Chapter 1: Audit and Other Assurance Engagements

Chapter 2: External Audit

Chapter 3: Corporate Governance
Chapter 4: Professional Codes of Ethics and Conduct
Chapter 5: Auditor Appointment
Chapter 6: Audit Documentation
Chapter 7: Audit Planning
Chapter 8: Identifying and Assessing Risk
Chapter 9: System of Internal Control
Chapter 10: Audit Materiality
Chapter 11: Fraud, Law and Regulations
Chapter 12: Tests of Control
Chapter 13: Communication on Internal Control
Chapter 14 : Internal Audit
Chapter 15: Audit Evidence
Chapter 16: Analytical Procedures
Chapter 17: Accounting Estimates
Chapter 18: The Work of Others
Chapter 19: Audit Sampling
Chapter 20: Written Representations
Chapter 21: Automated Tools and Techniques
Chapter 22: Non-current Assets
Chapter 23: Inventory
Chapter 24: External Confirmations, Receivables and Sales
Chapter 25: Share Capital, Reserves and Directors'
Remuneration
Chapter 26: Bank and Cash
Chapter 27: Liabilities, Provisions and Contingencies
Chapter 28: Small Business and Not-for-Profit Organisations
Chapter 29: Audit Finalisation
Chapter 30: The Independent Auditor's Report
Chapter 31: Going Concern
Chapter 1: Audit and Other Assurance
Engagements

Visual Overview

Objective: To introduce the concepts of audit and assurance engagements.

1.1 External Audit

During the middle of the 19th century, the development of joint-stock corporations
required directors to report to the shareholders whose capital they managed.
As ownership and management became significantly separated, shareholders (and
in today's corporate environment, other stakeholders) required independent
verification that what the directors (management) reported was true.

Key Point

The objective of an external audit is to express an opinion (in terms of truth and
fairness) on whether the financial statements are prepared, in all material
respects, in accordance with an identified reporting framework (e.g. International
Financial Reporting Standards) and the relevant law.
 • Statutory audits (i.e. carried out according to statutory provisions) became
mandatory for companies in the UK in 1900. The auditor was required to be
independent of the company, hence an external auditor.
• Initially, the purpose of an audit was to detect fraud, technical errors and
errors of principle. However, as the size and complexity of companies grew,
case law developed the principle that it was unreasonable to expect auditors
to detect all aspects of fraud, even though they were expected to exercise
reasonable skill and care.
• As companies grew, with many becoming international organisations, it
became impracticable for auditors to verify the 100% accuracy of financial
records. So the audit of financial statements became an attestation
(substantiation, testimony) of their credibility (i.e. believability).

Key Point

Company law requires statutory (external) audits in the jurisdiction in which a

corporation operates.

The general provisions for external audit typically contained in company law are
discussed in Chapter 2.

1.2 Internal Audit

Definition

Internal auditing – an independent, objective assurance and consulting activity

designed to add value and improve an organisation’s operations.
It helps an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluating and improving the effectiveness of risk
management, control, and governance processes.
– The Institute of Internal Auditors (IIA)

The modern form of internal audit was initially developed as the growth and
increasing complexity of entities in the early 1900s stretched the capabilities of
managers to manage effectively.
• Senior management appointed specialist employees to review and report on
various financial and other processes and to ensure that appropriate controls
were effectively applied.
• The role of the early internal auditors ranged from checking routine financial
and operational functions with a heavy emphasis on compliance, security and
detection of fraud to (in some cases) the analysis and appraisal of financial
 and operational activities. The Institute of Internal Auditors (IIA) was founded
in 1941.
• The expansion of the role of internal audit, whether required by legislation
(e.g. in public sectors), listing regulations, corporate governance codes (e.g.
the UK Corporate Governance Code) or as a voluntary activity, reflects
organisations’ economic and international growth.
The role of internal audit in governance is discussed in Chapter 14.

1.3 Assurance Services

Definition

Assurance services – independent professional services that improve the quality

of information, or its context, for decision-makers.

Over the years, the auditing profession has broadened its role (and income streams)
by developing a wide range of assurance services (of which the financial statement
audit is just one part).
Factors contributing to the increasing demand for assurance services include:
• The rapid expansion of available information (e.g. systems capabilities of
capturing, processing and delivering relevant and reliable information).
• The changing information needs of businesses and consumers (e.g.
minimising information overload).
• The increase in demand for relevant information for decision-makers (e.g.
budgets, cash flow forecasts and due diligence).
• Emerging technologies (e.g. automation, the internet and data analytics) and
business processes (e.g. supply chain management, outsourcing).
• Changing expectations and demands of customers, suppliers and other
stakeholders (e.g. quality control, market trends).
• Globalisation of businesses creating worldwide needs (e.g. ethical supply-
chain codes).
• Increasing corporate accountability demanding more relevant and reliable
information (e.g. corporate governance, compliance with laws and regulations,
environmental performance, corporate social reporting and integrated
reporting).

Typical assurance services include:

• Audits of financial statements and reviews of historical financial information.
• Prospective financial information (e.g. cash flows) reviews.
• Business ethics audits, social responsibility reporting, environmental
reporting.
 • Risk assessments (including e-commerce).
• Value for money audits.
• Performance measurement.
• Systems and control reliability.

Exam advice

Only audits and reviews of historical financial information are examinable in

detail.

2.0 Introduction

An external audit provides confidence in the integrity of corporate reporting for the
benefit of stakeholders and society by providing an external and objective view of the
statutory financial statements. Specifically, the audit enhances the degree of
confidence of the shareholders in the financial statements.

2.1 As an Assurance Service

As an assurance service, an external audit must include the five elements of an

assurance engagement:
1. The subject matter is the financial statements prepared under the applicable
financial reporting framework (e.g. IFRS Standards).
2. The three-party relationship includes:
• the directors, who are responsible for the financial statements;
• the practitioner (i.e. the external auditor); and
• the shareholders (and other intended users of the financial statements).
3. The criteria used to evaluate the financial statements include the financial
reporting framework.
4. The external auditor plans and performs the audit engagement to obtain
sufficient appropriate evidence to support the expression of an opinion on the
financial statements.
5. An opinion in an assurance report – the "independent auditor's report".
These elements are described in more detail in s.3.2.

Definition

Applicable financial reporting framework – the financial reporting framework

adopted by management in the preparation of the financial statements that is
 acceptable in view of the nature of the entity and the objective of the financial
statements or that is required by law or regulation.

2.2 Stewardship, Agency and Accountability

Exam advice

These concepts were introduced in earlier examinations (Business and

Technology and Corporate and Business Law).

Generally, companies are:

• Owned by shareholders; and
• Managed by directors who the shareholders appoint.
The shareholders appoint auditors to report to them (provide assurance) on the
information provided by the directors (the annual financial statements as required by
law).
The essential attributes of the relationship between the directors, shareholders and
auditors are stewardship, agency and accountability.

2.2.1 Stewardship

Stewardship is the practice of managing another person's property. Directors and

other managers of an entity have the responsibility of stewardship for the property of
that entity, which the shareholders own.

Activity 1 Stewardship

Suggest FIVE responsibilities of company directors.

*Please use the notes feature in the toolbar to help formulate your answer.

2.2.2 Agency

An agent is an individual (or another entity) employed or used to provide a particular

service. The individual using the agent is the principal.

Activity 2 Agency

Describe the possible agency relationships between shareholders, directors and

auditors.
*Please use the notes feature in the toolbar to help formulate your answer.

2.2.3 Accountability

Accountability is where one party is held responsible (answerable) to another party; it

will be required to justify its actions and decisions to that party.

Activity 3 Accountability
Explain the accountability of auditors and directors to shareholders.
*Please use the notes feature in the toolbar to help formulate your answer.

2.3 Auditor’s Report

Key Point

The objective of an audit of financial statements is:

• to enable an independent auditor to obtain reasonable assurance about
whether the financial statements are free from material misstatement,
whether due to fraud or error; and (thereby)
• to express an opinion on whether the financial statements are prepared, in
all material respects, in accordance with an identified financial reporting
framework.

