation requiring modified opinion.
ii. matter is not a Key Audit Matter.

Circumstances when Emphasis of Matter is included in Audit Report

1. If there is material uncertainty relating to the exceptional litigation or regulatory action.
2. A significant subsequent event occurs (e.g. a fire after the year-end destroying one of production
facilities). [ISA 560]
3. If financial statements are re-issued [ISA 560], or corresponding figures are re-stated. [ISA 710]
4. When a major disaster significantly affects entity’s financial position.
5. Early application (when permitted) of a new accounting standard that has a material effect.
6. If a financial reporting framework is unacceptable but is prescribed by law or regulation. [ISA 210]
7. If financial statements are prepared on special purpose framework. [ISA 800]
8. Going Concern assumption is not appropriate, and F/S are prepared on liquidation basis. [ISA 570]

Exam Tips
Excessive use of EOM paragraph, and excessive disclosures should be avoided.

207
ISAs – Summaries and Application Guide ISA 706

Presentation of EOM Paragraph in Auditor’s Report:

This paragraph is presented as a separate section. Auditor may add further context to the heading e.g.
Emphasis of Matter - Subsequent Event.

This paragraph shall state:

 a clear description of the matter being emphasized.
 reference to the notes in financial statements which fully describes the matter.
 that auditor’s opinion is not modified in respect of this matter.

Example: Exceptional litigation adequately disclosed

We draw your attention to Note X of the financial statements, which describe the uncertainty
related to the outcome of the lawsuit filed against the company by XYZ Company. Our opinion is
not modified in respect of this matter.

LO 3: OTHER MATTER PARAGRAPHS:

When to Include an Other Matter Paragraph:

An auditor must include an Other Matter paragraph in the audit report if:
• The auditor needs to communicate a matter not presented or disclosed in the financial statements
but relevant to users’ understanding of:
o The audit
o The auditor’s responsibilities
o The auditor’s report
• The law or regulations do not prohibit including this information.
• The matter is not already identified as a Key Audit Matter under ISA 701.
The Other Matter paragraph must appear in a separate section with a heading like "Other Matter" or
another suitable title.

Examples of Situations/ Circumstance when OM is included in Audit Report:

1. When financial statements of prior period were not audited or were audited by another auditor. ISA
510
2. If auditor is engaged to report on two sets of financial statements (e.g. entity prepared one set of F/S
under IFRS and other set under national framework and auditor is engaged to report on both set of
F/S). ISA 800 Series
3. If auditor is required to express opinion on two periods (e.g. in case of comparative financial
statements), and current opinion is different from that expressed in last year*. ISA 710
4. When auditor restricts distribution of auditor’s report (usually General Purpose F/S are not
restricted, but Special Purpose F/S may be restricted).
5. When auditor is required by law to elaborate auditor’s responsibilities (e.g. planning and scoping
matters).
6. If there is scope limitation imposed by management whose effect is pervasive and it is not
possible/practicable to withdraw from engagement. ISA 705

* Note that this case is different from cases of Additional Audits (covered in ISA 800 Series) in which two sets of
financial statements are prepared for the same year.

Additional Considerations:
 If multiple matters are included, separate sub-headings may improve clarity.
 The Other Matter paragraph should not include:
• Additional reporting responsibilities beyond ISAs.
• Specific procedures or opinions on other matters.

208
ISAs – Summaries and Application Guide ISA 706

Example of Draft:

Example: Previous Year’s Financial Statements audited by another auditor

“The financial statements of ABC Company for the year ended December 31, 20X0 were audited by
another auditor who expressed an unmodified opinion on those statements on March 31, 20X1.”

Placement of Other Matter and Emphasis of Matter Paragraphs

• Emphasis of Matter Paragraph (highlighting key financial statement disclosures):
o Typically follows the Basis for Opinion section.
o If a Key Audit Matters section exists, it may appear before or after it.
o The heading may specify the topic, e.g., “Emphasis of Matter – Subsequent Event.”

• Other Matter Paragraph (highlighting matters outside financial statements):

o Can follow the Report on the Audit of Financial Statements or Other Legal and
Regulatory Requirements section.
o If a Key Audit Matters section is present, it may include a clarifying heading, e.g., “Other
Matter – Scope of the Audit.”

LO 4: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE:

If the auditor plans to include an Emphasis of Matter or Other Matter paragraph in the audit report, they
must:
• Inform those charged with governance about the inclusion of this paragraph.
• Discuss the wording of the paragraph to ensure clarity and transparency.

This communication allows governance members to:

• Understand the matters the auditor intends to highlight in the audit report.
• Seek clarification from the auditor if needed.

If an Other Matter paragraph is included in every audit engagement, the auditor may decide not to repeat
this communication unless required by law or regulation.

209
ISAs – Summaries and Application Guide ISA 706

APPENDIX: ILLUSTRATIONS:

Examples of Emphasis of Matter Paragraph in Other ISAs:

Standard Example

Subsequent event (i.e. Fire) destroyed assets after the balance sheet date, disclosed
as subsequent event:
ISA 706
Emphasis of Matter:
(Appendix 3)
We draw attention to Note X of the financial statements, which describes the effects of a fire
in the Company’s production facilities. Our opinion is not modified in respect of this matter.
Financial statements are prepared on special purpose framework:
Emphasis of Matter – Basis of Accounting
ISA 800 We draw attention to Note X to the financial statements, which describes the basis of
(Illustration 3) accounting. The financial statements are prepared to assist the Company to meet the
requirements of Regulator DEF. As a result, the financial statements may not be suitable for
another purpose. Our opinion is not modified in respect of this matter.

Financial statements are prepared on special purpose framework (compliance)*:

Emphasis of Matter – Basis of Accounting and Restriction on Distribution
We draw attention to Note X to the financial statements, which describes the basis of
accounting. The financial statements are prepared to assist the partners of the Partnership
in preparing their individual income tax returns. As a result, the financial statements may
ISA 800
not be suitable for another purpose.
(Illustration 2)
Our report is intended solely for the Partnership and its partners and should not be
distributed to parties other than the Partnership or its partners.

Our opinion is not modified in respect of this matter.

Examples of Other Matter Paragraph in Other ISAs:

Standard Example

Company issued separate set of financial statements:

Other Matter
ISA 800 The Company has prepared a separate set of financial statements for the year ended
(Illustration 3) December 31, 20X1 in accordance with International Financial Reporting Standards on
which we issued a separate auditor’s report to the shareholders of the Company dated
March 31, 20X2.

Exam Tips
1. Every important element of audit report (i.e. Modified Opinion, Emphasis of Matter Paragraph, Going Concern
Paragraph, Key Audit Matter) has its own situations. No situation is to be misclassified, or duplicated (except in
case when books of accounts are not available, or there is pervasive scope limitation by management).
2. Usually, distribution of audit report is restricted in Special Purpose Framework, but not in General Purpose
Framework.

210
ISAs – Summaries and Application Guide ISA 710

ISA 710
COMPARATIVE INFORMATION

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 N/A

LO 2 AUDIT PROCEDURES 7–9 A1
LO 3 AUDIT REPORTING 10 – 19 A2 – A13

Remember that:
 ISA 510 focuses on current period’s opening, ISA 710 focuses on all information of prior period.
 ISA 510 applies on Initial Audit, but ISA 710 applies on Initial as well as Recurring Audit.

211
ISAs – Summaries and Application Guide ISA 710

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Nature of Comparative Information

Comparative information in financial statements depends on the applicable financial reporting framework.
Auditors follow one of two approaches:

1. Corresponding Figures
The auditor’s opinion only covers the current period.

2. Comparative Financial Statements

The auditor’s opinion covers each period presented.

This ISA specifies the reporting requirements for both approaches.

LO 2: AUDIT PROCEDURES:

Evaluating Comparative Information

The auditor must ensure that financial statements include the required comparative information and that it is
correctly classified. To do this, the auditor evaluates whether:
• The comparative figures match prior period amounts and disclosures.
• The accounting policies in the comparative figures align with current policies.
• Any change is correctly applied, disclosed, and presented.

Written Representations:
The auditor must request written representations for all periods mentioned in the audit opinion. Additionally,
they must obtain a specific written representation for any restatement made to correct a material
misstatement in prior financial statements.

LO 3: AUDIT REPORTING [CORRESPONDING FIGURES]:

No Reference in Auditor’s Opinion

• The auditor’s opinion focuses on the current period’s financial statements.
• The auditor does not mention corresponding figures.

Modifications Due to Prior Period’s Unresolved Issues

If the prior period’s audit report contained a qualified opinion, disclaimer of opinion, or adverse opinion due
to an unresolved issue, the auditor must modify the opinion on the current period’s financial statements by:
• Referring to both current and prior period’s figures if the issue also affects current period.
• Referring to prior period’s figures only if the issue does not affect current period. Modified opinion
is because of lack of comparability.

� If the prior period’s modified opinion is now resolved and properly accounted for, the auditor does not
need to refer to the previous modification. However, if the issue remains unresolved, it may still require
modification of the current period’s financial statements.

212
ISAs – Summaries and Application Guide ISA 710

Misstatement in Prior Period Financial Statements

If a material misstatement is found in the prior period’s financial statements (previously given an
unmodified opinion) and:
• The corresponding figures are not restated or disclosed properly → The auditor must issue a
qualified or adverse opinion on the current period’s financial statements.
• The corresponding figures are properly restated → The auditor may include an Emphasis of
Matter paragraph explaining the corrections.

Prior Period Audited by a Predecessor Auditor

If the prior period’s audit was conducted by a different auditor, the current auditor must state in an Other
Matter paragraph:
• That the prior period was audited by another auditor.
• The opinion given by the predecessor, and reasons for any modifications.
• The date of the predecessor’s audit report.

Prior Period Financial Statements Not Audited

If the prior period’s financial statements were not audited, the auditor must:
• Clearly state in an Other Matter paragraph that the figures are unaudited.
• Still obtain sufficient audit evidence that opening balances do not contain material misstatements
affecting the current period’s financial statements.

LO 3: AUDIT REPORTING [COMPARATIVE FINANCIAL STATEMENTS]:

Reference in Auditor’s Opinion

When comparative financial statements are presented:
• The auditor’s opinion must cover each period separately.
• If necessary, the auditor may give different opinions for different periods, such as Qualified or
adverse opinion for one period and unmodified for another.

Change in Opinion on Prior Period Financial Statements

If the auditor’s opinion on prior period financial statements differs from the previously expressed opinion,
the auditor must explain the reason for the change in an Other Matter paragraph.

Addressing Material Misstatements in Prior Period Audits

If a material misstatement is found in prior period financial statements where the predecessor auditor had
given an unmodified opinion, the current auditor must:
• Inform management and those in charge of governance.
• Request that the predecessor auditor be notified.
• If the prior period statements are amended and the predecessor agrees to issue a new report, the
current auditor only reports on the current period.

213
 ISAs – Summaries and Application Guide ISA 720

ISA 720
AUDITOR’S RESPONSIBILITIES
RELATING TO OTHER
INFORMATION

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A10

LO 2 OBTAINING THE OTHER INFORMATION 13 A11–A22
LO 3 READING AND CONSIDERING THE OTHER INFORMATION 14–15 A23–A38
RESPONDING WHEN A MATERIAL INCONSISTENCY APPEARS TO
LO 4 EXIST OR OTHER INFORMATION APPEARS TO BE MATERIALLY 16 A39–A43
MISSTATED
RESPONDING WHEN THE AUDITOR CONCLUDES THAT A MATERIAL
LO 5 17–19 A44–A50
MISSTATEMENT OF THE OTHER INFORMATION EXISTS
RESPONDING WHEN A MATERIAL MISSTATEMENT IN THE
FINANCIAL STATEMENT EXISTS OR THE AUDITOR’S
LO 6 20 A51
UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT NEEDS
TO BE UPDATED
LO 7 REPORTING 21–24 A52–A59
LO 8 DOCUMENTATION 25 N/A
EXAMPLES OF AMOUNTS OR OTHER ITEMS THAT MAY BE
APX 1
INCLUDED IN THE OTHER INFORMATION
ILLUSTRATIONS OF AUDITOR’S REPORTS RELATING TO OTHER
APX 2
INFORMATION

214
ISAs – Summaries and Application Guide ISA 720

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope
1. ISA 720 focuses on the auditor’s responsibilities regarding other information in an entity’s annual
report. This includes both financial and non-financial details.
2. However, the auditor's opinion does not cover other information in the annual report, nor does the
standard require additional audit evidence beyond what is necessary for financial statements.
3. The auditor must read and assess other information for material inconsistencies with financial
statements or audit findings. Such inconsistencies may indicate a material misstatement in either
the financial statements or other information, reducing the credibility of both.
4. Other information may summarize, expand on, or provide further details about financial statement
amounts or other relevant matters.
5. Auditor responsibilities under this ISA apply regardless of when the other information is
received—before or after the audit report date.

Objectives
After reading the other information, the auditor must:
• Identify material inconsistencies with the financial statements
• Identify material inconsistencies with the auditor’s knowledge from the audit
• Take appropriate action if material misstatements exist
• Report findings according to ISA 720

Definitions
• Annual Report: A document (or multiple documents) prepared annually to inform owners or
stakeholders about the entity’s financial position, results, operations, governance, and risks. It
includes financial statements and the auditor’s report.

• Other Information: Any financial or non-financial details in the annual report excluding financial
statements and the auditor’s report.

• Misstatement of Other Information: Information that is incorrect, misleading, or omits essential

details, preventing a proper understanding of a matter.

Some reports serve different purposes and are not part of the annual report, such as:
• Industry-specific reports (e.g., capital adequacy reports)
• Corporate Social Responsibility (CSR) reports
• Sustainability reports

Appendix 1 provides examples of financial and non-financial information included in an annual report.

215
ISAs – Summaries and Application Guide ISA 720

LO 2: OBTAINING THE OTHER INFORMATION:

Auditor’s Responsibilities
The auditor must:
1. Identify, through discussions with management, which documents make up the annual report and
determine when and how they will be issued.
2. Arrange to receive the final version of the annual report on time, preferably before issuing the
auditor’s report.
3. If any part of the annual report will be available only after the auditor’s report, request written
confirmation from management that they will provide it before issuing it publicly.

Determining the Annual Report

Laws, regulations, or company practices usually define the annual report.

Communication with Management

• The auditor should inform management about the need to receive the final annual report before
issuing the auditor’s report.
• If this is not possible, management should provide it as soon as possible before public release.
• The audit engagement letter can include an agreement on providing this information in a timely
manner.

Other Information Available Online

• If the annual report is published only on the company’s website, the auditor should obtain it directly
from management, not the website.
• The auditor is not responsible for searching for online information or verifying how it is displayed.

Impact on the Auditor’s Report

• The auditor can issue the report even if they have not received all other information.

Written Representations from Management

The auditor may request written representation that:
1. Management has disclosed all expected reports.
2. The financial statements and other information are consistent and free of material misstatements.
3. Any missing information will be provided and issued as planned.

LO 3: READING AND CONSIDERING THE OTHER INFORMATION:

Responsibilities of the Auditor
The auditor must:
1. Read and review other information included in annual reports or similar documents.
2. Identify material inconsistencies between:
o Other information and the financial statements.
o Other information and the auditor’s knowledge obtained during the audit.
3. Remain alert for material misstatements in other information that are unrelated to financial
statements.

These responsibilities do not mean the auditor provides assurance over the other information.

216
ISAs – Summaries and Application Guide ISA 720

Evaluating Consistency Between Other Information and Financial Statements

Other information may include:
• Tables, charts, and graphs summarizing financial statement figures.
• Detailed breakdowns of financial data (e.g., revenue sources, expenses).
• Narrative descriptions of financial results.

Audit Procedures to Assess Consistency

• Directly compare selected figures with financial statements.
• Check wording in disclosures to identify different meanings.
• Review reconciliations prepared by management.
• Use professional judgment to determine which data points to verify, considering:
o The importance of the figure to users.
o The size of the amount in relation to financial statements.
o The sensitivity of the information (e.g., executive share-based payments).

Evaluating Consistency Between Other Information and Auditor’s Knowledge

Other information may include:
• Production data or regional sales figures.
• New product launches or major business changes.
• Locations of key business operations.

The auditor’s knowledge comes from:

• Understanding the business environment and financial reporting framework (ISA 315).
• Reviewing internal controls and performance metrics.
• Evaluating key assumptions (e.g., impairment tests, going concern).

Audit Procedures to Assess Consistency

• Use professional judgment to assess whether information aligns with audit findings.
• Recall key audit evidence (e.g., discussions with management, board minutes).
• Refer to audit documentation if necessary.
• Consult engagement team members for additional verification.

Engagement Partner’s Role in Reviewing Other Information

The engagement partner must:
• Oversee and supervise the engagement team (ISA 220).
• Ensure team members have sufficient experience to evaluate inconsistencies.
• Determine if component auditors need to review relevant information in a group audit.

LO 4: RESPONDING WHEN A MATERIAL INCONSISTENCY APPEARS TO EXIST OR OTHER

INFORMATION APPEARS TO BE MATERIALLY MISSTATED:
When an auditor identifies a potential material inconsistency or misstatement in other information, they
must take appropriate steps to resolve the issue.

Initial Response and Discussion with Management

• The auditor must discuss the issue with management and request supporting evidence for their
statements.
• If management provides reasonable explanations, the auditor may conclude that no material
misstatement exists.
• However, if management’s response supports concerns about a material misstatement, the auditor
must take further action.

217
ISAs – Summaries and Application Guide ISA 720

Assessing the Nature of the Issue

The auditor determines whether:
1. The other information contains a material misstatement.
2. The financial statements themselves are materially misstated.
3. The auditor’s understanding of the entity and its environment needs updating.

Judgment vs. Factual Inconsistencies

• Verifying factual inconsistencies is usually straightforward.
• Challenging management’s judgment can be more difficult, but the auditor must assess credibility if
the other information contradicts the financial statements or audit findings.

Resolving or Escalating the Issue

If management’s explanation or corrections resolve the inconsistency, no further action is needed. However,
if the issue remains unresolved, the auditor may:
1. Request Expert Consultation
Ask management to seek advice from a qualified expert (e.g., legal counsel, management’s expert).

2. Seek Legal Guidance

Obtain advice from the auditor’s legal counsel if needed.

3. Modify the Auditor’s Report

Consider describing the issue in the audit report, especially if management imposes limitations.

4. Withdraw from the Audit

If permitted by law or regulations, the auditor may withdraw from the engagement if the
inconsistency remains unresolved.

LO 5: RESPONDING WHEN THE AUDITOR CONCLUDES THAT A MATERIAL MISSTATEMENT OF

THE OTHER INFORMATION EXISTS:
When an auditor identifies a material misstatement in other information, they must take appropriate action
based on when the misstatement is found—either before or after the auditor’s report date.

Addressing Material Misstatements Before the Auditor’s Report Date

Requesting Correction
• If a material misstatement is found, the auditor must ask management to correct it.
o If corrected → The auditor verifies the correction.
o If not corrected → The auditor informs those charged with governance and requests the
correction.

Actions if the Misstatement Remains Uncorrected

If management and governance refuse to correct the misstatement, the auditor must take further steps:
• Assess Audit Report Impact
o Determine how the misstatement affects the audit report and inform governance of the
planned response.
o In extreme cases, if management's refusal raises doubts about their integrity, the auditor
may issue a disclaimer of opinion (i.e., stating they cannot provide an opinion due to
unreliable financial information).

• Consider Withdrawal
o If allowed by law, the auditor may withdraw from the engagement.
o In the public sector, withdrawal may not be an option. Instead, the auditor may report the
issue to the legislature or take other appropriate actions.

218
ISAs – Summaries and Application Guide ISA 720

Addressing Material Misstatements After the Auditor’s Report Date

If the Misstatement is Corrected
• The auditor verifies the correction.
• If the incorrect information was previously shared, the auditor may check how management
informed users about the revision.

If the Misstatement Remains Uncorrected

If governance refuses to correct the misstatement, the auditor must act based on legal and professional
obligations:
• Informing Stakeholders
o Issue a new or amended audit report that highlights the misstatement.
o Ask management to distribute the revised report to relevant users.
o Consider the impact on the date of the new report.

• Directly Notifying Users

Bring the issue to stakeholders’ attention (e.g., discuss it in a shareholder meeting).

• Regulatory Reporting
Report the misstatement to regulators or professional bodies.

• Reassessing Engagement Continuance

If management's refusal raises doubts about integrity, reconsider whether to continue the
engagement.

LO 6: RESPONDING WHEN A MATERIAL MISSTATEMENT IN THE FINANCIAL STATEMENT

EXISTS OR THE AUDITOR’S UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT NEEDS
TO BE UPDATED:

If audit procedures reveal a material misstatement in the financial statements or indicate a need to update
the auditor’s understanding of the entity and its environment, the auditor must respond appropriately in line
with other ISAs e.g.
 Revise risk assessment, as per ISA 315.
 Evaluate uncorrected misstatements, as per ISA 705
 Evaluate effect of subsequent events, as per ISA 560.

219
ISAs – Summaries and Application Guide ISA 720

LO 7: REPORTING:

The auditor must include a separate "Other Information" section in the audit report when:
• For listed entities: The auditor has obtained or expects to obtain other information.
• For non-listed entities: The auditor has obtained some or all of the other information

Content of the "Other Information" Section

When required, this section must include:
1. Management’s Responsibility
o A statement that management is responsible for the other information.
2. Identification of Other Information
o Other information obtained before the audit report date.
o For listed entities, information expected to be obtained later.
3. Audit Scope Limitation
o A statement that the audit opinion does not cover the other information.
o The auditor does not provide assurance on other information.
4. Auditor’s Responsibilities
o Explanation of the auditor’s duty to read, consider, and report on other information.
5. Findings Related to Other Information
o If no issues are found: A statement confirming no misstatements.
o If there is an uncorrected material misstatement: A description of the misstatement.

Impact of a Modified Audit Opinion on the "Other Information" Section

If the auditor issues a modified opinion (qualified, adverse, or disclaimer) on the financial statements, the
auditor must assess how it affects reporting on other information.

Types of Modified Opinions and Their Impact

1. Qualified Opinion (Material Misstatement in Financial Statements)
o The auditor must check if the same or related misstatement exists in other information.
2. Qualified Opinion (Scope Limitation)
o If the auditor lacks sufficient evidence about a material item in the financial statements, they
may not be able to determine if the related other information is misstated.
o The "Other Information" section must acknowledge this limitation.
3. Adverse Opinion
o Even if an adverse opinion is issued on the financial statements, the auditor must still
report any material misstatement in other information.
4. Disclaimer of Opinion
o If the auditor disclaims an opinion on the financial statements, adding an "Other
Information" section may confuse users.
o In such cases, the auditor omits the section from the report.

LO 8: DOCUMENTATION:

To comply with ISA 230, the auditor must include in the audit documentation:
• Procedures performed under this ISA.
• Final version of the other information reviewed by the auditor.

220
ISAs – Summaries and Application Guide ISA 720

APX 1: EXAMPLES OF AMOUNTS OR OTHER ITEMS THAT MAY BE INCLUDED IN THE OTHER
INFORMATION:

The following are common examples of amounts and items included in other information. This is not an
exhaustive list.

1. Amounts
• Financial Results: Net income, earnings per share, dividends, sales, operating revenues, purchases,
and expenses.
• Operating Data: Income by major business area or sales by region or product line.
• Special Items: Asset sales, legal provisions, impairments, tax adjustments, environmental costs, and
restructuring expenses.
• Liquidity and Capital Resources: Cash, marketable securities, dividends, debt, leases, and minority
interest obligations.
• Capital Expenditures: Spending by segment or division.
• Off-Balance Sheet Arrangements: Amounts related to unrecorded financial commitments.
• Guarantees and Contingencies: Contractual obligations, legal claims, and environmental liabilities.
• Financial Ratios: Gross margin, return on capital, return on equity, current ratio, interest coverage,
and debt ratio.

2. Other Items
• Critical Accounting Estimates: Key assumptions and their impact.
• Related Party Transactions: Identified parties and transaction details.
• Risk Management Policies: Use of financial instruments like forward contracts and interest rate
swaps.
• Off-Balance Sheet Arrangements: Nature and financial impact.
• Legal & Regulatory Changes: New tax or environmental laws affecting financial position or
operations.
• Impact of New Reporting Standards: How new financial standards affect results, position, and cash
flow.
• Business Environment & Outlook: Market trends, strategy overview, and regional differences.
• Profitability Factors: Key influences on financial performance in specific segments.

221
ISAs – Summaries and Application Guide ISA 720

APX 2: ILLUSTRATIONS OF AUDITOR’S REPORTS RELATING TO OTHER INFORMATION:

Auditor’s report shall include a section “Information Other than the Financial Statements and Auditors’
Report” except:
 When Disclaimer of opinion is expressed, and
 In case of unlisted company, other information is not available before audit report.

Case A: All other information obtained before date of audit report. No misstatement found

Other Information:
Management is responsible for the other information. The other information comprises the information
included in the Annual Report, but does not include the financial statements and our auditors’ report thereon.

Our opinion on the financial statements does not cover the other information and we do not express any form
of assurance conclusion thereon.

In connection with our audit of the financial statements, our responsibility is to read the other information
and, in doing so, consider whether the other information is materially inconsistent with the financial
statements or our knowledge obtained in the audit or otherwise appears to be materially misstated.

If, based on the work we have performed, we conclude that there is a material misstatement of this
other information, we are required to report that fact. We have nothing to report in this regard.

Case B: All other information obtained before date of audit report. Misstatement found.

Other Information:
Management is responsible ………..
Our opinion on ………….
In connection …………...

If, based on the work we have performed, we conclude that there is a material misstatement of this
other information, we are required to report that fact. As described below, we have concluded that
such a material misstatement of the other information exists.
[Description of material misstatement of the other information]

Case C: All of other information will be obtained after audit report.

Other information:
Management is responsible for the other information. The other information comprises the information
included in the Annual Report, but does not include the financial statements and our auditors’ report thereon.
Other Information is expected to be made available to us after the date of this auditor's report.

Our opinion ……….

In connection with our audit ………..

When we read the X report, if we conclude that there is a material misstatement therein, we are
required to communicate the matter to those charged with governance and [describe actions
applicable in the jurisdiction].

222
ISAs – Summaries and Application Guide ISA 720

Case D: Some other information obtained before audit report, some to be obtained after audit report. No
misstatement identified.

Other Information:
Management is responsible for the other information. The other information comprises the X report
(which we obtained prior to the date of auditor’s report), and the Y report (which is expected to be
made available to us after the date of auditor’s report), but does not include the financial statements
and our auditor’s report thereon.

Our opinion ……….

In connection with our audit ………..

If, based on the work we have performed, we conclude that there is a material misstatement of this
other information, we are required to report that fact. We have nothing to report in this regard.

When we read the Y report, if we conclude that there is a material misstatement This para is not required
therein, we are required to communicate the matter to those charged with for unlisted entity.
governance and [describe actions applicable in the jurisdiction].

Case E: Matter causing modified opinion (due to misstatement) is also presented in other information.

Other Information:
Management is responsible ………..
Our opinion on ………….
In connection …………...

If, based on the work we have performed, we conclude that there is a material misstatement of this other
information, we are required to report that fact.

As described in the Basis for Qualified/Adverse Opinion section above, the Group should have
consolidated XYZ Company and accounted for the acquisition based on provisional amounts. We have
concluded that the other information is materially misstated for the same reason with respect to the
amounts or other items in the X report due to failure to consolidate XYZ Company.

Case F: Matter causing qualified opinion (due to scope limitation) is also presented in other information.

Other Information:
Management is responsible ………..
Our opinion on ………….
In connection …………...

If, based on the work we have performed, we conclude that there is a material misstatement of this other
information, we are required to report that fact.

As described in the Basis for Qualified Opinion section above, we were unable to obtain sufficient
appropriate evidence about the carrying amount of ABC’s investment in XYZ as at December 31, 20X1
and ABC’s share of XYZ’s net income for the year. Accordingly, we are unable to conclude whether or
not the other information is materially misstated with respect to this matter.

223
 ISAs – Summaries and Application Guide ISA 800

ISA 800
AUDITS OF F/S PREPARED ON
SPECIAL PURPOSE FRAMEWORKS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–7 A1 – A4

LO 2 CONSIDERATIONS WHEN ACCEPTING THE ENGAGEMENT 8 A5 – A8

CONSIDERATIONS WHEN PLANNING AND PERFORMING
LO 3 9–10 A9–A12
THE AUDIT
FORMING AN OPINION AND REPORTING
LO 4 11–14 A13–A21
CONSIDERATIONS
ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON SPECIAL PURPOSE FINANCIAL
APX
STATEMENTS

224
ISAs – Summaries and Application Guide ISA 800

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope:

General Audits Special Audits

(ISA 200 – 700 Series) (ISA 800 Series)
– General Purpose Framework Special Purpose Framework (ISA 800)
(e.g. IFRS, GAAP) (e.g. Cash, Tax, Contractual, Regulatory)
– Complete Set Single (ISA 805)
– Comprehensive Summary (ISA 810)
– Historic Prospective (ISAE 3400)
Criteria Established by Authorities, or
Criteria Established by Authorities
Developed by Management.
Normally, Additional because of Special
Normally, required by law
Situations.

This ISA does not override other ISAs or cover all possible considerations.

Definitions
Special Purpose Financial Statements:
Financial statements prepared using a special purpose framework.

Special Purpose Financial Statements:

A financial reporting framework designed for specific users. It can be a fair presentation
framework or a compliance framework.

Examples of Special Purpose Frameworks:

Example Explanation
Such a framework may be established by a regulator, and may be used to
Regulatory Basis
prepare financial statements for regulator.
Such a framework may be used to prepare financial statements to accompany
Tax Basis
an entity’s tax return.
Cash Basis Such framework may be used to prepare financial statements for creditors.
Such a framework may be established in the terms of a contract by individual
Contractual Basis
parties e.g. in a loan-agreement, or project-grant.

Compliance with Established Frameworks

 Some special purpose frameworks are partially based on standard reporting frameworks e.g. a
contract may require compliance with most, but not all, Financial Reporting Standards of
Jurisdiction X.
 In such cases, the financial statements must not claim full compliance with the standard
framework.
 A partially compliant framework is considered a compliance framework rather than a fair
presentation framework.

Use of Special Purpose Financial Statements

 Some entities only prepare financial statements under a special purpose framework.
 These statements may also be distributed to other users,

225
ISAs – Summaries and Application Guide ISA 800

LO 2: CONSIDERATIONS WHEN ACCEPTING THE ENGAGEMENT:

Understanding the Financial Reporting Framework

Before accepting an engagement, the auditor must determine the acceptability of the financial reporting
framework used in preparing special purpose financial statements. This involves evaluating:
 The Purpose of the Financial Statements – Understanding why the statements are being prepared.
 The Intended Users – Identifying who will rely on the financial statements.
 Management’s Justification – Assessing the steps taken by management to ensure the framework is
appropriate.

Evaluating the Acceptability of the Framework

The auditor considers several factors to evaluate whether the financial reporting framework is appropriate:

 Regulatory and Legal Requirements

If law or regulation prescribes the framework for a particular type of entity (e.g., regulatory
provisions for financial institutions), it is presumed acceptable unless evidence suggests otherwise.

 Established Standards
A financial reporting framework is considered acceptable if:
• It is set by a recognized organization that follows a transparent process.
• It includes input from relevant stakeholders to ensure its appropriateness.

 Alternative Frameworks
If the framework is based on contractual agreements or other sources (not set by standard-setting
bodies or regulators), its acceptability is assessed based on attributes of a high-quality financial
reporting framework, as outlined in ISA 210.

LO 3: CONSIDERATIONS WHEN PLANNING AND PERFORMING THE AUDIT:

Compliance with ISAs and Ethical Requirements

 Following ISA Standards
The auditor must comply with all relevant International Standards on Auditing (ISAs) when
auditing special purpose financial statements. (from ISA 200 to 720)

 Ethical and Independence Requirements

The auditor must adhere to ethical guidelines, including independence requirements for financial
statement audits.

Understanding the Financial Reporting Framework and Accounting Policies

Evaluating the Financial Reporting Framework
 The auditor must understand the applicable financial reporting framework and the entity’s
accounting policies.
 If financial statements are prepared based on a contract, the auditor must assess management’s key
interpretations of the contract.

Impact of Significant Interpretations

 A contract interpretation is considered significant if another reasonable interpretation would result
in a material difference in the financial statements.
 The auditor must evaluate whether these interpretations align with intended users’ financial
information needs.

226
ISAs – Summaries and Application Guide ISA 800

Special Considerations for Special Purpose Financial Statements

Materiality Judgments
 For general-purpose financial statements, materiality is based on common financial information
needs of users.
 For special purpose financial statements, materiality judgments focus only on the intended users
of those statements.

Thresholds for Uncorrected Misstatements

 In some engagements, management and users may agree on a threshold below which misstatements
will not be corrected.
 However, the auditor must still determine materiality in accordance with ISA 320 for audit planning
and execution.

Communication with Those Charged with Governance

 ISA 260 (Revised) requires the auditor to identify the right individuals in governance for
communication.
 In some cases, governance members responsible for general purpose financial statements may
differ from those overseeing special purpose financial statements.

LO 4: FORMING AN OPINION AND REPORTING CONSIDERATIONS:

Applying ISA 700:

 Auditors must follow ISA 700 (Revised) when forming an opinion and reporting on special purpose
financial statements.

Description of the Applicable Financial Reporting Framework

 Financial statements must clearly describe the financial reporting framework used.
 If prepared under a contract, the auditor must ensure significant contract interpretations are
explained.
 The auditor’s report must:
o State the purpose of the financial statements and their intended users (or refer to a note in
the statements).
o Explain management’s responsibility for choosing an appropriate financial reporting
framework, if applicable.

Alerting Users About Special Purpose Framework

The auditor’s report must include an Emphasis of Matter paragraph highlighting that the financial
statements follow a special purpose framework and may not be suitable for other uses.

Going Concern Considerations

 Some special purpose financial statements may not apply the going concern basis (e.g., tax-based
financial statements).
 The auditor must adjust descriptions of management’s and auditor’s responsibilities based on the
applicable financial reporting framework.

227
ISAs – Summaries and Application Guide ISA 800

Key Audit Matters (KAMs)

 ISA 701 requires communication of KAMs for listed entities’ general purpose financial statements.
 For special purpose financial statements, KAMs are only included if required by law or if the auditor
chooses to report them.

Other Information
 Reports accompanying special purpose financial statements (e.g., owner reports) may be considered
annual reports under ISA 720 (Revised).
 If such a report is issued, ISA 720 (Revised) requirements apply.

Naming the Engagement Partner

 The engagement partner’s name must be included in reports on listed entities’ special purpose
financial statements, as per ISA 700 (Revised).
 In other cases, the name may be included based on legal requirements or auditor discretion.

Alerting Users and Restricting Use of Special Purpose Financial Statements

 Emphasis of Matter for Special Purpose Framework
The auditor must include an Emphasis of Matter paragraph to clarify that the financial statements
were prepared for a specific purpose and may not be suitable for other uses.

 Restrictions on Distribution and Use

In addition to the Emphasis of Matter paragraph, the auditor may explicitly restrict the distribution
or use of the auditor’s report.

Reference to General Purpose Financial Statements

The auditor may include an Other Matter paragraph referring to the audit report on the entity’s general
purpose financial statements.

Modified Opinion:
ISA 800 does not give examples of modified opinions. However, if auditor expresses modified opinion,
drafting of modification will be same as in ISA 705.

Modification in Auditor’s Report on General Purpose F/S

If auditor’s report on general purpose F/S is modified (e.g. modified opinion, EOM/OM, GCU, Other
Information), then auditor’s report on Special/Additional Audit (i.e. ISA 800 series) will also
communicate these modifications to users. This may be done:
 by adding Other Matter Paragraph (ISA 800/805), or
 in section “Audited F/S and our Report thereon” (ISA 810).

228
 ISAs – Summaries and Application Guide ISA 800

APX: ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON SPECIAL PURPOSE

FINANCIAL STATEMENTS:

Prepared under (i.e.

ISA Reference Prepared for (i.e. Users) Further Facts
Framework)
ISA 800 Financial reporting provisions of
 Contractual Companies  Distribution of report restricted.
(Illustration 1) a contract.
ISA 800  Partnership (and its
Tax basis of accounting  Distribution of report restricted.
(Illustration 2) Partners)
 Company also prepared financial
ISA 800 Financial reporting provisions statements on the basis of IFRS.
 Regulator.
(Illustration 3) established by a regulator.  Going Concern Uncertainty and
KAM paragraphs included.

Example of Elements of an Audit Report under Special Purpose Framework

Opinion
We have audited …..

In our opinion, the accompanying financial statements of the Company for the year ended
December 31, 20X1 are prepared in all material respects, in accordance with the financial
reporting provisions of Section Z of the contract dated January 1, 20X1 between the Company and
DEF Company (“the contract”).

Emphasis of Matter – Basis of Accounting and Restriction on Distribution and Use

We draw attention to Note X to the financial statements, which describes the basis of accounting.
The financial statements are prepared to assist the Company in complying with the financial
reporting provisions of the contract referred to above. As a result, the financial statements may not
be suitable for another purpose. Our report is intended solely for the Company and DEF Company
and should not be distributed to or used by parties other than the Company or DEF Company. Our
opinion is not modified in respect of this matter.

Material Uncertainty Related to Going Concern

We draw attention to Note 6 in the financial statements, which indicates that the Company
incurred a net loss of ZZZ during the year ended December 31, 20X1 and, as of that date, the
Company’s current liabilities exceeded its total assets by YYY. As stated in Note 6, these events or
conditions, along with other matters as set forth in Note 6, indicate that a material uncertainty
exists that may cast significant doubt on the Company’s ability to continue as a going concern. Our
opinion is not modified in respect of this matter.

Other Matter
The Company has prepared a separate set of financial statements for the year ended December 31,
20X1 in accordance with International Financial Reporting Standards on which we issued a
separate auditor’s report to the shareholders of the Company dated March 31, 20X2.

229
 ISAs – Summaries and Application Guide ISA 805

ISA 805
SPECIAL CONSIDERATIONS —
AUDITS OF SINGLE FINANCIAL
STATEMENTS AND SPECIFIC
ELEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–6 A1 – A4

LO 2 CONSIDERATIONS WHEN ACCEPTING THE ENGAGEMENT 7–9 A5–A9
CONSIDERATIONS WHEN PLANNING AND PERFORMING THE
LO 3 10 A10–A15
AUDIT
LO 4 FORMING AN OPINION AND REPORTING CONSIDERATIONS 11–17 A16–A28
APX 1 EXAMPLES OF SPECIFIC ELEMENTS, ACCOUNTS OR ITEMS OF A FINANCIAL STATEMENT
ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON A SINGLE FINANCIAL
APX 2
STATEMENT AND ON A SPECIFIC ELEMENT OF A FINANCIAL STATEMENT

230
ISAs – Summaries and Application Guide ISA 805

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope and Application of this ISA:

 International Standards on Auditing (ISAs) in the 100–700 series apply to financial statement audits.
 These standards can be adapted for audits of other historical financial information, including single
financial statements or specific elements, accounts, or items.
 If the audit involves a special purpose framework, ISA 800 also applies.

Objective of This ISA

The objective of the auditor when applying this ISA is to appropriately address special considerations related
to:
1. Engagement Acceptance – Evaluating whether to accept the audit engagement.
2. Audit Planning and Execution – Planning and performing the audit with relevant considerations.
3. Opinion Formation and Reporting – Forming an opinion and reporting on the single financial
statement or specific element.

Examples:
Examples of Single Financial Statement:
 Statement of cash receipts and disbursements.
 Balance sheet

Examples of Specific Elements:

 Accounts Receivable
 Trade Creditors
 Allowance for doubtful accounts receivable.
 Inventory.
 A schedule of net tangible assets.
 Intangible assets.
 Pension liability.
 Royalty.

Notes:
A “single financial statement” or “element”:
1. Also includes relevant disclosures.
2. may be prepared under General Purpose Framework or Special Purpose Framework.

Engagements Beyond Historical Financial Information

If an engagement involves assurance on non-historical financial information, it falls under International
Standard on Assurance Engagements (ISAE) 3000 (Revised).

LO 2: CONSIDERATIONS WHEN ACCEPTING THE ENGAGEMENT:

Application of ISAs
• ISA 200 requires auditors to follow all relevant ISAs for an audit.

Acceptance Considerations:
At time of acceptance, auditor should consider:
 whether Applicable financial reporting framework is acceptable. (refer ISA 210)
 whether he will be able to perform procedures on interrelated items, if he is not engaged to audit the
complete financial statements.

231
ISAs – Summaries and Application Guide ISA 805

Where Audit of Single F/S or Element is not practicable:

Audit of Single F/S or Element may not be practicable if auditor did not audit complete set of F/S, because:
 Auditor may not have same understanding of entity and its internal control as the auditor who
audited complete set of F/S.
 Auditor of single F/S or element may not have evidence about the general quality of the accounting
records or other information.
 Work required by certain ISAs may be disproportionate to the element under audit (e.g. complying
requirements of Going Concern in an audit of receivable).

In such case, auditor discuss with management whether other type of engagement ( e.g. agreed-upon
procedures) is more practicable.

LO 3: CONSIDERATIONS WHEN PLANNING AND PERFORMING THE AUDIT:

Key Considerations for Planning the Audit

• Assessing Relevant ISAs:
o Even when auditing a single element, key ISAs such as ISA 240 (Fraud), ISA 550 (Related
Parties), and ISA 570 (Going Concern) remain relevant.
o These standards address risks such as fraud, improper related-party transactions, and
misapplication of accounting principles.

• Communication with Those Charged with Governance (ISA 260):

o The auditor must identify the appropriate individuals responsible for oversight of the single
statement or element.
o These individuals may be different from those overseeing the full financial statements.

Applying ISAs in the Audit Process

• Obtaining Written Representations:
o Instead of obtaining representations for the full financial statements, auditors should obtain
representations specifically for the audited statement or element.

• Considering Interdependencies Between Financial Statements:

o Many financial statements and specific elements are interconnected.
o The auditor may need to perform additional procedures on related items to ensure accuracy
and completeness (e.g. auditor may have to perform procedures on sales while expressing
opinion on receivables).

• Materiality Considerations:
o Materiality for a single statement or element is often lower than for the full set of financial
statements.
o This affects the scope of audit procedures, risk assessment, and the evaluation of
uncorrected misstatements. Therefore, procedures performed are usually extensive in audit
of single financial statements/element.

Using Audit Evidence from a Full Financial Statement Audit

• When auditing a single financial statement alongside a full financial statement audit, evidence
obtained from the full audit may be useful.
• However, the auditor must still ensure that sufficient appropriate audit evidence is obtained
specifically for the statement or element under audit.

232
ISAs – Summaries and Application Guide ISA 805

LO 4: FORMING AN OPINION AND REPORTING CONSIDERATIONS:

Separate Opinions for Different Engagements

• If auditing both the complete set of financial statements and a single financial statement or specific
element, the auditor must issue separate opinions for each.

Ensuring Clear Differentiation

• When a single financial statement or specific element is published with the complete financial
statements, it must be clearly distinguished.
• The auditor ensures proper differentiation before issuing the audit report.
• If the presentation is unclear, the auditor must ask management to rectify it.

Impact of Matters in the Auditor’s Report on the Complete Financial Statements

If the auditor’s report on the complete set of financial statements includes any of the following:
1. Modified Opinion (ISA 705)
2. Emphasis of Matter or Other Matter paragraph (ISA 706)
3. Material Uncertainty Related to Going Concern (ISA 570)
4. Key Audit Matters (ISA 701)
5. Uncorrected Material Misstatement in Other Information (ISA 720)

The auditor must assess the impact of these matters on the audit of the single financial statement or specific
element.

Examples
• If the complete financial statements contain a qualification on accounts receivable, this likely impacts
an audit of a single financial statement that includes accounts receivable.
• If the qualification is about long-term debt classification, it may not affect an income statement audit.

Restrictions on Unmodified Opinions

When an Adverse or Disclaimer Opinion is Issued
• If the auditor issues an Adverse Opinion or a Disclaimer of Opinion on the complete financial
statements, they cannot issue an unmodified opinion on any single financial statements.

Exception: Separate Audit of a Specific Element

An unmodified opinion is allowed only if:
1. Law or regulations permit it.
2. The opinion is issued in a separate audit report (not published with the adverse/disclaimer opinion).
3. The specific element does not constitute a major portion of the financial statements.

Key Considerations When Applying ISAs:

Going Concern (ISA 570)

The auditor may need to adapt descriptions of management’s responsibilities related to going concern.

Key Audit Matters (ISA 701)

No required. However, it may be communicated if required by law or if the auditor chooses to do so.

233
ISAs – Summaries and Application Guide ISA 805

Other Information (ISA 720)

• Reports that accompany the single financial statement or specific element (such as an annual report)
fall under ISA 720 (Revised).
• The auditor applies ISA 720 requirements when such reports exist.

Engagement Partner’s Name

• For listed entities, the auditor must include the engagement partner’s name in the report.
• For other entities, inclusion depends on legal requirements or auditor’s discretion.

Reference to the Complete Financial Statements

• If issues in the complete financial statements do not directly affect the single financial statement or
specific element, the auditor may still reference them in an Other Matter paragraph.

• Example: If the complete financial statements include a Material Uncertainty Related to Going
Concern, the auditor may reference this in the audit report for the single financial statement.

APX 1: EXAMPLES OF SPECIFIC ELEMENTS, ACCOUNTS OR ITEMS OF A FINANCIAL

STATEMENT:

1. Asset-Related Items
• Accounts Receivable – Includes allowance for doubtful accounts.
• Inventory – Valuation of recorded stock.
• Intangible Assets – Value of identified intangible assets.
• Externally Managed Pension Assets – Schedule of assets and income with notes.
• Net Tangible Assets – Summary with related notes.

2. Liability-Related Items
• Pension Liabilities – Accrued benefits of a private pension plan.
• Insurance Liabilities – Claims incurred but not yet reported.

3. Expense and Payment Schedules

• Lease Property Disbursements – Breakdown of payments with explanations.
• Profit Participation & Bonuses – Schedule of employee bonuses with explanatory notes.