The auditor's report, the product of the auditor's work, is a written communication to
the shareholders. It is introduced here to provide the context of what an audit entails;
it is explained in detail in Chapter 30.
An example of an auditor’s report, which expresses the audit opinion, follows.
INDEPENDENT AUDITOR’S REPORT
To the Shareholders of ABC Company [or Other Appropriate Addressee]
Report on the Audit of the Financial Statements
Opinion
We have audited the financial statements of ABC Company (the Company), which
comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement
of cash flows for the year then ended, and notes to the financial statements,
including a summary of significant accounting policies.
In our opinion, the accompanying financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of the Company as at
December 31, 20X1, and (of) its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing
(ISAs). Our responsibilities under those standards are further described in the
Auditor’s Responsibilities for the Audit of the Financial Statements section of our
report. We are independent of the Company in accordance with the International
Ethics Standards Board for Accountants’ Code of Ethics for Professional
Accountants (IESBA Code) together with the ethical requirements that are relevant
to our audit of the financial statements in [jurisdiction], and we have fulfilled our other
ethical responsibilities in accordance with these requirements and the IESBA Code.
We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our opinion.
Key Audit Matters
Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These
matters were addressed in the context of our audit of the financial statements as a
whole, and in forming our opinion thereon, and we do not provide a separate opinion
on these matters.
[Description of each key audit matter in accordance with ISA 701.]
Other Information
[Add detail in accordance with ISA 720]
Responsibilities of Management and Those Charged with Governance for the
Financial Statements
Responsibilities of Management and Those Charged With Governance for the
Financial Statements Management is responsible for the preparation and fair
presentation of the financial statements in accordance with IFRSs, and for such
internal control as management determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud
or error.
In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters
related to going concern and using the going concern basis of accounting unless
management either intends to liquidate the Company or to cease operations, or has
no realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s
financial reporting process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error, and to issue an auditor’s report that includes our opinion. Reasonable
assurance is a high level of assurance, but is not a guarantee that an audit
conducted in accordance with ISAs will always detect a material misstatement when
it exists. Misstatements can arise from fraud or error and are considered material if,
individually or in the aggregate, they could reasonably be expected to influence the
economic decisions of users taken on the basis of these financial statements.
*As part of an audit in accordance with ISAs, we exercise professional judgment and
maintain professional skepticism throughout the audit. We also:
 • Identify and assess the risks of material misstatement of the financial
statements, whether due to fraud or error, design and perform audit
procedures responsive to those risks, and obtain audit evidence that is
sufficient and appropriate to provide a basis for our opinion. The risk of not
detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional
omissions, misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to
design audit procedures that are appropriate in the circumstances, but not for
the purpose of expressing an opinion on the effectiveness of the Company’s
internal control.
• Evaluate the appropriateness of accounting policies used and the
reasonableness of accounting estimates and related disclosures made by
management.
• Conclude on the appropriateness of management’s use of the going concern
basis of accounting and, based on the audit evidence obtained, whether a
material uncertainty exists related to events or conditions that may cast
significant doubt on the Company’s ability to continue as a going concern. If
we conclude that a material uncertainty exists, we are required to draw
attention in our auditor’s report to the related disclosures in the financial
statements or, if such disclosures are inadequate, to modify our opinion. Our
conclusions are based on the audit evidence obtained up to the date of our
auditor’s report. However, future events or conditions may cause the
Company to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the financial
statements, including the disclosures, and whether the financial statements
represent the underlying transactions and events in a manner that achieves
fair presentation.
We communicate with those charged with governance regarding, among other
matters, the planned scope and timing of the audit and significant audit findings,
including any significant deficiencies in internal control that we identify during our
audit.
We also provide those charged with governance with a statement that we have
complied with relevant ethical requirements regarding independence, and to
communicate with them all relationships and other matters that may reasonably be
thought to bear on our independence, and where applicable, related safeguards.
From the matters communicated with those charged with governance, we determine
those matters that were of most significance in the audit of the financial statements
of the current period and are therefore the key audit matters. We describe these
matters in our auditor’s report unless law or regulation precludes public disclosure
about the matter or when, in extremely rare circumstances, we determine that a
matter should not be communicated in our report because the adverse
consequences of doing so would reasonably be expected to outweigh the public
interest benefits of such communication.
The engagement partner on the audit resulting in this independent auditor’s report is
[name].
[Signature in the name of the audit firm, the personal name of the auditor, or both, as
appropriate for the particular jurisdiction]
[Auditor Address]
[Date]
*This description of the auditor’s responsibilities (as shaded above) may be included
in a referenced appendix to the auditor’s report or by a specific reference to a
website of an appropriate authority, where the auditor is permitted to do so.

2.3.1 Management and Auditor’s Responsibility

Management is responsible for preparing and presenting fairly the financial

statements (e.g. in accordance with the applicable financial reporting framework).
This includes:
• designing, implementing and maintaining the necessary internal control;
• selecting and applying appropriate accounting policies; and
• making accounting estimates that are reasonable in the circumstances.
Management’s responsibility is stated in:
• the auditor’s report;
• the engagement letter between the auditors and directors (see Chapter 5);
and
• the written representations from the directors to the auditors (see Chapter 20).
Oversight of management’s responsibilities (including those for the financial
statements) is provided by those charged with governance (TCWG). The
governance structure will vary depending on the jurisdiction that management
operates within and the applicable corporate governance code (see Chapter 3).
An audit of financial statements does not relieve management or TCWG of their
responsibilities.
The auditor is responsible for expressing an opinion on the financial statements
based on the audit. The scope of audit work is described in the report, in an
appendix to the auditor’s report, or by a specific reference to a website of an
appropriate authority. The auditor is not responsible for the financial statement’s form
and content.
Although the audit opinion enhances the credibility of the financial statements, users
cannot assume that the opinion assures the future viability of the entity or the
efficiency or effectiveness of management’s stewardship.
2.3.2 International Standards on Auditing (ISA)

Each ISA provides:

• an introduction, objectives and definitions;
• requirements; and
• application and other explanatory material.

An audit conducted in accordance with ISAs must consider the requirements of:

• ISAs (i.e. to plan, evaluate controls, obtain evidence, form conclusions and
report);
• relevant professional bodies (e.g. ACCA);
• legislation and regulations (e.g. Companies Acts);
• the terms of the audit engagement and reporting requirements.

The scope and authority of ISAs are discussed in Chapter 2.

2.3.3 Ethical Requirements

The auditor should comply with the International Ethics Board for Accountants
(IESBA) Code of Ethics for Professional Accountants (see Chapter 4).

2.3.4 Reasonable Assurance

Definition

Reasonable assurance – a high, but not absolute, level of assurance.

In an audit engagement,reasonable assurance is expressed “positively” in the

auditor’s report, that the information subject to audit (i.e. the financial statements) is
free of material misstatement.
• To provide reasonable assurance, the auditor carries out specific detailed
routines, conducts relevant testing and assesses the accumulated evidence
obtained regarding the financial statements. The auditor must believe that the
evidence obtained is sufficient and appropriate to provide a basis for his
opinion. However, most evidence is persuasive rather than conclusive and
what is “sufficient appropriate” audit evidence (see Chapter 15) is a matter of
professional judgement.
 • An auditor cannot obtain absolute (i.e.100%) assurance because of the
inherent limitations in an audit (see Chapter 2). Therefore, a audit cannot
guarantee that the financial statements are free of material misstatement.

2.3.5 Materiality

Definition

Material – Information is material if its omission or misstatement could influence

decisions that the primary users of general purpose financial reports make based
on those reports.

Materiality is an expression of relative significance or importance of a matter,

whether quantitative or qualitative (e.g. values and discursive disclosures), in the
financial statements (see Chapter 10).
• In planning their audit, the auditors must consider those areas that are
material to the financial statements and the possibility that material errors
could be contained in the (unaudited) financial statements ("material
misstatement").
• Audit procedures must minimise the risk that material misstatements remain
undetected by the audit.
•
Key Point

The auditor is not responsible for detecting misstatements that are not material to
the financial statements.

2.3.6 Professional Judgment

Definition

Professional judgement – the application of relevant training, knowledge and

experience, within the context provided by auditing, accounting and ethical
standards, in making informed decisions about the courses of action that are
appropriate in the circumstances of the audit engagement.

Key Point

Professional judgment is essential to the proper conduct of an audit.

Professional judgment is necessary in particular:
• In interpreting relevant ethical requirements (see Chapter 4) and the
application of ISAs.
• In identifying and assessing risks of material misstatement (see Chapter 8).
• In determining ( the nature, timing and extent of audit procedures) to meet the
requirements of ISAs and gather audit evidence.(see the audit plan in Chapter
7)
• In evaluating whether sufficient appropriate audit evidence has been obtained
(see Chapter 15).
• In drawing conclusions based on evidence obtained (e.g. assessing the
persuasiveness of conflicting evidence from different sources and the
reasonableness of estimates made by management).
•
2.3.7 Professional Scepticism

Definition

Professional scepticism – an attitude that includes a questioning mind, being

alert to conditions which may indicate possible misstatement, and a critical
assessment of evidence.

Key Point

The auditor should plan and perform (i.e. conduct) the audit with an attitude of
professional scepticism, recognising that circumstances may exist that will cause a
material misstatement in the financial statements.

Professional scepticism includes being alert to, for example:

• conditions that may indicate risks of misstatement due to fraud or error;
• audit evidence that contradicts other audit evidence obtained;
• information that brings into question the reliability of documents or
management representations (see Chapter 18) used as audit evidence; and
• circumstances that suggest the need for audit procedures in addition to those
required by ISAs.
However, records and documents may be accepted as genuine unless the auditor
has reason to believe the contrary. Also, in planning and performing the audit, an
auditor should assume neither dishonesty nor unquestioned honesty of
management.
Maintaining professional scepticism throughout the audit is necessary to reduce such
risks as:
 • Overlooking unusual circumstances.
• Over generalising when drawing conclusions from audit observations.
• Using inappropriate assumptions in determining the nature, timing and extent
of the audit procedures and evaluating the results of procedures.

2.3.8 "True and Fair View"

The term "true and fair view" is not defined in ISAs; definitions should be regarded
with caution.
• True or truth relates to factual accuracy (bearing in mind materiality). The
information provided conforms to required standards, regulations and laws.
• Fairness relates to the presentation of information and the view conveyed to
the reader. Such information is free from bias. The financial statements reflect
the commercial substance and reality of the underlying balances and
transactions.
• View indicates that a professional judgment has been reached. A degree of
imprecision is inevitable because of inherent limitations in an audit (e.g. the
auditor does not inspect 100% of all transactions).
A true and fair view means compliance with the applicable financial reporting
framework. Where there is a choice of accounting policy (e.g. the cost or revaluation
model under IAS 16 Property, Plant and Equipment), either alternative will give a
true and fair view if applied correctly. For example, the revaluation model must be
applied to an entire class of property, plant and equipment; to apply selectively would
be biased.

Key Point

The phrases “present fairly, in all material respects” and “give a true and fair view”
are equivalent.

2.4 The Audit Process

2.4.1 Audit Cycle

The audit process is often depicted as a continuous annual cycle of broad stages:
 Stage Description

Engagement letter The auditor must send all clients an

Chapter 5 engagement letter setting
out the auditor's duties and
responsibilities and management’s.

Planning Planning audit work is essential to

Chapter 7 performing it to the required high
standard of skill and care. It includes
establishing the overall audit strategy
and developing the audit plan.

Assess risk To determine audit strategy and the

Chapters 8 nature, timing and extent of audit
procedures (the audit plan), auditors
must design and perform risk
assessment procedures.

Internal controls Regardless of the audit approach, the

Chapter 9 auditor must evaluate the design of the
system of internal control.

Control effectiveness If the auditor decides to rely on the

Chapter 12 system of internal control, the operating
effectiveness of internal controls must
be tested.
 Substantive procedures All material assertions relating to
Chapter 15 balances transactions and related
disclosures must be verified. For
example, that transactions occurred,
that assets exist and that disclosures
are complete.

Review and finalisation procedures Audit working papers must be reviewed

Chapter 29 to ensure that audit evidence supports
the audit opinion. Procedures typically
include an analytical review of the
financial statements, subsequent
events and going concern reviews.

Obtain management representations The auditor asks management to

Chapter 20 formally acknowledge its responsibilities
(e.g. for the financial statements and
internal controls). Representations may
also be required to support audit
evidence (e.g. all liabilities have been
recognised).

Sign auditor's report After the directors have approved the

Chapter 30 financial statements, the auditor signs
the auditor's report. The audit opinion
will usually be unmodified but may need
to be modified.

2.4.2 Relational Diagram

This depiction of the process shows the two alternative audit approaches:
The auditor’s understanding of the entity must include the internal controls over
financial reporting. Depending on that understanding and the risk of material
misstatement, the auditor decides whether to perform tests of controls (i.e. take a
compliance approach) or adopt a wholly substantive approach. This general
overview of the audit process is developed in later Chapters.

3.1 International Framework for Assurance Engagements

Definition

Assurance engagement – an engagement in which a practitioner expresses a

conclusion designed to enhance the degree of confidence of the intended users,
other than the responsible party, about the outcome of the evaluation or
measurement of a subject matter against criteria.

The framework defines and describes the elements and objectives of assurance
engagements, including audits and reviews of historical financial information and
other assurance engagements.
3.2 Five Elements of an Assurance Engagement

Three-party relationship: an assurance engagement includes three separate

parties:
• a practitioner;
• a party responsible for the subject matter or an assertion about the subject
matter; and
• the intended users of the assurance report.

Subject matter: data prepared or assertions made by the responsible party.

Criteria: benchmarks (relevant, complete, reliable, neutral, understandable) against
which the subject matter can be assessed and an opinion provided.
Evidence: the practitioner plans and performs an assurance engagement with an
attitude of professional scepticism to obtain sufficient appropriate evidence about
whether the subject matter is free of material misstatement.
Assurance Report: a written report given by the practitioner to the intended users
that provides either reasonable assurance or limited assurance about the subject
matter.
3.3 Types of Assurance Engagement

There are two types of assurance engagements:

1. reasonable assurance engagements; and
2. limited assurance engagements.
For assurance engagements involving historical financial statements:
• reasonable assurance engagements are called "audits"; and
• limited assurance engagements are called "reviews".

3.3.1 Reasonable Assurance Engagement

A reasonable assurance engagement provides a high level of assurance by

expressing a conclusion in a positive form. For example:
"In our opinion, the financial statements present fairly, in all material respects (give a
true and fair view of) …"
• The practitioner should obtain sufficient appropriate evidence to express a
conclusion in this positive form.
• The assurance engagement risk (i.e. the risk that an inappropriate opinion will
be given) should be reduced to an acceptably low level.
• Reasonable assurance may be sought where:
• The subject matter and criteria are objective and formal; and
• Independent, reliable and persuasive evidence that can be obtained.
• In audit engagements the auditor provides reasonable assurance by obtaining
sufficient appropriate audit evidence to draw conclusions to base an opinion
(see Chapter 15).

3.3.2 Limited Assurance Engagement

A limited assurance engagement provides a limited or a lower level of assurance

through expressing a conclusion in the negative form. For example:
"Nothing has come to our attention that causes us to believe that the financial
statements do not present fairly, in all material respects (give a true and fair view of
…"
• The level of work carried out is limited and can only allow the practitioner to
provide a negative form of expression.
• The assurance engagement risk is more significant (but still acceptable) than
that for a reasonable assurance engagement.
• Limited assurance is generally appropriate where:
 • Subject matter and criteria are more subjective and informal; and
• Evidence may not be sufficiently independent or reliable.
•
Key Point

Reasonable assurance cannot be given in these circumstances.

• In a review engagement, the evidence obtained is through enquiry and

analytical review. This is sufficient to enable only limited assurance to be
given.
There is a wide range of limited assurance engagements:
• Reviews of historical financial information (e.g. providing assurance on the
reported receivables figure of an acquisition target);
• Providing assurance on non-financial matters (e.g. environmental
performance indicators in a company’s annual report).

Activity 4 Assurance

State and explain the form of assurance that could be given on a company's code of
business ethics.
*Please use the notes feature in the toolbar to help formulate your answer.

3.4 Evidence Gathering Procedures and Reports

The procedures used to gather evidence and the reports issued will vary depending
on the level of assurance required.

3.4.1 Reasonable Assurance Engagement

Evidence gathering for this type of engagement requires the practitioner to:
• Obtain an understanding of the engagement circumstances (Chapter 7).
• Assess risks and respond to those risks (Chapters 8 and 9).
• Perform further procedures using a combination of inspection, observation,
confirmation, recalculation, performance recalculation, analytical procedures
and inquiry. This may involve "tests of controls" and "substantive procedures"
(Chapters 12 and 15).
• Evaluate the evidence obtained (Chapter 29).
When reporting, the practitioner expresses the conclusion in a positive form, such
as:
"In our opinion, internal control is effective, in all material respects, based on XYZ
criteria."

3.4.2 Limited Assurance Engagement

As for reasonable assurance engagements, the practitioner understands, assesses

risks and responds to those risks (but in the context of limited assurance).
The evidence-gathering procedures are deliberately set to be more limited (e.g.
analytical review and inquiry).
When reporting, the practitioner expresses the conclusion in the negative form, such
as:
"Based on our work described in this report, nothing has come to our attention that
causes us to believe that internal control is not effective, in all material respects,
based on XYZ criteria."

Key point

Confirmations, recalculations and tests of controls, for example, will not be

undertaken.

3.5 Review Engagements

A review of historical financial information is a limited assurance engagement. The

objective of a review engagement is to enable a practitioner to state whether, based
on procedures (which do not provide all the evidence that would be required in an
audit), anything has come to light that causes the practitioner to believe that the
financial statements are not prepared, in all material respects, in accordance with an
identified financial reporting framework.

Key point

This is a negative form of a report that provides limited assurance.

Exam advice

Although the standards for review engagements are not examinable documents,
you should understand the concept of reviews within the general assurance
framework.
In a review engagement, the practitioner obtains sufficient appropriate evidence
primarily through inquiry and analytical procedures.
An example of a review report follows.

Exhibit 1 Standard Review Report

Review Report To . . .
We have reviewed the accompanying statement of financial position of ABC
Company at 31 December 20X1, and the related statements of comprehensive
income and cash flows for the year then ended.
These financial statements are the responsibility of the Company's management.
Our responsibility is to issue a report on these financial statements based on our
review.
We conducted our review in accordance with the International Standard on
Review Engagements 2400 Engagements to Review Financial Statements. This
standard requires that we plan and perform the review to obtain moderate
assurance as to whether the financial statements are free of material
misstatement. A review is limited primarily to inquiries of company personnel and
analytical procedures applied to financial data, and thus provides less assurance
than an audit.
We have not performed an audit and, accordingly, we do not express an audit
opinion.
Based on our review, nothing has come to our attention that causes us to believe
that the accompanying financial statements do not present fairly, in all material
respects (give a true and fair view of) in accordance with International Financial
Reporting Standards.
Signature Date Address

Syllabus Coverage

This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

1. The concept of audit and other assurance engagements

• Identify and describe the objective and general principles of external audit
engagements.
• Explain the nature and development of audit and other assurance
engagements.
 • Discuss the concepts of accountability, stewardship and agency.
• Define and provide the objectives of an assurance engagement.
• Explain the five elements of an assurance engagement.
• Describe the types of assurance engagement.
• Explain the level of assurance provided by an external audit and other review
engagements and the concept of true and fair presentation.