APX 2: ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON A SINGLE FINANCIAL

STATEMENT AND ON A SPECIFIC ELEMENT OF A FINANCIAL STATEMENT:

ISA Reference Subject Matter Framework Users

General/National (Financial Reporting

ISA 805 Single Financial Statements
Framework in Jurisdiction relevant to Wide range of users
(Illustration 1) i.e. B/S
prepare a balance sheet)

Single Financial Statements Specific Users (Creditor

ISA 805 Special (cash receipts and disbursements
i.e. Statement of cash requesting cash flow
(Illustration 2) basis of accounting)
receipts and disbursements information)

ISA 805 Specific Element i.e. Special (Financial reporting provisions

Specific Users (Regulator)
(Illustration 3) Accounts Receivable established by a regulator)

234
 ISAs – Summaries and Application Guide ISA 810

ISA 810
ENGAGEMENTS TO REPORT ON
SUMMARY FINANCIAL
STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–4 N/A

LO 2 ENGAGEMENT ACCEPTANCE 5−7 A1−A7
LO 3 NATURE OF PROCEDURES 8 A8
LO 4 FORM OF OPINION 9−11 A9
TIMING OF WORK AND EVENTS SUBSEQUENT TO THE DATE
LO 5 OF THE AUDITOR’S REPORT ON THE AUDITED FINANCIAL 12−13 A10
STATEMENTS
INFORMATION IN DOCUMENTS CONTAINING SUMMARY
LO 6 14−15 A11−A16
FINANCIAL STATEMENTS
LO 7 AUDITOR’S REPORT ON SUMMARY FINANCIAL STATEMENTS 16−21 A17−A23
RESTRICTION ON DISTRIBUTION OR USE OR ALERTING
LO 8 22 N/A
READERS TO THE BASIS OF ACCOUNTING
LO 9 COMPARATIVES 23−24 A24−A25
UNAUDITED SUPPLEMENTARY INFORMATION PRESENTED
LO 10 25 A26
WITH SUMMARY FINANCIAL STATEMENTS
LO 11 AUDITOR ASSOCIATION 26−27 A27
ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON SUMMARY FINANCIAL
APX
STATEMENTS

235
ISAs – Summaries and Application Guide ISA 810

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Overview of ISA on Summary Financial Statements

This International Standard on Auditing (ISA) provides guidelines for auditors reporting on summary
financial statements. These statements are derived from audited financial statements under ISAs by the same
auditor.

Key Definitions
Applied Criteria
Standards used by management to prepare summary financial statements.

Audited Financial Statements

Complete financial statements audited under ISAs, from which the summary statements are derived.

Summary Financial Statements

A condensed version of audited financial statements.

Risks in Audit of Summary Financial Statements:

1. Applied Criteria (i.e. Framework) may not be suitable.
2. Due to their condensed nature, there is a higher risk of omitting key information, making them
misleading.
3. Auditor’s association may be wrongly stated i.e.
a. If Summary F/S are unaudited, management may give impression that these are audited.
b. If Summary F/S are audited, auditor report may not be attached.
4. There may be inappropriate treatment of subsequent events.
5. In Summary F/S, Comparatives may be omitted, or may be audited by another auditor.

Study Tips
 Summary F/S shall not include Information or Adjustments that are not included in audited F/S.
 Report on Summary F/S will be dated on or after the date of report on Audited F/S.

LO 2: ENGAGEMENT ACCEPTANCE:

Conditions for Accepting an Engagement

The auditor may only accept an engagement to report on summary financial statements if they have audited
the full financial statements from which the summaries are derived.

Pre-Acceptance Considerations
Before accepting the engagement, the auditor must:
• Evaluate the Applied Criteria: Ensure they are appropriate for preparing summary financial
statements.
• Obtain Management’s Agreement: Management must acknowledge its responsibilities, including:
o Preparing summary financial statements using acceptable criteria.
o Making audited financial statements available to intended users, unless law or regulation
states otherwise.
o Including the auditor’s report in any document containing the summary financial
statements.
• Agree on the Auditor’s Opinion: Confirm the form of the opinion to be expressed.

236
ISAs – Summaries and Application Guide ISA 810

When the Engagement Should Not Be Accepted

• If the applied criteria are unacceptable or management does not agree to its responsibilities, the
auditor must decline the engagement unless law or regulation requires it.
• If the engagement is legally required but does not comply with auditing standards, the auditor’s
report must clearly state this.

Acceptability of Criteria for Summary Financial Statements:

Factors Considered by Auditor:
• Entity Type: The nature of the business or organization.
• Purpose: Why the summary financial statements are being prepared.
• User Needs: The information required by intended users.
• Risk of Misleading Information: Whether the criteria ensure clarity and transparency.

Established vs. Custom Criteria

• Standardized Criteria: Criteria set by recognized organizations, laws, or regulations are generally
acceptable.
• Custom Criteria: If no established criteria exist, management may develop its own based on
industry practices. These must ensure:
o Summary financial statements should clearly identify their nature, and reference the full
audited financial statements.
o They disclose the criteria used.
o The amounts match those in the audited financial statements.
o They include necessary details without misleading users.

LO 3: NATURE OF PROCEDURES:
The auditor shall perform the following procedures.

Identifying and Disclosing Summary Nature

Ensure the summary financial statements clearly state that they are summaries and reference the audited
financial statements.

Disclosure of Availability of Audited Financial Statements

If the audited financial statements are not included, assess whether the summary financial statements:
• Clearly state where or from whom the audited financial statements can be obtained.
• Mention any law or regulation that exempts their availability and establishes criteria for preparing
summary financial statements.

Disclosure of Applied Criteria

Confirm that the summary financial statements disclose the criteria used for their preparation.

Accuracy and Consistency with Audited Financial Statements

• Compare the summary financial statements with the audited financial statements to ensure they
align and can be recalculated from the audited figures.
• Ensure the summary financial statements comply with the applied criteria.

Sufficiency and Relevance of Information

• Verify that the summary financial statements contain all necessary information and are detailed
enough to avoid misleading users.

237
ISAs – Summaries and Application Guide ISA 810

Evaluating Accessibility of Audited Financial Statements

• Check if the summary financial statements clearly specify how users can obtain the audited financial
statements.
• Verify if the audited financial statements are publicly available.
• Assess whether management has provided an efficient process for users to access the audited
financial statements.

Note that auditor is not performing substantive procedures to verify figures in Summary F/S, because they have
already been verified in audited F/S.

LO 4: FORM OF OPINION:

Expressing an Unmodified Opinion on Summary Financial Statements

• If an unmodified opinion is appropriate, the auditor shall use one of the following phrases, unless law
or regulation specifies otherwise:
o “The summary financial statements are consistent, in all material respects, with the audited
financial statements, in accordance with [applied criteria].”
o “The summary financial statements fairly summarize the audited financial statements, in
accordance with [applied criteria].”
• The choice of phrase may depend on standard practice in the jurisdiction.

When Law or Regulation Requires Different Wording

If the law prescribes a different opinion wording, the auditor shall:
• Follow the required procedures and any additional steps necessary to issue the prescribed opinion.
• Assess whether the alternative wording could mislead users.
• If misunderstanding is possible, consider adding an explanation to clarify the auditor’s opinion.

If additional explanation cannot prevent misunderstanding:

• The auditor shall not accept the engagement unless legally required to do so.
• If the engagement is mandatory but does not comply with the International Standard on Auditing
(ISA), the auditor’s report shall not state compliance with this ISA.

LO 5: TIMING OF WORK AND EVENTS SUBSEQUENT TO THE DATE OF THE AUDITOR’S

REPORT ON THE AUDITED FINANCIAL STATEMENTS:

Procedures for Summary Financial Statements

If the auditor reports on the summary financial statements after completing the audit, they:
• Do not need to obtain additional audit evidence on the audited financial statements.
• Are not required to report on events occurring after the auditor’s report date.
• Only report on the summary financial statements, as they are derived from the audited financial
statements and do not update them.

Issuing the Auditor’s Report on Summary Financial Statements

• The auditor’s report on the summary financial statements may have a later date than the report on
the audited financial statements.
• When this happens, the auditor must clearly state that the summary financial statements and audited
financial statements do not reflect events occurring after the date of the auditor’s report on the
audited financial statements.

238
ISAs – Summaries and Application Guide ISA 810

Handling Newly Discovered Facts

• If the auditor discovers facts that existed at the date of the auditor’s report but were previously
unknown, they must first assess the impact on the audited financial statements.
• The auditor must not issue the summary financial statements report until completing this
assessment, as required by ISA 560.

LO 6: INFORMATION IN DOCUMENTS CONTAINING SUMMARY FINANCIAL STATEMENTS:

Reviewing Information in Documents with Summary Financial Statements

Auditor’s Responsibility
• The auditor must review information in a document that contains both summary financial
statements and the auditor’s report.
• The auditor must check for material inconsistencies between this information and the summary
financial statements.

Actions if the Information Remains Uncorrected

If management refuses to correct misleading or inconsistent information, the auditor must:
A. Modify or Withdraw the Audit Report
• Issue a modified audit opinion or include an emphasis of matter paragraph to highlight the
issue.
• If the refusal raises serious doubts about financial reliability, the auditor may need to withdraw
from the engagement (if legally allowed).

B. Inform Relevant Stakeholders

• Request Management to Disclose the Issue → Ask them to issue a revised document with
corrected information.
• Directly Notify Users → Communicate concerns in a shareholder meeting or through formal
reports.
• Report to Regulators → If required by law, notify regulatory authorities or professional bodies.

LO 7: AUDITOR’S REPORT ON SUMMARY FINANCIAL STATEMENTS:

Key Elements of the Auditor’s Report on Summary Financial Statements

Title and Addressee
• The report must be titled to indicate it is from an independent auditor (e.g., Report of the Independent
Auditor).
• The auditor must specify the intended recipient of the report. If the addressee differs from that of the
full audit report, the auditor must assess whether this change is appropriate.

Identification of Financial Statements

• Clearly state which summary financial statements are being reported on, including the titles of each
included statement.
• Identify the corresponding full audited financial statements.

Opinion and Disclosure Limitation

• Express an opinion on whether the summary financial statements are consistent, in all material
respects, with or a fair summary of the full audited financial statements.
• Include a statement that summary financial statements do not contain all required disclosures
and are not a substitute for reading the full financial statements and audit report.

239
ISAs – Summaries and Application Guide ISA 810

Responsibilities
• Management’s Responsibility: Management is responsible for preparing the summary financial
statements using the applied criteria.
• Auditor’s Responsibility: The auditor’s responsibility is to express an opinion based on procedures
performed according to ISA requirements.

Reference to the Full Audit Report

• Mention the full audit report, its date, and whether it contains an unmodified opinion.
• If the full audit report has modifications, additional disclosures are required (discussed in Section 2).

Signatures and Date

• The auditor must sign and include their address.
• The report must be dated no earlier than when the auditor has:
o Obtained sufficient evidence to support the opinion.
o Confirmed that management has taken responsibility for the summary financial statements.
o Issued the full audit report.

When the Full Audit Report Contains Modified Opinions or Key Audit Matters
If the full audit report includes:
• A Qualified Opinion (ISA 705)
• An Emphasis of Matter or Other Matter Paragraph (ISA 706)
• Material Uncertainty Related to Going Concern (ISA 570)
• Key Audit Matters (KAMs) (ISA 701)
• An Uncorrected Material Misstatement in Other Information (ISA 720)

The summary financial statements report must:

1. Disclose that the full audit report contains these matters.
2. Describe their basis and impact on the summary financial statements, if any.

Key Audit Matters (KAMs) and Summary Reports

If the full audit report includes KAMs, the summary financial statements report must mention their existence
but does not need to describe each KAM in detail.

When the Full Audit Report Contains an Adverse Opinion or Disclaimer of Opinion
If the full audit report contains an adverse opinion or disclaimer of opinion, the summary financial statements
report must:
• State that the full audit report contains such an opinion.
• Describe the reasons for the adverse opinion or disclaimer.
• Clarify that, due to this opinion on the full financial statements, it is inappropriate to express an
opinion on the summary financial statements.

When Summary Financial Statements Are Inconsistent with Full Financial Statements
If the summary financial statements are not consistent with or do not fairly summarize the full audited
financial statements and management refuses to make corrections, the auditor must:
• Issue an adverse opinion on the summary financial statements.

240
ISAs – Summaries and Application Guide ISA 810

LO 8: RESTRICTION ON DISTRIBUTION OR USE OR ALERTING READERS TO THE BASIS OF

ACCOUNTING:

When Distribution or Use of the Auditor’s Report is Restricted

If the auditor’s report on the audited financial statements has restricted distribution or use, the auditor must
apply the same restriction in the report on the summary financial statements.

When the Auditor’s Report Alerts Readers About a Special Purpose Framework
If the audited financial statements follow a special purpose framework, the auditor must include a similar
alert in the report on the summary financial statements.

LO 9: COMPARATIVES:

Comparatives in audited financial statements may be classified as Corresponding Figures or Comparative

Financial Information

Expectation of Comparatives
When audited financial statements include comparatives, summary financial statements are generally
expected to include them as well.

When Summary Financial Statements Omit Comparatives

• If comparatives are missing in the summary financial statements, the auditor must assess whether
this omission is reasonable. Factors to consider include:
o The purpose of the summary financial statements.
o The applied financial reporting criteria.
o The needs of intended users.
• If the omission is unjustified, the auditor determines its impact on the audit report.

When Comparatives Were Audited by Another Auditor

If the summary financial statements include comparatives that a different auditor reported on, the auditor’s
report must follow ISA 710 requirements.

LO 10: UNAUDITED SUPPLEMENTARY INFORMATION PRESENTED WITH SUMMARY

FINANCIAL STATEMENTS:

 The auditor must ensure that unaudited supplementary information is clearly distinguished from the
summary financial statements.
 If it is not clearly separated, the auditor must request management to revise the presentation.
 If management refuses, the auditor must state in the audit report that this information is not part of
the summary financial statements.

Auditor can adapt further guidance from ISA 700.

241
 ISAs – Summaries and Application Guide ISA 810

LO 11: AUDITOR ASSOCIATION:

Auditor’s Report on Summary Financial Statements

If an entity plans to mention that the auditor has reported on summary financial statements but does not
include the auditor’s report in the document, the auditor must:
• Request management to include the auditor’s report.
• If management refuses, take necessary steps to prevent improper association with the summary
financial statements.

Reference to the Auditor Without Engagement on Summary Financial Statements

• When an auditor has audited financial statements but has not reported on summary financial
statements, and the entity refers to the auditor in a document, the auditor must ensure that:
o The reference is related only to the audited financial statements.
o The statement does not imply that the auditor has reported on the summary financial
statements.
• If these conditions are not met, the auditor must:
o Request management to revise the statement or remove the auditor’s reference.
o Offer to issue a report on the summary financial statements if engaged.
o If management refuses, the auditor must object and take necessary actions to prevent
inappropriate association.
The auditor may:
 Inform intended users and third parties about the incorrect reference.
 Take legal advice based on rights and obligations.

APX: ILLUSTRATIONS OF INDEPENDENT AUDITOR’S REPORTS ON SUMMARY FINANCIAL

STATEMENTS:

ISA Reference Framework Users Audit Opinion Key Considerations

Unmodified on Includes a Material Uncertainty Related to Going
Wide
ISA 810 Established audited FS, Concern section and communication of key audit
range of
(Illustration 1) criteria Unmodified on matters. Summary FS report is dated later than the
users
summary FS audited FS report.
Unmodified on Auditor identified an uncorrected material
Criteria
ISA 810 Specific audited FS, misstatement in other information contained in the
developed by
(Illustration 2) users Unmodified on same document as summary FS. Summary FS report
management
summary FS is dated the same as the audited FS report.
Summary FS reflects the same material misstatement
Criteria Qualified on audited
ISA 810 Specific that led to the qualification of the audited FS.
developed by FS, Qualified on
(Illustration 3) users Summary FS report is dated the same as the audited
management summary FS
FS report.
Adverse on audited Since the audited FS received an adverse opinion, it is
Criteria
ISA 810 Specific FS, Denial of inappropriate to express an opinion on summary FS.
developed by
(Illustration 4) users Opinion on Summary FS report is dated the same as the audited
management
summary FS FS report.

Wide Unmodified on Summary FS are not consistent with the audited FS,
ISA 810 Established
range of audited FS, Adverse leading to an adverse opinion. Summary FS report is
(Illustration 5) criteria
users on summary FS dated the same as the audited FS report.

242
 ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

ISRE 2400
ENGAGEMENTS TO REVIEW
HISTORICAL FINANCIAL STATEMENTS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 17 A1 – A13

CONDUCT OF A REVIEW ENGAGEMENT IN ACCORDANCE
LO 2 18–20 A14
WITH THIS ISRE
LO 3 ETHICAL REQUIREMENTS 21 A15–A16
LO 4 PROFESSIONAL SKEPTICISM AND PROFESSIONAL JUDGMENT 22–23 A17–A25
LO 5 ENGAGEMENT LEVEL QUALITY CONTROL 24–28 A26–A33
ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS
LO 6 29–41 A34–A62
AND REVIEW ENGAGEMENTS
COMMUNICATION WITH MANAGEMENT AND THOSE
LO 7 42 A63–A69
CHARGED WITH GOVERNANCE
LO 8 PERFORMING THE ENGAGEMENT 43–57 A70–A105
LO 9 SUBSEQUENT EVENTS 58–60 N/A
LO 10 WRITTEN REPRESENTATIONS 61–65 A106–A108
EVALUATING EVIDENCE OBTAINED FROM THE PROCEDURES
LO 11 66–68 A109–A111
PERFORMED
FORMING THE PRACTITIONER’S CONCLUSION ON THE
LO 12 69–85 A112–A123
FINANCIAL STATEMENTS
LO 13 THE PRACTITIONER’S REPORT 86–92 A124–A150
LO 14 DOCUMENTATION 93–96 A151
APX 1 Illustrative Engagement Letter for an Engagement to Review Historical Financial Statements
APX 2 Illustrative Practitioners’ Review Reports

243
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of ISRE 2400

Applicable When:
• A practitioner, who is not the auditor, is engaged to review historical financial statements.
• The ISRE outlines the responsibilities, report format, and content for such reviews.

Not Applicable When:

• The review is conducted by the entity’s independent auditor (e.g., as part of interim reporting).

Nature of a Review Engagement

• A review provides limited assurance on whether financial statements are free from material
misstatement.
• The practitioner performs inquiry and analytical procedures to obtain sufficient appropriate
evidence.
• If anything suggests a potential material misstatement, the practitioner must perform additional
procedures.

Practitioner’s Objectives in a Review Engagement

• Obtain limited assurance and conclude whether anything indicates the statements are not
prepared in accordance with the applicable financial reporting framework.
• Provide a written report on the financial statements and communicate findings as required.

LO 2: CONDUCT OF A REVIEW ENGAGEMENT IN ACCORDANCE WITH THIS ISRE:

The practitioner shall comply with all requirements of the ISRE that apply to the review engagement.
The practitioner shall not state compliance with the ISRE unless all relevant requirements have been met.

LO 3: ETHICAL REQUIREMENTS:

The practitioner shall comply with all relevant ethical requirements, including independence.

LO 4: PROFESSIONAL SKEPTICISM AND PROFESSIONAL JUDGMENT:

Applying Professional Skepticism Throughout the Engagement

The practitioner shall perform the engagement with professional skepticism to recognize the possibility
of material misstatements in the financial statements.

Exercising Professional Judgment During the Engagement

The practitioner shall exercise professional judgment in conducting the review engagement.

Practitioners must not use “professional judgment” to justify conclusions that lack support from facts or
audit evidence.

244
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

LO 5: ENGAGEMENT LEVEL QUALITY CONTROL:

Similar to ISQM 1.

LO 6: ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND REVIEW

ENGAGEMENTS:

When to Decline a Review Engagement

The practitioner must not accept a review engagement (unless legally required) if:
• There is no rational purpose for the engagement.
• A review engagement is inappropriate for the situation.
• Independence or ethical standards cannot be met.
• Required information is unavailable or unreliable.
• There are doubts about management’s integrity.
• Management imposes scope limitations that would lead to a disclaimer of conclusion.

Preconditions Before Acceptance

Before accepting, the practitioner must:
• Confirm the financial reporting framework is acceptable.
• Understand the purpose and users of the financial statements.
• Get written acknowledgment from management of their responsibilities:
o Prepare financial statements.
o Maintain internal control.
o Provide full access to records and personnel.

If these preconditions are not met and cannot be resolved, the practitioner must decline the engagement
unless required by law. In that case, the report must not refer to ISRE compliance.

Ongoing Evaluation After Acceptance

If issues arise after engagement acceptance, the practitioner must:
• Discuss the matter with management.
• Decide whether to continue, resolve, or report the issue.

Reports Required by Law or Regulation

• Only refer to ISRE if all its requirements are met.
• If the law mandates a report format that may mislead users:
o Add clarification if possible.
o If not possible, decline the engagement unless legally required.
o Do not claim ISRE compliance if the engagement doesn't meet its standards.

Engagement Letter
Before starting, the practitioner must agree on terms with management or governance, covering:
• Use and scope of financial statements.
• Reporting framework.
• Responsibilities.
• Clarification that it's not an audit.
• Expected report format (noting possible changes).

245
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

Recurring Engagements
For repeat engagements, the practitioner must:
• Reassess terms if circumstances change.
• Remind management of terms when necessary (e.g., changes in ownership, regulations, or
misunderstandings).

Change in Engagement Terms

Changes in engagement scope or type require:
• Reasonable justification (e.g., change in need or misunderstanding).
• Written agreement on new terms.
• The revised report must not refer to the original engagement unless converting to Agreed-Upon
Procedures.

LO 7: COMMUNICATION WITH MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE:

Similar to ISA 260.

LO 8: PERFORMING THE ENGAGEMENT:

Materiality in a Review
Practitioner shall determine materiality for the financial statements as a whole.

Understanding the Entity

Practitioner must understand:
• The entity’s environment, structure, financing, objectives, and accounting system.
• The applicable financial reporting framework and related legal or regulatory factors.
• Prior period adjustments and management’s accounting policies.
• Areas where material misstatements are likely.
This understanding helps in identifying high-risk areas and designing targeted procedures.

Designing and Performing Review Procedures

Inquiries
Inquiries shall cover:
• Significant accounting estimates.
• Related party transactions and their purpose.
• Significant or unusual business changes or transactions.
• Uncorrected misstatements from prior periods.
• Going concern assumptions and risks.
• Actual or suspected fraud or non-compliance.
• Events after period-end that require adjustment or disclosure.
• Commitments, contingencies, and non-monetary transactions.

Analytical Procedures:
Practitioner uses analytical procedures to:
• Understand the entity and detect unusual patterns.
• Confirm relationships between financial and non-financial data.
• Identify inconsistencies that may indicate misstatements.
Practitioner shall assess whether data used is reliable and relevant.

246
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

Specific Review Procedures:

Procedure Explanation

• Practitioner shall stay alert for undisclosed related party transactions.

• For significant unusual transactions, inquire about:
Related Parties o Nature of the transaction
o Involvement of related parties
o Business purpose

If fraud or non-compliance is suspected, practitioner shall:

• Communicate with appropriate management or governance.
Fraud and Non-
• Request management’s assessment of impact.
Compliance
• Assess implications for the review conclusion.
• Determine if external reporting is required or permitted by law or ethics.

• Practitioner shall consider the same time period used by management.

• If events raise doubt, practitioner shall:
Going Concern
o Ask about management’s action plans and assess their feasibility.
Evaluation
o Decide if financial statements are misstated or misleading.
o Use all available review evidence to form a conclusion.

Using Work of If using work from another practitioner or expert, Practitioner shall ensure the work is
Others adequate and reliable for review purposes.

Reconciling
Practitioner shall verify that the financial statements reconcile to the underlying
Financial
accounting records.
Statements

Additional Procedures When Material Misstatement is Suspected:

If practitioner believes the financial statements may be materially misstated, he shall Design and perform
additional procedures to:
o Conclude no material misstatement exists; or
o Confirm the misstatement and evaluate impact on the review report.

Example: Deciding If More Review Work Is Needed

A practitioner finds a large amount of overdue accounts receivable with no allowance for bad debts. This raises concerns
of a possible misstatement.

The practitioner inquires management if any receivables are uncollectible.

Based on the response, three outcomes are possible:

(a) No misstatement – The explanation is reasonable. No further action needed.
(b) Clear misstatement – The practitioner concludes the financials are wrong. No more work needed.
(c) Unclear – There’s still some concern (sufficient appropriate evidence not obtained). Practitioner shall perform more
procedures such as reviewing payments after year-end until sufficient evidence obtained.

247
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

LO 9: SUBSEQUENT EVENTS:

If subsequent events are identified, practitioner shall request management to adjust financial statements.
[Similar to ISA 560]

LO 10: WRITTEN REPRESENTATIONS:

Practitioner shall request written representation from management. [Similar to ISA 580]

LO 11: EVALUATING EVIDENCE OBTAINED FROM THE PROCEDURES PERFORMED:

After completing all necessary procedures, the practitioner shall evaluate the evidence to determine its
effect on the review report.

LO 12: FORMING THE PRACTITIONER’S CONCLUSION ON THE FINANCIAL STATEMENTS:

Unmodified Conclusion
If no material misstatement is found and limited assurance is obtained, express an unmodified conclusion
using:
• For fair presentation frameworks:
“Based on our review, nothing has come to our attention that causes us to believe that the financial
statements do not present fairly, in all material respects…”

• For compliance frameworks:

“…that the financial statements are not prepared, in all material respects, in accordance with the
applicable framework.”

Financial Statements Are Materially Misstated

Auditor shall express Qualified Conclusion (if effect is material), or Adverse Conclusion (if effect is
pervasive).

Use these phrases:

• Qualified (Fair Presentation):
“…except for the effects of the matter(s) described… the financial statements present fairly…”

• Adverse (Fair Presentation):

“…due to the significance of the matter(s)… the financial statements do not present fairly…”

In the Basis for Conclusion paragraph (immediately before Conclusion paragraph), the practitioner shall:
• Quantify the misstatement effects (if possible).
• Explain narrative misstatements.
• Describe missing required disclosures and include them, if permitted.

248
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

Inability to Obtain Sufficient Appropriate Evidence

Auditor shall express Qualified Conclusion (if effect is material), or Disclaimer of Conclusion (if effect is
pervasive).

Use these phrases:

• Qualified:
“…except for the possible effects of the matter(s)… nothing has come to our attention…”
• Disclaimer:
“…due to the significance of the matter(s)… we do not express a conclusion.”

In the Basis for Conclusion paragraph, state:

• Why sufficient appropriate evidence could not be obtained.

Withdrawal from the Engagement

If there is scope limitation by management, similar course of action as in ISA 705 i.e. withdrawal if possible
and practicable......

LO 13: THE PRACTITIONER’S REPORT:

The practitioner’s report for the review engagement shall be in writing, and shall contain the following
elements:
1. A title, which shall clearly indicate that it is the report of an independent practitioner for a review
engagement
2. The addressee(s), as required by the circumstances of the engagement
3. An introductory paragraph that:
a. States that the financial statements have been reviewed
b. identifies the title of each financial statement reviewed, and
c. the date and period covered by each financial statement
4. A description of the responsibility of management.
If the financial statements are special purpose financial statements, also state following:
a. A description of the purpose
b. and, if necessary, the intended users
c. If management has a choice of financial reporting framework, a reference to management’s
responsibility that AFRF is acceptable in the circumstances.
5. A description of the practitioner’s responsibility
6. A description of a review of financial statements and its limitations
7. Conclusion
8. Compliance with Ethical Requirements
9. Date
10. Signature
11. Location

Points to Note:
 Report may also include Emphasis of matter paragraph (immediately after conclusion), and Other matter
paragraph.
 However, KAM or Material Uncertainty relating to Going Concern Paragraphs are NOT included.

Other Reporting Responsibilities

• If requested or required, include a separate section titled “Report on Other Legal and Regulatory
Requirements”.
• Place this section after “Report on the Financial Statements.”

249
ISAs – Summaries and Application Guide ISRE 2400: Review of Historical F/S

LO 14: DOCUMENTATION:
Practitioner shall prepare documentation for review that provides evidence that review was performed in
accordance with this ISRE. [Similar to as in ISA 230]

APX 1: ILLUSTRATIVE ENGAGEMENT LETTER FOR AN ENGAGEMENT TO REVIEW HISTORICAL

FINANCIAL STATEMENTS:

Please read APX 1 of ISRE 2400 for example of Engagement Letter..

APX 2: REVIEW REPORTS ON GENERAL PURPOSE FINANCIAL STATEMENTS:

INDEPENDENT PRACTITIONER’S REVIEW REPORT

[Appropriate Addressee]

Report on the Financial Statements

We have reviewed the accompanying financial statements of ABC Company, which comprise the statement of financial
position as at December 31, 20X1, and the statement of comprehensive income, statement of changes in equity and
statement of cash flows for the year then ended, and a summary of significant accounting policies and other explanatory
information.

Management’s Responsibility for the Financial Statements

Management is responsible for the preparation and fair presentation of these financial statements in accordance with the
International Financial Reporting Standard for Small and Medium-sized Entities,3 and for such internal control as
management determines is necessary to enable the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.

Practitioner’s Responsibility
Our responsibility is to express a conclusion on the accompanying financial statements. We conducted our review in
accordance with International Standard on Review Engagements (ISRE) 2400 (Revised), Engagements to Review
Historical Financial Statements. ISRE 2400 (Revised) requires us to conclude whether anything has come to our attention
that causes us to believe that the financial statements, taken as a whole, are not prepared in all material respects in
accordance with the applicable financial reporting framework. This Standard also requires us to comply with relevant
ethical requirements.

A review of financial statements in accordance with ISRE 2400 (Revised) is a limited assurance engagement. The
practitioner performs procedures, primarily consisting of making inquiries of management and others within the entity,
as appropriate, and applying analytical procedures, and evaluates the evidence obtained.

The procedures performed in a review are substantially less than those performed in an audit conducted in accordance
with International Standards on Auditing. Accordingly, we do not express an audit opinion on these financial statements.

Conclusion
Based on our review, nothing has come to our attention that causes us to believe that these financial statements do not
present fairly, in all material respects, (or do not give a true and fair view of) the financial position of ABC Company as at
December 31, 20X1, and (of) its financial performance and cash flows for the year then ended, in accordance with the
International Financial Reporting Standard for Small and Medium-sized Entities.

[Practitioner’s signature]
[Date of the practitioner’s report]
[Practitioner’s address]

250
 ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

ISRE 2410
[STATUTORY] REVIEW OF INTERIM
FINANCIAL INFORMATION BY
AUDITOR

LO # LEARNING OBJECTIVE PARAGRAPHS

LO 1 INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION) 1–3

GENERAL PRINCIPLES OF A REVIEW OF INTERIM FINANCIAL
LO 2 4–6
INFORMATION
OBJECTIVE OF AN ENGAGEMENT TO REVIEW INTERIM FINANCIAL
LO 3 7–9
INFORMATION
LO 4 AGREEING THE TERMS OF THE ENGAGEMENT 10–11
LO 5 PROCEDURES FOR A REVIEW OF INTERIM FINANCIAL INFORMATION 12–29
LO 6 EVALUATION OF MISSTATEMENTS 30–33
LO 7 MANAGEMENT REPRESENTATIONS 34–35
LO 8 AUDITOR’S RESPONSIBILITY FOR ACCOMPANYING INFORMATION 36–37
LO 9 COMMUNICATION 38–42
REPORTING THE NATURE, EXTENT AND RESULTS OF THE REVIEW
LO 10 43–63
OF INTERIM FINANCIAL INFORMATION
LO 11 DOCUMENTATION 64
EXAMPLE OF AN ENGAGEMENT LETTER FOR A REVIEW OF INTERIM FINANCIAL
APX 1
INFORMATION
ANALYTICAL PROCEDURES THE AUDITOR MAY CONSIDER WHEN PERFORMING A
APX 2
REVIEW OF INTERIM FINANCIAL INFORMATION
APX 3 EXAMPLE OF A MANAGEMENT REPRESENTATION LETTER
APX 4 – 7 DIFFERENT EXAMPLES OF REVIEW REPORT

251
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):

Purpose and Scope of This ISRE

 This International Standard on Review Engagements (ISRE) sets out the auditor’s responsibilities
during a review of interim financial information.
 It also explains the format and content of the review report.
 Although the review is not an audit, the standard uses the term “auditor” because it applies only to
independent auditors of the entity’s financial statements.

Definition of Interim Financial Information

Interim financial information refers to financial statements for a period shorter than a full financial year.

Auditor’s Responsibilities in Review Engagements

• When performing the review, the auditor must follow this ISRE.
• From the annual audit, the auditor already understands the entity, its environment, and internal control.
• During the review, the auditor updates that understanding through inquiries and analytical procedures.
This helps focus the review work efficiently.

Responsibilities of a Practitioner Who Is Not the Auditor

 If a practitioner (not the entity’s auditor) performs the review, they must follow ISRE 2400 (Revised).
 Since the practitioner lacks detailed knowledge of the entity and its internal control, they must
perform different inquiries and procedures to meet the review objective.

Requirements for Quarterly Financial Statements of Listed Companies in Pakistan:

Quarter Period to be presented Assurance Required

1st Quarter 3 months Vs. 3 months Not required.
6 months Vs. 6 months
2nd Quarter / Half-yearly + Review of 6 months
3 months Vs. 3 months
9 months Vs. 9 months
3rd Quarter + Not required.
3 months Vs. 3 months

Difference between ISRE 2400 & ISRE 2410

ISRE 2400 ISRE 2410

Word “Practitioner” is used. Word “Auditor” is used.
Review report contains separate sections for Management and Auditor’s responsibilities are
responsibilities of Management and Practitioner. included in introductory paragraph.
Period covered may be 3 months, 6 months, 9 Period covered is usually 6 months, and can never be
months, or even 12months. 12 months.
Review report may be restricted. Review report is usually not restricted.

252
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

LO 2: GENERAL PRINCIPLES OF A REVIEW OF INTERIM FINANCIAL INFORMATION:

A review of interim financial information is less extensive than an audit but still requires professional
standards. The auditor must:

1. Follow Ethical Standards

Apply the same ethical principles as in an audit—independence, integrity, objectivity, professional
competence, confidentiality, and proper conduct.

2. Ensure Quality Control

Implement quality control measures for the specific review, including team assignment,
performance, and monitoring.

3. Apply Professional Skepticism

Maintain a questioning attitude. Stay alert to any signs of misstatement or unreliable evidence from
management.

LO 3: OBJECTIVE OF AN ENGAGEMENT TO REVIEW INTERIM FINANCIAL INFORMATION:

Objective
 The objective of a review of interim financial information is to allow the auditor to conclude whether
anything has come to attention that indicates the financial information is not prepared, in all material
respects, in line with the applicable financial reporting framework.
 The auditor performs inquiries and analytical procedures to reduce the risk of giving an
inappropriate conclusion.
 This risk is reduced to a moderate level, which is higher than in an audit, but lower than reasonable
assurance.

Review vs. Audit – Key Differences

A review is not the same as an audit under International Standards on Auditing (ISAs).

• In a review:
• The auditor does not express an opinion on whether the financial information gives a true and fair
view.
• The engagement does not provide reasonable assurance.

• In an audit:
• The auditor gathers more extensive audit evidence.
• The goal is to obtain reasonable assurance and express a positive audit opinion.

Review Procedures
• A review mainly involves:
• Inquiries with persons responsible for financial and accounting matters.
• Analytical procedures to identify unusual trends or inconsistencies.
• Other review procedures

• A review may uncover significant issues, but it does not provide all the audit evidence required in a full
audit.

253
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

LO 4: AGREEING THE TERMS OF THE ENGAGEMENT:

Agreement on Terms of the Engagement

• The auditor and client must agree on the terms before starting the engagement.
• These terms are usually documented in an Engagement Letter, which helps prevent confusion.

Key Elements Covered in the Engagement Letter

 The objective and scope of the review.
 Management’s responsibilities, including:
o Preparing the interim financial information.
o Maintaining effective internal control over the preparation process.
o Providing full access to all financial records and related information.
o Giving written representations to confirm both oral and implied representations made
during the review.
 The auditor’s responsibilities and the level of assurance to be obtained.
 The expected form and content of the auditor’s report, including the intended recipient.
 Management’s agreement to include the review report in any document that mentions the interim
financial information was reviewed by the auditor.

The engagement terms for the review of interim financial information may be combined with terms for the
audit of annual financial statements.

LO 5: PROCEDURES FOR A REVIEW OF INTERIM FINANCIAL INFORMATION:

Understanding the Entity and Internal Control

• The auditor must understand the entity, its environment, and internal control systems related to
both annual and interim financial information.
• Auditors who previously audited the entity must update their understanding for the current review.
• A new auditor must gain full understanding of the entity, and controls related to both annual and
interim reporting.

Scope of Procedures:
A review does not involve:
• Tests of records (e.g., inspection, observation, confirmation).
• Full corroboration of evidence.

The auditor performs inquiries and analytical procedures to determine whether anything suggests that the
interim financials are materially misstated.

254
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

Common Review Steps

• Reading minutes of board and committee meetings.
• Following up on unresolved matters from previous audits.
• Coordinating with other auditors, if necessary.
• Inquiring about:
o Compliance with financial reporting framework.
o Changes in accounting principles or methods.
o New or complex transactions.
o Uncorrected misstatements.
o Related party transactions.
o Legal or contractual obligations.
o Debt covenant compliance.
o Fraud or suspected fraud by management or employees.
o Any reported fraud allegations or legal non-compliance.
• Applying analytical procedures such as:
o Ratio and trend analysis.
o Regression or other statistical techniques.
• Reading the interim financial statements to detect any apparent misstatements.

Timing of Procedures:
Auditors may begin review procedures before interim period ends (e.g., reading minutes early). Early
procedures help identify major accounting matters sooner.

Auditors may combine audit and interim review work for efficiency, e.g.
• Reviewing board minutes for both purposes.
• Perform early audit procedures on significant events (e.g., mergers, restructurings).

Other Review Considerations

Litigation and Legal Matters
• Sending legal letters is not usually required.
• If legal concerns arise during review, direct contact with the entity’s lawyer may be appropriate.

Reconciling Financial Information

Auditor must confirm that interim financial data matches accounting records by:
• Tracing to the general ledger or consolidation schedules.
• Reviewing supporting documents if needed.

Subsequent Events
• The auditor must ask management whether all events up to the review report date requiring
adjustment or disclosure have been identified.
• No further procedures are required after that date.

Going Concern Considerations

Management Assessment
• Ask if management has changed its going concern assessment.
• If concerns exist, ask about:
o Future plans (e.g., asset sales, debt restructuring, capital raising).
o Feasibility of plans.
o Whether management believes these actions will resolve the issue.

Disclosure
• Assess if disclosures related to going concern are adequate.

255
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

Responding to Identified Issues

• If a procedure reveals potential material misstatement, the auditor:
o Makes further inquiries.
o Performs additional procedures to resolve doubts.

• Example: For questionable revenue recognition:

o Speak to accounting and sales personnel.
o Review relevant contracts.

If auditor is newly appointed: (who has not yet performed annual audit)
A newly appointed auditor shall obtain understanding by:
i. Making inquiries of predecessor auditor.
ii. Reviewing (where possible) predecessor auditor’s documentation for the previous annual audit.
iii. Reviewing (where possible) predecessor auditor’s documentation for any prior interim period in the
current year.

In doing so, auditor considers following matters which may have been identified in prior periods:
i. Significant matters (e.g. deficiencies in internal control, significant risks).
ii. nature of corrected and uncorrected misstatements.

If auditor has already audited the entity’s financial statements:

If auditor has performed one or more annual audits for the entity, he would have already obtained
understanding as required by ISA – 315. He shall update his understanding in a review engagement by
performing procedures described in Paragraph 15.

Review Procedures:
The auditor should make inquiries, primarily of persons responsible for financial and accounting matters, and
perform analytical and other review procedures to enable the auditor to conclude on financial statements.
A review ordinarily does not require tests of the accounting records through inspection, observation or
confirmation.

List of Inquiries, analytical and other review procedures performed is available in Paragraph 21 and
Appendix 2.

During review, auditor may decide to perform audit procedures.

Points to Note:
 Usually inquiry letter to lawyers is not sent.
 Auditor inquires management about subsequent events, however no other procedures are performed
to identify subsequent events.
 Auditor inquires about management’s assessment of going concern. If an event or condition casting
doubt is identified, auditor obtains plan and inquires about it. However, auditor does not corroborate
feasibility of management’s plans.
 If there is a risk that an item may be misstated, auditor shall perform additional procedures sufficient to
resolve the issue.

256
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

LO 6: EVALUATION OF MISSTATEMENTS:

• The auditor must evaluate whether uncorrected misstatements—individually or combined—are material to

the interim financial information.

• The auditor may set a threshold below which individual misstatements are not aggregated.

• Even small misstatements can be material, depending on quantitative and qualitative factors.

LO 7: MANAGEMENT REPRESENTATIONS:

Core Written Representations Required from Management

The auditor must obtain a written statement from management confirming:
• Responsibility for Internal Controls
• Compliance with Reporting Framework
• Uncorrected Misstatements are Immaterial
• Disclosure of Fraud or Suspected Fraud
• Fraud Risk Assessment
• Non-Compliance with Laws or Regulations
• Subsequent Events

Additional Representations Specific to the Entity

The auditor must also obtain additional representations tailored to the entity’s industry or business.
These help address unique risks or issues relevant to specific context.

LO 8: AUDITOR’S RESPONSIBILITY FOR ACCOMPANYING INFORMATION:

Material Inconsistencies:
The auditor must read the other information provided with the interim financial information. If this other
information is materially inconsistent with the interim financial information, the auditor assesses whether
either needs correction.

If interim financial information needs amendment:

If the interim financial information needs amendment and management refuses, the auditor evaluates the
impact on the review report.

If other information needs amendment:

If the other information needs amendment and management refuses, the auditor considers:
• Adding a paragraph to the review report explaining the inconsistency
• Withholding the review report
• Withdrawing from the engagement

257
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

Misstatements of Fact in Other Information

A material misstatement of fact refers to incorrect or misleading information not directly related to the
interim financial data.

When a Misstatement of Fact is Found

If such a misstatement comes to the auditor’s attention, the auditor must:
o Discuss the issue with management.
o Assess the validity of the information and management’s response.
o Consider whether the issue reflects a difference of opinion or requires input from a
qualified third party.

If Management Refuses to Correct

The auditor considers appropriate next steps, including:
o Notifying those charged with governance.
o Seeking legal advice.
o Taking other actions based on legal and professional obligations.

LO 9: COMMUNICATION:

Communicating with Management

• Material Issues: If the auditor finds a matter needing material adjustment, they must inform
management promptly.
• Fraud or Non-Compliance: If fraud or non-compliance is suspected, the auditor reports it to an
appropriate level of management, based on risk of collusion or involvement.

Escalation to Governance
• If management fails to act within a reasonable time, the auditor must inform those charged with
governance.
• Communication can be oral or written. Oral communication must be documented.

When Governance Fails to Act

The auditor considers:
• Modifying the review report
• Withdrawing from the engagement
• Resigning from the audit of annual financial statements

258
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

LO 10: REPORTING THE NATURE, EXTENT AND RESULTS OF THE REVIEW OF INTERIM
FINANCIAL INFORMATION:
A review report shall be in writing and shall consist of following elements:
1. A title of report
2. The addressee
3. An introductory paragraph that:
a. Identifies the title of each of financial statements, and period covered;
b. States that the financial statements have been reviewed;
4. A description of the management’s responsibility for the preparation of the financial statements.
5. A description of the Auditor's responsibility to express a conclusion on the financial statements.
6. A description/scope of a review of financial statements, with following statements:
a. A review is performed under ISRE, and is a limited assurance engagement.
b. The auditor performs procedures, primarily consisting of inquiries, analytical procedures,
and other procedures.
c. The procedures performed in a review are substantially less than those performed in an
audit conducted in accordance with ISAs and, accordingly, the auditor does not express an
audit opinion on the financial statements.
7. A paragraph under the heading "Conclusion". If conclusion is modified, reason of modification shall
also be explained.
8. The date of the report.
9. The signature.
10. The Place.

Study Tip
Practitioner can also include in his report “Emphasis of matter” and/or “Other matter” paragraphs.

Result Effect on Report

If financial statements are not materially misstated Unqualified Conclusion
If financial statements are misstated and effect is Qualified conclusion
material.
If financial statements are misstated and effect is Adverse conclusion
pervasive.
If there is a scope limitation by management, before Auditor should not accept engagement.
acceptance.
If there is a scope limitation (by management or other), Auditor shall:
after acceptance. - communicate it to TCWG
- express Disclaimer of conclusion. ***
*** However, in rare circumstances Qualified conclusion may be expressed if effect is confined to specific element
and is not pervasive.

Going Concern Issues and Effect on Review Report:

If there is an uncertainty relating to going concern or other significant uncertainty, auditor shall:
 include Emphasis of Matter Paragraph in his review report (if adequately disclosed).
 Express Qualified or Adverse conclusion (if not adequately disclosed).

259
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

Other Considerations: [=inappropriate association in ISA 810]

If management issues interim financial information Auditor shall seek legal advice to determine
but review report is missing appropriate course of action.
If auditor issued modified review report, but  Auditor shall seek legal advice to determine
management issued interim financial statements appropriate course of action.
without review report  Further, auditor shall also consider withdrawal
from audit of annual financial statements.

LO 11: DOCUMENTATION:

Objective:
The auditor prepares documentation to support their conclusion and demonstrate compliance with the ISRE
and legal or regulatory requirements.

Key Purpose:
Documentation must be detailed enough for an experienced auditor (not previously involved in the
engagement) to understand the work done.

What the Documentation Should Include:

• Nature, timing, and extent of inquiries.
• Analytical and other review procedures performed.
• Information obtained during the review.
• Significant matters identified and how they were addressed.

APX 1: EXAMPLE OF AN ENGAGEMENT LETTER FOR A REVIEW OF INTERIM FINANCIAL

INFORMATION:

Please read Appendix 1 of ISRE 2410.

260
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

APX 2: ANALYTICAL PROCEDURES THE AUDITOR MAY CONSIDER WHEN PERFORMING A

REVIEW OF INTERIM FINANCIAL INFORMATION:

Auditors may use the following analytical procedures during a review of interim financial information:
1. Period-to-Period Comparisons
o Compare current interim financial information with:
 The previous interim period.
 The same interim period from the prior financial year.
 Management’s expected figures for the current period.
 The most recent audited annual financial statements.

2. Comparison with Budgets or Forecasts

o Compare actual figures with budgets or forecasts, such as:
 Tax balances.
 Ratio of income tax provision to pretax income.
o Use expected tax rates and prior period data for reference.