Summary and Quiz

• Assurance services are independent professional services that improve the

quality of information for decision-makers. Audits and reviews are assurance
services.
• The objective of an audit is to obtain reasonable assurance that the financial
statements are free from material misstatement and to express an opinion on
whether the financial statements are properly prepared in accordance with a
financial reporting framework.
• Management is responsible for:
• preparing and fairly presenting the financial statements;
• designing, implementing and maintaining internal control;
• selecting and applying appropriate accounting policies; and
• making reasonable accounting estimates.
• The auditor is responsible for expressing an opinion on the financial
statements.
• An auditor should conduct an audit in accordance with ISAs and comply with
IESBA's Code of Ethics for Professional Accountants.
• Key concepts in auditing are reasonable assurance, materiality, professional
judgment, professional scepticism and "true and fair".
• The audit process includes:
• agreeing to the terms of the engagement;
• planning and risk assessment;
• understanding and testing the effectiveness of internal controls (when
appropriate);
• substantive procedures; and
• final review procedures before signing the auditor's report.
• The five elements of an assurance engagement are a three-party relationship,
an appropriate subject matter, suitable criteria, sufficient appropriate
evidence, and a written assurance report.
• Assurance engagements provide either reasonable (positive/high) or limited
(negative/lower) assurance. Audit engagements provide reasonable
assurance, and review engagements provide limited assurance.
Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Stewardship

Responsibilities (e.g. duties embodied in statute and corporate governance

requirements) may include:
1. Keeping books of accounts and proper accounting records.
2. Safeguarding the entity's assets.
3. Implementing appropriate business, financial and risk management controls.
4. Producing financial statements (statement of financial position, statement of
comprehensive income, statement of cash flows, statement of changes in
equity, disclosure notes) that give a true and fair view and the results of their
stewardship.
5. Producing a directors' report and other information (e.g. as required by listing
rules) which is consistent with the financial statements and contains certain
specified information.

Activity 2 Agency

• A director can be described as an agent having a fiduciary relationship (one of

trust) with a principal (i.e. the company that employs her).
• A director is similarly an agent of the shareholders.
• Auditors, as the shareholders appoint them in most jurisdictions, are also
agents of the shareholders.

Activity 3 Accountability
 • Directors are accountable to the shareholders. Many jurisdictions place legal
requirements on directors regarding how they are accountable and
communicate with stakeholders, for example through directors' reports and
financial statements prepared under an appropriate framework (e.g. IFRS).
• Directors of listed companies will also be subject to listing rules and corporate
governance codes (e.g. publication of interim financial statements, regular
meetings with financial institutions, profit and going concern warnings,
analysis and management of risk, audit committees and annual general
meetings).
• The auditors of a company's financial statements are accountable to
shareholders. They act in the interest of the shareholders (the primary
stakeholders) while also having regard for the broader public interest in that
other stakeholders will read their report (but note that they are not the agents
of any other stakeholder, and their report is not addressed to such
stakeholders, only to the shareholders).

Activity 4 Assurance

This would be a limited assurance engagement. Although there is a Code of

Business Ethics, the subjectivity of applying any specific ethical criteria and the
subjectivity of measuring the application of such criteria (e.g. what is not ethical to
one business may be considered ethical by another) would not enable the
practitioner to reduce assurance risk to a sufficiently low level to allow reasonable
assurance to be given.
Chapter 2: External Audit
Visual Overview

Objective: To describe the regulatory framework in which external (statutory) audits

occur.

1.1 Sources

The regulatory environment of external audits is predominantly statutory, which

means audit of the financial statements of companies (and maybe other
organisations) is required by national law (statute). However, some jurisdictions
allow for audit exemption (see s.4.2).

1.2 Mechanisms

Auditors need to be regulated to ensure that:

 • they maintain high standards of audit work; and
• their reputation with the public is maintained.

Auditors are regulated by:

• statute (i.e. through legislation);
• licensing requirements (e.g. ACCA practicing certificate);
• competence requirements ( e.g. a professional qualification and continuing
professional development);
• professional conduct rules (see Chapter 4);
• auditing standards (see s.3); and
• disciplinary procedures of professional accountancy bodies.

2.1 Mission, Vision and Values

IFAC is a non-profit, non-governmental, non-political international organisation with

more than 175 members and associates (representing almost 3 million professional
accountants) from more than 130 countries.
• Its mission is to serve the public interest by:
• contributing to the development, adoption and implementation of high-quality
international standards and guidance;
• contributing to the development of strong professional accountancy
organisations and accounting firms and high-quality practices by professional
accountants;
• promoting the value of professional accountants worldwide; and
• speaking out on public-interest issues where the profession's expertise is
most relevant.
• IFAC's vision is that the global accountancy profession is recognised as a
valued leader in developing strong and sustainable organisations, financial
markets and economies.
• The values of integrity, expertise, and transparency are the guiding principles
that IFAC seeks to exemplify as an organisation through its council, board,
boards and committees, volunteers and staff.

2.2 Standard-setting Board

IFAC has four standard-setting boards:

• IAASB
• IESBA
• IAESB
• IPSASB
2.3.1 IAASB

The International Auditing and Assurance Standards Board (IAASB) is an

independent standard-setting body that serves the public interest by setting high-
quality international standards for auditing, assurance, and other related areas.
The objective of the IAASB is to improve the uniformity of auditing practices and
related services throughout the world by issuing pronouncements (e.g. ISAs) on
audit and assurance functions and promoting their acceptance worldwide.

2.3.2 IESBA

The International Ethics Standards Board for Accountants (IESBA) is an independent

standard-setting body that serves the public interest by setting robust ethics
standards for professional accountants worldwide, including auditor independence
requirements.
The IESBA has two objectives:
• To develop guidance on professional ethics and promote its understanding
and acceptance by member bodies.
• To continually monitor and stimulate debate on a wide range of ethical issues
to ensure that IFAC's ethical guidance (issued by the IESBA) is responsive to
the expectations and challenges of individuals, businesses, financial
institutions and others relying on accountants' work.

2.3.3 IAESB

The objective of the International Accounting Education Standards Board (IAESB) is

to develop guidance, conduct research and facilitate the exchange of information to
ensure that accountants are adequately trained to meet their responsibilities.

2.3.4 IPSASB

The International Public Sector Accounting Standards Board (IPSASB) works to

improve public sector financial reporting worldwide by developing international
accrual-based accounting standards for use by governments and other public sector
entities.
3.1 Structure

Exam advice

The Code of Ethics, most ISAs and ISAE 3000 Assurance Engagements Other
Than Audits or Reviews of Historical Financial Information are examinable
documents (see Chapter 00).

3.2 Scope and Authority of ISAs

ISAs provide the necessary standards for audit work to enable the auditor to express
an independent opinion on the financial statements. All standards relevant to the
audit process for an assignment must be followed. All IAASB pronouncements,
including the ISAs, can be downloaded free from www.IFAC.org.
Suppose the auditor cannot obtain reasonable assurance as to whether the financial
statements are free from material misstatement. In that case, ISAs require that the
opinion be modified or that the auditor withdraws from the engagement.
Each standard contains an introduction, objectives, definitions, requirements and
application detail (see Exhibit 1 below). If any objective cannot be achieved, the
auditor must use his judgment to re-evaluate his ability to achieve the overall audit
objective and, therefore, the effect on the auditor's report.
By their nature, ISAs require auditors to use their professional judgment when
applying them.
If, in exceptional circumstances, the auditor judges that it is necessary to depart
from a fundamental principle or essential procedure to achieve the standard's
objective more effectively, the departure must be justified in the working papers.
The requirements of the standards do not override local laws or regulations
governing audit and assurance. However, if national regulations have been followed,
but relevant ISAs have not been applied in their entirety, the auditor's report cannot
state, "we conducted our audit in accordance with International Standards on
Auditing"

Exhibit 1 ISA 200

The following is the contents page for ISA 200.

INTERNATIONAL STANDARD ON AUDITING 200
OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND
THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH
INTERNATIONAL STANDARDS ON AUDITING
(Effective for audits of financial statements for periods beginning on or after
December 15, 2009)
CONTENTS
Paragraph
Introduction
Scope of this ISA
.........................................................................................................................1–2
An Audit of Financial Statements
.........................................................................................................................3–9
Effective Date
...........................................................................................................................10
Overall Objectives of the Auditor
.....................................................................................................................11–12
Definitions
...........................................................................................................................13
Requirements
Ethical Requirements Relating to an Audit of Financial Statements
...........................................................................................................................14
Professional Skepticism
...........................................................................................................................15
Professional Judgment
...........................................................................................................................16
Sufficient Appropriate Audit Evidence and Audit Risk
...........................................................................................................................17
Conduct of an Audit in Accordance with ISAs
.....................................................................................................................18–24
Application and Other Explanatory Material
An Audit of Financial Statements
..................................................................................................................A1–A13
Definitions
................................................................................................................A14–A15
Ethical Requirements Relating to an Audit of Financial Statements
................................................................................................................A16–A19
Professional Skepticism
................................................................................................................A20–A24
Professional Judgment
...............................................................................................................A25–A29
Sufficient Appropriate Audit Evidence and Audit Risk
.............................................................................................................. A30–A54
Conduct of an Audit in Accordance with ISAs
............................................................................................................. A55–A78

3.3 Development

Projects are identified by IAASB members, advisory groups (e.g. business

communities), the Forum of Firms (an independent association of international
networks of firms), national auditing standard-setting bodies and IFAC members.
A task force carries out research and development of an exposure draft (ED). This
may be a joint project with a national auditing standard-setting body.
The typical development process is as follows:
4.1 Statutory Regulation

Because of the importance of the company's external auditor and his relationships
with directors and shareholders, the role of audit and duties of the auditor are often
explicitly laid down in statute. Hence, the external auditor is often referred to as a
statutory auditor.
Statutory regulations cover, for example:
• Requirement for audited accounts and audit exemption.
• Eligibility and requirements to become and remain statutory auditors.
• Appointment, removal or resignation of auditors.
• Auditors' reports, duties and rights.
• Monitoring of auditors.
• Rights of shareholders to raise audit concerns at the company's annual
general meeting of shareholders (AGM).
• Liability of auditors.
• Requirement of specific reports (e.g. for annual audits, interim financial
statements for listed companies and accounts of small companies).
In many jurisdictions the requirements for entities (listed, private, public, etc) to be
audited are set out in statute.

4.2 Audit Exemption

It is a statutory requirement in nearly all jurisdictions that companies be audited.
However, some jurisdictions recognise that for some "small" companies the benefit
of having an audit is relatively limited and may not justify the costs involved.
Specific requirements vary, but "small" usually means:
• Concentration of ownership and management in a small number of individuals
(e.g. owner-managers).
• Few sources of income.
• Simple management structures and accounting functions.
As control functions will typically be limited, management tends to have greater
involvement in supervising/applying controls (which increases the potential for
management override).

Activity 1 Audit Exemption

Suggest FOUR reasons why a small company may require an audit and provide
counter-arguments to those reasons.
*Please use the notes feature in the toolbar to help formulate your answer.

4.3 Eligibility to Become an Auditor

Most jurisdictions require a statutory auditor to be appropriately qualified. For

example:
• a member of a recognised professional body; or
• holding an approved international qualification.
Being "appropriately qualified" means not only having passed examinations of a
recognised body (e.g. Advanced Auditing and Assurance (UK) to register as an
auditor and sign auditor's reports in the UK) but also:
• obtaining a minimum number of years of practical and post-qualified relevant
audit experience;
• continuous application of ethical criteria;
• continuous relevant practical experience; and
• continuous professional education.
Many countries have "mutual recognition" arrangements so that after passing
country-specific examinations (e.g. law and taxation), a statutory auditor of one
country may become a statutory auditor of another.
In most jurisdictions, officers (i.e. directors) and employees of a company are usually
ineligible to be statutory auditors. Although statute is often not prescriptive in barring
others (e.g. family and friends), this is addressed by the IESBA's Code of Ethics (see
Chapter 4).
4.4 Recognised Supervisory Bodies (RSBs)

Exam advice

The following detail on RSBs should be read in general; it is beyond the AA

syllabus.

An RSB is a professional body (e.g. ACCA) whose rules, regulations and procedures
have been approved by the government and whose members are recognised by
statute as eligible to sign auditor's reports.
ACCA is also a recognised qualifying body (RQB) in that it is allowed to examine and
award relevant professional qualifications.
RSBs must have rules to ensure, for example, that:
• A person is not eligible unless "appropriately qualified".
• Only "fit and proper" persons are appointed as company auditors.
• Company audit work is conducted "properly and with integrity".
• Technical standards are applied to company audit work.
• Competence of company auditors is maintained.

Key point

Although statutes lay down requirements for external auditors, the RSBs
implement them.

4.5 Rights and Duties of Auditors

4.5.1 Duties

In most instances, the primary duty of a statutory auditor is to report to the

company's shareholders on the financial statements (statement of financial position,
statement of profit or loss and other comprehensive income, statement of cash flows,
accompanying notes, etc.) prepared to an accounting reference period (usually for a
year).
Other duties relating to the statutory audit will vary between jurisdictions but may, for
example, include the requirement to report that:
• proper accounting records have been kept;
• the auditor has received all necessary information and explanations; and
 • the directors' report is consistent with the information contained in financial
statements.

Definition

Accounting records:
• the records of initial accounting entries and supporting records (e.g. records
of electronic fund transfers, invoices, contracts);
• the general and subsidiary ledgers, journal entries and other adjustments to
the financial statements that are not reflected in formal journal entries; and
• records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures.

4.5.2 Rights

An auditor cannot fulfil statutory duties without commensurate rights (which must
also be legislated). For example:
• To have access to the books, accounts, and vouchers at all times.
• To require from company officers any information and explanations
considered necessary for the audit.
• To have unrestricted access to persons within the entity from whom the
auditor determines it necessary to obtain audit evidence.
• To receive notice of, attend and be heard at the general meeting of the
company on business which concerns them as an auditor (e.g. a resolution to
remove them from office).
Also, the auditor may have rights associated with his vacation of office (e.g. by
resignation or removal) to bring matters to the attention of shareholders and creditors
(e.g. if the auditor is removed because he gives a qualified audit opinion or if he
resigns because he is not given access to necessary information).

4.6 Appointment of Auditors

Key point

The shareholders are ultimately responsible for the appointment of the external
auditor.

In most jurisdictions, auditors are appointed by the shareholders to whom they

report. The process may be delegated to directors (or, under corporate governance,
to a supervisory or audit committee) and then approved by the shareholders.
Typically, the appointment is for one year. The auditors will then offer themselves for
re-appointment (e.g. at the AGM) to be voted on by the shareholders. Re-
appointment is not automatic.
The auditor's remuneration is generally fixed by whoever makes the appointment. In
practice, the shareholders usually delegate the negotiation of this to the directors or,
under corporate governance procedures, to be recommended by the audit
committee (see Chapter 3).
The audit appointment process is detailed later in Chapter 5.

4.7 Removal of Auditors

4.7.1 Removal by Directors

It is generally more difficult to remove auditors than appoint them. This is because
auditors should not be removed just on the whim of directors (e.g. because the
auditor wants to qualify his opinion and the directors disagree).
As the shareholders are responsible for the appointment of the auditor, only the
shareholders have the power to remove the auditor from office (e.g. by ordinary
resolution in a general meeting of shareholders).

Exam advice

In addition to the statutory audit, many jurisdictions place statutory duties upon
auditors in other areas related to companies (e.g. reporting on internal controls,
reporting on directors' remuneration statements, reporting on the ability to
distribute reserves, reporting on the ability to buy back shares). Apart from the
statutory audit, all other statutory duties of the auditor are beyond the scope of the
syllabus.

4.7.2 At Point of Re-election

If for whatever reason, an auditor no longer wishes to act for a client after the end of
a current appointment, he simply does not stand for re-election after completing the
annual audit.
As a matter of professional courtesy, the auditor will usually have discussed with
management the decision not to seek re-appointment in good time to allow a
replacement to be proposed for appointment at the AGM.
 Exam advice

In the examination, if a scenario indicates the possibility of auditor resignation,

avoid leaping to the immediate conclusion that the auditor should resign. Work
through all options first, and then consider the need for the auditor to seek
appropriate ethical and legal advice (e.g. from ACCA) and only then suggest that
the auditor assess the need to resign.

4.7.3 Resignation During Engagement

Although it is relatively rare, there are reasons why an auditor would resign from an
engagement. These include:
• significant limitations placed on the work of the auditor by management;
• loss of trust/working relationship with management (e.g. significant doubt over
management's integrity); and
• regulatory requirements (e.g. discovery of significant fraud).
Typically, the auditor must give written notice of his resignation to the client, which is
sent to the appropriate regulatory and audit authorities.
The auditor must consider his professional duty to complete the engagement (e.g. he
should not resign to avoid giving a qualified audit opinion) and the legal
consequences of resignation.
Where resignation may have implications for legal proceedings (see Chapter 11), the
auditor should seek ethical and legal advice before taking any action (e.g. from the
ACCA and solicitors).

4.7.4 Role of the Audit Committee

Where an entity has an audit committee, there is often a requirement under various
corporate governance codes for such committees to have specific responsibilities
with the external auditors (e.g. recommending appointment, remuneration, reviewing
circumstances of resignation).
See Chapter 3 for details of the audit committee.

4.8 Limitations of External Audits

The auditor cannot provide absolute assurance in an audit because of the inherent
limitations of external audits. These inherent limitations arise from:
• the nature of financial reporting;
 • the nature of audit procedures; and
• the need for the audit to be conducted within a reasonable period and at a
reasonable cost.

4.8.1 The Nature of Financial Reporting

Some financial statement items are subject to an inherent level of variability because
they involve judgment by management or subjective decisions or assessments, or a
degree of uncertainty (e.g. accounting estimates).

4.8.2 The Nature of Audit Procedures

There are practical and legal limitations on the auditor's ability to obtain audit
evidence, including the following:
• There is a possibility that management or others may not intentionally or
unintentionally provide all information that the auditor requires.
• An audit is not an investigation into alleged wrongdoing, so the auditor does
not have any specific legal powers necessary for such an investigation.
• Any system of internal control has inherent limitations (see Chapter 9).
• Fraud may be concealed so that it is difficult to detect with audit procedures
(see Chapter 11).
• Most audit evidence is persuasive, rather than conclusive (see Chapter 15).
For example, physical possession of an asset does not necessarily prove
legal ownership.
• Testing is on a sample basis (see Chapter 19).