3. Comparison with Non-Financial Information

o Compare financial results with relevant non-financial data.

4. Auditor’s Own Expectations

o Develop expectations using industry knowledge and understanding of the entity.
o Compare actual figures or ratios to these expectations.

5. Industry Comparisons
o Compare current ratios and indicators with those of similar entities in the same industry.

6. Analysis of Financial Relationships

o Compare relationships in current data with prior periods, such as:
 Expense types as a percentage of sales.
 Asset types as a percentage of total assets.
 Percentage change in sales vs. percentage change in receivables.

7. Disaggregated Data Analysis

o Break down data for deeper analysis, such as:
 By time: quarterly, monthly, or weekly.
 By product line or revenue source.
 By location or component.
 By transaction attributes: e.g., revenue by designer or architect.
 By multiple attributes: e.g., sales by product and by month.

APX 3: EXAMPLE OF A MANAGEMENT REPRESENTATION LETTER:

Please read Appendix 3 of ISRE 2410.

261
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

APX 4 – 7: DIFFERENT EXAMPLES OF REVIEW REPORT:

Examples of Review Reports on Interim Financial Information (Unqualified Conclusion)

AUDITORS’ REPORT TO THE MEMBERS ON REVIEW OF CONDENSED INTERIM FINANCIAL INFORMATION

Introduction
We have reviewed the accompanying condensed interim balance sheet of ABC Entity as of March 31, 20X1 and the
related condensed interim profit and loss account, condensed interim statement of comprehensive income,
condensed interim cash flow statement and condensed interim statement of changes in equity for the half year
then ended (here-in-after referred to as the “condensed interim financial information”). Management is
responsible for the preparation and presentation of this condensed interim financial information in accordance
with approved accounting standards as applicable in Pakistan for interim financial reporting. Our responsibility is
to express a conclusion on this condensed interim financial information based on our review.

Scope of Review
We conducted our review in accordance with International Standard on Review Engagements 2410, “Review of
Interim Financial Information Performed by the Independent Auditor of the entity.” A review of interim financial
information consists of making inquiries, primarily of persons responsible for financial and accounting matters,
and applying analytical and other review procedures. A review is substantially less in scope than an audit
conducted in accordance with International Standards on Auditing and consequently does not enable us to obtain
assurance that we would become aware of all significant matters that might be identified in an audit. Accordingly,
we do not express an audit opinion.

Conclusion***
Based on our review nothing has come to our attention that causes us to believe that the accompanying interim
financial information as of and for the half year ended March 31, 2012 does not give a true and fair view of (or
“does not present fairly, in all material respects,”) in accordance with approved accounting standards as applicable
in Pakistan for interim financial reporting.
Auditor
Auditor
Date
Address

Qualified Conclusion due to misstatement (Opinion Paragraph Only):

Basis for Qualified Conclusion
Based on information provided to us by management, ABC Entity has excluded from property and long-term
debt certain lease obligations that we believe should be capitalized to conform with AFRF. This information
indicates that if these lease obligations were capitalized at March 31, 20X1, property would be increased by
Rs. ______, long-term debt by Rs. ______, and net income and earnings per share would be increased (decreased)
by Rs. ________, Rs. _________, Rs. ________, and Rs. ________, respectively for the three-month period then ended.

Qualified Conclusion
Based on our review, with the exception of the matter described in the preceding paragraph, nothing has
come to our attention that causes us to believe that the accompanying interim financial information does not
give a true and fair view of (or “does not present fairly, in all material respects,”) the financial position of the
entity as at March 31, 20X1, and of its financial performance and its cash flows for the three month period
then ended in accordance with AFRF.

262
ISAs – Summaries and Application Guide ISRE 2410: Review of Interim Information

Qualified Conclusion due to scope limitation (Opinion Paragraph Only):

Basis for Qualified Conclusion
As a result of a fire in a branch office on (date) that destroyed its accounts receivable records, we were unable
to complete our review of accounts receivable totaling Rs. ________ included in the interim financial
information. The entity is in the process of reconstructing these records and is uncertain as to whether these
records will support the amount shown above and the related allowance for uncollectible accounts. Had we
been able to complete our review of accounts receivable, matters might have come to our attention indicating
that adjustments might be necessary to the interim financial information.

Qualified Conclusion
Except for the adjustments to the interim financial information that we might have become aware of had it
not been for the situation described above, based on our review, nothing has come to our attention that
causes us to believe that the accompanying interim financial information does not give a true and fair view of
(or “does not present fairly, in all material respects,”) the financial position of the entity as at March 31, 20X1,
and of its financial performance and its cash flows for the three-month period then ended in accordance with
AFRF.

Adverse Conclusion due to misstatement (Opinion Paragraph Only):

Basis for Adverse Conclusion
Commencing this period, management of the entity ceased to consolidate the financial statements of its
subsidiary companies since management considers consolidation to be inappropriate because of the
existence of new substantial non-controlling interests. This is not in accordance with AFRF. Had consolidated
financial statements been prepared, virtually every account in the interim financial information would have
been materially different.

Adverse Conclusion
Our review indicates that, because the entity’s investment in subsidiary companies is not accounted for on a
consolidated basis, as described in the preceding paragraph, this interim financial information does not give a
true and fair view of (or “does not present fairly, in all material respects,”) the financial position of the entity as
at March 31, 20X1, and of its financial performance and its cash flows for the three-month period then ended
in accordance with AFRF.

263
 ISAs – Summaries and Application Guide ISAE 3000

ISAE 3000
ASSURANCE ENGAGEMENTS
(EXCEPT AUDIT AND REVIEW)

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVES, DEFINITION 1 – 13 A1 – A20

CONDUCT OF AN ASSURANCE ENGAGEMENT IN
LO 2 14 – 19 A21–A29
ACCORDANCE WITH ISAE
LO 3 ETHICAL REQUIREMENTS 20 A30–A34
LO 4 ACCEPTANCE AND CONTINUANCE 21 – 30 A35–A59
LO 5 QUALITY MANAGEMENT 31 – 36 A60–A75
PROFESSIONAL SKEPTICISM, PROFESSIONAL
LO 6 JUDGMENT, AND ASSURANCE SKILLS AND 37 – 39 A76–A85
TECHNIQUES
LO 7 PLANNING AND PERFORMING THE ENGAGEMENT 40 – 47 A86–A108
LO 8 OBTAINING EVIDENCE 48 – 60 A109–A140
LO 9 SUBSEQUENT EVENTS 61 A141–A142
LO 10 OTHER INFORMATION 62 A143
LO 11 DESCRIPTION OF APPLICABLE CRITERIA 63 A144–A146
LO 12 FORMING THE ASSURANCE CONCLUSION 64 – 66 A147–A158
LO 13 PREPARING THE ASSURANCE REPORT 67 – 71 A159–A188
LO 14 UNMODIFIED AND MODIFIED CONCLUSIONS 72 – 77 A189–A192
LO 15 OTHER COMMUNICATION RESPONSIBILITIES 78 A193–199
LO 16 DOCUMENTATION 79 – 83 A200–A207
APX 1 ROLES AND RESPONSIBILITIES
APX 2 REPORT UNDER ISAE 3000 (EXAMPLES)

264
ISAs – Summaries and Application Guide ISAE 3000

LO 1: INTRODUCTION, OBJECTIVES, DEFINITION:

This ISAE can be applied on financial as well as non-financial information, (other than audit and reviews).

Overview of ISAE 3000

Modern management reports non-financial performance alongside financial data to provide a broader view
of business operations. This information is often disclosed in:
• Annual reports
• Directors’ reports
• Company websites

Examples of Non-Financial Statements/Assertions:

• Key Performance Indicators (KPIs)
• Compliance with legal or contractual requirements (e.g., free float of shares, bank loans)
• Corporate Social Responsibility (CSR) Reports, including Sustainability and Environmental Reporting.

Examples of KPIs:
• CO₂e emissions
• Water consumption
• Permanent employee turnover rate
• Percentage of women in senior management
• Employee hours spent on volunteering
• Local community projects/beneficiaries supported through corporate responsibility programs

This non-financial data helps stakeholders assess a company’s overall impact, compliance, and sustainability
efforts.

Types of Assurance Engagements

Classification by Level of Assurance
• Reasonable Assurance Engagement
• Limited Assurance Engagement

Classification by Type of Engagement

 Attestation Engagement – A third party measures or evaluates the subject matter. The practitioner
provides assurance on this evaluation.
 Direct Engagement – The practitioner both evaluates the subject matter and reports the outcome.

Attestation Vs. Direct Engagement:

Attestation Engagement (Previously: Direct Engagement (Previously: Direct

Aspect
Assertion-Based Engagement) Reporting Engagement)

The responsible party prepares a report or The responsible party does not prepare a
Subject Matter statement for users. The practitioner separate report. The practitioner assesses
provides a separate assurance report. and reports directly on the subject matter.

The responsible party selects the criteria,

The practitioner typically selects the
Applied Criteria while the practitioner ensures they are
criteria for the engagement.
appropriate.
The responsible party measures or The practitioner measures or evaluates the
Measurer/Evaluator
evaluates the subject matter. subject matter.

265
ISAs – Summaries and Application Guide ISAE 3000

Important Things to Note:

1. Note that an audit or review of Historical financial statements could also have been examples of
attestation engagements, however, they are not included here because they are out of scope of ISAE
3000.
2. Audit report under ISA 700 did not require auditor to give summary of procedures performed,
however ISA 3000 requires to include “Summary of Work Performed” in assurance report.
3. Practitioners more commonly perform attestation engagements. Therefore, ISAE 3000 contained
limited guidance for direct engagements.

Examples of Attestation Engagements:

• Sustainability reports – Verifying sustainability performance.
• Compliance reports – Confirming compliance with laws or regulations.
• Value-for-money audits – Evaluating cost-effectiveness.

LO 2: CONDUCT OF AN ASSURANCE ENGAGEMENT IN ACCORDANCE WITH ISAE:

The practitioner must comply with ISAE 3000 and any subject matter-specific ISAE relevant to the engagement.
Some engagements require compliance with both general ISAE and subject matter-specific ISAE.

Limited vs. Reasonable Assurance Procedures

Some procedures apply only to reasonable assurance engagements but may also be useful for limited assurance
engagements.

LO 3: ETHICAL REQUIREMENTS:

Compliance with Ethical Standards

The practitioner must follow the IESBA Code for assurance engagements.

LO 4: ACCEPTANCE AND CONTINUANCE:

Accepting and Continuing an Assurance Engagement

The practitioner must only accept or continue an assurance engagement when the following conditions are
met:
• Ethical Compliance: The practitioner must have no reason to believe that ethical and independence
requirements will be violated.
• Competence and Resources: The engagement team must have the necessary skills, experience, and
time to complete the engagement.
• Agreement on Terms: The engagement must have:
o Preconditions confirming the engagement's suitability.
o A clear understanding between the practitioner and engaging party about the terms and
reporting responsibilities.

266
ISAs – Summaries and Application Guide ISAE 3000

Preconditions for an Assurance Engagement

Before accepting an engagement, the practitioner must ensure:
1. Roles and responsibilities of parties are suitable in the circumstances
2. The engagement exhibits all of the following characteristics:
a. Subject matter is appropriate
b. Criteria is Relevant, Complete, Reliable, Neutral, Understandable
3. The criteria must be available to intended users.
4. The practitioner expects to obtain sufficient evidence to support conclusions.
5. Practitioner’s conclusion shall be given in a written assurance report
6. There is a Rational Purpose of the engagement.

Actions If Preconditions Are Not Met

• The practitioner must discuss concerns with the engaging party.
• If the engagement cannot meet preconditions and changes are not possible:
o The practitioner must decline the engagement unless legally required.
o If legally required to proceed, the practitioner must not claim ISAE compliance.

LO 5: QUALITY MANAGEMENT:

Role and Responsibilities of the Engagement Partner

The engagement partner must:
• Be part of a firm that complies with ISQM 1 or equivalent professional, legal, or regulatory standards.
• Have competence in assurance skills and subject matter evaluation.
• Ensure sufficient and appropriate resources are assigned to the engagement.
• Verify that the engagement team has the necessary skills and time to meet professional and
regulatory standards.
• Oversee work involving a practitioner’s expert or another practitioner outside the engagement team,
ensuring responsibility for the assurance conclusion.

LO 6: PROFESSIONAL SKEPTICISM, PROFESSIONAL JUDGMENT, AND ASSURANCE SKILLS AND

TECHNIQUES:

Practitioner must apply professional skepticism and professional judgment during assurance engagement.

 Professional Skepticism ensures auditors stay alert to inconsistencies, unreliable evidence, and
potential misstatements throughout the engagement.
 Professional Judgment is critical for making informed decisions on materiality, risk, procedures, and
evidence evaluation.
 Both skepticism and judgment must be applied consistently, supported by evidence, and properly
documented to ensure audit quality and compliance with standards.

267
ISAs – Summaries and Application Guide ISAE 3000

LO 7: PLANNING AND PERFORMING THE ENGAGEMENT:

Planning the Engagement

The practitioner must plan the engagement effectively. This includes defining the scope, timing, and direction
of the work and determining the nature, timing, and extent of required procedures.

Materiality Considerations
The practitioner must consider materiality when:
• Planning and performing the engagement.
• Evaluating if the subject matter contains a material misstatement.

Practical Examples of Materiality and Judgment

• If an engagement assesses a hospital’s efficiency, the practitioner considers multiple performance
indicators. If one indicator falls short slightly, professional judgment determines if the overall
performance meets expectations.
• In compliance audits, missing one legal requirement among several may not impact the overall
compliance conclusion. However, if the missed requirement is significant, a different conclusion may
be needed.

LO 8: OBTAINING EVIDENCE:

Practitioner must:
 Identify and assess the risks of material misstatement.
 Design and perform procedures to respond to these risks.

Practitioners may also use the Work of Experts and Other Practitioners or internal auditors.

LO 9: SUBSEQUENT EVENTS:
Considering Subsequent Events Before the Assurance Report Date
The practitioner evaluates events occurring before the assurance report date to determine their impact on the
subject matter and the assurance report.

If the New Fact Affects the Report

If a relevant fact emerges after the report date that could have changed the assurance report, the practitioner
must take action, which may include:
• Discussing the issue with relevant parties.
• Considering whether an amended report is necessary.

LO 10: OTHER INFORMATION:

Practitioner’s Responsibility:
• The practitioner must review other information included in documents containing the subject
matter information and the assurance report.
• The objective is to identify any material inconsistencies with the subject matter information or the
assurance report.

268
ISAs – Summaries and Application Guide ISAE 3000

LO 11: DESCRIPTION OF APPLICABLE CRITERIA:

Evaluation of Applicable Criteria

The practitioner must assess whether the subject matter information clearly refers to or describes the
applicable criteria.

Compliance with Criteria:

• Subject matter information should only state compliance with specific criteria if it meets all their
relevant requirements.
• Descriptions should avoid vague terms like “substantial compliance,” which could mislead users.

LO 12: FORMING THE ASSURANCE CONCLUSION:

The practitioner shall conclude whether the subject matter information is free from material misstatement.

This conclusion shall be based on:

o The sufficiency and appropriateness of the evidence.
o Whether uncorrected misstatements are material—individually or combined.

The practitioner may express:

• Unmodified conclusion.
• Qualified conclusion,
• Adverse conclusion, or
• Disclaim a conclusion.

In certain situations, practitioner may withdraw from the engagement, if allowed by law.

LO 13: PREPARING THE ASSURANCE REPORT:

Preparing the Assurance Report

• The practitioner shall issue a written report clearly expressing a conclusion on the subject matter
information.

• The practitioner must present the conclusion separately from:

o Emphasis of Matter
o Other Matter
o Findings, recommendations, or additional information

• The practitioner may use short-form or long-form reports:

o Short-form: Includes only basic elements.
o Long-form: May include extra details (e.g., scope, qualifications, findings, or
recommendations). These must not influence the conclusion and must be clearly separated.

269
ISAs – Summaries and Application Guide ISAE 3000

Key Elements of the Assurance Report

The assurance report must include the following elements:
(a) Title
• The title must clearly show that the report is an independent assurance report.

(b) Addressee
• The report must clearly state who it is addressed to—usually the engaging party or intended users.

(c) Subject Matter and Level of Assurance

• Clearly describe the subject matter information.
• Identify the level of assurance (reasonable or limited).

(d) Applicable Criteria

• Identify the criteria used to measure or evaluate the subject matter.
• Disclose the source of the criteria and any significant interpretations or changes.

(e) Inherent Limitations

• If significant, explain limitations such as reliance on historical data or risks of control failure over time.

(f) Specific Purpose

• If the criteria were designed for a specific use (e.g., regulatory), alert readers that the subject matter
information may not be suitable for other uses.
• Limit report use or distribution if appropriate.

(g) Responsibilities
• Clearly state:
o The responsible party’s role in preparing the subject matter information
o The practitioner’s role in providing an independent conclusion

(h) Compliance with ISAE

• State that the engagement followed ISAE 3000 (Revised) or a subject-specific ISAE, if applicable.

(i) Quality Management Standards

• Include a statement confirming that the firm applies ISQM 1 or equivalent standards.

(j) Ethical Requirements

• Confirm compliance with the IESBA Code or equivalent ethical and independence requirements.

(k) Summary of Work Performed

• Describe the nature, timing, and extent of procedures performed.
• For limited assurance:
o Clarify that procedures were less extensive than in reasonable assurance.
o Highlight that a lower level of assurance is provided.
• The summary must be objective, sufficiently detailed, and tailored to engagement-specific factors.

(l) The Practitioner’s Conclusion

• Express the conclusion based on the type of engagement:
o Reasonable Assurance: Use a positive form (e.g., “In our opinion…”).
o Limited Assurance: Use a negative form (e.g., “Nothing has come to our attention…”).
• If the conclusion is modified, include a section explaining the issue.

(m) Signature
• Sign using the practitioner’s name, firm name, or both—depending on jurisdiction.

270
ISAs – Summaries and Application Guide ISAE 3000

(n) Report Date

• Date the report only after:
o Obtaining sufficient evidence
o Confirming the responsible party has accepted responsibility for the subject matter
information
o Completing any required engagement quality review

(o) Practitioner’s Location

• State the jurisdiction where the practitioner practices.

Referring to a Practitioner’s Expert

• If the report refers to a practitioner’s expert, it must not suggest reduced responsibility.
• The practitioner remains solely responsible for the conclusion.
• Avoid language that implies reliance on the expert reduces the practitioner’s role—especially in short-
form reports or where the expert is named.

Reports Prescribed by Law or Regulation

If law requires a specific report format, the practitioner may still refer to ISAE standards only if the report
includes all required elements listed above.

LO 14: UNMODIFIED AND MODIFIED CONCLUSIONS:

When to Issue an Unmodified Conclusion

A practitioner issues an unmodified conclusion when the subject matter information complies, in all material
respects, with the applicable criteria:
• Reasonable Assurance Engagement: Practitioner concludes the information is materially correct.
• Limited Assurance Engagement: Practitioner finds no issues during procedures that suggest
material misstatement.

Adding an Emphasis or Other Matter Paragraph (Without Modifying Conclusion)

The practitioner may include an additional paragraph in the assurance report without modifying the
conclusion:
• Emphasis of Matter Paragraph: Highlights a matter disclosed in the subject matter information that
is fundamental to user understanding.
• Other Matter Paragraph: Refers to a relevant matter not disclosed in the subject matter
information, but important for users to understand the engagement, responsibilities, or the report.

Types of Modified Conclusions

Type When Used Wording Example

Misstatement or limitation is material
Qualified Conclusion "Except for the matter described..."
but not pervasive
Misstatement is material and "Because of the significance of the
Adverse Conclusion
pervasive matter..."
Scope limitation is material and
Disclaimer of Conclusion "We do not express a conclusion..."
pervasive

271
ISAs – Summaries and Application Guide ISAE 3000

Combined Scope Limitation and Misstatement

If both a scope limitation and a material misstatement exist, the assurance report must clearly describe:
• The limitation, and
• The misstatement.

When the Responsible Party Identifies the Misstatement

If the responsible party (e.g., measurer or evaluator) correctly identifies and describes a material misstatement,
the practitioner must:
• Express a qualified or adverse conclusion, based on the subject matter and criteria; or
• If required by engagement terms to use the party’s statement, give an unqualified conclusion but
include an Emphasis of Matter paragraph referring to that description.

Example Unqualified Conclusion with Emphasis of Matter:

Context:
The responsible party’s statement includes:
"We did not achieve our planned cost-savings targets due to system failures."

Practitioner’s Report:
Unqualified Conclusion: "The subject matter is presented fairly, in all material respects."
Emphasis of Matter Paragraph: "We draw attention to the responsible party’s statement, which describes
the failure to meet cost-savings targets."

LO 15: OTHER COMMUNICATION RESPONSIBILITIES:

Practitioner’s Duty to Communicate

The practitioner must consider whether any matter—based on the engagement terms or circumstances—
needs to be communicated to The responsible party, The measurer or evaluator, The engaging party, Those
charged with governance, or Any other relevant stakeholders.

Examples of Such Matters

 Fraud or suspected fraud
 Bias in preparing subject matter information
 non-compliance with laws and regulations

Limitations:
 Sometimes, laws or regulations may prohibit internal communication if it may interfere with
investigations.
 Sometimes, confidentiality principle may prevent external reporting.

LO 16: DOCUMENTATION:

Same requirements as in ISA 230.

272
ISAs – Summaries and Application Guide ISAE 3000

APX 1: ROLES AND RESPONSIBILITIES:

Key Parties in an Assurance Engagement

Every assurance engagement involves at least three main parties:
1. Responsible Party – Accountable for the underlying subject matter.
2. Practitioner – Conducts the assurance work and provides a conclusion.
3. Intended Users – Rely on the assurance report to make decisions.

Other possible roles:

• Measurer or Evaluator – Assesses the underlying subject matter using criteria.
• Engaging Party – Agrees on the engagement terms with the practitioner.

Roles and Their Functions

• Responsible Party ensures the accuracy of the underlying subject matter.
• Measurer or Evaluator applies criteria to assess the subject matter and generates subject matter
information.
• Engaging Party sets the engagement terms with the practitioner.
• Practitioner collects sufficient appropriate evidence to express a conclusion, boosting the
confidence of intended users.
• Intended Users rely on the subject matter information for decision-making.

Key Observations About These Roles

• Every assurance engagement includes a responsible party, intended users, and a practitioner.
• The practitioner cannot act as the responsible party, engaging party, or intended user.
• The practitioner also acts as the measurer or evaluator in a direct engagement.
• In an attestation engagement, the responsible party or another party, but not the practitioner, serves
as the measurer or evaluator.
• Changing a direct engagement into an attestation engagement is not possible by merely shifting
responsibility for the evaluation.
• The responsible party may also be the engaging party.
• In many attestation engagements, the responsible party may also serve as the measurer, evaluator,
and engaging party.
• If the engaging party is different from the measurer or evaluator, obtaining a written representation
from the evaluator may not always be possible.
• The responsible party can be one of the intended users, but not the only one.
• The responsible party, measurer, evaluator, and intended users can belong to the same or different
entities.
o Example: A supervisory board (intended user) seeks assurance on reports from an executive
board (responsible party).
o Example: A government body prepares a report on a private company’s sustainability
practices, which a practitioner evaluates.
• An engaging party that is not the responsible party may also be an intended user.

Practitioner’s Conclusion
The practitioner’s conclusion can be presented in one of three ways:
1. Based on the underlying subject matter and applicable criteria.
2. Based on the subject matter information and applicable criteria.
3. Based on a statement from the appropriate party.

273
ISAs – Summaries and Application Guide ISAE 3000

Special Considerations
• If no intended users exist other than the responsible party, the practitioner and responsible party may
still apply ISAE principles.
• In such cases, the assurance report must include a restriction statement limiting its use to the
responsible party.

APX: REPORT UNDER ISAE 3000 (EXAMPLES):

INDEPENDENT ASSURANCE REPORT

To the Directors/Management of ______

Introduction:
We were engaged by the Company to provide reasonable assurance on its compliance report for the period
ended December 31, 2018. Scope of engagement consists of the Compliance Report prepared by the
management of Company in accordance with requirements of ______________.

Applicable criteria:
We assessed the information in Compliance Report in accordance with _____________.

Management’s Responsibility:
Management of the company is responsible for preparation and presentation of compliance report in
accordance with applicable criteria. This responsibility includes establishing appropriate risk management and
internal controls from which the reported information is derived.

Limitations:
Non-financial information is subject to more inherent limitations than financial information, given the more
qualitative characteristics of the subject matter and the methods used for determining such information.

Our Independence and Quality Control Statement:

We have complied with the independence and other ethical requirements of the Code of Ethics for Professional
Accountants issued by the International Ethics Standards Board for Accountants.
The firm applies International Standard on Quality Control 1, and accordingly maintains a comprehensive
system of quality control.

Practitioner’s Responsibility:
Our responsibility is to perform a reasonable assurance engagement and to express an opinion based on our
work performed. We conducted our engagement in accordance with International Standard on Assurance
Engagements ISAE 3000.

This standards requires that we comply with ethical requirements and plan and perform our procedures to
obtain reasonable assurance whether the Compliance Report was prepared, in all material aspects, in
accordance with the ____________.

Summary of Work Performed:

We performed among others the following procedures
1. Inquire management and employees to obtain an understanding of basis of preparation used for the selected
KPIs.
2. Evaluated system and controls over preparation of information
3. Inspected supporting documentation on a sample basis to corroborate the statements of management
4. Performed analytical procedures to evaluate the relevant data generation
5. Site visits.
We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our
conclusion.

274
ISAs – Summaries and Application Guide ISAE 3000

Opinion/Conclusion:
In our opinion, Company’s Compliance Report for the year ended December 31, 2018 is, in all material respects,
in accordance with requirements of ______

Other Matter – Restriction on Use and Distribution

Our report is intended solely for the use of Company and Regulator, and should not be distributed to parties
other than these. We do not accept or assume liability to any party other than the entity, for our report.

Sign,
Name of Engagement Partner
Date,
Place.

Example of Modified Opinion on Compliance Report under Reasonable Assurance Engagement

Qualified Opinion:
In our opinion, except for the effects of matter described in the basis for qualified opinion paragraph,
Company’s Compliance Report for the year ended December 31, 2018 is, in all material respects, in
accordance with requirements of ______
Basis for Qualified Opinion:
As per requirements of Applicable criteria, company is required to hold atleast xxx quantity of the stock at
any point of time during the year. However, actual stock of the company during November remained below
this level.

Example of Unmodified Opinion on KPIs under Reasonable Assurance Engagement

Opinion:
“In our opinion, the management’s statement that the key performance indicators are presented, in all
material respects, in accordance with XYZ criteria, is fairly stated”.

Example of Unmodified Conclusion on KPIs under Limited Assurance Engagement

Conclusion:
“Based on the procedures we have performed and the evidence obtained, nothing has come to our attention
that causes us to believe that the key performance indicators are not presented, in all material respects, in
accordance with XYZ Criteria.”

275
 ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

ISAE 3400
EXAMINATION OF PROSPECTIVE
FINANCIAL INFORMATION

LO # LEARNING OBJECTIVE PARAGRAPHS

LO 1 INTRODUCTION 1–7
THE AUDITOR’S ASSURANCE REGARDING PROSPECTIVE
LO 2 8–9
FINANCIAL INFORMATION
LO 3 ACCEPTANCE OF ENGAGEMENT 10–12
LO 4 KNOWLEDGE OF THE BUSINESS 13–15
LO 5 PERIOD COVERED 16
LO 6 EXAMINATION PROCEDURES 17 – 25
LO 7 PRESENTATION AND DISCLOSURE 26
REPORT ON EXAMINATION OF PROSPECTIVE FINANCIAL
LO 8 27 – 33
INFORMATION

276
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

LO 1: INTRODUCTION:

Purpose and Scope of the ISAE

• This International Standard on Assurance Engagements (ISAE) sets standards for engagements to
examine and report on prospective financial information.
• It covers both best-estimate and hypothetical assumptions.

What Is Prospective Financial Information?

• Information based on assumptions about future events and actions.
• It is subjective and requires judgment.
• Formats may include full financial statements or specific elements (like cash flow forecasts).

Types of Prospective Financial Information

There are two types of prospective financial information i.e. Forecast and Projection.

Forecast (expected results) Projection (targeted results)

Based on “Best-estimate Assumptions” i.e. Based on “Hypothetical Assumptions” i.e.
assumptions which can be supported by evidence assumptions which are not supported by past data
(e.g. by past data). (prepared on the basis of ‘what-if’ analysis)
Prepared usually for a short period. Prepared usually for a long period.
Higher (e.g. 80% or more) change of occurrence Lower (e.g. 50% or less) chance of occurrence
Example: Expected cash flows of entity in start-up
Example: Expected cash flows for valuation of an
phase or after major business change (e.g. launch of a
existing business, using constant growth rate
new product in market).
Actual results might be different in both cases; however, projection is more uncertain and risky.

Point to Note:
 Mixture of best-estimate and hypothetical assumptions is considered Projection.

Purpose of Preparing Prospective Financial Information

Internal Use:
Management tool for decisions like capital investments.

External Use:
Shared with third parties, such as:
• Investors (e.g., in a prospectus)
• Shareholders and regulators (e.g., in an annual report)
• Lenders (e.g., in cash flow forecasts)

LO 2: THE AUDITOR’S ASSURANCE REGARDING PROSPECTIVE FINANCIAL INFORMATION:

Level of Assurance Provided by the Auditor

 The auditor evaluates the assumptions used in prospective financial information.
 However, due to the speculative nature of such evidence, it's often difficult to obtain enough certainty
to give positive assurance.
 As a result, under ISAE 3400, the auditor usually provides only moderate assurance on the
reasonableness of management’s assumptions.

277
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

Conditions for Providing Positive Assurance

However, if the auditor obtains sufficient appropriate evidence and is satisfied, positive assurance may be
given.

LO 3: ACCEPTANCE OF ENGAGEMENT:

Preconditions for Accepting the Engagement

Before accepting an engagement to examine prospective financial information, the auditor must consider:
• The intended use of the information
• Whether it is for general or limited distribution
• The nature of assumptions (best-estimate or hypothetical)
• The elements included in the information
• The reporting period covered

Grounds for Refusal or Withdrawal

The auditor must not accept or must withdraw from the engagement if:
 The assumptions are clearly unrealistic.
 The information is not suitable for its intended use.

LO 4: KNOWLEDGE OF THE BUSINESS:

Understanding the Business and Its Processes

The auditor must gain sufficient knowledge of the business to evaluate whether management has
identified all significant assumptions used in preparing the prospective financial information.

This understanding includes familiarity with how the entity prepares such information, specifically by
considering:
• Internal Controls over the system used to prepare the information.
• Expertise and experience of personnel responsible for preparing the prospective financial
information.
• Documentation that supports management’s assumptions.
• Use of statistical, mathematical, or computer-assisted techniques.
• Methods used to develop and apply assumptions.

Evaluating Historical Financial Information

The auditor must assess whether reliance on historical financial information is justified. This helps determine
whether the prospective financial information is consistent with the entity’s past performance.

The auditor considers:

• Whether historical financial information was audited or reviewed.
• Whether the entity used acceptable accounting principles.
• How accurate past prospective financial information was, and the reasons for any significant
variances.

278
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

LO 5: PERIOD COVERED:

Determining the Period Covered by Prospective Financial Information

The auditor must assess whether the period covered by the prospective financial information is appropriate.
This decision depends on the reliability of assumptions and user needs. Longer periods increase
uncertainty, and management’s ability to make accurate assumptions decreases as the period extends.

The period must not go beyond the point where management can reasonably support its assumptions.

Key Factors Affecting the Period Covered

a. Operating Cycle
• The nature of the business affects the time period.
• Example: For a major construction project, the period may match the project timeline.

b. Reliability of Assumptions
• The more uncertain the assumptions, the shorter the period should be.
• Example: For a new product, short periods (weeks or months) with frequent updates are more reliable.
• If the business is stable (e.g., leasing a property), a longer period may be acceptable.

c. Needs of Users
• The purpose of the prospective financial information influences the period.
• Example:
– For loan applications, the period may align with the repayment timeline.
– For investor reports (e.g., sale of debentures), the period may show how proceeds will be used.

LO 6: EXAMINATION PROCEDURES:

Evaluating Management’s Assumptions

Best-Estimate Assumptions
• Assess sources and reliability of evidence supporting management’s assumptions
• Obtain evidence from both internal and external sources
• Compare assumptions to historical data
• Ensure assumptions align with plans that the entity can realistically implement

Hypothetical Assumptions
• Check whether all significant implications are considered
→ Example: If forecasted sales exceed current capacity, the forecast must include costs of capacity expansion
or subcontracting
• Confirm the assumptions match the purpose of the prospective information
• The auditor must believe the assumptions are not clearly unrealistic

Verifying the Preparation of Prospective Financial Information

The auditor must confirm that the prospective financial information:
• Is prepared from management’s assumptions accurately
• Has internal consistency – no conflicting assumptions or incompatible planned actions
• Is arithmetically correct through clerical checks and recomputations
• Applies common variables (e.g., interest rates) consistently across all components

279
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

Further Procedures:
 If part of the current period has already passed, determine the need to test related historical
information
 The auditor must obtain written representations from management regarding:
o The intended use of the prospective financial information
o The completeness of key assumptions
o Management’s responsibility for the preparation of the information

Specific Procedures:
Exam questions usually give some assumptions of management in making forecast. You will be required to
describe some examination procedures to validate each assumptions. Mention specific procedures for each
assumption. (Although general procedures described above may be mentioned, if marks are higher).

Area Specific Procedures

 Obtain quotation to confirm cost.
Set-up of new Plant  Check depreciation is appropriately reflected in F/S.
 Check time when it will be received, and ready for production.
 Inspect correspondence with bank to ensure that loan is likely to be received.
 Obtain repayment plan, and ensure
Loan
- repayment is appropriately reflected in F/S.
- finance cost is appropriately reflected in F/S.
 Check past trends of sales level. Any variation from past trend should be
supported by market research.
 Review prices of competitor to ensure reasonableness of prices.
Sales
 Compare sales level with production capacity.
 If new plant is bought, check whether increase in sales is shown after
installation of plant.
Debtors/Receipts from
Check whether these figures are based on company’s credit policy.
Debtors
Salaries Check reasonableness of salary with increment rates.
Repair and
Review basis of projection, considering age of fixed assets.
Maintenance
Marketing expenses Ensure they are in line with sales.

Exam Tip:
 Key to success in this standard is to practice past papers’ questions, many times.

LO 7: PRESENTATION AND DISCLOSURE:

General Presentation Requirements

• Prospective financial information must be clear, informative, and not misleading.
• The preparation date must be disclosed.
• Management must confirm the assumptions are appropriate as of that date, even if data was gathered
earlier.

280
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

Disclosure of Key Elements

Accounting Policies
• Disclose accounting policies clearly in the notes.

Assumptions
• Disclose all assumptions in the notes.
• Clarify whether assumptions are Management’s best estimates, or Hypothetical scenarios.
• For material and highly uncertain assumptions, disclose:
• The nature of the uncertainty, and
• How sensitive results are to these assumptions.

Presentation of Results in Ranges

• Clearly explain how the points in a range are determined.
• Ensure the range is not biased or misleading.

Changes in Accounting Policies

• Disclose any change in accounting policy since the last historical financial statements.
• State the reason for the change.
• Explain the impact on the prospective financial information.

LO 8: REPORT ON EXAMINATION OF PROSPECTIVE FINANCIAL INFORMATION:

Elements of Report on Examination of Prospective Financial Information (PFI):

1. Title
2. Addressee
3. Identification of Prospective Financial Information
4. Reference to ISAE
5. Management’s responsibility [Management is responsible for preparing the prospective financial
information and the assumptions used.]
6. Purpose of the financial information, and restriction on distribution (if any)
7. Limited assurance on assumptions.
8. Opinion whether prospective financial information is prepared on the basis of assumption.
9. Caveats that actual results may be different.
10. Date of Report
11. Address
12. Signature

Types of Opinions:

Situation Auditor’s Course of Action

If significant assumptions
are not reasonable The auditor must issue an adverse opinion or withdraw from the engagement.
(or are clearly unrealistic)
If the prospective financial information lacks proper disclosure or presentation:
• The auditor must issue a qualified or adverse opinion, or
Inadequate Presentation
• Withdraw from the engagement, if appropriate
or Disclosure
Example: The report fails to explain the impact of highly sensitive assumptions.

If the auditor cannot perform one or more necessary procedures, the auditor
must either:
Scope Limitations
 Withdraw from the engagement, or
 Disclaim the opinion and explain the limitation in the report

281
ISAs – Summaries and Application Guide ISAE 3400: Prospective Financial Information

Extract of report on Forecast

We have examined the forecast in accordance with the International Standard on Assurance
Engagements applicable to the examination of prospective financial information. Management is
responsible for the forecast including the assumptions set out in Note X on which it is based.

Based on our examination of the evidence supporting the assumptions, nothing has come to our
attention which causes us to believe that these assumptions do not provide a reasonable basis for the
forecast.

Further, in our opinion the forecast is properly prepared on the basis of the assumptions and is
presented in accordance with ....

Actual results are likely to be different from the forecast since anticipated events frequently do not
occur as expected and the variation may be material.

Extract of report on Projection

We have examined the projection in accordance with the International Standard on Assurance
Engagements applicable to the examination of prospective financial information. Management is
responsible for the projection including the assumptions set out in Note X on which it is based.

This projection has been prepared for (describe purpose). As the entity is in a start-up phase the
projection has been prepared using a set of assumptions that include hypothetical assumptions about
future events and management’s actions that are not necessarily expected to occur. Consequently,
readers are cautioned that this projection may not be appropriate for purposes other than that
described above.

Based on our examination of the evidence supporting the assumptions, nothing has come to our
attention which causes us to believe that these assumptions do not provide a reasonable basis for the
projection, assuming that (state or refer to the hypothetical assumptions).

Further, in our opinion the projection is properly prepared on the basis of the assumptions and is
presented in accordance with ....

Even if the events anticipated under the hypothetical assumptions described above occur, actual results
are still likely to be different from the projection since other anticipated events frequently do not occur
as expected and the variation may be material.

282
 ISAs – Summaries and Application Guide ISAE 3402

ISAE 3402
ASSURANCE REPORTS ON
CONTROLS AT A SERVICE
ORGANIZATION
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1–9 A1–A4

LO 2 ISAE 3000 10 N/A
LO 3 ETHICAL REQUIREMENTS 11 A5
LO 4 MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE 12 A6
LO 5 ACCEPTANCE AND CONTINUANCE 13 – 14 A7–A12
LO 6 ASSESSING THE SUITABILITY OF THE CRITERIA 15 – 18 A13–A15
LO 7 MATERIALITY 19 A16–A18
LO 8 OBTAINING AN UNDERSTANDING OF THE SERVICE
20 A19–A20
ORGANIZATION’S SYSTEM
LO 9 OBTAINING EVIDENCE REGARDING THE DESCRIPTION 21 – 22 A21–A24
LO 10 OBTAINING EVIDENCE REGARDING DESIGN OF CONTROLS 23 A25–A27
LO 11 OBTAINING EVIDENCE REGARDING OPERATING
24 – 29 A28–A36
EFFECTIVENESS OF CONTROLS
LO 12 THE WORK OF AN INTERNAL AUDIT FUNCTION 30 – 37 A37–A41
LO 13 WRITTEN REPRESENTATIONS 38 – 40 A42–A43
LO 14 OTHER INFORMATION 41 – 42 A44–A45
LO 15 SUBSEQUENT EVENTS 43 – 44 N/A
LO 16 DOCUMENTATION 45 – 52 A46
LO 17 PREPARING THE SERVICE AUDITOR’S ASSURANCE REPORT 53 – 55 A47–A52
LO 18 OTHER COMMUNICATION RESPONSIBILITIES 56 A53
APX 1 EXAMPLE SERVICE ORGANIZATION’S ASSERTIONS
APX 2 ILLUSTRATIONS OF SERVICE AUDITOR’S ASSURANCE REPORTS
APX 3 ILLUSTRATIONS OF MODIFIED SERVICE AUDITOR’S ASSURANCE REPORTS

283
ISAs – Summaries and Application Guide ISAE 3402

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of the ISAE

This ISAE applies to reasonable assurance attestation engagements where the service organization:
• Is responsible for describing its system and controls.
• Implements controls that impact user entities’ financial reporting.

Objectives of the Service Auditor

The service auditor must obtain reasonable assurance that:
• The system description fairly represents its design and implementation.
• Controls meet the stated control objectives.
• If included in the engagement scope, controls operated effectively throughout the period.
The auditor must report on these findings.

LO 2: ISAE 3000:

The service auditor can claim compliance with ISAE 3000 (Revised) only if they follow all its requirements.

LO 3: ETHICAL REQUIREMENTS:

The service auditor must follow the IESBA Code for assurance engagements, including independence
requirements.

The IESBA Code does not require the service auditor to be independent from each user entity when
conducting an engagement under this ISAE.

LO 4: MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE:

Identifying the Right Contact

The service auditor must determine the appropriate person(s) within the service organization's management
or governance structure for inquiries, representations, or communication.

LO 5: ACCEPTANCE AND CONTINUANCE:

Evaluating the Engagement Before Acceptance or Continuation

Before accepting or continuing an engagement, the service auditor must assess:

Capabilities and Competence

• The auditor must have the necessary industry knowledge, IT system understanding, and experience
in risk assessment and control testing to perform the engagement effectively.

Engagement Scope and Usefulness

• The criteria used by the service organization to describe its system must be suitable.
• The engagement scope and the service organization’s system description must be sufficiently
detailed.

284
ISAs – Summaries and Application Guide ISAE 3402

Service Organization’s Agreement on Responsibilities

The service auditor must obtain the service organization’s confirmation that it:
• Prepares an accurate and complete system description, including control objectives and the criteria
used.
• Identifies and manages risks that could impact control objectives.
• Provides unrestricted access to records, documents, and key personnel required for the engagement.

Consequences of Scope Limitations and Service Organization’s Non-Cooperation

If the service organization refuses to provide a written statement acknowledging its responsibilities:
• The auditor faces a scope limitation.
• If withdrawal is allowed by law, the auditor must withdraw from the engagement.
• If withdrawal is not an option, the auditor must disclaim an opinion.

Monitoring Activities for a Reasonable Basis

For Type 2 reports, the service organization must confirm that controls operated effectively throughout the
period.

This is based on monitoring activities, which may include:

• Ongoing reviews (e.g., management oversight, internal audits).
• Separate evaluations for risk assessment.
• External feedback (e.g., customer complaints, regulatory comments).

Changing Engagement Terms

If the service organization requests a change in scope before completion, the service auditor must determine
if the request is justified.

Unjustified Reasons for Scope Change

• Excluding certain control objectives to avoid a modified opinion.
• Refusing to provide a written statement while requesting an engagement under ISAE 3000 (Revised).

Justified Reasons for Scope Change

• Excluding a subservice organization if the service organization cannot provide auditor access (e.g.
switching from the inclusive method to the carve-out method).

LO 6: ASSESSING THE SUITABILITY OF THE CRITERIA:

The service auditor must assess whether the service organization used suitable criteria when:
• Describing its system.
• Evaluating whether controls are properly designed.
• (For Type 2 Reports) Evaluating whether controls function effectively.

LO 7: MATERIALITY:
Materiality Considerations in Key Areas:
Materiality in a service audit applies to the system being audited, not the financial statements of user
entities.

Materiality focuses mainly on qualitative factors, such as:

• Whether the description accurately represents how significant transactions are processed.
• Whether any key information is missing or misrepresented.
• Whether the control design provides reasonable assurance that objectives will be achieved.

285
ISAs – Summaries and Application Guide ISAE 3402

No Materiality in Reporting Control Test Deviations:

• Materiality does not apply when reporting deviations identified in control tests.
• Even minor deviations can be significant for a particular user entity.

LO 8: OBTAINING AN UNDERSTANDING OF THE SERVICE ORGANIZATION’S SYSTEM:

The service auditor must obtain an understanding of the service organization’s system and controls covered
in the engagement.

To gain this understanding, the service auditor performs the following procedures:
1. Inquiry
2. Observation and Inspection
3. Agreement Review
4. Reperformance of Controls

LO 9: OBTAINING EVIDENCE REGARDING THE DESCRIPTION:

The service auditor reviews whether the system description is fairly presented, ensuring:
• Control Objectives are reasonable.
• Controls are implemented as described.

LO 10: OBTAINING EVIDENCE REGARDING DESIGN OF CONTROLS:

Criteria for Suitably Designed Controls

A control is suitably designed if:
• Alone or in combination with other controls, it provides reasonable assurance that material
misstatements are prevented, detected, or corrected.
• It ensures that the service organization’s control objectives are met.

LO 11: OBTAINING EVIDENCE REGARDING OPERATING EFFECTIVENESS OF CONTROLS:

The service auditor evaluates whether controls operate effectively to achieve the stated control objectives
in a Type 2 report.
Prior engagement evidence does not reduce current testing requirements.
A service auditor assesses effectiveness based on control objectives, not individual user entities.

Testing Automated vs. Manual Controls

Manual Control Testing at a single point does not prove effectiveness over time. Automated Controls (e.g.,
IT processes) may provide sufficient evidence if general IT controls support them.

Testing Period for Type 2 Reports

• Type 2 reports usually cover at least 6 months.
• Shorter periods may be justified due to new systems, late engagements, or significant control
changes.

286
ISAs – Summaries and Application Guide ISAE 3402

LO 12: THE WORK OF AN INTERNAL AUDIT FUNCTION:

The service auditor must assess whether internal audit work is relevant to the engagement.

Evaluating Internal Audit Work for Use

Similar as in ISA 610.

Impact on the Service Auditor’s Report

• Internal audit work cannot be referenced in the opinion section.
• In Type 2 reports, reliance on internal audit must be disclosed in control testing descriptions.

LO 13: WRITTEN REPRESENTATIONS:

The service auditor requires written representations from the service organization to confirm:
• The accuracy of the system description.
• That all relevant information and agreed access have been provided.
• Disclosure of any:
o Non-compliance, fraud, or uncorrected deviations affecting user entities.
o Control design deficiencies.
o Control failures.
o Significant events after the reporting period that may impact the assurance report.

LO 14: OTHER INFORMATION:

Similar as in ISA 720.

LO 15: SUBSEQUENT EVENTS:

Identifying and Disclosing Subsequent Events

• The service auditor must ask the service organization about any subsequent events that could impact
the assurance report.
• If a significant event is identified and not disclosed by the service organization, the service auditor
must include it in the assurance report.

Service Auditor's Responsibilities After the Report Date

After issuing the assurance report, the service auditor is not required to:
• Perform additional procedures on the service organization's system description.
• Evaluate the design or operating effectiveness of controls.

LO 16: DOCUMENTATION:

Recording Audit Procedures

The service auditor must document:
• Details of tested items (identifying characteristics).
• Who performed the work and the date of completion.
• Who reviewed the work, along with the review date and extent.

287
ISAs – Summaries and Application Guide ISAE 3402

Use of Internal Auditors' Work

If relying on internal auditors, the documentation must include:
• Evaluation of the adequacy of the internal auditors' work.
• Procedures performed by the service auditor to assess that work.

LO 17: PREPARING THE SERVICE AUDITOR’S ASSURANCE REPORT:

Key Elements of the Service Auditor’s Assurance Report:

1. Title & Addressee

2. Identification Details (including description of service organization's system)

a. Description of whether Tests of Controls are included.
b. Description of whether Activities of Sub-service organization are included.

3. Control Objectives & Intended Audience

4. Service Organization's responsibilities

a. for providing the description of system,
b. stating control objectives, and
c. for design, implementation and operating effectiveness of controls

5. Service Auditor’s Responsibilities

a. Evaluating the service organization’s description and controls.
b. Assessing Description and Design of controls [for a Type 2 report, also verifying operational
effectiveness of control].
c. Ensuring compliance with ISQM 1 or equivalent requirements.
d. Maintaining independence and adhering to ethical standards.

6. Audit Procedures & Evidence

a. Summary of procedures performed.
b. Confirmation that sufficient, appropriate evidence was obtained.
c. For a Type 1 report, a disclaimer that no testing of operational effectiveness was done.

7. Limitations i.e.
a. Report prepared for broad range of users/auditors (not for specific individuals)
b. In a Type 2 report, a note that effectiveness assessments may not apply to future periods.

8. Service Auditor’s Opinion

a. For a Type 1 report:
i. The description accurately represents the system as of a specific date.
ii. Controls were properly designed.
b. For a Type 2 report:
i. The description accurately represents the system throughout the period.
ii. Controls were properly designed and
iii. Controls were operated effectively.

9. Date, name and location of auditor.

288
ISAs – Summaries and Application Guide ISAE 3402

LO 18: OTHER COMMUNICATION RESPONSIBILITIES:

Addressing Non-Compliance, Fraud, or Errors

• If the service auditor identifies non-compliance, fraud, or uncorrected errors that are not trivial and
may affect user entities, they must check if the service organization has informed the affected parties.
• If the service organization refuses to communicate the issue, the auditor must take appropriate
action.

Actions the Auditor May Take

• Seek legal advice on obligations and possible consequences.
• Inform governance at the service organization.
• Report externally if required by law (e.g., regulators or external auditors).
• Modify the audit report, including updating the service auditor’s opinion or adding an Other Matter
paragraph.
• Withdraw from the engagement if management’s refusal raises concerns about integrity and audit
reliability.

APX 1: EXAMPLE SERVICE ORGANIZATION’S ASSERTIONS:

Key Differences Between Type 1 and Type 2 Reports:

Feature Type 1 Report Type 2 Report

System design and operating effectiveness
Focus System design as of a specific date.
over a period.
Controls Assesses both design and operational
Assesses control design.
Evaluation effectiveness.
Timeframe As of a single date. Over a specific period.

289
ISAs – Summaries and Application Guide ISAE 3402

APX 2: ILLUSTRATIONS OF SERVICE AUDITOR’S ASSURANCE REPORTS:

Text common in both reports is not underlined. Text relevant to Type 1 report only is single underlined. Text
relevant to Type 2 report is double underlined.
For ease of learning, following example of report covers both types i.e. Type 1 and Type 2 Report.

Independent Service Auditor’s Assurance Report on

The Description of Controls, their Design and Operating Effectiveness

To: XYZ Service Organization

Scope
We have been engaged to report on XYZ Service Organization’s description at pages [bb–cc] of its [type or
name of] system for processing customers’ transactions throughout the period [date] to [date] (the
description), and on the design and operation of controls related to the control objectives stated in the
description.

We did not perform any procedures regarding the operating effectiveness of controls included in the
description and, accordingly, do not express an opinion thereon.

XYZ Service Organization’s Responsibilities

XYZ Service Organization is responsible for preparing the description and accompanying statement at page
[aa], including the completeness, accuracy and method of presentation of the description and statement;
providing the services covered by the description; stating the control objectives; and designing, implementing
and effectively operating controls to achieve the stated control objectives.

Our Independence and Quality Control

We have complied with the independence and other ethical requirements of the Code of Ethics for Professional
Accountants issued by the International Ethics Standards Board for Accountants, which is founded on
fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and
professional behavior.

The firm applies International Standard on Quality Control 1 and accordingly maintains a comprehensive
system of quality control including documented policies and procedures regarding compliance with ethical
requirements, professional standards and applicable legal and regulatory requirements.

Service Auditor’s Responsibilities

Our responsibility is to express an opinion on XYZ Service Organization’s description and on the design and
operation of controls related to the control objectives stated in that description, based on our procedures. We
conducted our engagement in accordance with International Standard on Assurance Engagements 3402,
Assurance Reports on Controls at a Service Organization, issued by the International Auditing and Assurance
Standards Board. That standard requires that we plan and perform our procedures to obtain reasonable
assurance about whether, in all material respects, the description is fairly presented and the controls are
suitably designed and operating effectively.

An assurance engagement to report on the description, design and operating effectiveness of controls at a
service organization involves performing procedures to obtain evidence about the disclosures in the service
organization’s description of its system, and the design and operating effectiveness of controls. The
procedures selected depend on the service auditor’s judgment, including the assessment of the risks that the
description is not fairly presented, and that controls are not suitably designed or operating effectively. Our

290
ISAs – Summaries and Application Guide ISAE 3402

procedures included testing the operating effectiveness of those controls that we consider necessary to
provide reasonable assurance that the control objectives stated in the description were achieved. An
assurance engagement of this type also includes evaluating the overall presentation of the description, the
suitability of the objectives stated therein, and the suitability of the criteria specified by the service
organization and described at page [aa].

As noted above, we did not perform any procedures regarding the operating effectiveness of controls
included in the description and, accordingly, do not express an opinion thereon.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our
opinion.

Limitations of Controls at a Service Organization

XYZ Service Organization’s description is prepared to meet the common needs of a broad range of customers
and their auditors and may not, therefore, include every aspect of the system that each individual customer
may consider important in its own particular environment. Also, because of their nature, controls at a service
organization may not prevent or detect all errors or omissions in processing or reporting transactions. Also,
the projection of any evaluation of effectiveness to future periods is subject to the risk that controls at a
service organization may become inadequate or fail.

Opinion
Our opinion has been formed on the basis of the matters outlined in this report. The criteria we used in
forming our opinion are those described at page [aa]. In our opinion, in all material respects:
(a) The description fairly presents the [the type or name of] system as designed and implemented
throughout the period from [date] to [date];
(b) The controls related to the control objectives stated in the description were suitably designed
throughout the period from [date] to [date]; and
(c) The controls tested, which were those necessary to provide reasonable assurance that the control
objectives stated in the description were achieved, operated effectively throughout the period from
[date] to [date].

Description of Tests of Controls

The specific controls tested and the nature, timing and results of those tests are listed on pages [yy–zz].

Intended Users and Purpose

This report and the description of tests of controls on pages [yy–zz] are intended only for customers who
have used XYZ Service Organization’s [type or name of] system, and their auditors, who have a sufficient
understanding to consider it, along with other information including information about controls operated by
customers themselves, when assessing the risks of material misstatements of customers’ financial statements.

[Service auditor’s signature]

[Date of the service auditor’s assurance report]
[Service auditor’s address]

APX 3: ILLUSTRATIONS OF MODIFIED SERVICE AUDITOR’S ASSURANCE REPORTS:

Service Auditor may express modified opinion in following situations:

(a) If service organization’s system is not fairly describe/presented, and/or
(b) Controls are not suitably designed to achieve objectives of the system, and/or
(c) Controls did not operate effectively.

291
 ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

ISAE 3410
ASSURANCE ENGAGEMENTS ON
GREENHOUSE GAS STATEMENTS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 14 A1 – A16

LO 2 ISAE 3000 (REVISED) 15 A17
LO 3 ACCEPTANCE AND CONTINUANCE OF THE ENGAGEMENT 16 – 18 A18–A37
LO 4 PLANNING 19 A38–A43
MATERIALITY IN PLANNING AND PERFORMING THE
LO 5 20 – 22 A44–A51
ENGAGEMENT
LO 6 UNDERSTANDING THE ENTITY AND ASSESSING RISKS 23 – 34 A52–A89
OVERALL RESPONSES TO ASSESSED RISKS AND FURTHER
LO 7 35–56 A90–A112
PROCEDURES
LO 8 USING THE WORK OF OTHER PRACTITIONERS 57 A113–A115
LO 9 WRITTEN REPRESENTATIONS 58 – 60 A116
LO 10 SUBSEQUENT EVENTS 61 A117
LO 11 COMPARATIVE INFORMATION 62 – 63 A118–A123
LO 12 OTHER INFORMATION 64 A124–A126
LO 13 DOCUMENTATION 65 – 70 A127–A129
LO 14 FORMING THE ASSURANCE CONCLUSION 71 – 74 A130–A132
LO 15 ASSURANCE REPORT CONTENT 75 – 76 A133–A151
LO 16 OTHER COMMUNICATION REQUIREMENTS 77 N/A
APX 1 EMISSIONS, REMOVALS AND EMISSIONS DEDUCTIONS
APX 2 ILLUSTRATIONS OF ASSURANCE REPORTS ON GHG STATEMENTS

292
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Introduction:
• GHG emissions contribute to climate change.
• Many entities prepare GHG statements for:
o Regulatory reporting
o Voluntary disclosure (e.g., in annual or sustainability reports)

What This ISAE Covers:

Assurance engagements on an entity’s GHG statement i.e. “Obtain reasonable or limited assurance that the
GHG statement is free from material misstatement”

If the engagement covers a broader report (e.g., sustainability report):

• This ISAE applies to the GHG statement.
• ISAE 3000 (Revised) applies to the rest of the engagement.

Type of Engagements
• Covers attestation engagements only (not direct engagements).
• Applies to both:
o Reasonable assurance engagements
o Limited assurance engagements

Definitions:
Applicable criteria: Rules used to measure and report emissions.

Base year: Year used as a reference for comparing emissions.

Emissions:
• Direct (Scope 1): From entity-owned sources (e.g., equipment, vehicles)
• Indirect (Scope 2): From purchased energy (e.g., electricity)
• Other Indirect (Scope 3): From supply chain or product use

GHGs: Includes CO₂, CH₄, N₂O, and other specified gases.

GHG statement: The main report showing emissions and related disclosures.

Exclusions = emission sources or types (like a factory, vehicle fleet, or supplier data) that are not included in
the GHG statement.

LO 2: ISAE 3000 (REVISED):

A practitioner must not claim compliance with this ISAE unless they have fully complied with:
• This ISAE, and
• ISAE 3000 (Revised).

293
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

LO 3: ACCEPTANCE AND CONTINUANCE OF THE ENGAGEMENT:

Evaluating Preconditions Before Accepting the Engagement

• The engagement partner must have assurance skills and experience in emissions quantification and
reporting.
• The engagement team must collectively have the necessary skills in:
o GHG quantification methods
o Emissions reporting
o Assurance techniques

Assessing the GHG Statement and Engagement Scope

The partner must evaluate:
• If exclusions of significant emissions are reasonable.
• If exclusions from assurance coverage are justified.
• If emissions deductions and related assurance are clear and reasonable.

Assessing the Suitability of Criteria

Minimum Requirements for Criteria
Criteria must include:
• A method to define the entity's organizational boundary.
• A list of GHGs to be reported.
• Quantification methods and base year adjustments.
• Disclosures explaining key estimates and judgments.

Organizational and Operational Boundaries

• Organizational boundary: Defines which operations are included in the GHG statement.
• Operational boundary: Defines which emission scopes (1, 2, or 3) are included.

LO 4: PLANNING:
Practitioner must establish Engagement Strategy, based on Engagement Type.
For complex engagements involving quantification or reporting of emissions, experts may be required.
Similarly, another practitioners may also be engaged.

LO 5: MATERIALITY IN PLANNING AND PERFORMING THE ENGAGEMENT:

The practitioner shall determine materiality and performance materiality for the GHG statement when
developing the overall engagement strategy.

Use of Applicable Criteria

• If the applicable criteria define materiality, the practitioner uses that as a reference.
• If not, general principles of materiality (impact, size, nature) serve as guidance.
Intended Users my be:
 Investors, suppliers, customers, employees, community in voluntary disclosures.
 Regulators and policymakers in regulated reporting.

Factors Influencing Materiality Determination:

• Materiality often starts with a percentage of a benchmark (e.g., total Scope 1, 2, and 3 emissions).
• Benchmarks may vary.

294
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

LO 6: UNDERSTANDING THE ENTITY AND ASSESSING RISKS:

Understanding the Entity and Its Environment:

The practitioner shall obtain an understanding of the following:

Industry, Regulation & Criteria

Understand relevant industry, legal, and regulatory factors and the applicable criteria.

Nature of Operations
• Emission sources,
• Each source’s contribution to overall emissions.
• Deductions.

Quantification & Reporting Policies

• Methods used, reasons for changes, and risks of double-counting.

Governance & Oversight

• Who is responsible for emissions data and disclosures.
• Whether the entity has an internal audit function and its relevance.

Procedures to Identify and Assess Risks of Material Misstatement

Mandatory Procedures
The practitioner shall perform the following:

• Inquiries
Ask management and key personnel about potential fraud, non-compliance, or misstatements.

• Analytical Procedures
Analyze trends, ratios, and unusual patterns (e.g., emissions vs. production).

• Observation & Inspection

Observe operations or inspect records (e.g., calibration logs, monitoring devices).

Use of Previous Engagements

Consider information from other engagements (e.g., control assessments) if relevant.

Team Discussion
The engagement team and experts must discuss susceptibility of the GHG statement to fraud, error, and
misstatements.

Site Visits to Facilities

• Determine if procedures at significant facilities are necessary.
• Reasonable assurance often requires site visits at multiple key locations.
• Limited assurance may use alternative procedures (e.g., satellite imagery, questionnaires).

Site visits help validate:

• Completeness of Scope 1 emissions.
• Appropriateness of data systems, processes, and estimation techniques.

295
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

Use of Internal Audit Work

If internal audit is relevant:
• Determine whether to rely on its work.
• Assess if its findings are adequate for assurance purposes.

LO 7: OVERALL RESPONSES TO ASSESSED RISKS AND FURTHER PROCEDURES:

The practitioner must design procedures responsive to the level of assurance and assessed risks.

These procedures will include:

 Overall Response at GHG Statement Level
 Further procedures based on Risk Level

Procedures at Risk Level:

 Assess risk at the assertion level
 Obtain precise and persuasive evidence. (in Limited Assurance, persuasive evidence is required for
High Risk Areas only)
 Perform detailed tests using reliable data. (in Limited Assurance, perform fewer tests or select less
items)
 Develop expectations accurate enough to identify misstatements.

Tests of Controls:
Perform tests of controls if:
• Practitioner relies on operating effectiveness of controls; or
• Other procedures cannot provide enough evidence.

Substantive Procedures:
Analytical Procedures:
• Develop expectations accurate enough to detect material misstatements.
• If unexpected results occur:
o Inquire and get additional evidence. (in Limited assurance, only inquiry is enough)
o Perform extra procedures if needed.
Examples:
• Compare fuel use to expected emissions.
• Analyze ratios like Scope 2 emissions vs. electricity costs.
• Compare entity data with industry averages.

Tests of Details: (for Reasonable Assurance)

• Perform tests of details for each material emission and disclosure.
• Consider using external confirmations to support evidence.

296
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

Evaluating Estimates: For Both Engagement Types

The practitioner must confirm that the entity:

• Applied relevant criteria.
• Used consistent and appropriate estimation methods.
• Justified any changes from prior periods.

Additional Work for Reasonable Assurance:

• Test how estimates were calculated and whether data is reliable.
• Check assumptions.
• Testing controls over estimation.
• Creating a point estimate or range to compare with the entity’s numbers. If using a range, narrow it to
include only reasonable outcomes.

Sampling:
• Choose a sample size that keeps sampling risk low.
• Ensure each sampling unit has a chance of selection.
• Project results to the population.
• Investigate any deviations or misstatements.

Fraud and Non-Compliance:

If fraud or non-compliance is identified:
• Discuss with the entity.
• Suggest involving legal counsel.
• Consider withdrawing from the engagement.
• Communicate with regulators if needed.
• Include an Other Matter Paragraph in the report unless:
o Misstatement is material and not disclosed.
o Sufficient evidence is not available.

Aggregation of GHG Statement:

Practitioner shall:
• Agree or reconcile GHG data with underlying records.
• Understand and examine material adjustments made during statement preparation.

Misstatements: Accumulation and Communication:

 Accumulate all identified misstatements except those clearly trivial.
 Communicate all misstatements to management.
 If the entity refuses to correct, understand their reasons and consider their impact.

LO 8: USING THE WORK OF OTHER PRACTITIONERS:

Similar requirements as in ISA 600.

297
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

LO 9: WRITTEN REPRESENTATIONS:

Written Representations Required from Management:

The practitioner must obtain written confirmations from responsible individuals within the entity. These
must confirm:
• Responsibility for GHG Statement
o Management prepared the GHG statement (including comparatives, if applicable) based on
the applicable criteria and as agreed in the engagement terms.
• Provision of Information
o Management provided all relevant information and access, and included all significant
matters in the GHG statement.
• Uncorrected Misstatements
o Management believes that uncorrected misstatements are not material, whether individually
or combined.
o A summary of such items must be included with the written representations.
• Reasonableness of Assumptions
o Management believes significant assumptions used in estimates are reasonable.
• Internal Control Deficiencies
o All known internal control deficiencies relevant to the engagement (except clearly trivial
ones) have been communicated to the practitioner.
• Fraud and Non-Compliance
o Management has disclosed any known, suspected, or alleged fraud or non-compliance with
laws or regulations that could materially affect the GHG statement.

Practitioner may also request additional written representations, if needed.

Timing of Written Representations

The date of the written representations must be as close as possible to, but not later than, the date of the
assurance report.

Consequences of Not Receiving Reliable Written Representations

The practitioner must disclaim a conclusion or withdraw from the engagement (if allowed by law) in the
following cases:
• Doubt About Integrity
• Failure to Provide Required Representations

LO 10: SUBSEQUENT EVENTS:

Evaluation of Subsequent Events

The practitioner shall evaluate whether events between the date of the GHG statement and the date of the
assurance report require:
• Adjustment to the GHG statement, or
• Disclosure in the GHG statement.

Events After the Assurance Report Date

If new facts become known after the assurance report date, the practitioner must:
• Consider whether those facts, if known earlier, would have changed the assurance report.
• Respond appropriately—this may include updating or amending the assurance report.

298
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

Examples of Subsequent Events Relevant to GHG Statements:

Subsequent events may include:
 Release of updated emission factors by government or regulatory bodies.
 New environmental laws affecting emission reporting.
 Improved methods for calculating emissions.
 Major changes in business operations (e.g., opening or closing a facility).
 Discovery of a significant error in previously reported GHG data.
 New scientific findings that affect emission assumptions or data sources.

LO 11: COMPARATIVE INFORMATION:

Reviewing Comparative Information

If comparative information is presented and assurance conclusion covers comparative information, the
practitioner must:
• Ensure that comparative amounts and disclosures match the prior period or are properly restated
and disclosed.
• Verify that quantification policies are consistent with the current period, or if changed, that changes
are appropriately applied and explained.

Restatements
Comparative GHG data may require restatement due to:
• Improved scientific knowledge
• Structural changes in the entity
• New quantification methods
• Discovery of prior errors

The practitioner must ensure restatements comply with applicable law or criteria and are clearly disclosed.

Responding to Material Misstatements in Comparative Information:

When the Practitioner’s Conclusion Covers the Comparative Information:
If material misstatement is uncorrected, issue a qualified or adverse conclusion.

When the Practitioner’s Conclusion Does NOT Cover the Comparative Information:
If material misstatement is uncorrected, add an Other Matter paragraph to the assurance report describing
the issue.

LO 12: OTHER INFORMATION:

Reviewing Other Information

The practitioner must read all other information included with the GHG statement and assurance report to
detect any material inconsistencies or misstatements of fact.

If a Material Issue Is Identified

The practitioner shall:
• Discuss the issue with the entity
• Request removal or correction of conflicting or unsubstantiated content

299
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

If the Issue Is Not Resolved

The practitioner may take further actions, such as:
• Seeking legal advice
• Reporting to regulators
• Withholding the assurance report
• Withdrawing from the engagement (if allowed)
• Describing the matter in the assurance report

LO 13: DOCUMENTATION:
Similar to ISA 230.

LO 14: FORMING THE ASSURANCE CONCLUSION:

Forming the Assurance Conclusion:

The practitioner must conclude whether the GHG statement provides reasonable or limited assurance.

Limited Assurance:
• The practitioner checks whether anything suggests that the GHG statement is not prepared, in all
material respects, according to the applicable criteria.

Reasonable Assurance:
• The practitioner checks whether the GHG statement is prepared, in all material respects, according to
the applicable criteria.

Description of the Applicable Criteria:

 The entity must clearly explain the criteria used in the GHG statement.
 The GHG statement can only claim compliance if all applicable requirements are fully met during the
reporting period. Terms like “substantial compliance” are not allowed, as they can mislead users
about the level of alignment with the criteria.

LO 15: ASSURANCE REPORT CONTENT:

Basic Elements of an Assurance Report

An assurance report must include at least the following:
• Title: Clearly state it is an Independent Assurance Report.
• Addressee: Identify the person or entity to whom the report is addressed.
• Level of Assurance: State whether it is reasonable or limited assurance.
• GHG Statement:
o Identify the GHG statement and the period it covers.
o Clearly specify any part not covered by the practitioner’s conclusion.
o State that the practitioner did not perform procedures on excluded information and gives no
conclusion on it.
• Entity’s Responsibilities: Describe the responsibilities for the GHG statement.
• Uncertainty Statement: Mention that GHG quantification involves inherent uncertainty.
• Emissions Deductions:
o Identify deductions included in the assurance conclusion.
o State the practitioner’s responsibility for these deductions.

300
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

• Applicable Criteria:
o Identify the criteria used.
o Provide how to access them.
o If they are only for specific users or purposes, include a restriction notice.
o If criteria require explanatory notes, refer to the relevant notes.
• Quality Management Standards:
o Confirm that the firm applies ISQM 1 or equivalent professional/legal standards.
• Ethical Requirements:
o Confirm compliance with the IESBA Code or equivalent standards.
• Practitioner’s Responsibilities:
o State that the engagement followed ISAE 3410.
o Summarize the procedures performed.
 In limited assurance:
 Explain that procedures are less extensive than in reasonable assurance.
 Clarify that assurance is substantially lower.
• Practitioner’s Conclusion:
o In reasonable assurance: Express a positive conclusion.
o In limited assurance: State if anything causes concern about material non-compliance.
o If modified:
 Describe the issue.
 Present the modified conclusion.
• Signature: Include the practitioner’s signature (firm name, personal name, or both).
• Date:
• Location: State the jurisdiction where the practitioner practices.

Emphasis of Matter Paragraphs

Use an Emphasis of Matter paragraph to highlight key information disclosed in the GHG statement that is
crucial to user understanding.

Examples:
• Different rules were used this time compared to before, and that changed the results significantly.
• There was a system failure during part of the period, so estimates had to be used for that time, and
this is mentioned in the GHG statement.

These paragraphs must have clear headings and must state that the conclusion is not modified due to these
matters.

Other Matter Paragraphs:

Use an Other Matter paragraph to communicate other relevant facts about the engagement, practitioner’s
role, or the report, not included in the GHG statement.

Examples:
• The scope of the work changed a lot from last time, but that change wasn’t explained in the GHG
statement.

These paragraphs must have clear headings and must state that the conclusion is not modified due to these
matters.

Restricted Use of Report

If the criteria are meant for specific users or purposes:
• Restrict the report's use accordingly.
• Warn users that the GHG statement may not suit other purposes.

301
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

LO 16: OTHER COMMUNICATION REQUIREMENTS:

The practitioner shall communicate the following matters to those responsible for oversight of the GHG
statement, unless law or regulation prohibits it. The practitioner shall also assess whether to report these
issues to others inside or outside the entity:
• Internal control deficiencies that are important enough to require attention.
• Identified or suspected fraud.
• Identified or suspected non-compliance with laws or regulations, unless clearly trivial.

APX 1: EMISSIONS, REMOVALS AND EMISSIONS DEDUCTIONS:

What's Happening Inside "The Entity"

• A (Direct/Scope 1 Emissions): Pollution directly from your own equipment (e.g., factory
smokestacks, company cars).
• B (Internal Removals): Pollution is captured and stored inside your boundary (e.g., carbon capture
tech).
• C (External Removals): Pollution the company helps remove from the air (e.g., planting trees).
• D (Emission Reduction Actions): Things done to pollute less — like using solar panels or efficient
machines.

What's Happening Outside "The Entity"

• E (Scope 2 Emissions): Pollution from electricity or energy you buy.
• F (Scope 3 Emissions): Pollution from others you work with — suppliers, customers, business
travel, etc.
• G (Emission Deductions): Offsets like paying for green projects elsewhere to cancel out your
emissions.

302
ISAs – Summaries and Application Guide ISAE 3410: Report on Greenhouse Gas Statements

APX 2: ILLUSTRATIONS OF ASSURANCE REPORTS ON GHG STATEMENTS:

Read following illustrative Assurance Reports on GHG Statements, from ISAE 3410:
 Illustration 1 [Reasonable assurance engagement]
 Illustration 2 [Limited assurance engagement]

303
 ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

ISAE 3420
REPORT ON PRO FORMA
FINANCIAL INFORMATION
INCLUDED IN A PROSPECTUS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 11 A1 – A9

LO 2 ISAE 3000 (REVISED) 12 N/A
LO 3 ENGAGEMENT ACCEPTANCE 13 A10–A12
LO 4 PLANNING AND PERFORMING THE ENGAGEMENT 14–27 A13–A44
LO 5 WRITTEN REPRESENTATIONS 28 A45
LO 6 FORMING THE OPINION 29–30 A46–A50
LO 7 FORM OF OPINION 31–34 N/A
LO 8 PREPARING THE ASSURANCE REPORT 35 A51–A57
APX 1 ILLUSTRATIVE PRACTITIONER’S REPORT WITH AN UNMODIFIED OPINION

304
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope and Applicability of ISAE 3420:

When This ISAE Applies:
Practitioner reports on pro forma financial information included in a prospectus.

When This ISAE Does Not Apply:

• When pro forma financial information is included in financial statements under financial reporting
frameworks.
• When the practitioner is hired only to compile historical financial statements (non-assurance
engagement).

What is a proforma financial information:

This is the financial information (with adjustments and assumptions) to show retrospectively the effect of a
significant even/transaction on unadjusted financial information, assuming that even/transaction occurred at
an earlier selected date.

Understanding the Nature of Pro-formal financial information

Proforma financial information is different from Prospective financial information. For example consider
following two statements:
1. If I will work hard, I will pass. (Prospective information)
2. If I had worked hard, I would have passed. (Pro-forma information)

Although both sentences have assumptions, however, first sentence relates to future and is an example of
Prospective financial information. Second sentence relates to past which has three parts:
(a) I am fail. (unadjusted information; implied from statement)
(b) If I had worked hard (assumption)
(c) I would have passed (Proforma financial information)

Pro-forma financial information helps investors to understand the effect of events on historical performance.

Key Differences Table:

Feature Prospective Financial Info Pro Forma Financial Info
Time Focus Future Hypothetical past or present
Basis Forecasts or projections Adjusted historical data
Purpose Planning, decision-making Understand impact of transactions

Assurance Standard (ISA/ISAE) ISAE 3400 ISAE 3420

Users Internal or external Mostly external (e.g., investors)

Format of Pro Forma Financial Information:

Resulting Pro-forma
Unadjusted Financial Information Pro-forma Adjustments (+/–)
financial information

305
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

Examples:
1. If we had launched our product six months’ ago, what would have been impact on our historical
Income Statement.
2. If we had acquired/disposed a subsidiary, what would have been our historical Income Statement
and Balance Sheet.

Definitions:
Applicable Criteria:
Standards or rules used to compile pro forma financial information. May come from regulators or be
developed by the responsible party.

Pro Forma Financial Information:

• Adjusted financial information used for illustration purposes.
• Presented in columns (unadjusted data, adjustments, and pro forma result)

LO 2: ISAE 3000 (REVISED):

The practitioner must comply with both:

• ISAE 3420, and
• ISAE 3000 (Revised)

The practitioner shall not claim compliance with ISAE 3420 unless both standards are fully followed.

LO 3: ENGAGEMENT ACCEPTANCE:

Before accepting an engagement to report on pro forma financial information in a prospectus, the practitioner
must ensure the following conditions are met:

Engagement Team Competence

• The team must have appropriate skills and industry knowledge, including:
o Financial reporting frameworks
o Securities laws and listing requirements
o Capital market transactions (e.g., mergers, acquisitions)

Criteria and Risk Evaluation

• Confirm the applicable criteria are suitable.
• Ensure the pro forma information will not mislead users.
• Review any legal requirements for opinion wording to confirm feasibility.

Consideration of Source Financial Information

• If modified audit/review opinions or Emphasis of Matter paragraphs exist in source
information:
o Check if referencing them is permitted by law.
• If entity or acquiree financials are unaudited:
o Assess if a sufficient understanding of their accounting practices can still be obtained.

306
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

Agreement with the Responsible Party

The responsible party must confirm:
• Applicable criteria will be clearly disclosed (if not public).
• Pro forma financials will be compiled using those criteria.
• Practitioner will receive:
o Access to all relevant information and records
o Additional data if needed
o Access to entity personnel and advisors
o Access to acquiree representatives (if applicable)

LO 4: PLANNING AND PERFORMING THE ENGAGEMENT:

Practitioner has to obtain evidence on following:
 Criteria
 Source
 Adjustments
 Disclosures

Assessing the Suitability of the Applicable Criteria

The practitioner shall ensure the applicable criteria are suitable. The criteria must:
• Use unadjusted financial information from a proper source.
• Include pro forma adjustments that are:
o Directly linked to the event or transaction.
o Factually supportable.
o Consistent with the financial reporting framework and accounting policies.
• Include clear presentation and disclosures for users to understand the information.

Evaluating the Source of Unadjusted Financial Information

• The practitioner shall confirm the source is appropriate.
• If there is no audit or review report on the source, the practitioner must perform further procedures
(e.g., inquiries, comparisons).
• The practitioner must ensure the responsible party extracted the data correctly.

If source/adjustments are inappropriate, evaluate further actions including modifying or withholding the
report.

Evaluating Pro Forma Adjustments

• The practitioner shall confirm that the responsible party:

o Identified all necessary adjustments.
o Used adjustments that are:
 Directly Attributable to the event or transaction.
 Factually supportable (e.g., based on agreements or audited data).
 Consistent with the entity's accounting policies.
• If any financial information lacks audit/review, the practitioner shall assess its reliability through
further procedures.

Evaluating Presentation and Disclosures

The practitioner shall evaluate the overall clarity and structure.

307
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

Responding to a Modified Audit Opinion or Emphasis of Matter

If source from which the unadjusted financial information has been extracted (or adjustments have been
extracted), contains Modified opinion or EOM Paragraph and relevant laws allow use of such source, the
practitioner shall evaluate consequences of modification on report.

Further appropriate action to take may include:

1. Discussing the matter with the responsible party.
2. Making a reference of modified opinion/EOM Paragraph in the practitioner’s report if possible under
law and appropriate in auditor’s judgments.
3. withholding the report or withdrawing from the engagement (if possible under local laws).
4. Seeking legal advice.

Reviewing Other Information in the Prospectus

• The practitioner shall read the entire prospectus to spot material inconsistencies or misstatements.
• If issues exist and management refuses correction, the practitioner shall take further appropriate
action (e.g., modify report or withdraw).

LO 5: WRITTEN REPRESENTATIONS :

Practitioner’s Required Written Representations

The practitioner shall obtain written representations from the responsible party to confirm the following:

• Identification of All Necessary Adjustments

The responsible party has identified all appropriate pro forma adjustments needed to reflect the impact of the
event or transaction on the date or for the period presented.

• Compilation Based on Applicable Criteria

The pro forma financial information has been compiled, in all material respects, using the applicable criteria.

Additional Representations in Complex Transactions

In some cases, new or uncommon transactions may require the responsible party to adopt accounting
policies not previously used. When this occurs, the practitioner may ask the responsible party to expand the
written representations to confirm that:
→ The selected accounting policies are now adopted as the entity’s official policies for such transaction types.

LO 6: FORMING THE OPINION:

Practitioner’s Opinion
The practitioner shall form an opinion on whether the responsible party compiled the pro forma financial
information, in all material respects, based on the applicable criteria.

Assurance on Additional Legal or Regulatory Requirements

Some laws or regulations may require opinions on other matters beyond whether the compilation followed
the applicable criteria.
• In some cases, no extra procedures are needed. (e.g. if law requires confirming that the basis used
aligns with the entity’s accounting policies.
• In other cases, extra procedures are necessary. The nature and extent of those procedures depend on
what the law or regulation requires.

308
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

Disclosure of Applicable Criteria

If laws or standard-setters have issued the criteria, and they are publicly available, the responsible party does
not need to repeat them in the notes.

If the responsible party developed any specific criteria, those must be disclosed clearly.

LO 7: FORM OF OPINION:

Unmodified Opinion – When No Issues Exist

The practitioner shall issue an unmodified opinion when the pro forma financial information has been
compiled, in all material respects, by the responsible party using the applicable criteria.

Modified Opinion – When Issues Exist

Jurisdictions that Allow Modified Opinions
In such cases, the practitioner shall follow ISAE 3000 (Revised) procedures for issuing modified opinions.

Jurisdictions that do not allow Modified Opinions

If the practitioner believes a modified opinion is necessary under ISAE 3000, the practitioner must first
discuss the matter with the responsible party. If the responsible party refuses to make necessary changes, the
practitioner must:
• Withhold the report
• Withdraw from the engagement
• Consider legal advice

Emphasis of Matter Paragraph:

• The practitioner may include an Emphasis of Matter paragraph in the report
• The paragraph must only refer to information already disclosed in the pro forma financial information or
notes.

LO 8: PREPARING THE ASSURANCE REPORT:

The assurance report must include these elements:
1. Title
2. Addressee(s)
3. Introductory Paragraphs
4. Applicable Criteria
5. Responsible Party’s Role
6. Practitioner’s Responsibilities
7. Purpose of Pro Forma Financial Information
8. Standards Followed i.e. ISAE 3420
9. System of Quality Management followed i.e. ISQM 1.
10. Ethical Requirements followed i.e. IESBA Code of Ethics

11. Assurance Procedures

The report must state that the practitioner:
• Performed procedures to assess whether the criteria used were reasonable.
• Checked if pro forma adjustments were correctly applied to unadjusted financial information.
• Evaluated the overall presentation of the pro forma financial information.
• Selected procedures using professional judgment based on understanding the entity, the event or
transaction, and other relevant factors.

309
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

12. Practitioner’s Opinion

Opinion must use one of these phrases (which are considered equivalent):
o "The pro forma financial information has been compiled, in all material respects, on the basis
of the applicable criteria."
o "The pro forma financial information has been properly compiled on the basis stated."

13. Signature, Date, and Location

APX 1: ILLUSTRATIVE PRACTITIONER’S REPORT WITH AN UNMODIFIED OPINION:

INDEPENDENT PRACTITIONER’S ASSURANCE REPORT ON THE COMPILATION OF PRO FORMA

FINANCIAL INFORMATION INCLUDED IN A PROSPECTUS

To the Management Board of

ABC Company

We have examined the accompanying pro-forma income statement for the year ended 31December 2015 of
ABC Company (the company) and related notes. The applicable criteria on the basis of which the Company
has compiled the Pro Forma Financial Information are described in Note xxx.

The pro forma financial information has been compiled by the Company to illustrate retrospectively the effect
of merger of ABC with XYZ on Income Statement as if the merger had taken place on 01 January, 2015.

As part of this process, information about the Company's income statement has been extracted by the
financial statements of ABC and XYZ for the year ended 31 December 2015.

The ABC Company’s Financial Statements were audited by us and our audit report thereon was issued on 13
June 2016. No audit or review was conducted on financial statements of XYZ Company.

Responsibility for the Pro Forma Financial Information

The Company is responsible for the Pro Forma Financial Information and it is responsible for compiling the
Pro Forma Financial Information on the basis of applied criteria.

Our Independence and Quality Control

We have complied with the independence and other ethical requirement of the Code of Ethics for Professional
Accountants issued by the International Ethics Standards Board for Accountants, which is founded on
fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and
professional behavior.

The firm applies International Standard on Quality Control 1 and accordingly maintains a comprehensive
system of quality control including documented policies and procedures regarding compliance with ethical
requirements, professional standards and applicable legal and regulatory requirements.

Practitioner’s Responsibilities
Our responsibility is to express an opinion as required by Securities and Exchange Commission’s Regulation
XX about whether the pro forma financial information has been compiled, in all material respects, by
company on the basis of the applicable criteria.

310
ISAs – Summaries and Application Guide ISAE 3420: Report on Pro forma

We conducted our engagement in accordance with International Standard on Assurance Engagements (ISAE)
3420, Assurance Engagements to Report on the Compilation of Pro Forma Financial Information Included in a
Prospectus, issued by the International Auditing and Assurance Standards Board. This standard requires that
the practitioner plan and perform procedures to obtain reasonable assurance about whether company has
compiled, in all material respects, the pro forma financial information on the basis of the applicable criteria.

For purposes of this engagement, we are not responsible for updating or reissuing any reports or opinions on
any historical financial information used in compiling the pro forma financial information, nor have we, in the
course of this engagement, performed an audit or review of the financial information used in compiling the
pro forma financial information.

The purpose of pro forma financial information included in a prospectus is solely to illustrate the impact of a
significant event or transaction on unadjusted financial information of the entity as if the event had occurred
or the transaction had been undertaken at an earlier date selected for purposes of the illustration.
Accordingly, we do not provide any assurance that the actual outcome of the event or transaction at 31
December 2015 would have been as presented.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our
opinion.

In our opinion, the Pro Forma Financial Information has been properly compiled, in all material respects, on
the basis of applied criteria, and are consistent with the accounting policies of the company.

Signature
Date
Address

311
 ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

ISRS 4400
AGREED-UPON PROCEDURES
ENGAGEMENTS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 13 A1 – A13

CONDUCT OF AN AGREED-UPON PROCEDURES
LO 2 14–16 N/A
ENGAGEMENT IN ACCORDANCE WITH THIS ISRS
LO 3 RELEVANT ETHICAL REQUIREMENTS 17 A14–A20
LO 4 PROFESSIONAL JUDGMENT 18 A21–A23
LO 5 ENGAGEMENT LEVEL QUALITY MANAGEMENT 19–20 A24–A27
LO 6 ENGAGEMENT ACCEPTANCE AND CONTINUANCE 21–23 A28–A38
LO 7 AGREEING THE TERMS OF THE ENGAGEMENT 24–26 A39–A44
LO 8 PERFORMING THE AGREED-UPON PROCEDURES 27–28 A45
LO 9 USING THE WORK OF A PRACTITIONER’S EXPERT 29 A46–A50
LO 10 THE AGREED-UPON PROCEDURES REPORT 30–33 A51–A58
UNDERTAKING AN AGREED-UPON PROCEDURES
LO 11 34 A59
ENGAGEMENT TOGETHER WITH ANOTHER ENGAGEMENT
LO 12 DOCUMENTATION 35 A60
APX 1 ILLUSTRATIVE ENGAGEMENT LETTER FOR AN AGREED-UPON PROCEDURES ENGAGEMENT
APX 2 ILLUSTRATIONS OF AGREED-UPON PROCEDURES REPORTS

312
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Purpose of ISRS
This International Standard on Related Services (ISRS) provides:
• Guidelines for conducting Agreed-Upon Procedures (AUP) engagements.
• Requirements for the AUP report’s form and content.

Key Characteristics of AUP Engagements

• The practitioner performs procedures agreed upon with the engaging party.
• The engaging party con�irms the procedures are appropriate for their purpose.
• The practitioner reports only factual �indings, without expressing an opinion or assurance.

What AUP Engagements Are Not

• Not an audit, review, or assurance engagement.
• No opinion or conclusion is provided.

Where AUP Engagements Apply:

This standard applies to both �inancial and non-�inancial subject matters.

Subject Matter Examples

 Review specific financial accounts or transactions: Checking specific details in

financial statements, like revenue or expense accounts.

 Verify eligibility of expenses in a funding program: Ensuring that the

expenses claimed under a funding program meet the required criteria.

 Financial  Confirm revenue amounts for royalties or fees: Ensuring the correct revenue
figures are used to calculate payments like royalties, rent, or franchise fees,
which depend on a percentage of revenue.

 Check capital adequacy ratios for regulators: Verifying that a company meets
the required financial strength or capital adequacy ratios set by regulatory
authorities. [ OR Reporting on book value per share]

 Count the number of passengers reported to authorities: Ensuring the

number of passengers reported to a civil aviation authority is accurate.

 Observe the destruction of faulty goods: Confirming that faulty goods reported
to a regulatory authority have been properly destroyed.

 Non-�inancial  Monitor lottery draw processes: Ensuring that the methods used for lottery
draws follow the correct procedures and are reported accurately to regulatory
bodies.

 Measure greenhouse gas emissions for compliance: Verifying the volume of

greenhouse gases emitted, as reported to regulatory authorities, for
environmental compliance.

313
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

Responsibilities and Objectives of the Practitioner

In an AUP engagement, the practitioner must:
1. Agree on the procedures with the engaging party.
2. Perform the agreed-upon procedures.
3. Report the �indings based on factual results.

Practitioners must comply with ethical requirements. In some cases, independence may be required or
appropriate.

Key De�initions in AUP Engagements

• Engaging Party: The entity that hires the practitioner for the AUP engagement.
• Intended Users: Individuals or organizations expected to use the AUP report (may include
regulators or other stakeholders).
• Practitioner: The individual(s) performing the engagement.

LO 2: CONDUCT OF AN AGREED-UPON PROCEDURES ENGAGEMENT IN ACCORDANCE WITH

THIS ISRS:

Understanding ISRS
The practitioner must fully understand the ISRS, including its application and explanatory material, to apply
its requirements correctly.

Compliance
All relevant ISRS requirements must be followed unless they do not apply to the engagement.

Claiming Compliance
The practitioner can only claim compliance if all applicable ISRS requirements are met.

LO 3: RELEVANT ETHICAL REQUIREMENTS:

Compliance with Ethical Standards

Practitioners must comply with ethical requirements.

Objectivity and Independence

• Practitioners must remain objective and avoid bias, con�licts of interest, or undue in�luence that
could affect their professional or business judgment.

• The IESBA Code does not mandate independence for agreed-upon procedures engagements.
However, national laws, regulations, professional standards, or contractual agreements may
impose independence requirements.

Non-Compliance with Laws and Regulations (NOCLAR)

Obligation to Report Non-Compliance
• Laws, regulations, or ethical requirements may require practitioners to report identi�ied or
suspected non-compliance to external authorities.
• Reporting may be necessary when:
o The law or ethical standards require it.
o The practitioner determines that reporting is an appropriate response.

314
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

Con�identiality vs. Reporting Obligations

• In some cases, con�identiality laws may prevent external reporting of non-compliance.
• However, ethical standards may allow reporting without breaching con�identiality obligations.

LO 4: PROFESSIONAL JUDGMENT:

Applying Professional Judgment in an Engagement

A practitioner must exercise professional judgment when accepting, conducting, and reporting on an agreed-
upon procedures engagement, considering the speci�ic circumstances.

The need for professional judgment is limited because:

• The engaging party pre-approves the procedures and acknowledges their relevance.
• The procedures and �indings are described in objective, clear terms.
• Different practitioners performing the same procedures should reach consistent results.

Key Areas Requiring Professional Judgment

Engagement Acceptance
Before accepting the engagement, the practitioner must assess:
• Whether to accept or continue the engagement.
• If the procedures are appropriate for the engagement’s purpose.
• The availability of necessary resources, including a practitioner’s expert.

Conducting the Engagement

During the engagement, professional judgment is required to:
• Respond appropriately if fraud, non-compliance, or misleading information is suspected.
• Determine actions when an agreed-upon procedure cannot be performed.

Reporting on the Engagement

When reporting �indings, the practitioner must provide suf�icient detail, especially when exceptions are
identi�ied.

LO 5: ENGAGEMENT LEVEL QUALITY MANAGEMENT:

Engagement Partner’s Responsibilities

The engagement partner is responsible for ensuring quality management in the agreed-upon procedures
engagement. This includes:
 Oversees the engagement and ensures compliance with professional standards.
 Assigns adequate resources and ensures the team has the necessary skills and time.
 Supervises, reviews, and ensures compliance with ethical and legal requirements.
 Ensures proper documentation and completes engagement quality review (if required) before
dating the report.

Use of Practitioner’s Expert

If the engagement involves a practitioner’s expert, the engagement partner must ensure suf�icient
involvement in the expert’s work to take responsibility for the �indings in the �inal report.

315
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

If the engagement partner cannot take responsibility for a practitioner’s expert’s work:
• The scope of engagement may be limited to procedures for which the practitioner can take
responsibility.
• The engaging party may separately hire an expert to perform other required procedures.

Client Acceptance & Continuance

• ISQM 1 requires �irms to assess whether to accept or continue a client relationship based on:
o The nature and circumstances of the engagement.
o The integrity and ethical values of the client (including management and governance).
• If management’s integrity is in doubt, accepting or continuing the engagement may not be
appropriate.

Ethical Compliance & Professional Responsibilities

• Firms must establish quality objectives to ensure compliance with ethical standards.
• The engagement partner must ensure the engagement team adheres to ethical requirements.

LO 6: ENGAGEMENT ACCEPTANCE AND CONTINUANCE:

Engagement Acceptance and Continuance:

Understanding the Engagement Purpose
Before accepting,
 The practitioner must understand the purpose of the agreed-upon procedures engagement.
 If the requested procedures are inappropriate for the engagement’s purpose, the practitioner shall
not accept or continue.