4.8.3 Timeliness and Cost v Benefit

There is an expectation by users of financial statements that the auditor will form an
opinion on the financial statements within a reasonable period and will achieve a
balance between benefit and cost.
As it is impracticable for the auditor to address all information that may exist, it is
necessary for the auditor to:
• Plan the audit so that it is performed effectively.
• Direct audit efforts to the areas where the risk of material misstatement is
most expected.
• Use testing and other means of examining populations for misstatement.
Syllabus Coverage

This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

2. External audits
• Describe the regulatory environment within which external audits take place.
• Discuss the reasons and mechanisms for the regulation of auditors.
• Explain the statutory regulations governing the appointment, rights, removal
and resignation of auditors.
• Explain the regulations governing the rights and duties of auditors.
• Describe the limitations of external audits.
• Explain the development and status of International Standards on Auditing
(ISAs).
• Explain the relationship between International Standards on Auditing and
national standards.

Summary and Quiz

• IFAC includes the International Auditing and Assurances Standards Board

(IAASB) and the International Ethics Standards Board for Accountants
(IESBA).
• The objective of the IAASB is to improve the uniformity of auditing practices
and related services throughout the world by issuing International Standards
on Auditing (ISAs).
• The objective of the IESBA is to develop guidance on professional ethics in
the form of the IFAC Code of Ethics for Professional Accountants.
• ISAs set out the standards for an auditor to express an independent opinion
on financial statements.
• A Recognised Supervisory Body (RSB) is a professional body whose
members are recognised, by UK company law, as eligible to sign auditor's
reports.
• The primary duty of a statutory auditor is to express an opinion of the annual
financial statements. The auditor must have a legal right to access information
and explanations to fulfil this duty.
• Generally, auditors are appointed, re-appointed and removed by the
shareholders in general meetings. Auditors may choose not to be re-
appointed; they rarely resign.
 • Limitations of external audit arise from the nature of financial reporting, the
nature of audit procedures and the need for timely reporting at a reasonable
cost.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Audit Exemption

Argument for audit Counter-argument

1. Shareholders not involved in Statutes may provide reasonable protection

management need the assurance provided for minority shareholders (e.g. holders of at
by an audit. least 10% of shares may call for an audit).

2. Audited financial statements are A separate valuation exercise can be

essential for valuing shares in an unlisted carried out at any time. There are also
company. other critical factors to valuing shares (e.g.
a controlling holding) outside of the scope
of an audit.

3. Banks rely on audited financial • The bank can require an audit to be

statements when making loans and carried out as a condition of the
reviewing the value of the security. loan.
• Valuation of a loan's security (i.e.
land and buildings) is relatively easy
to obtain.
• Reviews can be carried out of
management accounts, budgets
and cash flows, and separate
assurance can be obtained on
these.
4. Suppliers who offer credit terms need • Depending on when the credit is
audited financial statements to assess the taken, the financial statements may
entity's ability to pay. be 6 to 18 months out of date.
• Trade and credit references will be
taken before any substantial credit
is granted.
• Management guarantees can also
be given/taken.

5. Management needs an audit as an • An audit can still be carried out if

independent check. management decides to have one.
• Other assurance services and
reviews can be provided to
management to cover the specific
benefits management believes are
obtained from an audit.
Chapter 3: Corporate Governance

Visual Overview

Objective: To explain the purpose, relevance and importance of corporate

governance.

1.1 Terminology

Definition

Corporate governance – the system by which business corporations are directed

and controlled. The corporate governance structure specifies the distribution of
rights and responsibilities among different participants in the corporation … and
spells out the rules and procedures for making decisions on corporate affairs. By
doing this, it also provides the structure through which the company objectives are
set, and the means of attaining those objectives and monitoring performance.
– OECD
Those charged with governance (TCWG) –individuals with responsibility for
overseeing the strategic direction of the entity and obligations related to the
accountability of the entity, including overseeing the financial reporting process.
– ISA 260
Management – individuals with executive responsibility for the conduct of the
entity's operations.
– ISA 260
 Exam advice

Aspects of corporate governance are examined regularly (especially audit

committees). Practical questions also have been asked, for example candidates
have been required to identify deficiencies in a given scenario and make
recommendations for compliance with international codes of corporate
governance.

Activity 1 Typical Stakeholders

Identify FOUR stakeholders (participants), their relationship and their needs for a
distinct business entity.
*Please use the notes feature in the toolbar to help formulate your answer.

1.2 Objective

The ultimate objective of a business is to increase long-term shareholder value by

enhancing economic performance. Corporate governance aims to achieve this
through:
• the ethical and moral behaviour of corporate management;
• integrity, transparency and accountability in business activity;
• compliance with laws and regulations; and
• securing reputation and confidence in attracting inward investment.

Key Point

In general, governance responsibilities involve several oversight activities,

including matters relating to:
• strategy development and implementation;
• economic development, mergers and acquisitions;
• appointment of professional operating management executives;
• compensation of executives;
• risk and control systems and compliance with laws and regulations; and
• engaging internal auditors and independent external auditors.

1.3 Relevance
Virtually all corporate governance regulations are aimed at listed companies, where
the separation of ownership and control/management have, in several notorious
cases (e.g. Enron, Royal Bank of Scotland, Lehman Brothers), caused severe losses
to the shareholders through mismanagement of company resources, missed
opportunities and poor decision-making or fraudulent activities (including misleading
and dishonest financial reporting).

1.4 Importance

Research has shown that entities that take good corporate governance practice
seriously are more prosperous over the long term than entities which do not.
• Analysts and policymakers agree that improving corporate governance is
crucial to a company's ability to generate sustainable growth in the future.
• There is a risk that weak corporate governance will lead to financial losses,
both for entities and shareholders. Strong corporate governance helps reduce
this risk.

2.1 OECD Overview

The mission of the Organisation for Economic Co-operation and Development

(OECD) is to promote policies designed to improve the economic and social well-
being of people around the world.
In 1999, the OECD released its Principles of Corporate Governance. The Principles
are an international corporate governance benchmark. They were last revised in
2015 to account for recent developments in the corporate sector and capital markets.
The Principles focus on publicly-traded companies but can be used to improve
corporate governance in all companies.
These non-binding Principles provide a reference point for developing legal and
regulatory frameworks for corporate governance and corporate governance policies
by market participants.

2.2 OECD Principles

2.2.1 The Basis for an Effective Framework

The corporate governance framework should:

• promote transparent and efficient markets;
• be consistent with the rule of law; and
 • articulate the division of responsibilities between different supervisory,
regulatory and enforcement authorities.

2.2.2 Rights of Shareholders

The framework should protect and facilitate the exercise of shareholders' rights.
Fundamental shareholder rights include the right to:
• secure methods of ownership registration;
• convey or transfer shares;
• obtain relevant and material information from the entity;
• participate and vote in general shareholder meetings;
• elect and remove members of the board; and
• share in an incorporated entity's profits.

Shareholders should be informed about and have the right to participate in

fundamental changes affecting the entity.

2.2.3 Equitable Treatment of Shareholders

The framework should ensure the equitable treatment of all shareholders, including
minority and foreign shareholders.
• All shareholders should have the opportunity to obtain redress for violation of
their rights.
• Insider trading and self-dealing should be prohibited.

2.2.4 The Role of Stakeholders

The framework should recognise the rights of stakeholders and encourage active
cooperation between the entities and shareholders in creating wealth, jobs and
financially-sound entities.
Shareholders should be able to freely communicate concerns about illegal or
unethical practices to the board. Their rights should not be compromised for doing
this.

2.2.5 Disclosure and Transparency

The framework should ensure timely and accurate disclosure of all material matters
regarding the entity, including financial performance, ownership and governance.
 • Information should be prepared and disclosed in accordance with high-quality
financial reporting standards.
• An independent, competent, qualified auditor should conduct an annual audit.
• External auditors should be accountable to the shareholders and owe a duty
of professional care in conducting an audit.

2.2.6 Board Responsibilities

The framework should ensure the strategic guidance of the company, effective
monitoring of management by the board, and the board's accountability to the
company and the shareholders.

2.3 UK Code Overview

Exam advice

The UK Corporate Governance Code is an examinable document as an example

of best practice and can be downloaded from www.frc.org.uk.

The UK Corporate Governance Code is a prime example of good corporate

governance practice.
• It applies only to listed companies, but it can be used by any entity (private or
public) as the basis for best practice.
• It explains the concept of "comply or explain" and contains 18 Principles
covering leadership, stakeholder relations, board effectiveness, accountability,
audit, risk and internal control and remuneration.
• It is supported by guidance, which boards and companies are encouraged to
use in applying the Code’s Principles on:
• Board effectiveness;
• Risk management and internal control (see s.2.5); and
• Audit committees (see s.3).
All companies have to report on how they apply the Principles and either confirm that
they have complied throughout the financial year with the Code's provisions or
explain why they have not (i.e. "comply or explain").
In addition, the board must:
• confirm that there is an ongoing process for the identification, evaluation and
monitoring of significant risks; and
• summarise the process by which it has reviewed the effectiveness of the
system of internal control).
 Exhibit 1 “Comply or Explain”

The following are extracts from the “Review of Corporate Governance Reporting”
published by the Financial Reporting Council (FRC) in November 2021:

In the Code, companies and directors have a solid governance foundation on

which to rise to the recent challenges. Its Principles and Provisions provide clear
direction, and the “comply or explain” principle offers flexibility for directors to
make decisions that reflect company circumstances. Demonstrating effective
corporate governance builds trust that is necessary to attract investment and
support capital formation.
The best governance reporting offers transparency that goes beyond broad-brush
declarations and sets out clearly and concisely how the Principles of the Code
were applied and the nature of compliance with the Provisions of the Code. We
continue to highlight such good practice.