Assessing Suitability of Procedures

The practitioner must not proceed if procedures:
 The procedures might be chosen to bias the intended users’ decisions.
 The subject matter for the procedures might be unreliable.
 An assurance engagement or advisory service might better meet the needs of the engaging party or
other intended users.

Alternative Actions if Conditions Are Not Met

• The practitioner may recommend alternative services (e.g., an assurance engagement) if an agreed-
upon procedures engagement does not meet the engaging party’s needs.
• Any added or modi�ied procedures must also meet the original engagement conditions.

Clear and Objective Description of Agreed-Upon Procedures:

Procedures must be described objectively in a way that is clear, not misleading, and not subject to varying
interpretations.

Acceptable Action Terms

Examples of clear procedural terms include:
• Con�irm
• Compare
• Agree
• Trace
• Inspect
• Inquire

316
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

• Recalculate
• Observe

Avoiding Unclear or Misleading Terms

Words and phrases that could cause confusion include:
• Assurance-related terms: "audit," "review," "opinion," "true and fair."
• Words implying assurance: "we certify," "we verify," "we have ascertained."
• Vague descriptions: "we obtained explanations and performed necessary procedures."
• Terms open to interpretation: "material," "signi�icant."
• Imprecise actions: "discuss," "evaluate," "analyze," "examine" without specifying scope.

Example of an Unclear Procedure

"Review cost allocations to determine if they are reasonable" is unclear because:
 "Review" could be mistaken for an assurance procedure.
 "Reasonable" is subjective and open to interpretation.

Handling Prescribed Procedures That Are Unclear

If law or regulation mandates unclear procedures:
• The practitioner may request modi�ications for clarity.
• If modi�ication is impossible, the agreed-upon procedures report should include a de�inition of
unclear terms.

Compliance with Independence Requirements:

When Independence is Required
• The practitioner must ensure compliance with independence requirements if required by ethical
standards, law, or regulation.
• If independence is not required but relevant to the engagement, the practitioner may discuss with the
engaging party whether compliance is necessary.

Factors That May Affect Independence Considerations

• The engagement’s purpose.
• The identities of the engaging party, intended users, and responsible parties.
• The scope and nature of the procedures.
• Other engagements performed for the engaging party.

Independence in Dual Roles:

If the practitioner also audits the engaging party’s �inancial statements, users may assume the practitioner is
independent for both engagements. In such case,
• The practitioner and engaging party may agree that compliance with audit independence
requirements applies to the agreed-upon procedures engagement.
• The terms of engagement should explicitly state this requirement.

317
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

LO 7: AGREEING THE TERMS OF THE ENGAGEMENT:

Establishing Terms for an Agreed-Upon Procedures Engagement

The practitioner must agree on the engagement terms with the engaging party and document them in an
engagement letter or a written agreement. These terms must include:
• Subject Matter: The area where agreed-upon procedures will be performed.
• Purpose & Users: The purpose of the engagement and intended users of the report.
• Responsible Party: If applicable, identi�ication of the responsible party and acknowledgment that
they are accountable for the subject matter.
• Ethical Compliance: Con�irmation that the practitioner will follow relevant ethical standards.
• Independence Requirements: Whether the practitioner must comply with independence rules and
which ones apply.
• Nature of the Engagement:
o The practitioner performs agreed-upon procedures and reports factual �indings.
o Findings are factual results, not opinions or assurance conclusions.
o This engagement is not an assurance engagement.
• Appropriateness of Procedures: The engaging party (and relevant others) must acknowledge that
the procedures are suitable for the engagement's purpose.
• Report Addressee: Identi�ication of the intended recipient of the report.
• Scope & Clarity: Clear, precise descriptions of the procedures, avoiding ambiguity.
• Report Format: Reference to the expected format and content of the report.

Recurring Agreed-Upon Procedures Engagements

For recurring engagements, the practitioner must assess whether the engagement terms need revision due to:
• Misunderstandings by the engaging party regarding the engagement’s purpose or procedures.
• Changes in agreed-upon procedures.
• New legal, regulatory, or contractual requirements.
• Changes in management or governance.

Additional Considerations
• The engagement letter may include restrictions on report distribution or details on involving experts.
• Quantitative thresholds for exceptions may be agreed upon and included in the engagement terms.
• If law or regulation de�ines only the procedure types, the practitioner must still agree on the timing
and extent with the engaging party.
• Engagement terms can be set upfront or adjusted throughout the engagement based on new
information. Any changes require written acknowledgment, such as an updated engagement letter or
addendum.
• A new engagement letter is not always required for recurring engagements, but reminders or updates
may be necessary in speci�ic situations.

LO 8: PERFORMING THE AGREED-UPON PROCEDURES:

Executing Agreed Procedures

The practitioner must perform procedures as outlined in the engagement terms.

Situations Where Written Representations May Be Requested:

• If inquiries are part of the procedures, written con�irmation of verbal responses may be requested.
• If the engaging party differs from the responsible party, the practitioner may agree with engaging
party to request written representations from the responsible party.

318
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

LO 9: USING THE WORK OF A PRACTITIONER’S EXPERT:

Engaging a Practitioner’s Expert

A practitioner may involve an expert to:
• Design Agreed-Upon Procedures – For example, a lawyer may assist in creating procedures for
contract reviews.
• Perform Speci�ic Procedures – For instance, a chemist may test toxin levels in grain samples.

Experts can be:

• Internal – Employees within the �irm, subject to the �irm’s system of quality management.
• External – Independent professionals engaged for speci�ic tasks.

Before using an expert’s work, the practitioner must assess:

1. Competence, Capabilities, and Objectivity – Ensure the expert has the necessary skills and
independence.
2. Agreement on Scope – De�ine the expert’s role, including the nature, scope, and objectives of their
work.
3. Work Performed – Ensure the expert’s work aligns with the agreed scope and timing.
4. Evaluation of Findings – Verify that the expert’s conclusions accurately describe the procedures
performed.

Evaluating the Firm’s Quality Management System for Internal Experts:

For internal experts, the practitioner may rely on the �irm’s quality management system if policies are
effective.

The reliance level affects:

• Assessment of competence and training.
• Evaluation of objectivity.
• Agreement terms with the expert.
However, reliance on �irm policies does not remove the practitioner’s responsibility to meet professional
standards.

Establishing the Agreement with the Expert

The agreement should clearly outline:
• Roles and Responsibilities – De�ine duties for both the practitioner and the expert.
• Communication Process – Specify the timing, format, and nature of communications and reports.
• Con�identiality Requirements – Ensure the expert follows con�identiality rules.
For external experts, the agreement is usually documented in an engagement letter to formalize
expectations.

319
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

LO 10: THE AGREED-UPON PROCEDURES REPORT:

Contents of The Agreed-Upon Procedures Report:

The agreed-upon procedures report must be in writing and include:

• Title: Clearly state that it is an agreed-upon procedures report.
• Addressee: Identify the intended recipient as per the engagement terms.
• Subject Matter: Specify what the agreed-upon procedures cover.
• Purpose: Explain the report's purpose and state that it may not be suitable for other uses.
• Engagement Description:
o The report describes an agreed-upon procedures engagement.
o It states that the practitioner performs procedures agreed with the engaging party and
reports the findings.
o The engaging party confirms that the procedures suit the engagement purpose.
• Responsible Party (If Applicable): Identify the responsible party as specified by the engaging
party.
• Standards Compliance: Confirm that the engagement follows ISRS 4400 (Revised).
• Practitioner’s Role: State that the practitioner does not determine if the procedures are
appropriate.
• No Assurance Provided:
o Clarify that this is not an assurance engagement.
o The practitioner does not express an opinion or conclusion.
• Limitations:
o Additional procedures might reveal other findings.
• Ethical Compliance: Confirm adherence to IESBA Code or equivalent requirements.
• Independence Statement:
o If independence is not required, state so.
o If required, confirm compliance with relevant independence requirements.
• Quality Management Compliance:
o Confirm compliance with ISQM 1 or equivalent professional, legal, or regulatory
requirements.
• Procedures Description: Detail the nature, extent, and timing of the performed procedures.
• Findings: Present factual results, including any exceptions.
• Practitioner’s Signature: Include the signature of the practitioner.
• Report Date: The date when the procedures were completed.
• Jurisdiction: Mention the location of the practitioner’s office.

Additional Reporting Considerations

• Reference to an Expert:
o If an expert’s work is mentioned, the report must not imply that the practitioner’s
responsibility is reduced.
• Summary of Findings:
o If included, it must be clear, objective, and free from ambiguity.
o The report must state that reading the summary does not replace reading the full report.
• Report Date:
o The report date must not be earlier than the completion of the agreed-upon procedures.

• Restricting Distribution or Use:

o Consider restricting the report’s use or distribution to prevent misinterpretation, especially
if:
 The report is meant for internal users.
 The procedures involve confidential information.

320
ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

LO 11: UNDERTAKING AN AGREED-UPON PROCEDURES ENGAGEMENT TOGETHER WITH

ANOTHER ENGAGEMENT:

Performing Multiple Engagements

A practitioner may be asked to perform agreed-upon procedures along with another engagement, such as
providing recommendations.
• These engagements can be covered under a single engagement letter.
• However, their reports should NOT be merged. Any additional �indings or recommendations should
be structured distinctly to maintain clarity and avoid misinterpretation.

Maintaining Clear Distinction

To prevent misunderstandings, the agreed-upon procedures report must be clearly separated from reports of
other engagements. This can be done by:
• Providing recommendations in a separate document.
• Including both the agreed-upon procedures report and recommendations in the same document but
in separate sections.

LO 12: DOCUMENTATION:

Required Documentation
The practitioner must document:
• The engagement terms in writing, including any agreed modifications.
• The nature, timing, and extent of agreed-upon procedures.
• The findings from the performed procedures.

Details to Include in Documentation

Documentation should provide clear records of:
• Identifying Characteristics of the subject matter tested:
o Purchase Orders: Record dates and unique purchase order numbers.
o Threshold-Based Selection: Specify the population (e.g., journal entries above a set amount
for a given period).
o Personnel Inquiries: Note dates, names, job titles, and details of inquiries.
o Observations: Document the process, responsible individuals, location, and date of
observation.
• Execution and Review
o Record who performed the procedures and when.
o Document who reviewed the procedures, the date of review, and its extent.

APX 1: ILLUSTRATIVE ENGAGEMENT LETTER FOR AN AGREED-UPON PROCEDURES

ENGAGEMENT:

Please read APX 1 of ISRS 4400 for a thorough understanding.

321
 ISAs – Summaries and Application Guide ISRS 4400: Agreed-upon Procedures

APX 2: ILLUSTRATIONS OF AGREED-UPON PROCEDURES REPORTS:

Following is the summary of different reports given in ISRS 4400:

Intended Independence Restriction

ISRS Reference Engaging Party Key Findings
User(s) Requirement on Use

Engaging party No
ISRS 4400 Engaging party No restriction
(not responsible No exceptions found independence
(Illustration 1) only on use
party) requirement

Exceptions found (one contract Compliance Restricted to

Engaging party Engaging party &
ISRS 4400 not subject to bidding, with audit engaging
(also responsible intended user
(Illustration 2) discrepancies in contract independence party and
party) (e.g., regulator)
payments due to tax rate change) requirements intended user

Please read APX 2 of ISRS 4400 for a thorough understanding. This is particularly important as you may be
required in exam to prepare extracts of Report.

322
 ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

ISRS 4410
COMPILATION
ENGAGEMENTS
LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 17 A1 – A18

CONDUCT OF A COMPILATION ENGAGEMENT IN
LO 2 18–20 N/A
ACCORDANCE WITH THIS ISRS
LO 3 ETHICAL REQUIREMENTS 21 A19–A26
LO 4 PROFESSIONAL JUDGMENT 22 A27–A29
MANAGING AND ACHIEVING QUALITY ON COMPILATION
LO 5 23 A30–A32
ENGAGEMENTS
LO 6 ENGAGEMENT ACCEPTANCE AND CONTINUANCE 24–26 A33–A45
COMMUNICATION WITH MANAGEMENT AND THOSE
LO 7 27 A46–A47
CHARGED WITH GOVERNANCE
LO 8 PERFORMING THE ENGAGEMENT 28 – 37 A48 – A58
LO 9 DOCUMENTATION 38 A59–A61
LO 10 THE PRACTITIONER’S REPORT 39 – 41 A62–A69
APX 1 ILLUSTRATIVE ENGAGEMENT LETTER FOR A COMPILATION ENGAGEMENT
APX 2 ILLUSTRATIVE PRACTITIONERS’ COMPILATION REPORTS

323
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of ISRS
• ISRS applies to compilation engagements where a practitioner assists management in preparing and
presenting historical financial information without providing assurance.
• It may also apply to other financial or non-financial information as needed. In this ISRS, "financial
information" refers to historical financial information.

Responsibilities of the Practitioner

• Uses expertise in accounting and financial reporting to assist management.
• Does not provide assurance or express an audit/review opinion.

Responsibilities of Management:
Management retains full responsibility for:
• The accuracy and completeness of financial information.
• Accounting policies and estimates used.
• The financial reporting framework chosen.

Common Uses of Compiled Financial Information

Compiled financial information may be required for:
1. Regulatory compliance – Filing periodic reports under legal or regulatory mandates.
2. Internal management use – Financial reports prepared for decision-making.
3. External reporting – Submission to funding agencies, investors, or lenders.
4. Transactional purposes – Used for mergers, acquisitions, or financing decisions.

Additional Activities Beyond Compilation

A practitioner may also assist in bookkeeping (e.g., summarizing transactions, trial balances). These
additional activities are outside the scope of ISRS.

LO 2: CONDUCT OF A COMPILATION ENGAGEMENT IN ACCORDANCE WITH THIS ISRS:

Understanding ISRS:
The practitioner must fully understand ISRS, including its objectives and application.

Compliance:
All relevant ISRS requirements must be followed unless they do not apply to the engagement.

Compliance Statement:
The practitioner can only claim ISRS compliance if all applicable requirements are met.

324
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

LO 3: ETHICAL REQUIREMENTS:

Compliance with Ethical Standards

The practitioner must comply with relevant ethical requirements outlined in the IESBA Code of Ethics.

Ethical Responsibilities in Compilation:

A professional accountant must not be associated with any information that:
• Contains materially false or misleading statements.
• Includes recklessly provided statements.
• Omits or obscures required information in a misleading way.
If a professional accountant discovers such information, they must take steps to disassociate from it.

Independence Considerations
• The International Independence Standards under the IESBA Code do not apply to compilation
engagements.
• However, local ethical codes, laws, or regulations may still require certain independence
disclosures.

Reporting Non-Compliance with Laws and Regulations

Practitioners may be required or permitted to report non-compliance with laws and regulations to an
external authority if:
1. Law or ethical requirements mandate it.
2. The practitioner determines reporting is necessary under ethical guidelines.
3. Laws or regulations allow voluntary reporting.

Confidentiality vs. Reporting Obligations

• In some cases, laws or ethical standards may prohibit reporting due to confidentiality obligations.
• In other cases, reporting is allowed without violating confidentiality.

To determine the right course of action, practitioners may:

• Consult internally within their firm or network.
• Seek legal advice to understand professional and legal implications.
• Confidentially consult a regulator or professional body, unless law prohibits it.

LO 4: PROFESSIONAL JUDGMENT:

Professional judgment is essential for conducting a compilation engagement because it helps interpret
ethical and ISRS requirements and make informed decisions. It is especially crucial when:
• Selecting the financial reporting framework based on the intended use and users of financial
information.
• Applying the financial reporting framework, including:
o Choosing appropriate accounting policies.
o Developing necessary accounting estimates.
o Preparing and presenting financial information in compliance with the framework.

325
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

LO 5: MANAGING AND ACHIEVING QUALITY ON COMPILATION ENGAGEMENTS:

Engagement Partner’s Responsibilities

The engagement partner holds overall responsibility for managing and ensuring quality in each compilation
engagement. This involves:
• Active Involvement
o Overseeing the engagement from start to finish.

• Compliance with Quality Management Policies

The engagement must align with the firm’s policies by:
o Following procedures for client acceptance and continuance.
o Assigning adequate resources to the engagement team on time.
o Ensuring the team has the required competence and time.
o Monitoring compliance with ethical requirements and addressing any breaches.
o Supervising and reviewing team members' work.
o Ensuring engagement documentation is properly assembled and maintained.
o Completing an engagement quality review before dating the report, if required by ISQM 1 or
firm policies.

LO 6: ENGAGEMENT ACCEPTANCE AND CONTINUANCE:

Engagement Acceptance Requirements

Before accepting an engagement, the practitioner must agree on key terms with management and the
engaging party (if different). These terms include:

Key Agreement Areas

• Intended Use and Distribution of Financial Information
o Identify users and any restrictions.
• Applicable Financial Reporting Framework
o Ensure the framework aligns with the purpose of the financial information.
• Scope and Objective of the Engagement
o Define the nature of the compilation engagement.
• Practitioner’s Responsibilities
o Comply with ethical requirements.
• Management’s Responsibilities
o Prepare financial information per the financial reporting framework.
o Ensure records, documents, and explanations are complete and accurate.
o Make necessary judgments for financial information preparation.
• Practitioner’s Report
o Determine the expected format and content.

Documenting the Engagement

• The agreed terms must be recorded in an engagement letter or written agreement before the
engagement begins.

326
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

Selecting the Financial Reporting Framework

Management selects a framework based on:
• The entity type (business, public sector, non-profit).
• Intended users and financial information purpose.
• Legal or contractual requirements.
• The required format (full financial statements, single statement, or custom format).

Special Purpose Financial Reporting

If the framework is special purpose, the engagement letter must state:
• Restrictions on use or distribution.
• A disclaimer in the practitioner’s report indicating its limited suitability for other purposes.

Management’s Responsibilities
Management must acknowledge their responsibilities before the engagement begins, including:
• Providing complete and accurate financial records.
• Making necessary judgments and assumptions for financial reporting.
• Understanding their legal and regulatory obligations.

If management refuses to acknowledge its responsibilities, the engagement cannot proceed unless
required by law.

LO 7: COMMUNICATION WITH MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE:

Purpose of Communication in Compilation Engagements

• The practitioner must communicate key matters with management or those charged with
governance.
• Communication should be timely and based on professional judgment.

Timing and Nature of Communication

• The timing depends on the issue’s significance and expected management actions.
• Urgent issues, such as major difficulties, must be communicated immediately if management can
assist in resolving them.

Ethical and Legal Considerations

Reporting Non-Compliance
• Ethical requirements may require the practitioner to report suspected non-compliance with laws and
regulations.
• Communication should be directed to the appropriate level of management or governance.

Legal Restrictions on Communication

• In some jurisdictions, laws may limit communication on specific matters.
• Practitioners must not alert the entity if reporting non-compliance could interfere with an official
investigation (e.g., under anti-money laundering laws).

Seeking Legal Advice

• If legal restrictions apply, the practitioner should assess the complexity of the situation and seek legal
advice if needed.

327
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

LO 8: PERFORMING THE ENGAGEMENT:

Understanding the Entity and Its Reporting Framework

To effectively compile financial information, the practitioner must:
• Understand the entity’s business, operations, accounting system, and financial records.
• Understand the applicable financial reporting framework and how it applies to the entity’s industry.
• Consider factors like entity size, complexity, financial reporting obligations, governance structure,
and internal controls.

Compiling the Financial Information

Gathering and Processing Information
• The practitioner compiles financial information using records, documents, and explanations
provided by management.
• If the practitioner assists with significant judgments (e.g., accounting estimates or policy selection),
management must understand and accept responsibility for them.

Review and Verification

• Before completing the engagement, the practitioner must review the compiled financial information
to ensure it aligns with their understanding of the entity and financial reporting framework.

Handling Issues in Financial Information

Incomplete or Inaccurate Information
If management provides incomplete, inaccurate, or unsatisfactory information:
• The practitioner must request corrections.
• If management does not provide the necessary information, the practitioner must withdraw from
the engagement and inform management and governance.

Material Misstatements or Misleading Information

If the practitioner identifies issues such as:
• The financial information does not reference the financial reporting framework correctly.
• The information contains material misstatements.
• The financial information is misleading.

The practitioner must:

• Propose corrections to management to ensure compliance and accuracy.
• If management refuses to correct, the practitioner must withdraw from the engagement and
inform management and governance.

If withdrawal is not possible, the practitioner must determine their legal and professional obligations in
the circumstances.

Finalizing the Engagement

Obtaining Management’s Acknowledgment
Before concluding, the practitioner must obtain written confirmation from management or governance
that they take full responsibility for the final version of the compiled financial information.

Ethical and Legal Considerations in Withdrawal

If the practitioner withdraws, they must:
• Inform management and governance of the specific reasons for withdrawal.
• Consider ethical and legal obligations, including the need to report the issue to regulators.

328
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

LO 9: DOCUMENTATION:
The practitioner must document the following key aspects:

Significant Issues and Their Resolution

• Record important matters identified during the compilation engagement.
• Document how these issues were addressed.

Reconciliation of Financial Information

Maintain a record of how the compiled financial information aligns with:
• Underlying records.
• Supporting documents.
• Explanations provided by management.

Final Version of Compiled Financial Information

Keep a copy of:
• The final compiled financial information.
• Management’s acknowledgment of responsibility.
• The practitioner’s report.

Additional Documentation Considerations

Practitioners may also include:
• Trial balance or a summary of significant accounting records used in the compilation.
• A reconciliation schedule linking the general ledger balances to the compiled financial statements.
• Adjusting journal entries or amendments agreed upon with management.

LO 10: THE PRACTITIONER’S REPORT:

Required Elements of the Practitioner’s Report

The report must be in writing and include:
1. Title – Clearly stating it is a compilation report.
2. Addressee(s) – As specified in the engagement terms.
3. Statement of Compilation – Confirming that the practitioner compiled the financial information
based on management’s data.
4. Management’s Responsibilities – Stating management’s role in preparing the financial information.
5. Financial Reporting Framework – Identifying the applicable framework, with a description if it is a
special purpose framework.
6. Identification of Financial Information – Including the title and reporting period.
7. Practitioner’s Responsibilities – Explaining compliance with this ISRS and ethical requirements.
8. Compilation Engagement Description – Outlining the practitioner’s role.
9. Explanations:
o A compilation engagement is not an assurance engagement.
o The practitioner is not required to verify the accuracy or completeness of the data.
o No audit opinion or review conclusion is provided.
10. Special Purpose Framework (if applicable):
o Describes the financial information’s intended purpose.
o Warns users that it may not be suitable for other purposes.
11. Date of the Report – The date when the compilation engagement is completed.
12. Practitioner’s Signature – Required authentication.
13. Practitioner’s Address – Contact details.

329
ISAs – Summaries and Application Guide ISRS 4410: Compilation Engagements

Date of the Report

The report must be dated when the compilation engagement is completed.

Format and Distribution

• The report may be in hard copy or electronic format.
• If included in a financial report, page numbers may be specified for clarity.

Report Addressees
The report is usually addressed to the entity’s management unless law or regulations specify otherwise.

Special Purpose Financial Reporting Framework

If used, the report must:
• Highlight that the financial information follows a special purpose framework.
• State that the information may not be suitable for other purposes.
• Restrict distribution or use, if necessary.

Limitations on Use and Distribution

• The report may specify that it is for intended users only.
• Legal and regulatory requirements determine whether distribution restrictions apply.

APX 1: ILLUSTRATIVE ENGAGEMENT LETTER FOR A COMPILATION ENGAGEMENT:

Please read APX 1 of ISRS 4410 for a thorough understanding.

APX 2: ILLUSTRATIVE PRACTITIONERS’ COMPILATION REPORTS:

Following is the summary of different reports given in ISRS 4410:

Restriction on
Purpose Compilation of …. Applicable Framework Appendix 2
use/distribution
General Purpose Framework
General Financial Statements Not restricted Illustration 1
(e.g. IFRS or IFRS for SMEs)
Special Financial Statements Modified General purpose Not restricted Illustration 2
Financial
Special Contractual basis of accounting Restricted Illustration 3
Statements/Information
Management’s own basis of
Financial
Special accounting Restricted Illustration 4
Statements/Information
(for its internal purposes)
Financial
Special Regulatory basis of accounting Restricted Illustration 5
Statements/Information

330
ISAs – Summaries and Application Guide Code of Ethics

CODE OF ETHICS
REVISED 2019

LO # LEARNING OBJECTIVE Section

PART 1 - COMPLYING WITH THE CODE, FUNDAMENTAL PRINCIPLES AND CONCEPTUAL FRAMEWORK

LO 1 COMPLYING WITH THE CODE 100

LO 2 THE FUNDAMENTAL PRINCIPLES 110

LO 3 THE CONCEPTUAL FRAMEWORK 120

PART 3 - CHARTERED ACCOUNTANTS IN PRACTICE

APPLYING THE CONCEPTUAL FRAMEWORK – CHARTERED ACCOUNTANTS IN
LO 4 300
PRACTICE
LO 5 CONFLICTS OF INTEREST 310

LO 6 PROFESSIONAL APPOINTMENTS 320

LO 7 SECOND OPINIONS 321

LO 8 FEES AND OTHER TYPES OF REMUNERATION 330

LO 9 INDUCEMENTS, INCLUDING GIFTS AND HOSPITALITY 340

LO 10 CUSTODY OF CLIENT ASSETS 350

LO 11 RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATION 360

PUBLIC NOTICES, ANNOUNCEMENTS AND COMMUNICATIONS UNDUE
LO 12 370
PUBLICITY BE AVOIDED
PART 4A - INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS
APPLYING THE CONCEPTUAL FRAMEWORK TO INDEPENDENCE FOR AUDIT
LO 13 400
AND REVIEW ENGAGEMENTS
LO 14 FEES 410

LO 15 COMPENSATION AND EVALUATION POLICIES 411

LO 16 GIFTS AND HOSPITALITY 420

LO 17 ACTUAL OR THREATENED LITIGATION 430

LO 18 FINANCIAL INTERESTS 510

LO 19 LOANS AND GUARANTEES 511

LO 20 BUSINESS RELATIONSHIPS 520

331
ISAs – Summaries and Application Guide Code of Ethics

LO 21 FAMILY AND PERSONAL RELATIONSHIPS 521

LO 22 RECENT SERVICE WITH AN AUDIT CLIENT 522

LO 23 SERVING AS A DIRECTOR OR OFFICER OF AN AUDIT CLIENT 523

LO 24 EMPLOYMENT WITH AN AUDIT CLIENT 524

LO 25 TEMPORARY PERSONNEL ASSIGNMENTS 525

LONG ASSOCIATION OF PERSONNEL (INCLUDING PARTNER ROTATION) WITH
LO 26 540
AN AUDIT CLIENT
PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT

LO 27 PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT – GENERAL 600

LO 28 Accounting and Bookkeeping Services 601

LO 29 Administrative Services 602

LO 30 Valuation Services 603

LO 31 Tax Services 604

LO 32 Internal Audit Services 605

LO 33 Information Technology Systems Services 606

LO 34 Litigation Support Services 607

LO 35 Legal Services 608

LO 36 Recruiting Services 609

LO 37 Corporate Finance Services 610

Reports on Special Purpose Financial Statements that Include a Restriction on

LO 38 800
Use and Distribution (Audit and Review Engagements)

332
ISAs – Summaries and Application Guide Code of Ethics

DEFNITIONS & INTRODUCTION TO CODE OF ETHICS:

Key Points:
 Code of Ethics applies on Chartered Accounts (not just auditors).
 Code is divided into different parts depending on its application i.e.
o Part 1 (Page # 10) describes general framework [Principles and Threats].
o Part 2 (Page # 27) applies on Chartered Accountant in business.
o Part 3 (Page # 68) applies on Chartered Accountant in practice (providing any assurance or
non-assurance service).
o Part 4 applies on assurance service.
 Part 4A (Page # 124) applies on audit and review.
 Part 4B (Page # 209) applies on other assurance services.

Part 1, Part 3 and Part 4A are relevant for CFAP 06 Paper.

Important Definitions to cover before starting Code of Ethics:

Audit Firm & its Structure:

Term Definition
 Engagement team members.
Audit Team  Those influencing audit outcomes within a firm or network. (e.g., technical
consultants, and quality control reviewers)
The engagement partner, engagement quality control reviewer, and other audit
Key Audit Partner
partners making key decisions on the audit.
Appropriate
A professional with expertise, authority, and objectivity to review work or services.
Reviewer
A structure of firms that promotes cooperation, profit-sharing, common
Network
management, quality control, or branding among firms.
Network Firm A firm that is part of a network.

Audit Client & its Structure:

Term Definition
Audit Client The entity under audit. If the entity is listed, related entities are included.
Entities with control, or significant influence in the audit client (e.g. Holding,
Related Entity
Subsidiaries or Associates).
Director or Officer Individuals responsible for governance, regardless of title.
Public Interest
A listed entity or one regulated similarly.
Entity (PIE)

Financial Interests:
Term Definition
Financial Interest Ownership in a company’s shares, loans, or securities.
Direct Financial
Owned directly by an individual or entity.
Interest
Indirect Financial Ownership through a collective investment vehicle, estate, or trust without control
Interest over investment decisions.

333
ISAs – Summaries and Application Guide Code of Ethics

Relationships:
Term Definition
Immediate Family Spouse or dependent.
Close Family Parent, child, or sibling.

Periods:
Term Definition
Starts when the audit team begins to perform audit, and ends when the audit report
Engagement Period
is issued.
Time-on Period The max duration an auditor can serve a client before rotating.
Cooling-off Period A required break before an auditor can re-engage with a client.

Other Terms:
Term Definition
Audit Covers both audit and review engagements.
Advertising Public promotion of an accountant’s services.
Publicity Public communication about a chartered accountant that is not promotional.

PART 1 - COMPLYING WITH THE CODE, FUNDAMENTAL PRINCIPLES AND

CONCEPTUAL FRAMEWORK

LO 1: COMPLYING WITH THE CODE: [Section 100]

Understanding the Code

Public Interest Responsibility
• Chartered accountants must act in the public interest, not just serve individual clients or employers.
• The Code of Ethics provides guidelines to help accountants fulfill this responsibility.

Structure of the Code

• “R” (Requirements): Mandatory rules that accountants must follow.
• “A” (Application Material): Explanations, examples, and guidance to help accountants apply the
Code properly. While not mandatory, it is essential for understanding and compliance.

Compliance with the Code

Mandatory Compliance
Accountants must comply with the Code.

When Laws or Regulations Conflict with the Code

• If a law or regulation conflicts with the Code, the law prevails.
• However, accountants must still comply with all other parts of the Code.

Exceptional Circumstances
If an accountant believes a rule's application would be against the public interest, they should seek guidance
from a professional or regulatory body.

334
ISAs – Summaries and Application Guide Code of Ethics

LO 2: THE FUNDAMENTAL PRINCIPLES: [Section 110]

General Principles (Section 110)

Chartered accountants must adhere to five ethical principles: Integrity, Objectivity, Professional
Competence and Due Care, Confidentiality, and Professional Behavior. These principles ensure ethical
conduct in professional and business settings. If ethical conflicts arise, accountants should consult internal,
professional, or legal advisors but remain responsible for resolving the issue. Documentation of decisions is
encouraged.

Integrity (Section 111)

Accountants must be honest and straightforward in their professional conduct. They must not be
associated with misleading or false information. If such information is found, they should take steps to
disassociate themselves and, if necessary, issue a modified report.

Objectivity (Section 112)

Accountants must maintain independent judgment and avoid bias, conflicts of interest, or undue influence.
They should not engage in professional activities where their objectivity is compromised.

Professional Competence and Due Care (Section 113)

Accountants must maintain and update their knowledge to provide competent services. They should
follow professional standards, act diligently, and ensure that employees under their supervision receive
proper training. If limitations exist in their services, they must inform clients or employers.

Confidentiality (Section 114)

Accountants must protect client and employer information and prevent unauthorized disclosures. They
must not use confidential information for personal or third-party gain.

However, disclosure is required if:

• Legally mandated (e.g., court orders, legal violations).
• Authorized by the client or employer.
• Needed for regulatory or professional compliance.

When considering disclosure, accountants should assess the potential harm, reliability of information, and
appropriateness of the communication.

Professional Behavior (Section 115)

Accountants must follow laws and regulations and avoid actions that could harm the reputation of the
profession. Engaging in unethical or illegal activities that undermine integrity or objectivity is prohibited.

LO 3: THE CONCEPTUAL FRAMEWORK: [Section 120]

Independence is critical for audits and assurance engagements. It includes:

• Independence of Mind: Ability to remain unbiased.
• Independence in Appearance: Avoiding situations that create an appearance of bias.

335
ISAs – Summaries and Application Guide Code of Ethics

Understanding the Conceptual Framework

The conceptual framework helps chartered accountants ensure compliance with fundamental principles and
fulfill their public interest responsibilities. It provides a structured approach to identifying and addressing
ethical threats.

Key Objectives of the Conceptual Framework:

1. Identify threats to compliance.
2. Evaluate whether the threats compromise ethical standards.
3. Address threats by eliminating or reducing them to an acceptable level.

Identifying and Evaluating Ethical Threats

Identifying Threats
• Accountants must identify threats that compromise ethical compliance.

Types of Ethical Threats

Threats fall into five categories:
1. Self-Interest Threat: Personal or financial interests affect objectivity.
2. Self-Review Threat: Assessing one’s own previous work impairs judgment.
3. Advocacy Threat: Supporting a client’s position compromises independence.
4. Familiarity Threat: Close relationships create bias.
5. Intimidation Threat: External pressure influences decision-making.

A situation may create multiple threats or impact multiple fundamental principles.

Managing and Reducing Ethical Threats

Evaluating Threats
 If a threat is identified, accountants must evaluate it.
 Both qualitative and quantitative factors matter.

Addressing Ethical Threats:

If a threat is significant, accountants must:
1. Eliminate the source of the threat.
2. Apply safeguards to reduce it.
3. Decline or end the professional engagement

PART 3 - CHARTERED ACCOUNTANTS IN PRACTICE

LO 4: APPLYING THE CONCEPTUAL FRAMEWORK – CHARTERED ACCOUNTANTS IN

PRACTICE: [Section 300]
Introduction
Chartered accountants in practice must follow the conceptual framework in Section 120 to identify and
address ethical risks.

General Requirements:
Chartered accountants must comply with fundamental principles (Section 110) and use the conceptual
framework (Section 120) to assess ethical threats.

336
ISAs – Summaries and Application Guide Code of Ethics

Identifying Threats
Chartered accountants must assess ethical threats that fall into five main categories:
1. Self-Interest Threats
Arise when personal interests conflict with professional responsibilities. Examples:
• Having a direct financial interest in a client.
• Charging an unrealistically low fee that affects quality.
• Having close business ties with a client.
• Using confidential information for personal gain.

2. Self-Review Threats
Happen when an accountant reviews their own work. Examples:
• Auditing a financial system the accountant helped implement.
• Reviewing data that the accountant originally prepared.

3. Advocacy Threats
Arise when an accountant promotes a client’s interests. Examples:
• Representing a client in litigation.
• Lobbying on behalf of a client.

4. Familiarity Threats
Occur due to long-term relationships or close connections with clients. Examples:
• A family member working as a client’s director.
• An audit team member being associated with the same client for many years.

5. Intimidation Threats
Happen when external pressures compromise professional judgment. Examples:
• Threats of job dismissal for not agreeing with a client.
• Pressure to approve incorrect accounting treatments.
• Threats to expose personal gifts received from a client.

Evaluating Threats
Factors That Impact Threat Levels
1. Client’s Environment
o Strong governance reduces risk.
o Public interest entities pose higher threats.
2. Firm’s Environment
o Ethical leadership, monitoring, and training lower risk.
o Diversifying clients prevents overreliance.

Responding to Ethical Risks and Threats

Actions to Address Threats
If a threat is not at an acceptable level, accountants must take appropriate action.

Examples of Safeguards
To manage risks, accountants can:
• Assign additional personnel or extend deadlines to ensure quality work.
• Use an independent reviewer to assess decisions objectively.
• Separate engagement teams for assurance and non-assurance work.
• Engage another firm to re-perform critical parts of an engagement.
• Disclose referral fees to maintain transparency.
• Implement confidentiality measures to prevent conflicts of interest.

337
ISAs – Summaries and Application Guide Code of Ethics

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2011, Part ii Babar Limited
2 Winter 2009, Part iii CEO of ABC & Company Limited
3 Summer 2009 Multinational listed company
4 Winter 2006 Mr. Kay
5 Summer 2001 Iqbal

LO 5: CONFLICTS OF INTEREST: [Section 310]

Conflicts of interest arise when:

• Multiple clients have conflicting interests.
• The accountant’s interests conflict with a client’s.

Examples of Conflict of Interest Situations

• Providing advisory services to a client acquiring an audit client, when confidential information from
the audit is relevant.
• Advising two clients competing to acquire the same company.
• Acting for both the buyer and seller in the same transaction.
• Preparing asset valuations for parties with opposing interests.
• Representing two clients in a legal dispute, such as a divorce or partnership dissolution.
• Assuring royalties for a licensor while advising the licensee on payments.
• Advising a client to invest in a business where the accountant’s spouse has a financial interest.
• Offering strategic advice to a client while having a joint venture with their competitor.
• Recommending a product while receiving commission from its seller.

Identifying Conflicts of Interest

Before Accepting a Client or Engagement
Chartered accountants must take reasonable steps to identify conflicts before accepting new clients,
engagements, or business relationships. This includes:
• Assessing relationships and interests among involved parties.
• Evaluating how the service impacts relevant parties.

Monitoring Changes in Circumstances

• Accountants must stay alert to changes in services, interests, or relationships that may create
conflicts during an engagement.
• Changes may arise when an engagement becomes adversarial, even if no dispute existed initially.

Network Firms and Conflicts of Interest

If a firm is part of a network, the accountant must consider possible conflicts arising from the interests and
relationships of network firms.

338
ISAs – Summaries and Application Guide Code of Ethics

Disclosure and Consent

Accountants must use professional judgment to decide whether a conflict requires disclosure and explicit
client consent.

Forms of Disclosure and Consent

• General Disclosure: Inform clients that services are not exclusive and obtain general consent (e.g.,
via engagement terms).
• Specific Disclosure: Explain the conflict in detail to affected clients so they can make an informed
decision.
• Implied Consent: If clients are aware of the conflict and do not object, consent may be inferred.

When Explicit Consent is Refused

If explicit consent is required but the client refuses, the accountant must:
• Decline or end services that create the conflict.
• Eliminate or reduce the conflict by changing relevant relationships or interests.

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2018, part b Alpha Limited and Gama Limited
2 Summer 2016, part b Javed Limited
3 Winter 2015, part c Zaheer Limited
4 Winter 2014, part b An audit client
5 Winter 2013, part b Murree Limited and Bhurban Limited
6 Summer 2012, part a The government has invited
7 Summer 2011, part i Romeo Supermarket Limited

LO 6: PROFESSIONAL APPOINTMENTS: [Section 320]

1. Introduction
• Chartered accountants must follow fundamental principles and the conceptual framework in Section
120 to identify, evaluate, and address threats. (320.1)
• Accepting a new client or modifying an existing engagement can create risks to these principles. This
section explains how to apply the conceptual framework in such cases. (320.2)

2. Client and Engagement Acceptance

General Considerations
• Threats to Integrity and Professional Behavior: Issues like illegal activities, dishonesty, poor
financial reporting, or unethical behavior can pose risks. (320.3 A1)
• Evaluating Threats: Factors include:
o Understanding the client, its owners, and management.
o Assessing the client’s willingness to address questionable practices. (320.3 A2)

Professional Competence and Due Care

• If the engagement team lacks the necessary skills, a self-interest threat arises. (320.3 A3)
• Evaluating Competence:
o Understanding the client’s business, operations, and engagement requirements.
o Knowledge of industry standards and regulations.
o Presence of quality control procedures ensuring engagements are accepted only when
feasible. (320.3 A4)

339
ISAs – Summaries and Application Guide Code of Ethics

Safeguards to Address Competence Risks

• Assigning qualified personnel.
• Setting a realistic timeline.
• Using experts when necessary. (320.3 A5)

3. Changes in Professional Appointments

Evaluating a New Engagement
• Chartered accountants must assess potential risks before accepting:
o Replacing another accountant.
o Bidding for an engagement held by another accountant.
o Performing work that complements another accountant’s role. (R320.4)
• If risks cannot be addressed with safeguards, the engagement should not be accepted. Examples
include lack of access to all relevant facts. (320.4 A1)

Risk of Incomplete Information

• If an accountant is asked to perform additional work alongside an existing accountant, incomplete
information may create risks. (320.4 A2)
• Best Practice: Tenders should include a provision to consult the predecessor accountant before
acceptance. (320.4 A3)

Safeguards for Ethical Engagement Acceptance

• Request information from the predecessor accountant regarding potential concerns.
• Conduct independent background checks on the client’s senior management. (320.4 A4)

4. Communication with the Predecessor Accountant

Seeking Client Approval
• The proposed accountant usually needs written client permission to contact the predecessor
accountant. (320.5 A1)
• If contact is not possible, the proposed accountant must take reasonable steps to obtain relevant
information. (R320.6)

Duties of the Predecessor Accountant

• The predecessor accountant must:
o Follow laws and regulations when responding to inquiries.
o Provide honest and clear information. (R320.7)
• Confidentiality rules apply, and whether the accountant can share details depends on:
o Client’s permission.
o Legal and ethical requirements in the jurisdiction. (320.7 A1)
• Disclosure of confidential information may be required in some cases, as outlined in Paragraph
114.1 A1 of the Code. (320.7 A2)

5. Changes in Audit or Review Appointments

• The proposed auditor must ask the predecessor accountant for any relevant information before
accepting the engagement. (R320.8)
• If the client allows disclosure, the predecessor accountant must provide clear and honest
information. (R320.8(a))
• If the client refuses disclosure, the predecessor accountant must inform the proposed accountant,
who should consider this refusal before accepting the appointment. (R320.8(b))

340
ISAs – Summaries and Application Guide Code of Ethics

6. Continuing Client Relationships

• Chartered accountants must regularly assess whether to continue engagements. (R320.9)
• New risks may arise after acceptance that would have led to rejecting the engagement initially.
• Example: A self-interest threat may occur due to improper earnings management or financial
misstatements. (320.9 A1)

7. Using the Work of an Expert

• If an accountant intends to rely on an expert’s work, they must assess whether it is appropriate.
(R320.10)
• Evaluation Factors:
o Expert’s reputation and experience.
o Available resources.
o Compliance with professional and ethical standards.
o Prior experience working with the expert or external references. (320.10 A1)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2013 ABC and Company
2 Winter 2001, part iii Zaid

LO 7: SECOND OPINIONS: [Section 321]

Introduction
• Chartered accountants must follow fundamental principles and apply the conceptual framework in
Section 120 to identify, evaluate, and address threats. [321.1]
• Giving a second opinion to a non-client entity may create a self-interest threat or other risks to
compliance with ethical principles. This section outlines requirements for managing such risks.
[321.2]

Requirements and Application

General Considerations
• A chartered accountant may be asked for a second opinion on accounting, auditing, or reporting
standards for:
1. Specific circumstances
2. Transactions by a company or entity that is not a current client [321.3 A1]
• A self-interest threat arises if the second opinion is based on incomplete facts or insufficient
evidence, compared to what the existing or predecessor accountant had. [321.3 A1]
• Evaluating the risk level involves assessing:
o The reason for the request.
o Available facts and assumptions influencing professional judgment. [321.3 A2]

Safeguards to Address Self-Interest Threats

To reduce risks, the accountant may:
1. Obtain information from the existing or predecessor accountant (with client approval).
2. Clearly communicate any limitations related to the second opinion.
3. Share the second opinion with the existing or predecessor accountant. [321.3 A3]

When Permission to Communicate is Denied

• If the entity refuses to allow communication with the existing or predecessor accountant, the
accountant must assess whether providing the second opinion is ethical. [R321.4]

341
ISAs – Summaries and Application Guide Code of Ethics

LO 8: FEES AND OTHER TYPES OF REMUNERATION: [Section 330]

Introduction
Chartered accountants must comply with fundamental principles and apply the conceptual framework
outlined in Section 120 to identify, evaluate, and address threats. (330.1)
The level and nature of fees or other remuneration arrangements may create a self-interest threat to
compliance with one or more fundamental principles. This section provides guidance on applying the
conceptual framework in such situations. (330.2)

Level of Fees
The fee level quoted may affect a chartered accountant’s ability to perform professional services in line with
professional standards. (330.3 A1)
• Fee Negotiations
o Chartered accountants may quote any appropriate fee based on the nature and extent of the
service.
o However, fees must not be lower than those charged by the previous auditor unless there is
a material difference in scope and quantum of work. Otherwise, it could be considered
undercutting. (R330.4)
• Factors to Consider When Evaluating a Threat from Low Fees
o Whether the client understands the engagement terms, including the fee basis and scope of
professional services.
o Whether an independent third party, such as a regulatory body, sets the fee level. (330.4
A1)
• Safeguards to Address Self-Interest Threats from Fee Levels
o Adjusting the fee level or modifying the engagement scope.
o Engaging an independent reviewer to assess the work performed. (330.4 A2)

Referral Fees or Commissions

Paying or receiving referral fees or commissions related to a client creates a self-interest threat to
objectivity and professional competence. These include:
• Fees paid to another accountant for referring a client requiring specialist services while remaining
with the existing accountant.
• Fees received for referring a continuing client to another accountant or expert for a service the
accountant does not offer.
• Commissions from third parties, such as software vendors, for selling goods or services to a client.
(330.5 A1)
• Safeguards to Address Self-Interest Threats from Referral Fees and Commissions
o Getting prior client approval for commission-based arrangements involving third-party
sales.
o Disclosing any referral fees or commission agreements to clients when recommending
services or products. (330.5 A2)

Purchase or Sale of a Firm

If a chartered accountant buys all or part of another firm, payments to previous owners, heirs, or estates do
not qualify as referral fees or commissions under this section. (330.6 A1)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2011, part iii Qamar Software Services

342
ISAs – Summaries and Application Guide Code of Ethics

LO 9: INDUCEMENTS, INCLUDING GIFTS AND HOSPITALITY: [Section 340]

Introduction
• Chartered accountants must follow fundamental principles and apply the conceptual framework to
identify, assess, and address threats. (340.1)
• Offering or accepting inducements may create self-interest, familiarity, or intimidation threats,
affecting integrity, objectivity, and professional behavior. (340.2)
• This section outlines the requirements for handling inducements while ensuring compliance with
laws and regulations. (340.3)

General
• An inducement is anything used to influence another person’s behavior, whether intentionally or not.
It may range from simple hospitality to actions violating laws and regulations. (340.4 A1)
• Examples of inducements include:
o Gifts
o Hospitality
o Entertainment
o Donations
o Employment offers
o Preferential treatment

Inducements Prohibited by Laws and Regulations

Many jurisdictions have laws against certain inducements, such as bribery and corruption. Chartered
accountants must understand and follow these laws. (R340.5)

Inducements Not Prohibited by Laws and Regulations

Even if allowed by law, some inducements may still pose ethical threats. (340.6 A1)

Inducements Intended to Improperly Influence Behavior

• Chartered accountants must not offer or encourage inducements meant to improperly influence
others. (R340.7)
• Chartered accountants must not accept inducements if a reasonable third party would believe they
are intended to improperly influence behavior. (R340.8)
• An inducement improperly influences behavior if it leads someone to act unethically. (340.9 A1)
• Offering or accepting such inducements violates integrity. (340.9 A2)

Factors to Assess Intent to Improperly Influence: (340.9 A3)

• Nature, frequency, and value of the inducement
• Timing relative to decisions it may influence
• Cultural norms (e.g., holiday gifts)
• Whether it is part of a professional service (e.g., business lunch)
• Whether it is limited to one person or offered to many
• Position of the person offering or receiving the inducement
• Whether accepting it would violate company policies
• Level of transparency
• Whether it was requested
• Reputation of the person offering it

343
ISAs – Summaries and Application Guide Code of Ethics

Actions to Address Inducements with Improper Intent

Even if the rules against improper inducements are followed, threats may still arise. (340.10 A1)

Possible Safeguards: (340.10 A2)

• Inform senior management or governance about the offer
• End or change the business relationship

Inducements with No Intent to Improperly Influence Behavior

• If an inducement has no improper intent, the conceptual framework still applies. (340.11 A1)
• Trivial inducements are generally acceptable. (340.11 A2)

Examples of Threats Even Without Improper Intent: (340.11 A3)

• Self-interest threat: A chartered accountant receives hospitality from a potential acquirer while
advising a client.
• Familiarity threat: A chartered accountant frequently takes a client to sporting events.
• Intimidation threat: A chartered accountant accepts hospitality that may appear inappropriate if
disclosed.

Factors to Assess the Threat Level: (340.11 A4)

• The same factors listed under "Assessing Intent" (340.9 A3)

Safeguards for Inducements Without Improper Intent

To Eliminate Threats: (340.11 A5)

• Decline or avoid offering the inducement
• Transfer professional service responsibilities to another person

To Reduce Threats: (340.11 A6)

• Be transparent with senior management about the inducement
• Log the inducement for monitoring
• Have an independent reviewer assess the work
• Donate the inducement to charity and disclose it
• Reimburse the cost of received hospitality
• Return the gift as soon as possible

Inducements Involving Immediate or Close Family Members

• Chartered accountants must watch for threats when a family member offers or receives an
inducement from a client. (R340.12)
• If a family member receives an inducement intended to improperly influence the chartered
accountant or client, the accountant must advise them to reject it. (R340.13)
• The nature of the relationship between the accountant, family member, and client affects the risk
level. (340.13 A1)
• Example: A client offers a job to the accountant’s spouse outside the normal hiring process—this may
indicate an improper intent. (340.13 A1)
• If the family member still accepts the inducement despite the accountant’s advice, ethical threats
remain. (340.13 A2)

344
ISAs – Summaries and Application Guide Code of Ethics

Applying the Conceptual Framework

• Threats arise when: (340.14 A1)
o A family member disregards the accountant’s advice and accepts the inducement.
o There is no reason to believe improper intent exists, but threats still emerge.
• The framework from "Inducements Without Improper Intent" also applies here. (340.14 A2)

Other Considerations
• If an inducement leads to non-compliance with laws or regulations, Section 360 applies. (340.15
A1)
• If an audit firm or team member receives gifts or hospitality from an audit client, Section 420
applies. (340.15 A2)

LO 10: CUSTODY OF CLIENT ASSETS: [Section 350]

Introduction
Chartered accountants must follow fundamental principles and apply the conceptual framework in Section
120 to identify, evaluate, and address threats. (350.1)

Holding client assets creates a self-interest threat or other risks to professional behavior and objectivity.
This section outlines specific requirements and guidance for applying the conceptual framework in such
cases. (350.2)

Before Taking Custody

• Prohibition Without Legal Permission: Chartered accountants must not assume custody of client
money or assets unless permitted by law and in compliance with applicable conditions. (R350.3)
• Acceptance Procedures: Before accepting custody, accountants must:
1. Inquire about the source of the assets.
2. Consider legal and regulatory obligations. (R350.4)
• Source of Assets: Investigating the source may reveal illegal activities like money laundering,
creating a threat. In such cases, Section 360 applies. (R350.4 A1)

After Taking Custody

Chartered accountants entrusted with client money or assets must:
1. Comply with relevant laws and regulations.
2. Keep client assets separate from personal or firm assets.
3. Use the assets only for their intended purpose.
4. Be prepared to account for the assets and any related income, dividends, or gains to entitled
individuals. (R350.5)

LO 11: RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATION: [Section 360]

Introduction
Chartered accountants must follow fundamental principles and apply the conceptual framework in Section
120 to identify, evaluate, and address threats. (Ref: 360.1)

Non-compliance or suspected non-compliance with laws and regulations creates a self-interest or

intimidation threat to integrity and professional behavior. (Ref: 360.2)

345
ISAs – Summaries and Application Guide Code of Ethics

Accountants may encounter non-compliance while providing professional services. This section provides
guidance on assessing its implications and deciding on appropriate actions. It covers:
• Laws affecting material amounts and disclosures in financial statements.
• Other laws that impact business operations, continuity, or legal penalties. (Ref: 360.3)

Objectives of a Chartered Accountant in Responding to Non-Compliance

The public interest is a core responsibility of the accountancy profession. When responding to non-
compliance, the accountant aims to:
• Maintain integrity and professional behavior.
• Alert management or governance to rectify the issue or prevent non-compliance.
• Take further action when necessary for public interest. (Ref: 360.4)

Understanding Non-Compliance
Non-compliance includes intentional or unintentional violations of laws by:
• The client
• Governance or management
• Employees under client’s direction (Ref: 360.5 A1)

Common examples include:

• Fraud, corruption, bribery
• Money laundering, terrorist financing
• Securities and banking violations
• Data protection breaches
• Tax evasion and pension violations
• Environmental, health, and safety laws (Ref: 360.5 A2)

Non-compliance can result in fines, litigation, or reputational damage. It may also harm investors, creditors,
employees, or the public. (Ref: 360.5 A3)

In some jurisdictions, legal requirements for handling non-compliance override this section. Accountants
must comply with such laws, including:
• Mandatory reporting to authorities
• Restrictions on informing the client (Ref: 360.6 & 360.6 A1)

This section applies to all clients, including public interest entities. (Ref: 360.7 A1)

Responsibilities of Chartered Accountants

Upon becoming aware of non-compliance, accountants must act promptly, considering:
• Nature of the issue
• Potential harm to stakeholders (Ref: 360.9)

Audits of Financial Statements

Understanding Non-Compliance
When auditors detect non-compliance, they must assess:
• Nature and circumstances
• Potential consequences (Ref: 360.10 & 360.10 A1)

Auditors rely on knowledge, expertise, and judgment but are not expected to be legal experts. Legal
authorities determine if a violation has occurred. (Ref: 360.10 A2)

346
ISAs – Summaries and Application Guide Code of Ethics

For significant cases, auditors may consult firm colleagues, legal advisors, or professional bodies. (Ref:
360.10 A3)
If non-compliance is suspected, auditors must discuss it with management and governance. (Ref: 360.11 &
360.11 A1-A4)
If management is involved in non-compliance, auditors must report directly to governance. (Ref: 360.12)

Addressing Non-Compliance
Auditors must advise management and governance to:
• Correct, mitigate, or prevent non-compliance.
• Disclose to authorities if required by law or public interest. (Ref: 360.13)

They must also ensure management understands legal responsibilities. If needed, they should suggest legal
consultation. (Ref: 360.14 A1)

Auditors must follow:

• Relevant laws and regulations
• Auditing standards, including:
o Fraud detection
o Communication with governance
o Impact on the audit report (Ref: 360.15 & 360.15 A1)

Group Audits and Non-Compliance

If auditors detect non-compliance in a group component, they must inform the group engagement
partner, unless prohibited by law. (Ref: 360.16 & 360.16 A1)
The group engagement partner must determine if the issue affects other components and notify
responsible auditors. (Ref: 360.17 - 360.18 A1)

Determining Further Actions

Auditors must assess whether management’s response is:
• Timely
• Effective in correcting, mitigating, and preventing recurrence
• Sufficiently disclosed to authorities (Ref: 360.19 & 360.19 A1)

If response is inadequate, auditors must determine additional actions based on:

• Legal framework
• Urgency
• Integrity of management
• Risk of recurrence
• Potential harm to stakeholders (Ref: 360.20 - 360.20 A2)

Possible actions include:

• Reporting to authorities
• Withdrawing from the engagement (Ref: 360.21 - 360.21 A2)

If an accountant withdraws, they must inform the next auditor about the non-compliance, even if the client
refuses consent—unless prohibited by law. (Ref: 360.22 - 360.23 A1)

In complex cases, accountants may seek:

• Internal consultation
• Legal advice
• Regulatory guidance (Ref: 360.24 A1)

347
ISAs – Summaries and Application Guide Code of Ethics

Disclosure to Authorities
Disclosure is required unless legally prohibited. Key factors include:
• Harm to stakeholders
• Public interest risks
• Regulatory enforcement capabilities
• Whistleblower protections (Ref: 360.25 - 360.25 A3)

If disclosure is made, the accountant must:

• Act in good faith
• Exercise caution
• Consider informing the client (Ref: 360.26)

Handling Imminent Breaches

If accountants detect an imminent breach likely to cause substantial harm, they must decide whether to
report it immediately to authorities. (Ref: 360.27)

Documentation
Accountants must document:
• Management’s response
• Actions considered and taken
• Compliance with auditing standards (Ref: 360.28 - 360.28 A1)

Non-Audit Services
If an accountant providing non-audit services detects non-compliance, they must:
• Understand its nature and circumstances
• Discuss it with management or governance
• Assess potential actions (Ref: 360.29 - 360.30 A2)
For audit clients, non-compliance must be reported within the firm. (Ref: 360.31 - 360.32)
For non-audit clients, the accountant must consider notifying the external auditor. (Ref: 360.33 - 360.34 A1)

LO 12: PUBLIC NOTICES, ANNOUNCEMENTS AND COMMUNICATIONS UNDUE PUBLICITY BE

AVOIDED: [Section 370]

1. Avoiding Undue Publicity (R370.1)

• Chartered accountants must not:
o Use communication methods that damage the profession’s reputation.
o Exaggerate their services, qualifications, or experience.
o Disparage other accountants’ work.
• Any issued content must be responsible, professional, and respectful toward others in the profession.
• Communications must maintain good taste, avoid superiority claims, and align with ethical
standards. (R370.1)

2. Avoiding Solicitation in Advertising (R370.2)

• Public notices and communications must comply with legal and ethical requirements.
• Announcements should:
o Provide objective information.
o Follow principles of legality, decency, honesty, and truthfulness.
o Maintain a professional image in line with ethical and technical standards.

348
ISAs – Summaries and Application Guide Code of Ethics

Prohibited Activities:
• Creating false, misleading, or exaggerated expectations.
• Suggesting influence over courts, regulators, or officials.
• Making unverifiable self-praising statements.
• Comparing services with other chartered accountants.
• Using testimonials or endorsements.
• Including misleading representations.
• Claiming unjustified expertise or specialization. (R370.2)

3. Acceptable Communication Methods

(i) Announcements on Appointments and Awards
• Chartered accountants may announce appointments of public importance or awards.
• These announcements must not be used for personal professional gain. (R370.2(c)(i))

(ii) Seeking Employment or Professional Business

• A chartered accountant may inform interested parties about available partnerships or employment.
• Public advertisements for subcontract work are acceptable only in professional press without
personal contact details.
• Direct approaches to other accountants for business or employment are permitted. (R370.2(c)(ii))

(iii) Directories & Internet Presence

• Chartered accountants can be listed in directories under “Chartered Accountants” or “Accountants
and Auditors.”
• Listings should include essential contact details without promotional content.
• Websites must comply with ethical guidelines. (R370.2(c)(iii))

(iv) Books, Articles, Interviews, Lectures, and Media Appearances

• A chartered accountant may publish books and articles or participate in interviews and lectures.
• References to the firm are allowed, but promotional content is prohibited.
• Content must be objective and professional. (R370.2(c)(iv))

(v) Training Courses and Seminars

• Chartered accountants can invite clients and the public to training events.
• Promotional material must not overly emphasize the accountant’s name. (R370.2(c)(v))

(vi) Professional Literature and Publications

• Accountants may distribute professional literature and technical information to clients and firms.
• Publications may carry the firm's name but must not promote its services.
• These publications can also be posted on the firm's website. (R370.2(c)(vi))

(vii) Staff Recruitment

• Job postings must be professional and non-promotional.
• Recruitment messages should not imply superiority over competitors.
• Career advertisements for students and graduates can describe services in a neutral, factual way.
(R370.2(c)(vii))

(viii) Recruitment for Clients

• Chartered accountants may advertise job openings on behalf of clients.
• Advertisements should focus on the client's objectives, not the accountant’s services.
• Specialized service claims are not allowed. (R370.2(c)(viii))

349
ISAs – Summaries and Application Guide Code of Ethics

(ix) Brochures and Firm Directories

• Firms may distribute factual brochures about services, resources, personnel, and assignments.
• Directories can include partner names, office addresses, and associated firms. (R370.2(c)(ix))

(x) Stationery and Nameplates

• Professional stationery must meet the Institute’s regulations.
• Nameplates must follow ethical guidelines.
• The designation of specialized services is not allowed. (R370.2(c)(x))

(xi) Newspaper Announcements

• Newspapers or magazines may be used to announce new practices, partnership changes, or office
relocations.
• Announcements must be factual and limited in scope. (R370.2(c)(xi))

(xii) Name Usage in Client Documents

• Chartered accountants must ensure reports in client publications are not misleading.
• Permission should be obtained before including an accountant’s name in client documents.
• A member’s name can appear in a client’s annual report.
• If a member holds a private position in an organization, their name and designation may be used
without implying professional involvement. (R370.2(c)(xii))

(xiii) Advertising for Training Courses

• Course promotional materials may include the instructor’s qualifications and firm’s name.
• Accountants must ensure compliance with ethical guidelines. (R370.2(c)(xiii))

(xiv) Use of “CA” Title on Employer’s Stationery

• A non-practicing chartered accountant may use the "CA" title on employer stationery.
• The employer may include the member’s title in paid advertisements listing company officers.
(R370.2(c)(xiv))

(xv) Greeting and Invitation Cards

• Chartered accountants or firms may send greeting and invitation cards.
• The cards may mention professional qualifications but not services offered. (R370.2(c)(xv))

350
ISAs – Summaries and Application Guide Code of Ethics

PART 4A - INDEPENDENCE FOR AUDIT AND REVIEW ENGAGEMENTS

LO 13: APPLYING THE CONCEPTUAL FRAMEWORK TO INDEPENDENCE FOR AUDIT AND

REVIEW ENGAGEMENTS: [Section 400]
A firm must be independent when performing an audit. (R400.11)

Related Entities
For listed audit clients, independence rules apply to all related entities. For other entities, they apply to
related entities under the client’s direct or indirect control. (R400.20)

Independence Period
Firms must maintain independence during: (R400.30)
• The engagement period (from the start of the audit to the issuance of the report).
• The period covered by the financial statements.

If an entity becomes an audit client after the financial statement period, the firm must evaluate past financial
and business relationships to assess threats to independence. (R400.31)

Threats arise if a non-assurance service provided before the audit would not have been allowed during the
engagement. (400.31 A1)

Network Firms and Independence:

A network firm shall be independent of the audit clients of the other firms within the network. (R400.51)

Independence Challenges in Mergers and Acquisitions

A merger or acquisition may create threats to independence due to prior relationships with newly related
entities. (400.70 A1)

Firms must: (R400.71)

• Identify previous relationships with the related entity.
• End any non-compliant relationships by the effective date of the merger.

If ending a relationship by the effective date is not possible, the firm must: (R400.72, 400.72 A1, 400.72 A2)
• Evaluate the threat.
• Discuss it with governance.

If governance requests the firm to continue, the firm must ensure that: (R400.73)
• The relationship ends within 6 months.
• Involved personnel are removed from the audit team.
• Transitional safeguards are applied. (400.73 A1)

If the audit is near completion, the firm may continue but must cease engagement after issuing the report.
(R400.74)
If objectivity is still compromised, the firm must withdraw from the engagement. (R400.75)

Breaches Identified After an Audit Report Was Issued

If a breach is discovered after the previous audit report was issued, the firm must: (R400.86)
• Assess its impact on past and future audit reports.
• Discuss the matter with governance.

The firm must consider withdrawing previously issued reports if necessary. (R400.87)

351
ISAs – Summaries and Application Guide Code of Ethics

LO 14: FEES: [Section 410]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (410.1)

Fees and other remuneration may create self-interest or intimidation threats. This section outlines
requirements and guidance for managing these threats. (410.2)

Fees – Relative Size

All Audit Clients
• If an audit client generates a large proportion of a firm's total fees, the firm may become dependent
on that client. This creates a self-interest or intimidation threat due to concerns about losing the
client. (410.3 A1)
• Factors affecting the threat level include:
o The firm’s operating structure.
o Whether the firm is new or well-established.
o The qualitative or quantitative significance of the client. (410.3 A2)
• A safeguard to reduce this threat is expanding the client base to decrease reliance on a single client.
(410.3 A3)
• A threat also arises when an individual partner or office earns a significant portion of fees from a
single client. (410.3 A4)
• Additional factors include:
o The client’s significance to the partner or office.
o The extent to which compensation depends on that client’s fees. (410.3 A5)
• Safeguards include:
o Expanding the client base.
o Having an independent reviewer check the audit work. (410.3 A6)

Audit Clients That Are Public Interest Entities (PIEs)

• If, for two consecutive years, an audit client and its related entities contribute more than 15% of a
firm’s total fees, the firm must:
o Disclose this to those charged with governance.
o Discuss whether safeguards such as a pre-issuance or post-issuance review should be
applied. (R410.4)
• If fees significantly exceed 15%, a pre-issuance review must be performed to reduce threats to an
acceptable level. (R410.5)
• If fees continue to exceed 15%, the firm must annually:
o Disclose and discuss the matter with those charged with governance.
o Follow the safeguards in R410.4(b) and R410.5. (R410.6)

Fees – Overdue
• A self-interest threat arises if a significant portion of fees remains unpaid before issuing the next
audit report. The firm is expected to collect payment before issuing the report. (410.7 A1)
• Safeguards include:
o Obtaining partial payment of overdue fees.
o Having an independent reviewer check the audit work. (410.7 A2)
• If a significant portion of fees remains unpaid for a long time, the firm must assess whether:
o The overdue fees constitute a loan to the client.
o It is appropriate to continue the audit engagement. (R410.8)

352
ISAs – Summaries and Application Guide Code of Ethics

Contingent Fees
• Contingent fees are fees based on a predetermined outcome of a transaction or service. Indirect
contingent fees include those charged through intermediaries. However, fees set by a court or
public authority are not considered contingent. (410.9 A1)
• Firms must not charge a contingent fee for an audit engagement. (R410.10)
• A firm or network firm must not charge a contingent fee for a non-assurance service to an audit
client if:
o The fee is material or expected to be material.
o A network firm involved in the audit charges a material fee.
o The fee depends on a judgment related to auditing a material amount in the financial
statements. (R410.11)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2017, part a Clean Limited
2 Winter 2012, part b A limited assurance engagement
3 Summer 2011, part iii Marvi & Company
4 Summer 2009, part i Olive Limited
5 Winter 2007, part i Market search
6 Winter 2001, part b Clever Ltd

LO 15: COMPENSATION AND EVALUATION POLICIES: [Section 411]

Introduction
• Firms must follow fundamental principles, maintain independence, and apply the conceptual
framework outlined in Section 120 to identify, evaluate, and address threats to independence.
(411.1)
• A firm’s compensation or evaluation policies may create a self-interest threat. This section provides
specific requirements and guidance for applying the conceptual framework in such cases. (411.2)

Requirements and Application Material

• If an audit team member is evaluated or compensated for selling non-assurance services to an audit
client, the self-interest threat level depends on:
1. The proportion of compensation or evaluation tied to such sales.
2. The individual’s role in the audit team.
3. Whether selling non-assurance services impacts promotion decisions. (411.3 A1)

• Actions to eliminate a self-interest threat may include:

o Changing the compensation plan or evaluation process.
o Removing the individual from the audit team. (411.3 A2)

• A safeguard to address a self-interest threat could involve an independent reviewer reviewing the
audit team member’s work. (411.3 A3)

• A firm shall not evaluate or compensate a key audit partner based on their success in selling non-
assurance services to their audit client. However, profit-sharing arrangements among firm partners
are allowed. (R411.4)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2015, part b non-assurance assignment

353
ISAs – Summaries and Application Guide Code of Ethics

LO 16: GIFTS AND HOSPITALITY: [Section 420]

Introduction
• Firms must follow fundamental principles, maintain independence, and apply the conceptual
framework from Section 120 to identify, evaluate, and address threats to independence. (420.1)
• Accepting gifts or hospitality from an audit client may create self-interest, familiarity, or intimidation
threats. This section outlines specific requirements and application material for handling such
situations. (420.2)

Requirement and Application Material

• Prohibition on Gifts and Hospitality:
A firm, network firm, or audit team member must not accept gifts or hospitality from an audit client
unless their value is trivial and inconsequential. (R420.3)

• Inducements and Independence Threats:

o If an audit firm, network firm, or audit team member offers or accepts an inducement from
an audit client, Section 340's requirements apply. Non-compliance with these rules may
threaten independence. (420.3 A1)
o Even if a gift or hospitality has a trivial value, firms, network firms, or audit team members
cannot accept it if the intent is to improperly influence behavior. (420.3 A2)

LO 17: ACTUAL OR THREATENED LITIGATION: [Section 430]

Introduction
• Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework outlined in Section 120 to identify, evaluate, and address threats to independence. (430.1)
• Litigation or potential litigation with an audit client creates self-interest and intimidation threats.
This section provides guidance on applying the conceptual framework in such situations. (430.2)

Application Material
• The relationship between client management and the audit team must be based on full transparency
and disclosure. Litigation or its possibility may lead to adversarial positions, which can impact
management’s willingness to provide complete disclosures, increasing self-interest and intimidation
threats. (430.3 A1)
• Factors influencing the severity of such threats include:
o The materiality of the litigation.
o Whether the litigation is related to a previous audit engagement. (430.3 A2)
• If litigation involves an audit team member, removing that individual from the audit team may
eliminate self-interest and intimidation threats. (430.3 A3)
• Assigning an independent reviewer to assess the work performed may serve as a safeguard against
self-interest and intimidation threats. (430.3 A4)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2013, part a Dynamic (Private) Limited

354
ISAs – Summaries and Application Guide Code of Ethics

LO 18: FINANCIAL INTERESTS: [Section 510]

Introduction
• Firms must follow fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address independence threats. (510.1)
• Holding a financial interest in an audit client may create a self-interest threat. This section provides
requirements and guidance on applying the conceptual framework in such situations. (510.2)

General
• A financial interest can be held directly or indirectly through an intermediary like a collective
investment vehicle, estate, or trust.
o If the owner controls or influences investment decisions, the interest is direct.
o If the owner has no control or influence, the interest is indirect. (510.3 A1)
• Materiality of a financial interest considers the combined net worth of an individual and their
immediate family. (510.3 A2)
• Factors affecting self-interest threats from a financial interest include:
o The role of the individual holding the interest.
o Whether the interest is direct or indirect.
o The materiality of the interest. (510.3 A3)

Financial Interests Held by the Firm, Network Firm, Audit Team, and Others
• Prohibited direct or material indirect financial interests in an audit client for:
1. The firm or a network firm.
2. Audit team members and their immediate family.
3. Other partners in the office of the engagement partner and their immediate family.
4. Other partners or managerial employees providing non-audit services, unless involvement is
minimal. (R510.4)
• The office where an engagement partner practices may differ from their assigned office. Professional
judgment determines which office applies. (510.4 A1)

Exception for Immediate Family

• An immediate family member in R510.4 (c) or (d) may hold a financial interest in an audit client if:
1. The interest was received through employment benefits (e.g., pension or stock options).
2. The interest is disposed of as soon as possible when they gain the right. (R510.5)

Financial Interests in an Entity Controlling an Audit Client

• If an entity has a controlling interest in an audit client, and the audit client is material to the entity,
the following cannot hold a direct or material indirect financial interest in that entity:
o Firm, network firm, audit team members, and their immediate family. (R510.6)

Financial Interests Held as Trustee

• R510.4 applies to a financial interest in an audit client held in a trust by a firm, network firm, or
individual acting as trustee, unless:
1. The trustee, audit team member, or their immediate family is not a beneficiary.
2. The financial interest in the client is not material to the trust.
3. The trust cannot influence the audit client.
4. The trustee, audit team member, firm, or network firm cannot influence investment
decisions in the audit client. (R510.7)

355
ISAs – Summaries and Application Guide Code of Ethics

Financial Interests in Common with an Audit Client

• A firm, network firm, audit team member, or immediate family cannot hold a financial interest in an
entity where an audit client also has a financial interest, unless:
1. The interests are immaterial to all parties.
2. The audit client cannot influence the entity. (R510.8(a))
• If an individual with such an interest joins the audit team, they must:
1. Dispose of the interest.
2. Reduce the interest so that it is no longer material. (R510.8(b))

Financial Interests Received Unintentionally

If a firm, network firm, partner, employee, or their immediate family receives a direct or material indirect
financial interest in an audit client through inheritance, gift, or merger, then:
1. Audit team members and their family must dispose of it immediately or reduce it to immaterial
levels.
2. Other individuals must dispose of it as soon as possible or reduce it to immaterial levels.
3. Until disposal, the firm must address the threat. (R510.9)

Other Circumstances Related to Financial Interests

Immediate Family
• A self-interest, familiarity, or intimidation threat may arise if an audit team member, their immediate
family, or the firm/network firm holds a financial interest in an entity where an audit client’s
director, officer, or controlling owner also has a financial interest. (510.10 A1)
• Factors to evaluate threats:
1. The role of the audit team member.
2. Whether the entity is closely or widely held.
3. Whether the interest allows control or influence.
4. Materiality of the financial interest. (510.10 A2)
• Actions to eliminate threats:
1. Removing the audit team member. (510.10 A3)
2. Having an independent reviewer check their work. (510.10 A4)

Close Family
• A self-interest threat may arise if an audit team member knows that their close family member holds
a direct or material indirect financial interest in an audit client. (510.10 A5)
• Factors to evaluate the threat:
1. Relationship between the audit team member and close family.
2. Whether the financial interest is direct or indirect.
3. Materiality of the financial interest. (510.10 A6)
• Actions to eliminate threats:
1. Disposing of or reducing the financial interest.
2. Removing the audit team member. (510.10 A7)
• Action to mitigate threats:
o Independent reviewer reviews the audit team member’s work. (510.10 A8)

Other Individuals
• A self-interest threat may arise if an audit team member knows someone with a financial interest in
the audit client, such as:
1. Other firm partners or professional employees, unless prohibited by R510.4.
2. Individuals with a close personal relationship to the audit team member. (510.10 A9)

356
ISAs – Summaries and Application Guide Code of Ethics

• Factors to evaluate threats:

1. The firm’s structure and operations.
2. The nature of the relationship between the individual and the audit team member. (510.10
A10)
• Actions to eliminate threats:
o Removing the audit team member. (510.10 A11)
• Actions to mitigate threats:
1. Excluding the audit team member from significant decisions.
2. Independent reviewer checks their work. (510.10 A12)

Retirement Benefit Plans

• A self-interest threat may arise if a firm’s or network firm’s retirement plan holds a direct or material
indirect financial interest in an audit client. (510.10 A13)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2018 Nisar Khalid & Co.
2 Winter 2015, part a Nadir Limited
3 Summer 2012 Mr. Mahmood

LO 19: LOANS AND GUARANTEES: [Section 511]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (511.1)
A loan or loan guarantee with an audit client can create a self-interest threat. This section outlines specific
requirements and application materials relevant to such situations. (511.2)

Requirements and Application Material

General
A loan or guarantee’s materiality depends on the combined net worth of an individual and their immediate
family. (511.3 A1)

Loans and Guarantees with an Audit Client

A firm, network firm, audit team member, or any immediate family member must not issue or guarantee a
loan to an audit client unless the loan is immaterial to:
• The firm, network firm, or individual making the loan.
• The audit client. (R511.4)

Loans and Guarantees with an Audit Client that is a Bank or Similar Institution
A firm, network firm, audit team member, or their immediate family must not accept a loan or guarantee from
an audit client that is a bank or similar institution, unless it follows normal lending procedures, terms, and
conditions. (R511.5)

Examples of loans include:

• Mortgages, bank overdrafts, car loans, and credit card balances. (511.5 A1)

Even if a firm receives a loan under normal terms, a self-interest threat may still arise if the loan is material to
the audit client or the firm. (511.5 A2)

357
ISAs – Summaries and Application Guide Code of Ethics

Possible safeguards include:

• An independent reviewer (not part of the audit team) from a network firm not benefiting from the
loan reviewing the work. (511.5 A3)

Deposits or Brokerage Accounts

A firm, network firm, audit team member, or their immediate family must not hold deposits or brokerage
accounts with an audit client that is a bank, broker, or similar institution, unless the deposit is under normal
commercial terms. (R511.6)

Loans and Guarantees with an Audit Client that is Not a Bank or Similar Institution
A firm, network firm, audit team member, or their immediate family must not accept a loan or guarantee from
an audit client that is not a bank or similar institution, unless the loan is immaterial to:
• The firm, network firm, or individual receiving the loan.
• The audit client. (R511.7)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2009, part iii Rose Bank Limited

LO 20: BUSINESS RELATIONSHIPS: [Section 520]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (520.1)
A close business relationship with an audit client or its management may create self-interest or intimidation
threats. This section provides specific requirements and application guidance for handling such threats.
(520.2)

Requirements and Application Material

General
This section refers to the materiality of a financial interest and the significance of a business relationship.
When assessing materiality, the combined net worth of an individual and their immediate family may be
considered. (520.3 A1)

Examples of Close Business Relationships (520.3 A2)

A close business relationship may arise in cases such as:
• Joint Ventures: Holding a financial interest in a joint venture with the client, its controlling owner,
director, officer, or a senior manager.
• Service/Product Bundling: Combining firm services or products with client services or products and
jointly marketing them.
• Marketing Agreements: Agreements where the firm markets the client’s products/services or vice
versa.

Firm, Network Firm, Audit Team Member, or Immediate Family Business Relationships
A firm, network firm, or audit team member must not have a close business relationship with an audit client
or its management unless:
• The financial interest is immaterial to both parties.
• The business relationship is insignificant to both parties. (R520.4)

A self-interest or intimidation threat may also arise if an audit team member’s immediate family has a close
business relationship with the audit client or its management. (520.4 A1)

358
ISAs – Summaries and Application Guide Code of Ethics

Common Interests in Closely-Held Entities

A firm, network firm, audit team member, or their immediate family must not hold an interest in a closely-
held entity where an audit client or its key personnel also hold an interest, unless:
• The business relationship is insignificant to both parties.
• The financial interest is immaterial to investors.
• The financial interest does not provide control over the closely-held entity. (R520.5)

Buying Goods or Services from an Audit Client

Purchasing goods or services from an audit client by a firm, network firm, audit team member, or their
immediate family does not usually threaten independence if the transaction follows normal business terms
and is at arm’s length. However, large or unusual transactions may create a self-interest threat. (520.6 A1)

Ways to Address Self-Interest Threats (520.6 A2)

Actions that may reduce or eliminate a self-interest threat include:
• Reducing the transaction size or modifying its terms.
• Removing the individual from the audit team.

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2017, part b Clearing agent
2 Summer 2013, part b Plot of land

LO 21: FAMILY AND PERSONAL RELATIONSHIPS: [Section 521]

Introduction
Firms must follow fundamental principles, maintain independence, and apply the conceptual framework in
Section 120 to identify, evaluate, and address independence threats. (521.1)
Family or personal relationships with client personnel can create self-interest, familiarity, or intimidation
threats. This section outlines specific requirements and guidance for handling such situations. (521.2)

General Considerations
Family or personal relationships between an audit team member and a client’s director, officer, or certain
employees can create an independence threat. (521.3 A1)
Key factors in assessing these threats:
• The audit team member’s responsibilities.
• The family member’s role within the client.
• The closeness of the relationship. (521.3 A2)

Immediate Family of an Audit Team Member

A self-interest, familiarity, or intimidation threat arises if an immediate family member of an audit team
member holds a role with significant influence over the client’s financial position, financial performance, or
cash flows. (521.4 A1)

Factors to evaluate the threat:

• The position of the immediate family member.
• The audit team member’s role. (521.4 A2)

359
ISAs – Summaries and Application Guide Code of Ethics

Ways to eliminate or reduce the threat:

• Removing the audit team member from the engagement. (521.4 A3)
• Restructuring responsibilities so the audit team member does not deal with matters involving the
immediate family member. (521.4 A4)

Mandatory Requirement
An individual must not be part of an audit team if their immediate family member:
• Is a director or officer of the audit client.
• Can significantly influence the preparation of the client’s accounting records or financial statements.
• Held such a role during the audited period. (R521.5)

Close Family of an Audit Team Member

A self-interest, familiarity, or intimidation threat exists if a close family member of an audit team member is:
• A director or officer of the audit client.
• An employee who significantly influences the client’s accounting records or financial statements.
(521.6 A1)

Factors to evaluate the threat:

• The relationship between the audit team member and the close family member.
• The position of the close family member.
• The audit team member’s responsibilities. (521.6 A2)

Ways to eliminate or reduce the threat:

• Removing the audit team member from the engagement. (521.6 A3)
• Restructuring responsibilities to prevent the audit team member from handling matters related to
the close family member. (521.6 A4)

Other Close Relationships of an Audit Team Member

An audit team member must consult the firm if they have a close relationship with someone who is:
• A director or officer of the audit client.
• An employee significantly influencing the client’s accounting records or financial statements.
(R521.7)

Factors to evaluate the threat:

• The nature of the relationship.
• The individual’s role in the client.
• The audit team member’s role. (521.7 A1)

Ways to eliminate or reduce the threat:

• Removing the audit team member from the engagement. (521.7 A2)
• Restructuring responsibilities to avoid conflicts. (521.7 A3)

Relationships of Firm Partners and Employees

Firm partners and employees must consult the firm if they are aware of a personal or family relationship
involving:
• A partner or employee of the firm (who is not an audit team member).
• A director, officer, or key employee of the audit client. (R521.8)

360
ISAs – Summaries and Application Guide Code of Ethics

Factors to evaluate the threat:

• The nature of the relationship.
• The partner or employee’s level of interaction with the audit team.
• The partner or employee’s role within the firm.
• The client’s role and position. (521.8 A1)

Safeguards to address the threat:

• Restructuring responsibilities to reduce influence on the audit.
• Reviewing the audit work by an independent reviewer. (521.8 A2)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2017, part b Sameer
2 Summer 2016, part a Tahir Limited
3 Summer 2015, part a Brother-in-law
4 Summer 2011, part ii Sherbano Limited

LO 22: RECENT SERVICE WITH AN AUDIT CLIENT: [Section 522]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework outlined in Section 120 to identify, evaluate, and address threats to independence. (522.1)
If an audit team member previously served as a director, officer, or employee of the audit client, a self-
interest, self-review, or familiarity threat may arise. This section outlines specific requirements and
guidance for applying the conceptual framework in such cases. (522.2)

Service During the Audit Period

The audit team shall not include individuals who, during the period covered by the audit report:
(a) Served as a director or officer of the audit client.
(b) Were an employee with significant influence over the client’s accounting records or financial statements.
(R522.3)

Service Before the Audit Period

A self-interest, self-review, or familiarity threat may exist if an audit team member, before the period
covered by the audit report:
(a) Was a director or officer of the audit client.
(b) Was an employee in a role that significantly influenced the preparation of the client’s accounting records
or financial statements.
For example, a threat arises if the individual’s past decisions or work at the client are reviewed in the current
audit. (522.4 A1)

Evaluating the Threat Level

Factors that affect the severity of these threats include:
• The individual's previous position at the client.
• The time elapsed since leaving the client.
• The individual’s role in the audit team. (522.4 A2)

An effective safeguard to reduce these threats is to assign an independent reviewer to assess the audit work
performed by the team member. (522.4 A3)

361
ISAs – Summaries and Application Guide Code of Ethics

LO 23: SERVING AS A DIRECTOR OR OFFICER OF AN AUDIT CLIENT: [Section 523]

Introduction
• Firms must follow fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (523.1)
• Serving as a director or officer of an audit client creates self-review and self-interest threats. This
section outlines specific requirements for managing these threats. (523.2)

Requirements and Application Material

Service as a Director or Officer
• A partner or employee of a firm or network firm cannot serve as a director or officer of an audit
client. (R523.3)

Service as Company Secretary

• A partner or employee of a firm or network firm cannot serve as a Company Secretary for an audit
client, unless:
1. Local law, professional rules, or practice explicitly allow it.
2. Management makes all relevant decisions.
3. The role is strictly administrative, such as preparing minutes and maintaining statutory
records. (R523.4)
• The Company Secretary’s role varies by jurisdiction. Responsibilities can range from administrative
tasks to compliance and corporate governance advice.
• Since this position often implies a close association with the company, a threat to independence
arises if a partner or employee serves as a Company Secretary for an audit client.
• For more details on non-assurance services to audit clients, refer to Section 600. (523.4 A1)

LO 24: EMPLOYMENT WITH AN AUDIT CLIENT: [Section 524]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (524.1)
Employment relationships with an audit client may create self-interest, familiarity, or intimidation threats.
This section outlines specific requirements and guidance for addressing these threats. (524.2)

1. Employment Relationships and Independence Threats

A familiarity or intimidation threat arises when:
• A former audit team member or partner joins the client as a director or officer.
• A former audit team member or partner holds a position that significantly influences financial
reporting. (524.3 A1)

2. Restrictions on Former Partners or Audit Team Members

Firm’s Responsibility
The firm must ensure that no significant connection remains between the firm (or network firm) and:
• A former partner who has joined an audit client.
• A former audit team member who has joined an audit client in a key financial role. (R524.4)

362
ISAs – Summaries and Application Guide Code of Ethics

A connection remains unless:

• The individual receives no benefits or payments beyond pre-determined ones.
• Any amount owed to the individual is not material to the firm.
• The individual does not participate in the firm’s business or professional activities. (R524.4)

Even when these conditions are met, a familiarity or intimidation threat may still exist. (524.4 A1)

Factors Affecting Threat Evaluation

Threat severity depends on:
• The individual’s new role at the audit client.
• The level of involvement with the audit team.
• The time gap since leaving the firm.
• The former role in the audit firm, particularly in client relationships. (524.4 A3)

Actions to Reduce Threats

To address these threats, firms may:
• Modify the audit plan.
• Assign experienced team members.
• Have an independent reviewer evaluate the work of the former team member. (524.4 A4)

3. Audit Team Members Negotiating Employment with a Client

Notification Requirement
Audit team members must inform the firm if they enter employment negotiations with an audit client.
(R524.5)

Threats and Safeguards

• A self-interest threat arises when an auditor works on an engagement while considering future
employment with the client. (524.5 A1)
• Removing the individual from the audit team eliminates this threat. (524.5 A2)
• Having a reviewer reassess the individual’s past audit judgments can act as a safeguard. (524.5 A3)

4. Public Interest Entities – Key Audit Partners

If a Key Audit Partner joins a Public Interest Entity (PIE) audit client as a director, officer, or key financial
employee, independence is compromised unless:
1. The client has issued audited financial statements for at least 12 months after the individual left the
audit firm.
2. The individual was not involved in the audit of those statements. (R524.6)

Senior or Managing Partner Restrictions

If a Senior or Managing Partner (Chief Executive or equivalent) joins a PIE audit client in a key financial role,
independence is compromised unless 12 months have passed since they left the firm. (R524.7)

5. Exception for Business Combinations

Independence is not compromised if a key individual joins a PIE audit client due to a business combination,
provided:
• The individual did not take the position in anticipation of the merger.
• Any financial benefits from the firm have been settled, except pre-determined ones.
• The individual does not participate in the firm’s business.
• The firm discusses the individual’s new role with those charged with governance. (R524.8)

363
ISAs – Summaries and Application Guide Code of Ethics

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2009, part ii Offered a job

LO 25: TEMPORARY PERSONNEL ASSIGNMENTS: [Section 525]

Introduction
Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify, evaluate, and address threats to independence. (525.1)

Loaning personnel to an audit client can create self-review, advocacy, or familiarity threats. This section
outlines specific requirements and guidance for applying the conceptual framework in such cases. (525.2)

Requirements and Application Material

General Guidelines
Safeguards to address threats from loaned personnel include: (525.3 A1)
• Conducting an additional review of the work performed by the loaned personnel mitigates a self-
review threat.
• Excluding loaned personnel from the audit team reduces familiarity or advocacy threats.
• Preventing loaned personnel from auditing functions or activities they performed during the
assignment eliminates a self-review threat.

If a firm or network firm loans personnel to an audit client, and familiarity or advocacy threats make the firm
too closely aligned with management’s interests, safeguards may not be effective. (525.3 A2)

A firm or network firm must not loan personnel to an audit client unless the following conditions are met:
(R525.4)
• The assignment is for a short period only.
• The personnel do not provide prohibited non-assurance services under Section 600 and its
subsections.
• The personnel do not assume management responsibilities, and the audit client directs and
supervises their activities.