2.4 UK Code Main Principles

2.4.1 Board Leadership and Company Purpose

A successful company is led by an effective and entrepreneurial board. Its role is to

promote the company’s long-term success, creating value for shareholders and
contributing to broader society.
• The board should ensure effective engagement with, and encourage
participation from, shareholders and stakeholders (e.g. through meetings).
• The board should:
• Establish the company’s purpose, values and strategy – aligned with the
company’s culture.
• Ensure that the necessary resources are available to meet the company’s
objectives and measure performance against them.
• Establish a framework of prudent and effective controls to assess and
manage risk.
• Ensure that workforce policies and practices are consistent with the
company’s values and support its long-term success. The workforce should
be able to raise any matters of concern.
• All directors must act with integrity, lead by example and promote the desired
culture.

Exhibit 2 Board Composition

The following is an extract from Tesco PLC Annual Report and Financial
Statements 2022:
 The Group is led by an effective and committed Board, with a culture of openness
and transparency at Board meetings. As at the date of this report, the Board
comprises 13 Directors with a wide range of knowledge and experience from a
variety of sectors. Our values and leadership behaviours are a vital part of our
culture, helping us ensure that through our conduct we do the right thing for the
business and our stakeholders.

2.4.2 Division of Responsibilities

The chair should be independent on appointment. For example:

• not an employee (during the last five years);
• no material business relationship (during the last three years);
• not a significant shareholder.
The chair:
• leads the board;
• is responsible for its overall effectiveness in directing the company;
• should demonstrate objective judgment;
• should promote a culture of openness and debate;
• facilitates constructive board relations and the effective contribution of all
NEDs;
• ensures that directors receive accurate, timely and clear information.
The board should include an appropriate combination of executive directors and
NEDs so that no one individual or small group of individuals dominates the board’s
decision-making.
There should be a clear division of responsibilities between the chair and the
executive leadership of the company’s business.

Key Point

The chairman and CEO should not be the same individual.

NEDs should:
• have sufficient time to meet their board responsibilities;
• provide constructive challenge and strategic guidance, offer specialist advice,
and hold management to account.
The board, supported by the company secretary (the most senior compliance
officer), should ensure that it has the policies, processes, information, time, and
resources to function effectively and efficiently.
 Exhibit 3 Division of Responsibilities

The following is an extract from AstraZeneca Annual Report 2020:

The Board comprises 12 Non-Executive Directors, including the Chairman, and

two Executive Directors – the CEO, Pascal Soriot, and the CFO, Marc Dunoyer.
The roles of the Board, Board Committees, Chairman and CEO are documented,
as are the Board’s reserved powers and delegated authorities
During 2020, the Board considered the independence of each Non-Executive
Director for the purposes of the UK Corporate Governance Code and the Nasdaq
Listing Rules. Except for Marcus Wallenberg (non-executive director), the Board
considers that all the Non-Executive Directors are independent.
Marcus Wallenberg was appointed as a Director of Astra in May 1989 and
subsequently became a Director of the Company in 1999. He is a Non-Executive
Director of Investor AB, which has a 3.93% interest in the issued share capital of
the Company as at 11 February 2021.
For these reasons – his overall length of tenure and relationship with a significant
shareholder – the Board does not believe that he can be determined independent
under the UK Corporate Governance Code. However, the Board believes that he
has brought, and continues to bring, considerable business experience and makes
a valuable contribution to the work of the Board.

2.4.3 Composition, Succession and Evaluations

There should be a formal, rigorous and transparent procedure for board

appointments and an effective succession plan for board and senior management.
• A majority of members of a nomination committee should be independent
NEDs.
• All directors should be subject to annual re-election.
• The chair should not remain in the post for more than nine years.
Appointments and succession plans should be based on merit and objective criteria
and promote diversity of gender, social and ethnic backgrounds, etc.
The board and its committees should have a combination of skills, experience and
knowledge. The length of service of the board as a whole should be considered and
membership regularly refreshed.
An annual evaluation of the board should consider its composition, diversity and how
effectively members work together to achieve objectives. Individual evaluation
should demonstrate whether each director continues to contribute effectively.
 Exhibit 4 Composition, Succession and Evaluation

The following is an extract from Barclays PLC Annual Report 2021:

All Board and senior management appointments are viewed through a diversity
lens and are based on merit and objective criteria, which focus on the skills and
experience required for the Board’s effectiveness and the delivery of the Group
strategy. Board appointments are made following a rigorous and transparent
process facilitated by the Nominations Committee, with the aid of an external
search consultancy firm.
The composition of the Board, Board Committees and the Group Executive
Committee (ExCo) is regularly reviewed by the Nominations Committee. It
frequently considers the skills required for the Board, its Board Committees and
the ExCo, identifying the core competencies, diversity and experience required.
This, along with the annual effectiveness evaluation, helps to refresh the thinking
on Board, Board Committee and ExCo composition and to determine a timeline for
proposed new appointments.

2.4.4 Audit, Risk and Internal Control

The board should:

• establish formal and transparent policies and procedures to ensure the
independence and effectiveness of internal and external audit functions;
• satisfy itself on the integrity of financial and narrative statements;
• present a fair, balanced and understandable assessment of the company’s
position and prospects;
• establish procedures to manage risk and oversee the internal control
framework;
• determine the nature and extent of the principal risks the company is willing to
take to achieve its long-term strategic objectives.
These Principles should be met by establishing an audit committee of independent
NEDs.

Exhibit 5 Audit Committee Activities

The following is an extract from BP Annual Report 2021:

How the committee reviewed financial disclosure

The committee reviewed the quarterly, half-year and annual financial statements
with management, focusing on the:
• Integrity of the group’s financial reporting process.
 • Clarity of disclosure.
• Compliance with relevant legal and financial reporting standards.
• Application of accounting policies and judgements.
As part of its review, the committee received regular updates from management
and the external auditor in relation to accounting judgements and estimates,
including those relating to recoverability of asset carrying values including the
impact of climate risk and opportunities.
In considering the bp Annual Report …, the committee assessed whether the
report was fair, balanced and understandable … In making this assessment, the
committee examined disclosures during the year, discussed the requirement with
senior management, confirmed that representations to the external auditor had
been evidenced and reviewed reports relating to internal control over financial
reporting…

2.4.5 Remuneration

Remuneration policies and practices should support strategy and promote long-term
success. Executive remuneration should be:
• aligned to company purpose and values; and
• linked to the successful delivery of the company’s long-term strategy.
A formal and transparent procedure for developing policy on directors’ remuneration
and senior management remuneration should be established through a remuneration
committee of independent NEDs. (Again, with a minimum membership of three, or
only two for smaller companies.)
No director should be involved in deciding their remuneration outcome.
Directors should exercise independent judgment and discretion when authorising
remuneration outcomes, considering company and individual performance and wider
circumstances.

Exhibit 6 Remuneration Policy

The following is an extract from the Remuneration Committee Report in Rolls-

Royce Holdings plc Annual Report 2021:

The Remuneration Committee, comprising only NEDs, is responsible for

developing the policy and determining executive and senior management
remuneration.
At our AGM in May 2021, shareholders approved our new Remuneration Policy …
 No Director is involved when deciding their own remuneration outcome.
Implementation of the new policy
The new policy comprises a single incentive plan designed to reward the key
drivers for success, with deferred share awards made at the end of the
performance period. In line with the 2021 policy, no LTIP (long-term incentive
plan) grants were made in 2021 and there will be no cash bonuses for the
Executive Directors at any time between 2021 and 2023. As part of the policy
review and recognising the wider stakeholder agenda, the 2021 policy has a
reduced maximum incentive plan opportunity.
Key elements of the policy were also cascaded to the wider workforce to ensure
alignment across the Group.

2.5 Corporate Governance Deficiencies

Even with the growing prevalence of corporate governance codes designed to

reduce the risk of corporate governance failure that leads to significant shareholder
losses, there are still incidences of failure to adequately control and manage a
corporation.
The responsibility for good corporate governance lies with TCWG, usually the board
of directors.
High profile corporate governance failure should lead to lessons learnt in the
continuing development of corporate governance codes. There should be a
reduction of the risk of corporate failure with increased compliance with applicable
governance codes.