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2010, part iii EL would recruit the CIA
2 Summer 2007 Credit Manager left

LO 26: LONG ASSOCIATION OF PERSONNEL (INCLUDING PARTNER ROTATION) WITH AN

AUDIT CLIENT: [Section 540]

Introduction
• Firms must comply with fundamental principles, maintain independence, and apply the conceptual
framework in Section 120 to identify and address threats to independence. (540.1)
• Long-term involvement in an audit engagement may create familiarity and self-interest threats. This
section outlines how to apply the conceptual framework in such cases. (540.2)

364
ISAs – Summaries and Application Guide Code of Ethics

Requirements and Application Material

All Audit Clients
• Familiarity threats arise when an audit team member has a long association with:
o The audit client and its operations.
o The audit client’s senior management.
o The financial statements being audited. (540.3 A1)
• Self-interest threats occur when an individual is concerned about losing a long-term client or has a
close personal relationship with senior management. This may impair judgment. (540.3 A2)

Factors Affecting Familiarity and Self-Interest Threats

• For the individual:
o Duration of involvement with the client, including time at a previous firm.
o Length of time as an engagement team member and roles performed.
o Degree of supervision by senior personnel.
o Authority to influence the audit outcome.
o Personal relationship with senior management.
o Frequency and nature of interactions with management. (540.3 A3)
• For the audit client:
o Complexity of accounting and financial reporting issues.
o Changes in senior management or governance.
o Organizational changes affecting interactions with the audit team. (540.3 A3)
• Combination of factors: Two or more factors may increase or reduce threats. For example, a
familiarity threat due to close relationships may decrease if senior management changes. (540.3 A4)

Addressing Threats
• Elimination of threats: Rotating the individual off the audit team removes the familiarity and self-
interest threats. (540.3 A5)
• Safeguards to reduce threats:
o Changing the individual’s role or responsibilities.
o Independent review of the individual’s work.
o Regular internal or external quality reviews. (540.3 A6)

Mandatory Rotation Period

• If rotation is the only solution, the firm must set a period during which the individual must not:
o Be part of the engagement team.
o Provide quality control for the audit.
o Influence the audit outcome.
• The duration must be long enough to remove familiarity and self-interest threats. For Public Interest
Entities (PIEs), additional rules apply. (R540.4)

Audit Clients That Are Public Interest Entities (PIEs)

• Maximum service period:
o Engagement partners, quality control reviewers, and key audit partners may serve for up to
7 cumulative years, unless a shorter period is required by law.
o After this, a cooling-off period applies. (R540.5)

• Restarting the time-on period:

o The count resets only if the individual ceases involvement in key roles for a period equal to
at least the required cooling-off period. (R540.6)
o Example: An engagement partner for 4 years, followed by 3 years off, may serve again for
only 3 more years, reaching a total of 7 cumulative years before a mandatory cooling-off
period. (540.6 A1)

365
ISAs – Summaries and Application Guide Code of Ethics

Exceptions for Partner Continuity

• In rare cases of unforeseen circumstances (e.g., illness of a new engagement partner), a key audit
partner may serve one additional year with approval from those charged with governance. The firm
must implement safeguards. (R540.7, 540.7 A1)

Rotation for Clients Becoming PIEs

• If an audit client becomes a PIE, prior years of service as a key audit partner are counted:
o ≤ 5 years prior service → May continue up to 7 years total, then must rotate.
o ≥ 6 years prior service → May serve up to 2 additional years with governance approval
before rotation. (R540.8)

Limited Personnel in Certain Jurisdictions

• If few professionals have the expertise to audit a PIE, a jurisdiction’s regulatory body may grant an
exemption from partner rotation, subject to additional independent reviews. (R540.9)

Other Considerations Related to Time-on Period

• Firms must assess threats based on the individual's entire engagement history, even before
becoming a key audit partner.
• Some cases may require early rotation before the 7-year limit if threats remain significant. (R540.10,
540.10 A1)

Cooling-off Period
Mandatory Cooling-off Periods
• Engagement partner (after 7 years of service) → 5-year cooling-off period. (R540.11)
• Quality control reviewer (after 7 years of service) → 3-year cooling-off period. (R540.12)
• Other key audit partners (after 7 years of service) → 2-year cooling-off period. (R540.13)

Combination of Roles
• Engagement partner for 4+ years → 5-year cooling-off period. (R540.14)
• Quality control reviewer for 4+ years → 3-year cooling-off period. (R540.15)
• Engagement partner & quality control reviewer for 4+ years:
o If engagement partner for 3+ years → 5-year cooling-off period.
o Other combinations → 3-year cooling-off period. (R540.16)
• Other combinations of key roles → 2-year cooling-off period. (R540.17)

Service at a Prior Firm

• Time served as a key audit partner at a previous firm is included when determining the total service
period. (R540.18)

Legal or Regulatory Shorter Cooling-off Periods

• If local law allows a shorter cooling-off period, firms may apply the longer of:
o The law’s cooling-off period OR
o A minimum of 3 years (instead of 5 years for engagement partners).
o The total time-on period must not exceed 7 years. (R540.19)

366
ISAs – Summaries and Application Guide Code of Ethics

Restrictions During the Cooling-off Period

• During cooling-off, the individual must not:
o Be part of the engagement team or provide quality control.
o Consult on technical, industry-specific issues, or transactions (except for work
completed in the last year of service).
o Manage professional services or oversee the client relationship.
o Perform non-assurance services involving frequent interaction with management or
influencing the audit outcome. (R540.20)
• Exception: The individual may hold a leadership role within the firm, such as Senior Partner or
Managing Partner. (540.20 A1)

Summary of Key Rules

Maximum Time-on Cooling-off
Role
Period Period
Engagement Partner 7 years 5 years
Engagement Quality Control Reviewer 7 years 3 years
Other Key Audit Partners 7 years 2 years
Combination of Key Roles (if Engagement Partner for 4+
7 years 5 years
years)
Combination of Key Roles (if Quality Control Reviewer for
7 years 3 years
4+ years)
Combination of Other Key Roles 7 years 2 years
Shorter Cooling-off per Law Max 7 years Min 3 years

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2019 Alpha Textile Limited
2 Winter 2016, part a Kamran Limited
3 Summer 2010, part b Mr. Shams
4 Winter 2009, part iv XYZ Limited

367
ISAs – Summaries and Application Guide Code of Ethics

PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT

LO 27: PROVISION OF NON-ASSURANCE SERVICES TO AN AUDIT CLIENT – GENERAL:

[Section 600]
Introduction
Firms must maintain independence and apply the conceptual framework in Section 120 to identify and
manage threats. (Para. 600.1)

Providing non-assurance services can create threats to compliance with fundamental principles and
independence. (Para. 600.2)

This section outlines requirements to evaluate threats when offering non-assurance services. Some services
are strictly prohibited due to unmanageable risks. (Para. 600.3)

General Requirements
Before accepting a non-assurance service, the firm must assess its impact on independence. (Para. R600.4)
This section helps firms analyze risks related to these services. (Para. 600.4 A1)
The Code does not list all non-assurance services since markets, business practices, and technology evolve.
(Para. 600.4 A2)

Evaluating Threats
Factors affecting threats include:
• Nature, scope, and purpose of the service.
• Reliance on service outcomes in the audit.
• Regulatory environment.
• Impact on financial statements.
• Client management’s expertise.
• Influence on accounting records and internal controls.
• Public Interest Entity (PIE) status. (Para. 600.5 A1)
Subsections 601–610 provide more risk factors for different services. (Para. 600.5 A2)

Materiality & Multiple Services

Materiality is defined under ISA 320 and ISRE 2400 and requires professional judgment. (Para. 600.5 A3)
Firms offering multiple non-assurance services to a client must assess their combined effect on
independence. (Para. 600.5 A4)

Addressing Threats
Subsections 601–610 suggest actions and safeguards to mitigate threats. Some services are strictly
prohibited due to unmanageable risks. (Para. 600.6 A1)
If threats cannot be reduced, the firm must decline or end the service. (Para. 600.6 A2–A3)

368
ISAs – Summaries and Application Guide Code of Ethics

Prohibition on Management Responsibilities

Firms must not assume management responsibilities for audit clients. (Para. R600.7)

Prohibited activities include:

• Setting policies, hiring, and firing employees.
• Authorizing transactions or managing finances.
• Reporting on behalf of management.
• Designing or maintaining internal controls. (Para. 600.7 A1–A3)

Firms can provide advice as long as management makes the final decisions. (Para. 600.7 A4)
Clients must:
• Appoint a competent individual to oversee the service.
• Supervise and evaluate the service.
• Accept responsibility for decisions. (Para. R600.8)

Non-Assurance Services for Clients Becoming PIEs

If a client becomes a PIE, prior or ongoing non-assurance services must comply with stricter rules.
• Previous services must follow non-PIE requirements.
• Prohibited services must end immediately or as soon as possible.
• All threats must be reduced to an acceptable level. (Para. R600.9)

Services for Related Entities

Some prohibited services may be allowed for a client’s related entities if:
• The firm does not audit the related entity.
• The firm does not assume a management role.
• The service does not create self-review threats.
• Other threats are reduced to an acceptable level.

This applies to:

1. Parent entities controlling the audit client.
2. Entities with significant financial interests in the client.
3. Entities under common control with the client. (Para. R600.10)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2015, part b an award competition
2 Winter 2014 Jupiter Limited

LO 28: ACCOUNTING AND BOOKKEEPING SERVICES: [Section 601]

Introduction
Providing accounting and bookkeeping services to an audit client can create a self-review threat.
Audit firms must follow both the general requirements (paragraphs 600.1 to R600.10) and specific rules in
this subsection. In some cases, firms and network firms cannot provide these services because safeguards
cannot eliminate the threats. (601.1 - 601.2)

369
ISAs – Summaries and Application Guide Code of Ethics

Scope of Accounting and Bookkeeping Services

Accounting and bookkeeping services include:
• Preparing accounting records and financial statements.
• Recording transactions.
• Payroll services. (601.3 A1)

Management is responsible for preparing financial statements based on the applicable financial reporting
framework. Their duties include:
• Determining accounting policies and applying them.
• Preparing or modifying source documents (e.g., purchase orders, payroll time records, customer
orders).
• Making or adjusting journal entries.
• Classifying transactions in accounts. (601.3 A2)

The audit process involves discussions between the auditor and management about:
• Applying accounting standards and financial statement disclosures.
• Evaluating financial and accounting controls.
• Suggesting adjusting journal entries.

These activities are routine and do not create threats if the client makes final decisions regarding its
accounting records and financial statements. (601.3 A3)

Clients may also seek technical assistance for:

• Resolving account reconciliation issues.
• Compiling data for regulatory reporting.
• Converting financial statements between reporting frameworks (e.g., adopting IFRS).

These services generally do not create threats unless the firm or network firm assumes management
responsibility. (601.3 A4)

Routine or Mechanical Accounting and Bookkeeping Services

Routine or mechanical services require little or no professional judgment. Examples include:
• Calculating payroll based on client data for approval.
• Recording transactions when amounts are clearly determinable (e.g., utility bills).
• Computing depreciation based on client-defined policies and estimates.
• Posting client-coded transactions to the general ledger.
• Posting client-approved journal entries to the trial balance.
• Preparing financial statements and notes based on client-approved records. (601.4 A1)

Audit Clients That Are Not Public Interest Entities (PIEs)

Firms or network firms cannot provide accounting and bookkeeping services to non-PIE audit clients if they
will audit the resulting financial statements. However, an exception applies if:
1. The services are routine or mechanical.
2. The firm mitigates threats to an acceptable level. (R601.5)

Safeguards against self-review threats include:

• Assigning non-audit team professionals to perform the service.
• Having an independent reviewer examine the work. (601.5 A1)

370
ISAs – Summaries and Application Guide Code of Ethics

Audit Clients That Are Public Interest Entities (PIEs)

Firms or network firms cannot provide accounting and bookkeeping services to PIE audit clients,
including preparing financial statements or related financial data. (R601.6)

Exception for PIEs

Routine or mechanical services may be provided to divisions or related entities of a PIE if:
• The personnel performing the service are not part of the audit team.
• The divisions or entities involved are immaterial to the PIE’s financial statements. (R601.7)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2015, part c team prepares financial
statements
2 Summer 2014, part a & c Kamal, letter of appreciation
3 Summer 2010, part bi Reconciling the creditors’ ledger
4 Summer 2007 Credit Manager

LO 29: ADMINISTRATIVE SERVICES: [Section 602]

Introduction
Providing administrative services to an audit client usually does not create a threat. (Ref: 602.1)
When offering administrative services, auditors must also consider the requirements and guidance in
paragraphs 600.1 to R600.10 of the Code of Ethics. (Ref: 602.2)

Application Material
All Audit Clients
Administrative services involve assisting clients with routine or mechanical tasks that require minimal
professional judgment. These tasks are clerical and do not impact the auditor’s independence. (Ref: 602.3 A1)

Examples of Administrative Services:

• Word processing services.
• Preparing administrative or statutory forms for client approval.
• Submitting forms as instructed by the client.
• Monitoring statutory filing deadlines and informing the client. (Ref: 602.3 A2)

LO 30: VALUATION SERVICES: [Section 603]

Introduction
Providing valuation services to an audit client may create a self-review threat or an advocacy threat.
(603.1)
When offering valuation services, auditors must apply the conceptual framework outlined in paragraphs
600.1 to R600.10. Certain valuation services are strictly prohibited for audit clients because the risks
involved cannot be mitigated with safeguards. (603.2)

371
ISAs – Summaries and Application Guide Code of Ethics

Requirements and Application Material

All Audit Clients
A valuation involves:
• Making assumptions about future developments.
• Applying valuation methodologies and techniques.
• Determining a specific value or range of values for assets, liabilities, or a business. (603.3 A1)

If an audit client requests a valuation for tax reporting or tax planning that does not directly affect financial
statements, auditors should follow the guidance in paragraphs 604.9 A1 to 604.9 A5. (603.3 A2)

To evaluate self-review or advocacy threats in valuation services, consider:

• The purpose of the valuation report.
• Whether the report will be publicly available.
• The client’s involvement in methodology selection.
• The level of subjectivity in the valuation.
• The impact on financial statements.
• The clarity of disclosures in financial statements.
• The dependence on future events, especially those that cause volatility. (603.3 A3)

Safeguards to Address Threats

• Assigning professionals not involved in the audit to conduct the valuation.
• Having an independent reviewer assess the audit work and valuation service. (603.3 A4)

Audit Clients that are Not Public Interest Entities (PIEs)

A firm or network firm must not provide valuation services if:
1. The valuation involves a significant degree of subjectivity.
2. The valuation will have a material impact on financial statements. (R603.4)

Some valuations do not involve significant subjectivity, particularly when:

• Laws or regulations define key assumptions.
• Accepted methodologies are used.
• Multiple parties conducting valuations produce similar results. (603.4 A1)

Audit Clients that are Public Interest Entities (PIEs)

A firm or network firm must not provide valuation services to a PIE audit client if the valuation will have a
material impact on the financial statements. (R603.5)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2018, part a Beta (Private) Limited
2 Winter 2012, part a Jamil Limited
3 Winter 2011, part i Watto Limited
4 Summer 2010, part bii Estimating the compensation
payable

372
ISAs – Summaries and Application Guide Code of Ethics

LO 31: TAX SERVICES: [Section 604]

Providing tax services to an audit client may create a self-review or advocacy threat. (604.1)

1. Tax Services Overview

Tax services include:
• Tax return preparation
• Tax calculations for accounting entries
• Tax planning and advisory services
• Tax valuations
• Assistance in tax disputes
Although addressed separately, these services often overlap. (604.3 A1)

2. Tax Return Preparation

Providing tax return preparation services usually does not create a threat. (604.4 A1)
These services involve:
• Drafting and compiling tax returns.
• Advising on past tax treatments.
• Responding to tax authority queries. (604.4 A2)

These tasks primarily use historical information and established tax laws. Tax authorities conduct their
own reviews. (604.4 A3)

3. Tax Calculations for Accounting Entries

All Audit Clients
Calculating current and deferred tax liabilities (or assets) for audit clients creates a self-review threat if
these calculations impact financial statements. (604.5 A1)

Key consideration:
• If the calculation materially affects financial statements, the risk increases. (604.5 A2)

Audit Clients that are Not Public Interest Entities (PIEs)

Safeguards for non-PIEs include:
• Assigning non-audit team professionals.
• Having a separate reviewer not involved in the service. (604.5 A3)

Audit Clients that are Public Interest Entities (PIEs)

Firms must not prepare material tax calculations for accounting entries if they audit the financial statements.
(R604.6)
For immaterial calculations, safeguards similar to those for non-PIEs apply. (604.6 A1)

4. Tax Planning and Advisory Services

Tax planning and advisory services can create self-review or advocacy threats. (604.7 A1)
These services include:
• Structuring client affairs for tax efficiency.
• Advising on new tax laws. (604.7 A2)

373
ISAs – Summaries and Application Guide Code of Ethics

Factors increasing risk:

• Subjectivity in tax treatments.
• Uncertainty in accounting treatment or presentation.
• The material impact of the tax advice on financial statements. (604.7 A3)

Safeguards:
• Using professionals outside the audit team.
• Engaging an independent reviewer.
• Obtaining pre-clearance from tax authorities. (604.7 A4)

When Tax Advice Relies on Accounting Treatment

Firms must not provide tax planning services if:
• The audit team has doubts about the accounting treatment.
• The tax advice has a material impact on the financial statements. (R604.8)

5. Tax Valuation Services

Providing tax valuation services may create self-review or advocacy threats. (604.9 A1)
If a valuation is:
• Only for tax purposes and has no direct financial statement impact → Low threat. (604.9 A2)
• Not externally reviewed and materially impacts financial statements → High threat. (604.9 A3)

Factors increasing risk:

• Subjectivity in valuation.
• The reliability of underlying data.
• Lack of legal or regulatory support for valuation methods.

Safeguards:
• Assigning non-audit team professionals.
• Independent review.
• Obtaining pre-clearance from tax authorities. (604.9 A4)

If the valuation affects financial statements, Subsection 603 (Valuation Services) applies. (604.9 A5)

6. Assisting in Tax Disputes

Providing assistance in resolving tax disputes can create self-review or advocacy threats. (604.10 A1)
A tax dispute arises when tax authorities reject a client’s arguments, and the case proceeds to a formal
tribunal or court. (604.10 A2)

Factors increasing risk:

• Management’s involvement in the dispute.
• Material impact on financial statements.
• Whether the disputed advice was originally provided by the firm.
• Legal and regulatory support for the client’s position.
• Whether the proceedings are public. (604.10 A3)

Safeguards:
• Assigning non-audit team professionals.
• Engaging an independent reviewer. (604.10 A4)

374
ISAs – Summaries and Application Guide Code of Ethics

7. Resolution of Tax Matters Involving Advocacy

Firms must not act as an advocate for an audit client in a tax dispute if:
1. They represent the client before a public tribunal or court.
2. The amounts involved are material to the financial statements. (R604.11)

However, firms may:

• Provide information upon request.
• Offer factual testimony.
• Assist the client in analyzing tax matters. (604.11 A1)

The definition of a public tribunal or court depends on jurisdiction. (604.11 A2)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2013, part a Salim Limited
2 Winter 2009, part i legal consultant
3 Summer 2006 State Street Limited

LO 32: INTERNAL AUDIT SERVICES: [Section 605]

Introduction
• Providing internal audit services to an audit client may create a self-review threat. (605.1)
• Requirements in paragraphs 600.1 to R600.10 apply when providing internal audit services. Some
internal audit services are prohibited due to threats that cannot be mitigated. (605.2)

Requirements and Application Material

All Audit Clients
• Internal audit services involve assisting the client with internal audit activities, which may include:
(605.3 A1)
o Monitoring and improving internal controls.
o Examining financial and operational information through reviews and testing.
o Evaluating the efficiency, economy, and effectiveness of operations.
o Checking compliance with laws, regulations, and internal policies.
• The scope of internal audit services varies based on the entity's size, structure, and governance
needs. (605.3 A2)

Firm's Responsibilities When Providing Internal Audit Services

• The audit firm must ensure the client: (R605.4)
o Appoints a competent senior manager responsible for internal audit.
o Reviews and approves the scope, risks, and frequency of internal audit.
o Evaluates internal audit services and their findings.
o Decides and implements internal audit recommendations.
o Reports key findings to governance.
• Performing significant internal audit work increases the risk of the firm taking on management
responsibilities, which is not allowed. (605.4 A1)

375
ISAs – Summaries and Application Guide Code of Ethics

Internal Audit Services That Assume Management Responsibilities

The following activities create a management responsibility threat and must be avoided: (605.4 A2)
• Setting internal audit policies and strategy.
• Directing internal audit employees.
• Deciding which audit recommendations to implement.
• Reporting internal audit results on behalf of management.
• Approving employee access privileges.
• Designing, implementing, or monitoring internal controls.
• Performing outsourced internal audit functions where the firm controls the scope.

Self-Review Threat in External Audits

• If a firm relies on internal audit work for an external audit, a self-review threat arises. This happens
when: (605.4 A3)
o The audit team uses internal audit results without proper evaluation.
o The audit team lacks professional skepticism when reviewing internal audit work.

• Factors affecting self-review threat: (605.4 A4)

o Materiality of financial statement items.
o Risk of misstatement for those items.
o Extent of reliance on internal audit work.

• Possible safeguard: Use professionals outside the audit team to perform the internal audit service.
(605.4 A5)

Audit Clients That Are Public Interest Entities (PIEs)

Firms must not provide internal audit services to a PIE if they involve: (R605.5)
• A significant part of internal controls over financial reporting.
• Financial accounting systems that generate material information.
• Amounts or disclosures that are material to financial statements.

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2017, part a Akbar Ali & Co
2 Winter 2016, part b request from a listed audit client
3 Winter 2010, part i EL would outsource
4 Winter 2008 Mubarak Limited
5 Summer 2006 Shams Qamer & Co

LO 33: INFORMATION TECHNOLOGY SYSTEMS SERVICES: [Section 606]

Introduction
A firm providing IT systems services to an audit client may create a self-review threat. [606.1]
The requirements in paragraphs 600.1 to R600.10 apply when providing IT systems services. Some IT
services are strictly prohibited because threats cannot be eliminated by safeguards. [606.2]

376
ISAs – Summaries and Application Guide Code of Ethics

Requirements and Application Material

All Audit Clients
IT system services include designing or implementing hardware or software that may:
• Aggregate source data
• Be part of internal control over financial reporting
• Generate information that impacts accounting records or financial statements

However, some IT systems may not relate to accounting records or internal control over financial
reporting. [606.3 A1]

Permitted IT Services (if No Management Responsibility is Assumed)

A firm or network firm cannot assume management responsibility. However, the following services generally
do not create threats:
• Designing or implementing IT systems unrelated to internal control over financial reporting
• Designing or implementing IT systems that do not significantly impact accounting records or
financial statements
• Implementing off-the-shelf accounting or financial reporting software (as long as customization is
minimal)
• Evaluating and recommending IT systems developed or implemented by another provider or the
client. [606.3 A2]

Client Responsibilities When Receiving IT Systems Services

A firm or network firm must ensure that the audit client:
• Acknowledges responsibility for internal controls
• Assigns decision-making to a competent employee (preferably senior management)
• Makes all key management decisions
• Evaluates the adequacy and results of the IT system
• Is responsible for operating the system and managing data. [R606.4]

Assessing the Self-Review Threat

Factors affecting the self-review threat include:
• Nature of the IT service
• Extent to which IT systems affect accounting records or financial statements
• Audit reliance on IT systems. [606.4 A1]

A possible safeguard is assigning non-audit team professionals to perform the IT service. [606.4 A2]

Audit Clients That Are Public Interest Entities (PIEs)

A firm or network firm must not provide IT systems services to a Public Interest Entity (PIE) if they
involve:
• Designing or implementing IT systems that form a significant part of internal control over
financial reporting
• Generating information that is significant to accounting records or financial statements on which
the firm will express an opinion. [R606.5]

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2014, part b Implementation of a new IT
system
2 Summer 2009, part ii Crimson Limited
3 Winter 2007, part iii Provide a general ledger package

377
ISAs – Summaries and Application Guide Code of Ethics

LO 34: LITIGATION SUPPORT SERVICES: [Section 607]

Introduction
• Providing litigation support services to an audit client may create self-review or advocacy threats.
(607.1)
• The requirements in paragraphs 600.1 to R600.10 apply when offering litigation support to an audit
client. (607.2)

Application Material
Types of Litigation Support Services
Litigation support services may include:
• Managing and retrieving documents.
• Acting as a witness, including an expert witness.
• Estimating damages or other amounts that may impact litigation or legal disputes. (607.3 A1)

Factors Affecting Self-Review or Advocacy Threats

The risk level depends on:
• The legal and regulatory framework, such as whether a court selects the expert witness.
• The nature and complexity of the service.
• The extent to which the litigation support service impacts the financial statements being audited.
(607.3 A2)

Safeguards to Address Threats

• A safeguard could be assigning the litigation support service to a professional outside the audit team.
(607.3 A3)

Impact on Financial Statements

• If a firm or network firm provides litigation support involving damage estimates or other financial
amounts affecting audited financial statements, the valuation service requirements in Subsection 603
apply. (607.3 A4)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2012, part b JKL Limited

LO 35: LEGAL SERVICES : [Section 608]

Introduction
• Providing legal services to an audit client can create a self-review or advocacy threat. (608.1)
• In addition to general ethical guidelines (600.1–R600.10), this subsection outlines specific prohibited
legal services that firms and network firms cannot provide to audit clients due to unavoidable
threats. (608.2)

Definition of Legal Services

• Legal services involve work that requires:
o Legal training to practice law, or
o Admission to practice law before courts in the relevant jurisdiction. (608.3 A1)

378
ISAs – Summaries and Application Guide Code of Ethics

Acting in an Advisory Role

• Legal advisory services may include:
o Contract support
o Transaction execution assistance
o Mergers and acquisitions
o Internal legal department support
o Legal due diligence and restructuring (608.4 A1)

• When evaluating self-review or advocacy threats, consider:

o Materiality of the legal matter in relation to financial statements.
o Complexity of the issue and the level of judgment required. (608.4 A2)

• Possible safeguards to mitigate threats:

o Assigning non-audit team professionals for legal services.
o Conducting independent reviews of the legal work and audit. (608.4 A3)

Prohibition on Acting as General Counsel

• Partners or employees of the firm or network firm must not serve as General Counsel for an audit
client. (R608.5)
• General Counsel typically holds a senior management role overseeing a company's legal affairs.
(608.5 A1)

Prohibition on Advocacy Role in Disputes

• Firms and network firms must not advocate for an audit client in disputes or litigation when the
amounts are material to the financial statements. (R608.6)
• If the amounts are not material, safeguards may reduce threats, such as:
o Assigning non-audit team professionals to perform legal services.
o Conducting independent reviews of the service and audit work. (608.6 A1)

LO 36: RECRUITING SERVICES: [Section 609]

Introduction
Recruiting services for an audit client can create self-interest, familiarity, or intimidation threats. (609.1)
The conceptual framework in paragraphs 600.1 to R600.10 applies when providing recruiting services to
an audit client. Some recruiting services are strictly prohibited for audit clients because the threats they
create cannot be mitigated with safeguards. (609.2)

Requirements and Application Material

Recruiting Services for All Audit Clients
Recruiting services may include:
• Drafting job descriptions.
• Designing the candidate search and selection process.
• Identifying and reaching out to potential candidates.
• Screening candidates by:
o Reviewing qualifications and assessing suitability.
o Conducting reference checks.
o Interviewing and advising on candidates' competence.
• Determining employment terms and negotiating salary, hours, and benefits. (609.3 A1)

379
ISAs – Summaries and Application Guide Code of Ethics

A firm or network firm cannot assume management responsibility under paragraph R600.7. However, the
following services generally do not create threats if the firm does not assume management responsibilities:
• Reviewing applicant qualifications and advising on their suitability.
• Interviewing and assessing candidates for financial accounting, administrative, or control positions.
(609.3 A2)

Conditions for Providing Recruiting Services

When a firm provides recruiting services to an audit client, it must ensure:
• The client makes all hiring decisions, ideally by a senior management member.
• The client controls the hiring process, including:
o Selecting candidates.
o Determining employment terms and negotiating compensation. (R609.4)

Factors Affecting Threats from Recruiting Services

Factors that influence self-interest, familiarity, or intimidation threats include:
• The type of assistance provided.
• The role of the recruited individual.
• Conflicts of interest or relationships between the candidate and the firm. (609.5 A1)
Using non-audit team professionals to perform recruiting services can help mitigate these threats. (609.5 A2)

Prohibited Recruiting Services

• A firm or network firm cannot act as a negotiator on the client's behalf. (R609.6)
• A firm or network firm cannot provide recruiting services if they involve:
o Searching for or reaching out to candidates.
o Conducting reference checks for the following positions:
 Director or officer of the entity.
 Senior management with significant influence over financial records or
statements. (R609.7)

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Summer 2013, part c Josh Limited
2 Winter 2010, part ii Your firm would recruit
3 Summer 2010, part a Pentagon Limited
4 Winter 2007, part ii Recruit professionals

380
ISAs – Summaries and Application Guide Code of Ethics

LO 37: CORPORATE FINANCE SERVICES: [Section 610]

Introduction
Providing corporate finance services to an audit client can create a self-review or advocacy threat. [610.1]
Audit firms and network firms must follow the general requirements in paragraphs 600.1 to R600.10 when
applying the conceptual framework to corporate finance services. In some cases, certain services are strictly
prohibited because the threats cannot be mitigated with safeguards. [610.2]

Examples of Corporate Finance Services Creating Threats

Corporate finance services that might lead to self-review or advocacy threats include:
• Helping an audit client develop corporate strategies.
• Identifying potential acquisition targets.
• Advising on asset disposals.
• Assisting in finance-raising transactions.
• Providing structuring advice.
• Advising on corporate finance transactions or financing arrangements that directly impact amounts
reported in financial statements. [610.3 A1]

Factors in Evaluating the Level of Threat

The risk level depends on:
• Subjectivity in determining the financial statement impact of corporate finance advice.
• Direct impact of the advice on financial statement figures.
• Materiality of affected amounts in the financial statements.
• Dependence on specific accounting treatment or presentation, especially when doubts exist about
compliance with the financial reporting framework. [610.3 A2]

Safeguards to Address Threats

Potential safeguards include:
• Using professionals who are not part of the audit team for corporate finance services.
• Appointing an independent reviewer, not involved in providing the service, to review audit work and
service performed. [610.3 A3]

Prohibited Corporate Finance Services

Restricted Services
Firms and network firms must not:
• Promote, deal in, or underwrite an audit client’s shares. [R610.4]

Restricted Advice
Firms and network firms must not provide corporate finance advice when:
1. The advice’s effectiveness depends on a specific accounting treatment or presentation, and:
o The audit team has reasonable doubt about its appropriateness under the financial
reporting framework.
o The advice will have a material impact on the financial statements. [R610.5]

QUESTIONS TO PRACTICE
Sr. # Attempt Title of Question
1 Winter 2014, part a An audit client
2 Winter 2008 Mubarak Limited

381
ISAs – Summaries and Application Guide Code of Ethics

LO 38: Reports on Special Purpose Financial Statements that Include a Restriction on Use
and Distribution (Audit and Review Engagements): [Section 800]

1. Overview
This section outlines modifications to Part 4A for audits of special purpose financial statements with
restricted use and distribution, referred to as "eligible audit engagements."

Modifying Independence Rules for Eligible Engagements

To modify independence rules, the firm must:
1. Inform intended users about the changes. (R800.3a)
2. Ensure users understand and agree to the modifications. (R800.3b)

Modifications Allowed in Eligible Engagements

A. Public Interest Entities (PIEs)
• PIE-specific independence rules do not apply. (R800.7)

B. Related Entities
• The audit client definition excludes related entities unless they impact independence. (R800.8)

C. Networks and Network Firms

• Network firm rules do not apply unless the firm identifies threats. (R800.9)

D. Financial Interests & Relationships

• Rules in Sections 510-525 apply only to:
o Engagement team members. (R800.10a)
o Close family members (if relevant). (R800.10a)

382
 ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

ISQM 1
QUALITY MANAGEMENT FOR FIRMS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION AND DEFINITIONS 1 – 16 A1 – A28

APPLYING, AND COMPLYING WITH, RELEVANT
LO 2 17–18 A29
REQUIREMENTS
LO 3 SYSTEM OF QUALITY MANAGEMENT 19–22 A30–A38
LO 4 THE FIRM'S RISK ASSESSMENT PROCESS 23–27 A39–A54
LO 5 GOVERNANCE AND LEADERSHIP 28 A55–A61
LO 6 RELEVANT ETHICAL REQUIREMENTS 29 A62–A66
ACCEPTANCE AND CONTINUANCE OF CLIENT
LO 7 30 A67–A74
RELATIONSHIPS AND SPECIFIC ENGAGEMENTS
LO 8 ENGAGEMENT PERFORMANCE 31 A75–A85
LO 9 RESOURCES 32 A86–A108
LO 10 INFORMATION AND COMMUNICATION 33 A109–A115
LO 11 SPECIFIED RESPONSES 34 A116–A137
LO 12 MONITORING AND REMEDIATION PROCESS 35–47 A138–A174
LO 13 NETWORK REQUIREMENTS OR NETWORK SERVICES 48–52 A175–A186
LO 14 EVALUATING THE SYSTEM OF QUALITY MANAGEMENT 53–56 A187–A201
LO 15 DOCUMENTATION 57–60 A202–A206

383
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

LO 1: INTRODUCTION AND DEFINITIONS:

Purpose and Scope of ISQM 1

• ISQM 1 sets the requirements for a firm's system of quality management in:
o Audits
o Reviews of financial statements
o Other assurance or related services engagements
• The standard ensures firms consistently perform quality engagements that meet professional and
legal requirements.
• ISQM 2 supplements ISQM 1 and covers:
o Appointment and eligibility of the engagement quality reviewer
o Performance and documentation of engagement quality reviews
• Application:
o Applies to all firms performing any of the above engagements
o Must be used alongside ethical requirements

Components of the Quality Management System

The firm must manage the system through 8 key components:
1. Risk Assessment Process
2. Governance and Leadership
3. Relevant Ethical Requirements
4. Client Acceptance and Continuance
5. Engagement Performance
6. Resources
7. Information and Communication
8. Monitoring and Remediation
These components are interconnected and must work in coordination.

Definitions in ISQM 1

Term Simplified Meaning

Engagement Quality
Objective evaluation of key judgments before issuing the report
Review
All individuals performing the engagement (excluding external experts and
Engagement Team
assisting internal auditors)

External Inspections Reviews by regulators on the firm’s quality system or engagements

Quality Risk Risks that could affect achieving quality objectives

Response Policies or procedures to address quality risks
System of Quality
Entire framework ensuring quality and compliance
Management

LO 2: APPLYING, AND COMPLYING WITH, RELEVANT REQUIREMENTS:

General Rule
• The firm must comply with every requirement in the ISQM.
• An exception applies only when a requirement is not relevant due to the firm’s specific nature or the type
of engagements it performs.

384
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

When a Requirement May Not Be Relevant

Certain ISQM requirements do not apply in specific cases, such as:
 Sole Practitioner Firms
Requirements related to Organizational structure, Assigning roles and responsibilities, Supervision,
review, and handling differences of opinion may not be relevant due to the firm’s size.

 Firms Performing Only Related Services Engagements

If independence is not required, the firm does not need to obtain documented confirmation of
compliance with independence requirements from all personnel.

LO 3: SYSTEM OF QUALITY MANAGEMENT:

Purpose of the System of Quality Management (SQM)

The firm must design, implement, and operate a System of Quality Management to ensure quality in all
assurance engagements.

Ultimate and Operational Responsibility

The firm shall assign:
• Ultimate responsibility and accountability to the CEO, managing partner, or governing board.
• Operational responsibility to individuals managing day-to-day SQM activities.

Maintaining Firm Accountability

Even after delegating, the firm remains ultimately responsible for the SQM’s effectiveness.

LO 4: THE FIRM'S RISK ASSESSMENT PROCESS:

Purpose of the Process
The firm shall:
• Set quality objectives
• Identify and assess quality risks
• Design and implement responses to address the identified risks

Identifying and Assessing Quality Risks:

The firm shall evaluate factors that may threaten the achievement of quality objectives. These include:

Firm-Level Factors:
• Firm complexity and operations
• Strategic and operational decisions
• Leadership style and accountability
• Resources (internal and from service providers)
• Legal, regulatory, and professional standards
• Network requirements and services (if applicable)

Engagement-Level Factors:
• Types of engagements and reports
• Types of client entities

Note: Formal ratings or scoring are optional but not required.

385
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Designing and Implementing Responses:

Some responses must be implemented firm-wide; others may be specific to engagement teams.
Sometimes, implementing a response (e.g., new technology) may introduce new risks.

LO 5: GOVERNANCE AND LEADERSHIP:

Governance and leadership play a critical role in establishing a culture that supports the system of quality
management within a firm. ISQM 1 outlines specific quality objectives in this area.

1. Commitment to Quality
The firm must promote a culture that values public interest, ethics, and accountability, embedding
quality in all strategic and operational decisions.

2. Leadership Accountability
Leadership is responsible for quality and must demonstrate it through consistent actions,
communication, and performance evaluations.

3. Organizational Structure
The firm must assign clear roles and authority to support the system of quality management.
Structures may include service delivery centers or specialized teams.

4. Resource Planning
The firm must plan, allocate, and manage resources (e.g., financial, human) to meet quality goals and
adapt to changing needs.

LO 6: RELEVANT ETHICAL REQUIREMENTS:

The firm and its personnel must understand and comply with relevant ethical requirements, including
independence.

Enhancements Beyond the Code

Firms may establish stricter internal policies than those in the IESBA Code.

Examples:
• Banning all gifts and hospitality, even if trivial.
• Applying rotation periods to all engagement partners and senior team members, even beyond
required standards.

Applicability to Others
Other parties involved in engagements (such as network firms, individuals within those firms, or service
providers) must also:
• Understand the ethical and independence requirements relevant to them.
• Fulfill their responsibilities accordingly.

386
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

LO 7: ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND SPECIFIC

ENGAGEMENTS:

Factors to Consider Before Acceptance or Continuance

A. Client Integrity and Ethical Values
The firm must evaluate the integrity of the client, including management and those charged with governance.

Engagement Characteristics
The firm must understand the engagement’s nature and environment.

C. Firm’s Ability to Perform the Engagement

The firm must assess its capacity to deliver quality work.

Information Sources to Support the Decision

The firm may obtain information from:
• Internal Sources: Previous or current engagement records and personnel feedback.
• External Sources:
o Previous or existing professional service providers (in line with ethical standards).
o Discussions with bankers, legal counsel, or industry peers.
o Background checks using databases or third-party service providers.

Note: This information also helps the engagement team in planning and executing the audit.

LO 8: ENGAGEMENT PERFORMANCE:
The engagement partner is responsible for managing quality and staying involved throughout the
engagement.

The firm shall set the following quality objectives for engagement performance:
1. Engagement teams must understand and fulfill their responsibilities.
2. Direction, supervision, and review must match the nature of the engagement.
3. Teams must apply professional judgment and, when required, professional skepticism.
4. Teams must consult on difficult matters, agree on conclusions, and implement them.
5. Differences of Opinions within the team or with quality reviewers must be reported and resolved.
6. Engagement documentation must be assembled promptly after the report date.

Consultation on Complex Matters

• Teams must consult experts (internal or external) on complex or contentious issues.
• Firms should promote a culture where consultation is encouraged.
• Firms must define:
• When to consult
• How to agree on and apply conclusions

Resolving Differences of Opinion

Firms must ensure that disagreements within the team or with reviewers are:
• Raised early
• Properly addressed
• Documented with agreed resolutions
• In complex cases, consultation with another practitioner, firm, or regulator may be required.

387
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Engagement Documentation
A. Assembly of Final Documentation
• Engagement documentation must be assembled promptly after the report date.
• Under ISAs or ISAEs: Final file assembly must be completed within 60 days after the engagement
report date.

B. Retention and Maintenance

• Documentation must be:
o Securely stored
o Easily accessible and retrievable
o Protected against unauthorized changes, deletion, or loss
• IT tools may support document management, but must ensure data integrity.

C. Retention Period
• Law or standards may define how long documents are kept.
• If not defined, the firm sets retention based on its needs and engagement type.
• Under ISAs or ISAEs: Documents must be kept at least 5 years from the engagement report date, or
from the auditor’s report on group financials (if later).

LO 9: RESOURCES:

The firm shall establish quality objectives to ensure timely and appropriate use of human, technological,
intellectual, and external resources.

Resource Aspect to Focus

1. Human Resources:  Hiring, Development, and Retention
Engagement team members, including the  Assignment to Engagements
engagement partner, must have the required  Use of External Individuals (from Network firms,
competence and time to perform quality or Service Providers)
engagements.  d. Accountability and Recognition
2. Technological Resources:  Maintain functioning general IT controls.
Resources must:  Train users with specialized skills if required.
• Operate as intended.  Restrict unapproved tools until validated and
• Maintain data confidentiality. authorized.

3. Intellectual Resources:
(e.g. Technical or industry-specific guides, Access to Integration with Technology
databases and research platforms.) Usage Policies

4. Service Providers: Firm’s Responsibilities

When the firm lacks internal resources, it may rely on Evaluating Service Provider
service providers. Ensuring Effective Use

LO 10: INFORMATION AND COMMUNICATION:

Purpose
Information and communication help the firm design, run, and monitor its system of quality management
effectively.

388
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Key Requirements
1. Internal Information System
The firm must collect and manage reliable and relevant information—from both inside and
outside the firm.

2. Open Communication Culture

The firm must encourage sharing of information among staff and engagement teams.

3. Internal Communication
The firm must:
o Inform teams of their roles, system changes, and engagement details.
o Receive feedback from engagement teams on issues, client risks, or quality concerns.

4. External Communication
The firm must:
o Share information with its network or service providers to support their duties.
o Communicate externally when required by law or standards (e.g., non-compliance
reporting, transparency reports).

5. Limitations
Confidentiality or privacy laws may restrict what the firm can share externally.

LO 11: SPECIFIED RESPONSES:

Ethical Requirements and Compliance Measures

Policies Required
• Identify, evaluate, and respond to threats to ethical compliance.
• Detect, report, and respond to breaches of ethical requirements promptly.
• Communicate breaches internally and consider reporting to external parties where needed.
• Address consequences of breaches and determine actions for responsible individuals.

Annual Independence Confirmations

• Obtain written confirmations at least once a year from all personnel required to be independent.

Handling Complaints and Allegations

Complaint Procedures
Establish procedures to receive, investigate, and resolve:
 Failures to meet professional standards or legal requirements.
 Non-compliance with firm policies under ISQM 1.

Sources of Complaints
 Internal personnel.
 External parties (e.g., clients, component auditors).

New Information After Client or Engagement Acceptance

When New Facts Emerge After Acceptance
Review if the information:
• Existed earlier but was unknown.
• Emerged after the acceptance decision.

389
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Firm’s Response
• Consult internally or seek legal advice.
• Evaluate if the firm can or must continue the engagement under law.
• Discuss possible actions with client management and governance.

If Withdrawal Is Necessary
• Notify client and governance about withdrawal and reasons.
• Consider regulatory reporting if required.

When Withdrawal Is Not an Option

• Evaluate the impact on engagement.
• Increase engagement partner supervision and assign experienced staff.
• Require an engagement quality review.

Communicating Quality Management to External Parties

Mandatory Communications
For listed entity audits, communicate with those charged with governance about how the system of quality
management ensures consistent quality.

When Communication May Be Appropriate

Communicate externally when it helps stakeholders understand the firm’s quality system.

Engagement Quality Review (EQR) Requirements

Mandatory EQRs
EQR is required for:
 Audits of listed entities.
 Engagements where law or regulation requires EQR.
 Engagements identified by the firm as high risk.

When EQR May Be Appropriate

• Complex engagements involving high judgment or estimation uncertainty (e.g., going concern).
• Engagements with past issues (e.g., inspection findings, restatements).
• New or unusual client situations.
• Public interest or high-profile entities.
• Regulatory filings with significant judgment (e.g., pro forma reports).

Alternative Responses
Where appropriate, the firm may use other types of engagement reviews (e.g., reviews of significant risks or
judgments by technical experts).

LO 12: MONITORING AND REMEDIATION PROCESS:

The firm shall establish a monitoring and remediation process.

Designing and Performing Monitoring Activities:

The firm shall design monitoring activities (on-going or periodic) to identify deficiencies effectively.

390
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Engagement Inspections:
The firm shall inspect completed engagements as part of monitoring.

Cyclical Inspection
• Inspect at least one engagement per partner on a cyclical basis (e.g. once every 3 years for audit
engagement partner, and once every 5 years for other engagement partners).
• More frequent inspections may be needed when:
o Severe deficiencies are found.
o New partners are involved.
o High-risk industries are audited.
• The firm may defer inspection if other monitoring already provides enough insight.

Individuals Performing Monitoring Activities

The firm shall:
• Assign competent and objective individuals with enough time.
• Prohibit inspection by engagement team members or engagement quality reviewers of the same
engagement.

Use network services or external providers if internal staff lack objectivity or expertise.

Evaluating Findings and Identifying Deficiencies:

The firm shall evaluate whether findings indicate deficiencies, and Consider:
• Root cause(s).
• Severity and pervasiveness.
• Whether findings are systemic or isolated.

Responding to Identified Deficiencies

• The firm shall design and implement targeted responses to deficiencies.
• Actions must address the root cause.
• If a service provider causes the issue:
o Evaluate continued use of that provider.
o Communicate the matter.
o The firm is responsible for preventing recurrence, not fixing the provider’s internal issues.

Findings About Specific Engagements

If findings reveal Omitted procedures, or Inappropriate audit report.

The firm shall:

• Take action to comply with professional and legal standards.
• Possibly perform the omitted procedures.
• Discuss with management or governance.
• Consider legal advice if needed.

391
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

LO 13: NETWORK REQUIREMENTS OR NETWORK SERVICES:

What Are Network Requirements and Services?

• Network Requirements: Mandatory policies or tools the firm must follow (e.g. audit methodologies,
IT systems).
• Network Services: Optional support provided by the network (e.g. training, shared service centers,
expert resources).

Firm’s Responsibilities
• The firm must understand what the network requires or offers.
• The firm is still fully responsible for its own system of quality management—not the network.
• Network inputs must not conflict with ISQM 1.

Monitoring by the Network

If the network monitors quality, the firm must:
o Understand what is being reviewed.
o Use the results in its own monitoring and improvements.
o Communicate relevant info to staff and engagement teams.

Handling Deficiencies
If a deficiency is found in network requirements or services:
 Communicate it to the network.
 Implement remedial actions within the firm.
 Supplement the network’s response if it's delayed or insufficient.

LO 14: EVALUATING THE SYSTEM OF QUALITY MANAGEMENT:

Annual Evaluation Requirement

The firm must assign individuals with ultimate responsibility and accountability to evaluate the System of
Quality Management (SoQM) at least once a year, at a defined point in time.

Basis for Evaluation

Evaluation is based on monitoring results, internal communications, and overall performance data. Other
individuals may assist, but those assigned remain fully accountable.

Possible Conclusions
The evaluation must result in one of the following:
(a) SoQM achieves its objectives.
(b) SoQM generally achieves objectives, except for severe but not pervasive deficiencies.
(c) SoQM fails to achieve objectives due to severe and pervasive deficiencies.

Deficiency Assessment:
Severity and pervasiveness guide the conclusion:
• Severe but localised issues may not impact the system as a whole.
• Widespread and critical issues undermine the system’s reliability.

392
ISAs – Summaries and Application Guide ISQM 1: Quality Management for Firms

Required Actions for Deficiencies

If conclusion falls under (b) or (c), the firm must:
• Take prompt corrective action (e.g., add resources, issue guidance, seek legal advice).
• Communicate internally (e.g., engagement teams) and externally (e.g., regulators, networks), as
required.

LO 15: DOCUMENTATION:

Purpose
• Supports understanding, implementation, and evaluation of the System of Quality Management
(SoQM).
• Provides evidence of compliance with ISQM, legal, and ethical standards.
• Serves as a resource for training, decision-tracking, and knowledge retention.

393
 ISAs – Summaries and Application Guide ISQM 2: Engagement Quality Reviews

ISQM 2
ENGAGEMENT QUALITY REVIEWS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITIONS 1 – 13 N/A

APPLYING, AND COMPLYING WITH, RELEVANT
LO 2 14–16 N/A
REQUIREMENTS
APPOINTMENT AND ELIGIBILITY OF ENGAGEMENT QUALITY
LO 3 17–23 A1–A24
REVIEWERS
LO 4 PERFORMANCE OF THE ENGAGEMENT QUALITY REVIEW 24–27 A25–A49
LO 5 DOCUMENTATION 28–30 A50–A53

394
ISAs – Summaries and Application Guide ISQM 2: Engagement Quality Reviews

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITIONS:

What ISQM 2 Covers:

• Appointment and eligibility of the Engagement Quality Reviewer (EQR)
• The responsibilities of the EQR in performing and documenting the Engagement Quality Review

When ISQM 2 Applies:

• Applies to all engagements requiring an engagement quality review under ISQM 1

Objective of the Review:

To conduct an objective evaluation of:
• Significant judgments made by the engagement team
• Conclusions reached before the date of the engagement report

Limitations of the Review:

• The review does not cover the entire engagement
• The EQR does not obtain audit evidence or form an audit opinion. However, the engagement team
may gather more evidence based on EQR input

Relationship with the Engagement Team:

• The EQR is not part of the engagement team
• The engagement partner remains responsible for engagement.

Scalability of Engagement Quality Reviews

The nature, timing, and extent of the review depends on:
• The complexity of the engagement
• The significance of judgments involved

Definitions:
Engagement Quality Review:
An objective review of key judgments and conclusions, done by the reviewer before the engagement report
date.

Engagement Quality Reviewer:

A partner, firm member, or external person appointed to perform the review.

LO 2: APPLYING, AND COMPLYING WITH, RELEVANT REQUIREMENTS:

Understand the ISQM

The firm and the engagement quality reviewer must fully understand the ISQM, including its application
guidance and explanatory material. This ensures proper implementation of the standard.

Comply with Relevant Requirements

They must comply with each requirement of the ISQM unless a requirement is not applicable to the specific
engagement.

395
ISAs – Summaries and Application Guide ISQM 2: Engagement Quality Reviews

Take Further Action if Needed

Correct application of the ISQM should help achieve its objective. If it doesn’t, additional actions must be
taken to meet that objective.

LO 3: APPOINTMENT AND ELIGIBILITY OF ENGAGEMENT QUALITY REVIEWERS:

Appointment of Engagement Quality Reviewer (EQR)

• The firm must assign the responsibility of appointing the EQR to an individual (or individuals) with:
o Sufficient competence and authority
o Capability to fulfill the responsibility
• This person must not be part of the engagement team being reviewed. In smaller firms or sole
practices, the firm may permit exceptions where practical constraints exist.

Eligibility Criteria for Engagement Quality Reviewers:

EQRs (and its assistants) must not be part of the engagement team and must:
 Have sufficient competence, capability, and time to perform the review.
 Meet ethical requirements

The firm must empower the EQR with authority. Authority may weaken if Reviewers report to the
engagement partner.

Cooling-Off Period
If an individual previously served as the engagement partner, the firm must:
 Enforce a 2-year cooling-off period (or longer if required).
 Prevent the individual from acting as EQR during this time.

Threats to Objectivity and Independence

Common Threats
• Self-review threat: Reviewer was previously involved in the same engagement
• Familiarity or self-interest: Close personal or family relationships
• Intimidation threat: Pressure from dominant or high-ranking team members

Ethical Requirements
EQRs must follow ethical standards like the IESBA Code to:
• Identify, assess, and respond to these threats
• Apply safeguards as needed

LO 4: PERFORMANCE OF THE ENGAGEMENT QUALITY REVIEW:

Firm’s Responsibilities for the Engagement Quality Review

The firm must establish clear policies or procedures covering:
• Reviewer’s Role: The engagement quality reviewer performs procedures at appropriate points to
objectively evaluate significant judgments and conclusions made by the engagement team.
• Engagement Partner's Role: The engagement partner must not date the engagement report until
the reviewer confirms the review is complete.

396
ISAs – Summaries and Application Guide ISQM 2: Engagement Quality Reviews

Engagement Partner’s Responsibilities

• Ensure that an eligible engagement quality reviewer is appointed, where required..
• Ensure team cooperation with the reviewer.
• Discuss significant matters and judgments with the reviewer.
• Delay dating the auditor’s report until the reviewer completes the review and confirms it.

Execution of the Engagement Quality Review

The engagement quality reviewer must read and understand key information from:
• The engagement team about the engagement and the entity.
• The firm’s monitoring process, especially identified deficiencies relevant to significant judgments.

The engagement quality reviewer must discuss significant matters and judgments with:
• The engagement partner
• Other relevant team members (if applicable)

The engagement quality reviewer must review selected engagement documentation to evaluate:
• The basis for significant judgments, including use of professional skepticism
• Whether documentation supports conclusions
• Whether conclusions are appropriate

Evaluations Required During the Review

For financial statement audits, the reviewer must also Evaluate whether:
• Independence and other ethical requirements were fulfilled.
• Appropriate consultation occurred on complex or disputed matters.
• The engagement partner’s involvement was sufficient throughout the audit.
• Financial statements and audit report, including Key Audit Matters, reflect accurate and consistent
conclusions.

For other engagements, the reviewer must review reports and, if applicable, subject matter information for
consistency with documented conclusions.

Completion of the Engagement Quality Review

The reviewer must confirm:
• All review procedures are complete and meet the firm’s requirements.
• There are no unresolved concerns.
• The reviewer then notifies the engagement partner that the review is complete.

Unresolved Concerns and Escalation

If the reviewer believes the engagement team’s judgments or conclusions are inappropriate:
• The reviewer notifies the engagement partner.
• If unresolved, the reviewer informs designated individuals in the firm.
• In such cases, the review cannot be marked as complete.
• The firm may require internal or external consultation (e.g., legal counsel, regulators).

Maintaining Reviewer Objectivity

Ongoing discussions are encouraged but should not lead the reviewer to make decisions on behalf of the
team.

397
ISAs – Summaries and Application Guide ISQM 2: Engagement Quality Reviews

Timeliness of Review
The review should cover all engagement phases: planning, performing, and reporting.

Group Audits
For group audits, the reviewer may:
• Interact with component auditors.
• Use assistants to review parts of the group audit.

LO 5: DOCUMENTATION:

Firm’s Responsibility
• The firm must set policies requiring the engagement quality reviewer to document their work.
• This documentation becomes part of the overall audit file.
• ISQM 1 also applies to documenting quality management.

Reviewer’s Responsibility
• The reviewer must ensure documentation is clear and complete.
• It should allow another experienced auditor (with no prior involvement) to understand what was
done and why.

What to Include in the Documentation

• Reviewer’s name (and assistants, if any)
• What was reviewed
• Basis for reviewer’s conclusions
• Any required notifications
• Date the review was completed

How to Document
• Can be done electronically, via memo, or meeting minutes.
• Format depends on engagement complexity and the nature of the entity.

Timing
• The audit report can only be dated after the review is complete.
• Final review documentation should be completed before assembling the final audit file.

398
 ISAs – Summaries and Application Guide ISA 220

ISA 220
QUALITY CONTROL FOR AN AUDIT
OF FINANCIAL STATEMENTS

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 12 A1 – A27

LEADERSHIP RESPONSIBILITIES FOR MANAGING AND
LO 2 13 – 15 A28 – A37
ACHIEVING QUALITY ON AUDITS
RELEVANT ETHICAL REQUIREMENTS, INCLUDING THOSE
LO 3 16 – 21 A38 – A48
RELATED TO INDEPENDENCE
ACCEPTANCE AND CONTINUANCE OF CLIENT
LO 4 22 – 24 A49 – A58
RELATIONSHIPS AND AUDIT ENGAGEMENTS
LO 5 ENGAGEMENT RESOURCES 25 – 28 A59 – A79
LO 6 ENGAGEMENT PERFORMANCE 29 – 38 A80 – A108
LO 7 MONITORING AND REMEDIATION 39 A109 – A112
TAKING OVERALL RESPONSIBILITY FOR MANAGING AND
LO 8 40 A113 – A116
ACHIEVING QUALITY
LO 9 DOCUMENTATION 41 A117 – A120

399
ISAs – Summaries and Application Guide ISA 220

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

Scope of ISA 220
• ISA 220 outlines the auditor’s responsibility for managing quality at the engagement level.
• It applies to all audits of financial statements and must be read alongside ethical requirements.

Key Responsibilities in Quality Management

Firm’s System of Quality Management
Under ISQM 1, firms must design and operate a quality management system to ensure:
• Compliance with professional and legal standards.
• Audit reports are reliable and appropriate.

Engagement Team’s Role

The engagement team, led by the engagement partner, must:
• Implement firm-wide quality policies in the audit.
• Identify and respond to engagement-specific quality risks.
• Communicate relevant quality management information to the firm.

Scalability in Audit Engagements

• In simple audits (e.g., small firms), the engagement partner may handle all quality responsibilities.
• In complex audits (e.g., large entities), the engagement partner may delegate tasks but remains
responsible for audit quality.

LO 2: LEADERSHIP RESPONSIBILITIES FOR MANAGING AND ACHIEVING QUALITY ON AUDITS:

1. Engagement Partner's Responsibility for Audit Quality

• The engagement partner is responsible for ensuring quality in the audit.
• The partner must create an environment that supports the firm's culture and expected behavior.
• The partner must stay actively involved in the audit to ensure significant judgments and conclusions
are appropriate.

2. Establishing a Quality-Driven Environment

The engagement partner must:
• Ensure all team members contribute to audit quality.
• Emphasize professional ethics, values, and attitudes.
• Promote open communication where concerns can be raised freely.
• Encourage professional skepticism throughout the audit.

3. Assigning Audit Tasks and Supervision

• The engagement partner may assign specific tasks to team members.
• However, the partner remains fully responsible for audit quality.
• Supervision and review of assigned work must be done to ensure compliance.

400
ISAs – Summaries and Application Guide ISA 220

4. Key Aspects of Audit Quality Management

A. Firm’s Commitment to Quality
• The firm must establish quality objectives under ISQM 1.
• The engagement partner must lead by example to reinforce quality culture.

B. Scalability of Quality Management

• Smaller teams: Direct interaction may be enough.
• Larger, dispersed teams: Formal communication is necessary.

C. Maintaining Involvement in the Audit

• The engagement partner must direct, supervise, and review team activities.
• The level of oversight depends on the audit’s nature and risks.

5. Importance of Communication
• Communication ensures the engagement team receives timely, relevant information.
• It may involve:
o Internal communication within the audit team.
o Interaction with the firm’s quality management team.
o Engagement with external parties (e.g., regulators, governance bodies).
• Technology can help coordinate work for teams across multiple locations.

6. Professional Skepticism and Challenges

Engagement partner must ensure that auditors maintain professional skepticism despite challenges, such as:
• Time pressure restricting thorough analysis.
• Budget constraints limiting access to specialists.
• Management resistance affecting cooperation.
• Overreliance on technology without critical assessment of results.

7. Overcoming Biases in Audit Judgment

Auditors must be aware of biases that can affect professional judgment:

Bias Type Description

Availability Bias Preferring easily available information over a full analysis.

Confirmation Bias Giving more weight to information that supports existing beliefs.
Making decisions as a group, discouraging creativity and individual
Groupthink
responsibility.
Overconfidence
Overestimating one’s ability to assess risks or make accurate judgments.
Bias
Anchoring Bias Relying too heavily on initial information when evaluating new data.

Automation Bias Trusting automated systems without verifying their accuracy.

Actions to Mitigate Impediments to Professional Skepticism include:

 Adjust Team Composition
 Leverage Experience in Management Interactions
 Use Specialized Skills
 Enhance Supervision & Review
 Set Clear Guidance for Less Experienced Auditors
 Address Management Pressure

401
ISAs – Summaries and Application Guide ISA 220

LO 3: RELEVANT ETHICAL REQUIREMENTS, INCLUDING THOSE RELATED TO INDEPENDENCE:

Engagement Partner’s Responsibilities

The engagement partner must:
• Understand and ensure compliance with ethical requirements, including independence.
• Inform the engagement team about ethical standards and firm policies.
• Identify, evaluate, and address threats to ethical compliance.
• Respond to breaches of ethical requirements and non-compliance with laws and regulations.

Addressing Ethical Threats and Breaches

• The engagement partner must stay alert to ethical risks throughout the audit.
• If a threat arises, they must take appropriate action based on the firm’s policies.
• If a breach occurs, possible actions include:
o Consulting with the firm and governance bodies.
o Reporting to regulators if required.
o Seeking legal advice.
o Withdrawing from the audit (if permitted).

Ethical Compliance Before Issuing the Auditor’s Report

The engagement partner must confirm compliance with ethical standards before signing the auditor’s report.

LO 4: ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND AUDIT

ENGAGEMENTS:

1. Evaluating Client Acceptance and Continuance

The engagement partner must ensure compliance with firm policies for accepting and continuing audit
engagements.

Before proceeding, the following factors are assessed:

• Integrity and ethics of management and governance.
• Availability of resources and competence of the engagement team.
• Management’s acknowledgment of responsibilities.
• Significant issues from prior audits affecting the engagement.

Under ISQM 1, firms must ensure they can perform the audit in accordance with professional and legal
standards. If an engagement is legally required, the engagement partner must review its feasibility.

2. Using Acceptance Information in Audit Planning

Information from the acceptance process is used to:
• Understand the entity’s size, complexity, industry, and reporting framework.
• Assess group audits, including parent-subsidiary relationships.
• Identify risks of material misstatement (ISA 315 & ISA 240).
• Plan the audit approach and determine if an expert is needed (ISA 620).
• Establish terms of engagement (ISA 210) and review governance (ISA 260 & ISA 265).

402
ISAs – Summaries and Application Guide ISA 220

3. Addressing New Findings After Acceptance

If new information emerges that could have led to rejecting the engagement, the engagement partner must:
• Inform the firm immediately.
• Decide on necessary actions, such as assigning additional resources or reconsidering engagement
continuation.

If management’s refusal raises concerns, the firm’s dispute resolution policies may be applied.

4. Communication Between Successor and Predecessor Auditors

Before accepting an engagement, the successor auditor may request information from the predecessor
auditor, especially regarding:
• Non-compliance with laws and regulations.
• Reasons for withdrawal from the previous audit.

Under the IESBA Code, the predecessor auditor must provide relevant information when requested.

LO 5: ENGAGEMENT RESOURCES :
Assigning Resources
• The engagement partner ensures the audit team has adequate resources.
• Resources must be assigned timely, considering the audit’s nature, firm policies, and changes.

Types of Resources
� Human Resources – Audit team, external experts, and internal auditors must have skills, experience, and
time.
� Technological Resources – Tech tools improve efficiency but require proper use and security checks.
� Intellectual Resources – Includes audit guides, templates, and methodologies for consistency.

Handling Insufficient or Inappropriate Resources

Identifying Resource Shortages
• The firm must plan and allocate resources to maintain audit quality.
• If resources are insufficient or inappropriate, the engagement partner must take action:
o Request additional support from the firm.
o In group audits, discuss the issue with component auditors or management.
o If critical tools (e.g., audit software) are outdated, the firm must update them.

Actions When Additional Resources Are Not Provided

If additional resources are not made available, the engagement partner may:
• Adjust the audit approach (e.g., modify supervision or review procedures).
• Request an extension for reporting deadlines (if legally allowed).
• Escalate concerns within the firm for resolution.
• Withdraw from the engagement, if permitted by applicable law.

403
ISAs – Summaries and Application Guide ISA 220

LO 6: ENGAGEMENT PERFORMANCE:

1. Direction, Supervision, and Review

The engagement partner oversees the engagement team to ensure audit quality.

Key Responsibilities
✔ Assigns clear roles and ensures compliance with standards and firm policies.
✔ Reviews significant matters, key judgments, and audit documentation.
✔ Confirms sufficient audit evidence before signing the audit report.
✔ Approves formal communications to management, governance, and regulators.

2. Engagement Quality Review (EQR)

For audits requiring EQR, the engagement partner must:
✔ Appoint a reviewer and ensure team cooperation.
✔ Discuss significant judgments and audit conclusions.
✔ Complete the review before signing the audit report.
✔ Maintain ongoing communication to resolve issues promptly.

3. Consultation on Complex Matters

✔ Consult experts on complex, high-risk, or contentious issues.
✔ Ensure consultations are documented and implemented.
✔ Seek external advice when necessary.

4. Handling Differences of Opinion

✔ Follow firm policies for resolving disputes.
✔ Document and resolve disagreements before signing the report.
✔ If unresolved, seek legal advice or consider withdrawal from the audit.

5. Scalable Supervision Based on Complexity

✔ More oversight for complex audits and high-risk areas.
✔ Adjust supervision based on team experience.
✔ Use structured communication for remote teams.

LO 7: MONITORING AND REMEDIATION:

1. Engagement Partner’s Role

• Understand monitoring and remediation details from the firm and network firms.
• Assess its impact on the audit and take necessary action.
• Stay alert for relevant information and report it.

2. Firm’s Monitoring and Remediation (ISQM 1)

• Firms must share monitoring and remediation updates with engagement teams.
• Engagement teams must apply professional skepticism and provide feedback.
• Findings from past audits, inspections, or regulatory reviews may affect the engagement.

404
ISAs – Summaries and Application Guide ISA 220

3. Engagement Partner’s Actions

The engagement partner should:
• Review the firm's corrective actions and determine if further steps are needed.
• If deficiencies impact the engagement, consider actions such as:
o Engaging an auditor’s expert.
o Enhancing supervision, review, or audit procedures in weak areas.
• If deficiencies are irrelevant (e.g., unused technology issues), no action is required.

4. Impact of Deficiencies on the Audit

• A quality deficiency does not mean the audit was incorrect.
• It also does not imply that the auditor’s report was incorrect.
• Each case should be assessed based on professional standards and legal requirements.

LO 8: TAKING OVERALL RESPONSIBILITY FOR MANAGING AND ACHIEVING QUALITY :

Ensuring Audit Quality

Before finalizing the auditor’s report, the engagement partner must stay actively involved to validate key
judgments and conclusions.

ISQM 1 Requirements
• Firms must establish quality objectives under ISQM 1.
• Engagement partners ensure audit quality through continuous involvement.

3. Evaluating Engagement Partner’s Involvement

� Review Documentation: Confirm participation in planning, risk assessment, and execution.
� Assess Team Guidance: Ensure clear instructions and responsibilities.
� Supervise & Review: Verify oversight of audit work.

4. Signs of Insufficient Involvement

� Delayed Review: Late or missing reviews in planning and risk assessment.
� Unclear Instructions: Audit team lacks clear roles and objectives.
� Weak Supervision: No evidence of partner’s oversight.

5. Corrective Actions
� Update Audit Plan: Reassess risk and adjust procedures.
� Increase Supervision: Enhance review and involvement.
� Consult Quality Experts: Seek firm guidance on quality management.

405
ISAs – Summaries and Application Guide ISA 220

LO 9: DOCUMENTATION :

a) Documentation of Engagement Partner’s Role

The engagement partner's involvement can be documented in various ways:
• Audit Plan Signoffs → Confirming engagement team direction and project oversight.
• Meeting Minutes → Recording discussions, expectations, and quality commitment.
• Discussion Agendas & Signoffs → Providing evidence of supervision and partner involvement.
• Working Paper Reviews → Verifying that work was reviewed and approved.

b) Documentation of Consultations and Decisions

If consultations involve complex or contentious matters, documentation should clearly include:
• The issue discussed and its scope.
• The decisions made and the rationale behind them.
• How the decisions were implemented in the audit.

Handling Risks and Professional Skepticism in Documentation

Addressing Potential Risks to Audit Quality
When circumstances pose risks to audit quality, the documentation should include:
• Identification of risks that could affect audit reliability.
• Professional skepticism applied in evaluating these risks.
• Steps taken to mitigate concerns.

If the engagement partner obtains information that could have led to engagement rejection, documentation
should explain how the team handled the situation.

Documenting Uncorrected Issues and Engagement Continuance

If significant risks remain unresolved, auditors must document:
• The decision to continue or withdraw from the engagement.
• Consultations with legal or regulatory bodies, if applicable.

406
ISAs – Summaries and Application Guide CA Ordinance 1961

CHARTERED ACCOUNTANT
ORDINANCE, 1961

LO # LEARNING OBJECTIVE Reference

LO 1 CHAPTER VA: PROFESSIONAL MISCONDUCT PROCEEDINGS

LO 2 SCHEDULES I: PROFESSIONAL MISCONDUCT BY MEMBERS

CA
SCHEDULES II: MISCONDUCTS REQUIRING ACTIONS BY A HIGH Ordinance
LO 3
COURT
SCHEDULES III: PROFESSIONAL MISCONDUCT IN RELATION TO THE
LO 4
STUDENTS OF THE INSTITUTE

407
ISAs – Summaries and Application Guide CA Ordinance 1961

LO 1: CHAPTER VA: PROFESSIONAL MISCONDUCT PROCEEDINGS:

1. Reporting and Investigating Professional Misconduct

Reporting Misconduct (Section 20A)

• The Secretary of the Institute must, and any member or aggrieved person may, report misconduct to
the Investigation Committee if:
o A member engaged in misconduct listed in Schedule I or II.
o A student engaged in misconduct listed in Schedule III.
• Complaints must include all necessary facts before being reviewed by the Investigation Committee.

Investigation Process (Section 20B)

• The Investigation Committee reviews complaints and, if required, starts an inquiry after notifying the
accused.
• The accused (member or student) has the right to:
o Present a defense personally or through a legal representative.
o Be represented by another Institute member.
• After the inquiry, the Committee submits a report to the Council.

2. Disciplinary Actions for Members and Students

When No Misconduct is Found (Section 20C)

If the Council finds the accused not guilty, it closes the case and records the decision.

Penalties for Members (Section 20D)

• If a member is guilty under Schedule I, the Council may:
o Issue a warning or reprimand.
o Impose a fine (up to 1,000 rupees).
o Remove the member’s name from the register for up to 5 years.
• If removal for more than 5 years or permanently is required, the Council refers the case to the High
Court.
• If misconduct falls under Schedule II, the Council must refer the case to the High Court.

Penalties for Students (Section 20E)

If a student is guilty under Schedule III, the Council may:
• Issue a warning or reprimand.
• Suspend or extend training for a specified period.
• Debar the student from training.

408
ISAs – Summaries and Application Guide CA Ordinance 1961

3. High Court Involvement and Appeals

High Court Review of Severe Misconduct Cases (Section 20F)

• If a case is referred to the High Court, it:
o Notifies the member and the Council.
o Hears both parties before making a decision.

• The High Court may:

o Dismiss the case.
o Issue a reprimand.
o Remove the member from the Institute (temporarily or permanently).
o Return the case to the Council for further inquiry.

Right to Appeal (Section 20K)

• A member can appeal the Council’s decision within 60 days to the High Court.
• The High Court can:
o Confirm, modify, or dismiss the Council’s order.
o Increase, reduce, or remove penalties.
o Send the case back to the Council for further review.
o Issue any other necessary ruling.
• Before modifying or increasing penalties, the Council and the accused must be given a chance to be
heard.

4. Additional Considerations in Disciplinary Proceedings

Inclusion of Former Members (Section 20G)

If a person was a member at the time of misconduct but left before the inquiry, they are still subject to
investigation.

Council’s Authority and Legal Powers (Section 20H)

The Council and Investigation Committee act as civil courts and can:
• Summon and examine witnesses under oath.
• Request and review documents.
• Accept evidence through affidavits.

Public Disclosure of Decisions (Section 20I)

• If found guilty, the Council publishes findings in the official Gazette and other journals.
• The Council may omit the accused’s name if necessary.

Membership Cancellation and Certificate Return (Section 20J)

• If a member’s name is removed from the register, their membership/practice certificate is canceled.
• The member must return the certificate to the Council Secretary.
• If removal is temporary, the certificate is returned after the period ends.

409
ISAs – Summaries and Application Guide CA Ordinance 1961

LO 2: SCHEDULES I: PROFESSIONAL MISCONDUCT BY MEMBERS

Part 1: Professional Misconduct by Members in Practice

A Chartered Accountant (CA) in practice commits professional misconduct if they:
1. Allow an unqualified person to practice in their name unless that person is also a practicing CA and
either a partner or an employee.
2. Share professional fees or profits with anyone except:
o Another CA.
o A partner, retired partner, or the legal representative of a deceased partner.
3. Accept profits from a non-CA’s professional work (e.g., lawyer, broker).
4. Partner with an unqualified person to gain business through unethical means.
5. Solicit clients through advertisements, circulars, or direct communication.
6. Advertise their professional skills or use any title other than "Chartered Accountant" unless legally
recognized.
7. Accept an audit position previously held by another CA without first informing them in writing.
8. Accept an audit appointment without confirming compliance with legal requirements.
9. Charge fees based on profits or contingent outcomes unless legally permitted.
10. Engage in another business unless approved by the Institute, except for serving as a director in a
company (provided they or their partners are not the auditors).
11. Accept an audit position under conditions that involve undercutting.
12. Allow a non-member or non-partner to sign audit reports or financial statements on their behalf.
13. Certify estimated future profits or multi-year average profits without showing annual figures
separately.

Part 2: Professional Misconduct in by Members in Management Consultancy

A CA engaged in management consultancy commits professional misconduct if they:
1. Advertise services or solicit work through any promotional material.
2. Issue brochures except for existing clients or in response to direct requests.
3. Display designations of directors and members on letterheads, except as legally permitted.
4. Mention associate CA firms on professional documents or advertisements.
5. Associate with firms or companies whose name implies a specific activity.
6. Use "Chartered Accountants" for a management consultancy firm or company.
7. Share profits against professional ethics, except when working with non-members under certain
conditions.
8. Accept conventional accounting work (e.g., audit, tax) from a client introduced by another
accountant.
9. Use "Management Consultant(s)" except for firms solely engaged in management consultancy.
10. Work with non-members unless they follow the Institute’s professional ethics.
11. Take on management consultancy work without informing the client’s existing CA or consultant.
12. Engage in any misconduct through a company or firm that they cannot do individually.

Part 3: Professional Misconduct by Members in Employment (Service):

A CA employed in a company, firm, or organization commits professional misconduct if they:
1. Share their salary or employment earnings with another person.
2. Accept commissions or profits from professionals or business associates of their employer.
3. Disclose confidential information acquired during employment unless legally required or permitted
by the employer.

410
ISAs – Summaries and Application Guide CA Ordinance 1961

Part 4: General Professional Misconduct by Any Members

A CA, whether in practice or not, commits professional misconduct if they:
1. Submit false information to the Institute.
2. Claim to be a Fellow member without qualification.
3. Fail to provide requested information or comply with Institute directives.
4. Malign the Institute, Council, or its committees to damage their reputation.
5. Commit any act that discredits the profession.
6. Violate the Ordinance or related bye-laws.

LO 3: SCHEDULES II: MISCONDUCTS REQUIRING ACTIONS BY A HIGH COURT

Part 1 Professional misconduct in relation to CA in practice requiring action by a High Court:

A Chartered Accountant (CA) in practice is guilty of professional misconduct if they:

1. Disclose Client Information
o Share client information without their consent, unless required by law.
2. Certify or Submit Reports Without Proper Examination
o Issue a report in their or their firm's name without personally or properly examining the
financial statements.
3. Associate with Speculative Earnings Estimates
o Allow their or their firm’s name to be used in financial forecasts, creating an impression of
guaranteed accuracy.
4. Express Opinions with a Conflict of Interest
o Give an opinion on financial statements of a business where they or their firm have a
significant interest, without disclosing it.
5. Fail to Disclose Material Facts
o Omit key facts necessary to prevent financial statements from being misleading.
6. Fail to Report Known Misstatements
o Ignore material misstatements in financial statements they are responsible for reviewing.
7. Show Gross Negligence
o Perform duties with extreme carelessness or incompetence.
8. Lack Sufficient Information for an Opinion
o Give an opinion without enough information or when exceptions are so significant that the
opinion should be withdrawn.
9. Mismanage Client Funds
o Fail to keep client money in a separate bank account or misuse it for unintended purposes.

Professional misconduct in relation to members engaged in management consultancy requiring

action by a High Court:

A management consultant is guilty of professional misconduct if they:

1. Disclose Client Information
o Share client information without consent, except when required by law.
2. Show Gross Negligence
o Perform duties carelessly or incompetently.
3. Mismanage Client Funds
o Fail to keep client money in a separate account or misuse it.

411
ISAs – Summaries and Application Guide CA Ordinance 1961

LO 4: SCHEDULES III: PROFESSIONAL MISCONDUCT IN RELATION TO THE STUDENTS OF THE

INSTITUTE

A student of the Institute commits professional misconduct if they:

1. Violate any provisions of the Ordinance or its bye-laws.
2. Fail to provide information requested by the Institute.
3. Do not comply with the Institute’s requirements.
4. Ignore directives issued by the Council or its committees.
5. Disclose confidential information obtained during training, except when required by law or
permitted by their principal.
6. Submit false information to the Institute knowingly.
7. Engage in any act or omission that discredits the Institute's students.

412
 ISAs – Summaries and Application Guide ISA 200

ISA 200
OVERALL OBJECTIVES OF THE
INDEPENDENT AUDITOR

LO # LEARNING OBJECTIVE REQUIREMENTS APPLICATION

LO 1 INTRODUCTION, OBJECTIVE AND DEFINITION 1 – 13 A1−A16

ETHICAL REQUIREMENTS RELATING TO AN AUDIT OF
LO 2 14 A17−A20
FINANCIAL STATEMENTS
LO 3 PROFESSIONAL SKEPTICISM 15 A21−A25
LO 4 PROFESSIONAL JUDGMENT 16 A26−A30
SUFFICIENT APPROPRIATE AUDIT EVIDENCE AND
LO 5 17 A31−A57
AUDIT RISK
LO 6 CONDUCT OF AN AUDIT IN ACCORDANCE WITH ISAS 18 – 24 A58−A83

413
ISAs – Summaries and Application Guide ISA 200

LO 1: INTRODUCTION, OBJECTIVE AND DEFINITION:

What is ISA 200?

It defines the independent auditor’s responsibilities when conducting a financial statement audit under
International Standards on Auditing (ISAs).

Purpose of an Audit
 Enhances confidence in financial statements.
 Ensures compliance with applicable financial reporting frameworks (e.g., IFRS, GAAP).
 Identifies material misstatements caused by fraud or error.

� Key Point: Does an audit guarantee business success?

No! An audit does not assure future viability or management effectiveness. Audit also does not cover opinion
on internal control.

Responsibilities in an Audit
 Management’s Responsibilities
Management must:
• Prepare financial statements per the reporting framework.
• Implement internal controls to prevent misstatements.
• Provide auditors with full access to records and personnel.

� Key Point: Before an audit starts, management must confirm that they understand and accept their
financial reporting responsibilities.

 Auditor’s Responsibilities
The auditor must:
 Obtain reasonable assurance that financial statements are free from material misstatement.
 Gather sufficient, appropriate audit evidence.
 Form an opinion on whether financial statements comply with the framework.
 Report findings to management, governance, or regulators when required.

� Key Point: An auditor’s responsibility is to express an opinion, not prepare financial statements.

What is Reasonable Assurance?

Auditors aim to obtain reasonable assurance that financial statements are free from material misstatement
due to fraud or error.
• Reasonable assurance is a high level of assurance, but not absolute.
• It is based on sufficient and appropriate audit evidence.

What is Risk of Material Misstatement:

A risk of material misstatement exists when:
• A misstatement is likely to occur.
• It could be material if it happens.

414
ISAs – Summaries and Application Guide ISA 200

Components of Risk of Material Misstatement:

• Inherent Risk – Risk of misstatement due to business complexity.
• Control Risk – Risk that internal controls fail.

� Key Point: Auditors design procedures to minimize audit risk to an acceptably low level.

What is Materiality?
 A misstatement is material if it could influence users' decisions.
 Materiality is determined based on the size and nature of misstatements.
 Materiality is applied in Planning the audit, Assessing misstatements, Forming an opinion on
financial statements.

� Key Point: Auditors do not focus on immaterial misstatements that do not impact decision-making.

Key Audit Steps:

 Identify & Assess Risks – Evaluate fraud risks and financial reporting framework.
 Gather Evidence – Perform tests to confirm accuracy.
 Analyze & Conclude – Form an opinion based on findings.
 Report the Results – Communicate findings as per ISA requirements.

� Key Point: Professional judgment and skepticism must be applied throughout.

Types of Audit Opinions

The type of opinion depends on the financial reporting framework and audit findings.
Unmodified Opinion – Financial statements are true and fair.

Modified Opinion – Financial statements contain issues:

 Qualified Opinion – There is misstatement or scope limitation whose effect is material.
 Adverse Opinion – There is misstatement whose effect is pervasive.
 Disclaimer of Opinion – There is limitation whose effect is pervasive.

� Key Point: If there is scope limitation by management whose effect is pervasive, auditor must withdraw
from engagement, if possible and practicable.

Types of Financial Statements

Financial statements may be:
 General purpose – For a wide range of users (e.g., IFRS, GAAP).
 Special purpose – For specific users (e.g., tax authorities, regulators).

A complete set of financial statements typically includes:

• Balance sheet
• Income statement
• Cash flow statement
• Statement of changes in equity
• Notes to financial statements

415
ISAs – Summaries and Application Guide ISA 200

LO 2: ETHICAL REQUIREMENTS RELATING TO AUDIT OF F/S:

Fundamental Ethical Requirements:

Auditors must comply with ethical requirements, including independence, when conducting financial
statement audits.

Fundamental Ethical Principles (IESBA Code)

Principle Description
Integrity Be honest and transparent.
Objectivity Avoid bias and conflicts of interest.
Professional Competence & Due
Stay updated and perform duties diligently.
Care
Confidentiality Protect client information.
Professional Behavior Follow laws and professional standards.

Two Types of Independence:

Type Description
Independence of Mind Ability to make unbiased decisions.
Independence in Appearance Avoid situations that create the perception of bias.

Quality Management & Ethical Compliance

Key Requirement:
Audit firms must have a quality management system to ensure compliance with ethical and independence
standards.

Regulatory Standards:
Standard Key Focus
ISQM 1 Requires firms to design and operate quality management systems.

ISA 220 (Revised) Assigns engagement partners responsibility for ethical compliance.

LO 3: PROFESSIONAL SKEPTICISM:

Definition:
Professional skepticism is a questioning mindset that auditors must maintain to detect potential material
misstatements in financial statements.

Auditor's Responsibility:
• Plan and perform the audit with professional skepticism.
• Recognize that financial statements may contain material misstatements.

Key Areas Requiring Professional Skepticism:

• Contradictory audit evidence.
• Unreliable documents or management responses.
• Indicators of fraud.
• If a document appears forged or altered.

416
ISAs – Summaries and Application Guide ISA 200

Impact of Past Experience with Management

• Trust in management’s integrity does not replace skepticism.
• Auditors must still obtain persuasive audit evidence to achieve reasonable assurance.

LO 4: PROFESSIONAL JUDGMENT:

Understanding Professional Judgment

Professional judgment is essential in planning and conducting financial statement audits. It helps auditors
interpret ethical requirements, apply auditing standards, and make informed decisions based on knowledge
and experience.

Key Areas Requiring Professional Judgment

� Materiality & Audit Risk
• Assess the significance of financial information.
• Identify and evaluate potential risks of material misstatement.

� Audit Procedures
• Determine the nature, timing, and extent of audit procedures.
• Select appropriate methods to gather audit evidence.

� Audit Evidence Evaluation

• Assess whether sufficient and appropriate audit evidence has been collected.
• Decide if additional procedures are needed.

� Management’s Judgments
• Analyze management’s accounting estimates and assumptions.
• Ensure compliance with the applicable financial reporting framework.

� Audit Conclusions
• Judge the reasonableness of management’s estimates in financial statements.
• Form conclusions based on gathered audit evidence.

LO 5: SUFFICIENT APPROPRIATE EVIDENCE AND AUDIT RISK:

Auditors must collect sufficient appropriate audit evidence to reduce audit risk to an acceptable level,
ensuring reliable conclusions for the audit opinion.

Understanding Audit Evidence:

What is Audit Evidence?
Audit evidence supports the auditor’s opinion and is collected from:
 Audit procedures
 Previous audits (if relevant)
 Entity’s records and financial statements
 Management’s experts
 External sources

417
ISAs – Summaries and Application Guide ISA 200

Characteristics of Audit Evidence

Aspect Definition Key Consideration
Sufficiency Quantity of evidence collected More risk → More evidence needed
Quality of evidence (relevance &
Appropriateness Higher quality → Less evidence required
reliability)

Understanding Audit Risk:

 What is Audit Risk?
Audit risk is the risk that the auditor expresses an incorrect opinion due to undetected material
misstatements.

 Components of Audit Risk

1. Risk of Material Misstatement
 Exists before the audit.
 Includes Inherent Risk & Control Risk.
2. Detection Risk
 Arises during the audit.
 Relates to audit procedures failing to detect misstatements.

� Key Point: What is NOT Audit Risk?

Business risks like reputational damage, are not audit risk.

Risks of Material Misstatement

Where Can Material Misstatement Occur?
1. Overall Financial Statement Level – Affects the entire financial report.
2. Assertion Level – Relates to specific transactions, balances, or disclosures.

Components of Material Misstatement Risk

Risk Type Definition Example

Risk due to complexity, estimation, or High risk in inventory valuation due to

Inherent Risk
external factors. price fluctuations.
Risk that internal controls fail to
Control Risk Weak segregation of duties allows fraud.
prevent or detect misstatements.

� Key Point: Auditors must separately assess inherent risk and control risk to plan proper audit
procedures.

Detection Risk
What is Detection Risk?
The risk that audit procedures fail to detect material misstatements.

How to Reduce Detection Risk?

 Effective planning
 Proper team assignments
 Professional skepticism
 Supervision & review

418
ISAs – Summaries and Application Guide ISA 200

� Key Point: Detection risk is inversely related to misstatement risk:

Higher misstatement risk → Lower acceptable detection risk → More extensive procedures.

Why Can’t Audits Provide Absolute Assurance?

Audits have Inherent limitations that prevent absolute accuracy. These include:

1. Nature of financial statements (estimates, judgments and uncertainties are involved e.g. in
accounting estimates).

2. Nature of audit procedures (judgments are involved)

a. Management may not provide complete information to auditor.
b. Auditor does not have legal powers (e.g. power to search).
c. Fraud involving collusion and complex techniques, or involving senior management are
harder to detect.

3. Time and Cost limitation.

4. Other matters/assertions in which it is difficult to identify misstatements:

a. Transactions with related parties.
b. Non-compliance with laws and regulations
c. Going Concerns Issues

� Key Point: Auditor’s Response to Risks and Limitations:

Auditor Focuses on high-risk areas. Auditor Use sampling and analytical procedures to examine large data
sets.

LO 6: CONDUCT OF AN AUDIT IN ACCORDANCE WITH ISAS:

Compliance with ISA Requirements:

The auditor can state compliance with ISAs in their report only if they have complied with all requirements of
all ISAs.

Exception to follow requirements of ISA:

A required procedure will not be performed if it is:
 not relevant or
 not practicable.

If a procedure is not practicable, auditor shall document:

 reason of departure from required procedure, and
 alternative procedures performed to obtain evidence/assurance.

Using Objectives in ISAs:

Each ISA has objectives and requirements that guide auditors in planning and performing audits.

Evaluating Audit Evidence:

 Auditors must evaluate whether they have sufficient and appropriate audit evidence.
 If evidence is insufficient, auditors must perform new procedures and obtain additional evidence.
 If auditors cannot obtain sufficient evidence, they must modify the audit opinion.

419
ISAs – Summaries and Application Guide ISA 200

Smaller Entities
ISAs apply to all entities, but smaller entities may require different approaches.

Smaller entities often have:

• Fewer owners and managers.
• Simple business models.
• Less complex internal controls.

Audits for small entities may involve fewer procedures but must still comply with ISA requirements.

420
ISAs – Summaries and Application Guide ISA 600

PART – JOINT AUDIT

LO: JOINT AUDIT GUIDE:

Responsibilities of Joint Auditor:

A joint auditor is jointly responsible for his own work, and also for work of other joint auditor.

Compliance with Ethics and Quality Control System:

 Before acceptance, joint auditors should obtain necessary information/documentation to ensure that
other joint auditor meets the ethical and quality control requirements (e.g. through a letter sent to
each other).
 If a joint auditor is not satisfied about ethics or quality control system of other joint auditor, he
should:
o Perform all significant work himself, or
o Refuse the engagement.

Joint Auditors Agreement:

Joint auditors should make a written agreement among themselves, stating:
 Communication regarding Ethics and Quality Control System.
 Division of work.
 Mechanism for review of each other’s working papers.
 Mechanism for dispute resolution.

Acceptance and Continuance:

Preferably, there should be a single Engagement Letter agreed with client. However, depending on firm’s
policies and procedures, separate engagement letters may also be agreed.

Audit Plan and Procedures:

 Joint auditors should jointly establish Overall Audit Strategy, and Risk Assessment to draw uniform
conclusions. Audit Plan can be developed jointly or separately.
 Allocation of work:
o should be agreed in writing.
o should cover all significant components of F/S.
o preferably, should be communicated to entity.
 Some critical areas may be covered by all joint auditors.
 If a joint auditor does not place reliance on work of other joint auditor, he must document the reason
and should perform the work himself.

Review of Work Performed:

 At planning stage, Joint auditors should agree on procedures to review work of each other.
 Review must be completed on/before date of joint-auditors’ report.
 If a joint auditor concludes that work of other joint-auditor is insufficient, he must:
o Request other joint auditor to perform additional work, or
o Perform additional work himself if other joint auditor disagrees.

421
ISAs – Summaries and Application Guide ISA 600

Communication:
 Written communication to client should be jointly made by joint auditors (e.g. management letter,
letter to TCWG, presentations to audit committee).
 All important meetings should be attended by representatives from all joint auditors.

Differences of Opinion between Joint Auditors:

 A single audit report is signed by all joint auditors.
 At planning stage, Joint auditors should agree on procedures to resolve differences of opinion before
date of audit report.
 First, differences of opinion should be discussed between joint engagement partners.
 If not resolved, matter should be referred to the nominated partners from respective firms.
 If still not resolved, matter should be discussed with management/TCWG, and
o Each joint auditor must issue separate audit report.
o Audit report shall and include Other Matter paragraph giving reference to other joint
auditor’s report and reason of difference.
o Both reports shall be attached to financial statements, and shall be considered auditors’
report.

Documentation:
Joint auditors should document following:
 Confirmation letter from other joint auditor for compliance with ethical and quality control
requirements.
 Audit strategy, materiality and risk assessment.
 Agreed allocation of work.
 Review performed on work of other joint auditor, and assessment of adequacy of work.
 Matters of disagreement and their resolutions.
 Working papers supporting audit engagement should be retained by both joint auditors.
 Preferably, there should be a single Representation Letter. However, depending on firm’s policies
and procedures, separate representation letters may also be obtained (after ensuring that it contains
representations common to other joint auditor).

422
ISAs – Summaries and Application Guide Due Diligence

DUE DILIGENCE ENGAGEMENT

[REVIEW BEFORE INVESTMENT]

LO # LEARNING OBJECTIVE

LO 1 UNDERSTANDING THE PURPOSE AND SCOPE OF A DUE DILIGENCE ENGAGEMENT

LO 2 REVIEW FINANCIAL PERFORMANCE, POSITION, AND SUSTAINABILITY
LO 3 REVIEW LEGAL AND OWNERSHIP STRUCTURE
LO 4 REVIEW HUMAN RESOURCES AND KEY STAFF DEPENDENCE
LO 5 REVIEW LEGAL, TAX, AND REGULATORY RISKS
LO 6 REVIEW ASSETS, LIABILITIES, AND CONTRACTUAL COMMITMENTS
LO 7 REVIEW TECHNOLOGY INFRASTRUCTURE AND SYSTEM COMPATIBILITY
LO 8 PREPARE COST-BENEFIT ANALYSIS

423
ISAs – Summaries and Application Guide Due Diligence

LO 1: UNDERSTANDING THE PURPOSE AND SCOPE OF A DUE DILIGENCE ENGAGEMENT:

What is a Due Diligence Engagement?

A due diligence engagement is a targeted investigation conducted before a business acquisition, merger,
investment, or strategic alliance. It is not an audit, but a customized engagement focused on buyer-specific
concerns.

Objectives
• Identify risks, opportunities, and help with valuation.
• Provide forward-looking, risk-focused insights aligned with investor goals.

Key Features

Feature Explanation
Engagement Type Review procedures
Focus Forward-looking and risk-focused
Coverage Financial, Operational, Legal, Tax, HR, IT
Output Due Diligence Report (not an audit opinion)

Tips
• Divide the analysis by area (financial, legal, operational, etc.).
• Avoid audit-style procedures unless contextually justified.
• Emphasize risks related to synergies, cost reductions, or expansion.

LO 2: REVIEW FINANCIAL PERFORMANCE, POSITION, AND SUSTAINABILITY

Objectives
• Analyze historical financial trends (3–5 years).
• Assess the sustainability of current profitability.
• Examine debt, capital structure, and off-balance sheet items.
• Focus on cash flows over net profit.

Key Financial Areas

Area What to Examine
Revenue Trends Growth, customer base, seasonality
Expenses Nature, control, consistency
Profitability Margins and sustainability
Finance Costs Debt terms and obligations
Leases/Commitments Long-term liabilities
Tax Provisions Adequacy and compliance

Documents to Review
• Audited financial statements
• Management accounts
• Loan agreements
• Forecasted P&L and cash flows

424
ISAs – Summaries and Application Guide Due Diligence

Tips
• Investigate the “why” behind financial changes.
• Flag inconsistencies in tax, financing, or asset valuation.

LO 3: REVIEW LEGAL AND OWNERSHIP STRUCTURE

Objectives
• Identify the legal form of the business (e.g., company, partnership).
• Assess if owners can legally sell or transfer their interest.
• Review restrictions from contracts or legal obligations.

Documents to Review
• Incorporation documents / Partnership deed
• Shareholder or partner agreements
• Third-party loan agreements

Tips
• Confirm the transaction can proceed legally.
• Check for required consents or third-party approvals.

LO 4: REVIEW HUMAN RESOURCES AND KEY STAFF DEPENDENCE

Objectives
• Assess reliance on founders or key personnel.
• Evaluate existing retention strategies or contracts.
• Estimate redundancy costs for staff not retained.

Key Considerations
• Key person risk
• Compensation structure (fixed vs. commission)
• Legal redundancy obligations

Documents to Review
• Organizational chart
• Employee contracts and offer letters
• Job descriptions
• HR policies

Tips
• Assess integration with the buyer’s team.
• Evaluate staff morale and likelihood of retention.

425
ISAs – Summaries and Application Guide Due Diligence

LO 5: REVIEW LEGAL, TAX, AND REGULATORY RISKS

Objectives
• Identify potential or pending legal claims or tax issues.
• Confirm compliance with tax filings and regulatory obligations.
• Review contracts, licenses, and permits.

Key Risk Areas

• Legal disputes (current or threatened)
• Tax liabilities and filings
• Regulatory licenses and adherence

Documents to Review
• Tax returns
• Legal notices and correspondence
• Supplier and customer contracts
• Details of contingent liabilities

Tips
• Check for off-balance sheet liabilities.
• Confirm full tax compliance.

LO 6: REVIEW ASSETS, LIABILITIES, AND CONTRACTUAL COMMITMENTS

Objectives
• Confirm ownership and proper valuation of assets.
• Understand lease classifications and contractual obligations.
• Detect hidden or contingent liabilities.

Key Considerations
• Finance vs. operating leases
• Intangible asset valuation (e.g., software, IP)
• Clauses in contracts (e.g., penalties for early termination)

Documents to Review
• Lease agreements
• Valuation reports for assets
• Contracts with vendors or partners
• Purchase agreements for intangible assets

Tips
• Watch for unfavorable lease or contract terms.
• Ensure legal ownership or licensing of intangibles.

426
ISAs – Summaries and Application Guide Due Diligence

LO 7: REVIEW TECHNOLOGY INFRASTRUCTURE AND SYSTEM COMPATIBILITY

Objectives
• Evaluate IT systems critical to operations.
• Assess integration feasibility with buyer’s systems.
• Ensure cybersecurity, licensing, and development contracts are in place.

Documents to Review
• System architecture documents
• Development agreements
• Cybersecurity certifications
• IT policy manuals

Tips
• Prioritize system integration and security.
• Confirm ownership or licensing of all tech components.

LO 8: PREPARE COST-BENEFIT ANALYSIS

Estimate future benefits and costs of the takeover, which could include:
 Cost Savings: Such as economies of scale.
 Additional Costs: Such as redundancy or restructuring expenses.

427