Exhibit 7 Thomas Cook Collapse

The following is an extract from the article “Thomas Cook was brought down by
incompetence, not boardroom greed” published in The Guardian 29 September
2019:

Almost a week after the collapse of Thomas Cook, the cost of failure looks as
severe as feared. Repatriating 150,000 holidaymakers could mean a bill of £100m.
Hoteliers have to be compensated, probably to the tune of tens of millions of
pounds. And the biggest cost involves refunding customers for future bookings.
The whole bundle could run to £500m. The travel industry has an insurance
scheme, but taxpayers could still be on the hook for a shortfall.
 Incompetence and hubris in the boardroom look to be the direct causes.
Fankhauser, in post for four years, and Frank Meysman, chairman since 2011,
must explain why they didn’t fix a fragile balance sheet when it seemed possible.
The stock market valued Thomas Cook’s equity at £2bn as late as May 2018.
Shareholders would not have cheered a rights issue to raise, say, £500m at that
point, but the job of directors is to take the long view. Fankhauser and Meysman
could have pitched a reasonable argument along these lines: repay some debt,
lower the interest costs and allow more investment in new, company-owned
hotels, the focus of the turnaround strategy.
In November 2017 in the annual report, Meysman wrote that “a highly competitive
environment ... has contributed to the collapse of a number of competitors in the
last 12 months”, so he was clearly aware of the external risks. Given that Thomas
Cook itself almost failed in 2011, reducing debt should have been the absolute
priority. The most astonishing statistic in the whole saga is that the company paid
£1.2bn in interest charges after 2010.
As for the accounting angle, Reeves’s committee must ask why Thomas Cook
recorded so many one-off charges and “separately disclosed items” over the
years. The company was in restructuring mode, so heavy use of exceptional items
is not unusual, but EY, after it took over from PwC as auditor in 2017, challenged
some of the treatments. Why hadn’t the company’s own audit committee done so
previously? There must also be an explanation of why a £1.1bn goodwill
writedown on the purchase of MyTravel appeared in the interim results only this
year – the acquisition itself happened in 2007.
Fankhauser and Meysman, no doubt, will issue grovelling apologies to the
committee. That’s the usual form for directors who have failed. It’s an explanation
for their actions, though, that former employees deserve to hear.

Auditors also need to be aware of their critical role in corporate governance and
maintain the necessary independence to carry out duties with sufficient levels of
scepticism and professional judgement.

Exhibit 8 Carillion Collapse

The following is an extract from the Financial Times article “KPMG sued for £1.3bn
over Carillion audit”, February 2022:

KPMG has been sued for £1.3bn by the liquidators of Carillion, who claim the
auditor missed “red flags” that the UK outsourcer’s accounts were misstated and
that the group was insolvent more than two years before it collapsed.
The liquidators allege that Carillion could have avoided a £1.1bn deterioration in its
cash position between December 2016 and its implosion in January 2018 if KPMG
had identified that the outsourcer was insolvent at the start of the period, according
to a copy of the claim seen by the Financial Times.
The liquidators allege that KPMG failed to remain independent from Carillion’s
management and that audit partner Peter Meehan “repeatedly accepted hospitality
from and offered hospitality to Carillion and its senior management” and “failed to
respect the proper boundaries of the auditor client relationship”. Meehan helped
management to get figures “past” the audit committee and backdated its audit
opinion on Carillion Construction Limited for 2016, according to the claim.
In a statement, KPMG said that “we believe this claim is without merit and we will
robustly defend the case. Responsibility for the failure of Carillion lies solely with
the company’s board and management, who set the strategy and ran the
business.”
KPMG boss Jon Holt apologised in January, saying the firm had misled the UK
accounting regulator during an inspection of the audit of Carillion’s 2016 accounts.
Members of KPMG’s Carillion audit team, including Meehan, have denied
wrongdoing and blamed each other during a tribunal that is set to resume next
week. The Financial Reporting Council is separately investigating possible failings
in the Carillion audits.

Exam advice

An exam question might present a scenario on the state of a company’s

governance. Candidates should be able to identify corporate governance
deficiencies and make appropriate recommendations.
This would require knowledge of the principles of corporate governance and an
understanding of the reasoning behind them ( e.g. a board composed of at least
half independent NEDs brings balance to the board and greater breadth of
expertise, as well monitoring the actions of executive directors in the interests of
shareholders).

Exhibit 9 Failure to Disclose Non-compliance with the Code

The following is an extract from the Executive Summary of the FRC’s “Review of
Corporate Governance Reporting”, November 2021:

One of our major concerns last year was that companies were failing to disclose
non-compliance with the Code. As a result, we issued Improving the quality of
“comply or explain” reporting. This guidance confirmed that the comply or explain
approach supports non-compliance when accompanied with an effective
explanation.
This year we expected an increase in the number of disclosures of non-
compliance. However, there is still room for improvement in relation to the quality
 of explanations. Unfortunately, as last year, we continue to see the use of
boilerplate or declaratory statements. These statements are seldom substantiated
by actions or examples, and therefore do not offer insight into company
governance.
Diversity and inclusion and succession planning at board-level and through the
pipeline continue to remain a concern. There is often a lack of cohesion between
policies and succession plans.
There continues to be minimal information on how diversity and inclusion policies
and objectives link to company strategy. This view is supported by the generally
poor reporting by nominations committees on succession planning…
… All companies reported that they had reviewed their systems. However, in a
year where we expected to see changes made very few commented on how they
reviewed the effectiveness of their systems, this is an issue that has been raised
as part of the audit consultation.
While most companies confirmed that their remuneration arrangements support
company’s strategy, only some of them explained how. Very few companies
explained how remuneration aligns with company purpose and values.
In challenging circumstances many remuneration committees used discretion to
change remuneration outcomes in line with company performance and
shareholder and stakeholder experience.

Activity 2 Corporate Governance Deficiencies

During the audit of a new client, you listed the following corporate governance
practices used by your client.

Deficiency Yes/No Recommendation:

1. The entity has a

six-member board
of directors,
including executive
and non-executive
directors.

2. The CEO serves

as the chairman of
the board of
directors.
3. The board includes
two independent
NEDs.

4. New board
members are
selected by a
nominations
committee headed
by the
chairman/CEO.

5. The audit
committee
comprises two
executive directors
and the two NEDs.

6. One of the
independent non-
executive audit
committee
members recently
retired after
serving for ten
years as the CFO
of a major
corporation.

7. The remuneration
committee
comprises one
executive director
and one NED, and
they decide the
remuneration of all
board members.

8. Management is
required to assess
the effectiveness
of internal controls
on an annual
basis.
Required:

Select yes or no to indicate whether each corporate governance practice is a

corporate governance deficiency. If the practice is a deficiency, recommend
how it should be corrected. If there is no deficiency, leave the recommendation
box blank.
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Introduction

For a listed company, an audit committee is how the board establishes "formal and
transparent arrangements" to meet the corporate reporting and risk management
and internal control principles. It is also best practice for unlisted and other entities.
• An audit committee should comprise at least three independent NEDs (two
for a smaller company).
• At least one member must have recent and relevant financial experience.
• As a whole, the committee must have competence relevant to the sector in
which the company operates.

Key Point

• Through the audit committee, external auditors are responsible and report
to the shareholders, not the executive management.
• The audit committee enhances the external auditor's independence and
provides greater independence for the internal auditor.

The audit committee’s role considers the risks and controls over the financial
reporting process and the tax, environmental, legal and other regulatory matters that
have a material effect on the financial statements.

Exhibit 10 Audit and Risk Committee Report

The following is an extract from the Annual Report and Accounts 2021 of The
Sage Group plc:

Role of the Committee

The Committee is an essential part of Sage’s overall governance framework. The
Board has delegated to the Committee the responsibility to oversee and assess
the integrity of the Group’s financial reporting, risk management and internal
 control procedures, and the work of both the internal audit function and the
external auditor, EY. These responsibilities are defined in the Committee’s Terms
of Reference, which were reviewed and approved by the Committee and the
Board in May 2021.
Composition
The Code requires that at least one member of the Committee has recent and
relevant financial experience. The Disclosure Guidance and Transparency Rules
(DTRs) require that at least one member has competence in accounting and/or
auditing. The Board is satisfied that this requirement is met, with the Chair of the
Committee being a qualified chartered accountant and experienced Audit
Committee Chair following 25 years in financial services as a corporate finance
advisor in the investment banking sector.

3.2 FRC Guidance on Audit Committees

The Financial Reporting Council (FRC) Guidance on Audit Committees supports the
Code by providing examples of best practices concerning audit committees.
• Of the four committees mentioned explicitly by the Code – audit, nominations,
remuneration and risk – the audit committee is probably the most central to
the appropriate functioning of corporate governance.
• The audit committee should have competence relevant to the company’s
sector.

3.3 Role and Responsibilities

The primary role and responsibilities of the audit committee, which must be set out in
published written terms of reference, are to:
• Monitor the integrity of the financial statements and review significant financial
reporting judgments contained in them.
• Advise the board on whether the annual report is fair, balanced and
understandable and provides the information necessary for users to assess
the company's performance, business model and strategy.
• Review the internal financial controls, internal control and risk management
systems unless expressly addressed by:
• a separate board risk committee composed of independent NEDs; or
• the board itself.
• Monitor and review the effectiveness of the internal audit function. If there is
no internal audit, consider annually if there is a need for internal audit and
make that recommendation to the board. The role of internal audit in
corporate governance is explored in Chapter 14.
 • Make recommendations to the board to put to the shareholders for their
approval in general meeting regarding the appointment, re-appointment and
removal of the external auditor.
• Review and monitor the external auditor's independence and objectivity and
the effectiveness of the audit process.
• Develop and implement policy on the external auditor's engagement to supply
non-audit services, taking into account relevant ethical guidance (see Chapter
4).

Key Point

Pre-approval of non-audit services should only be in place for clearly trivial

matters.
• Review “whistle-blowing” arrangements:
• by which staff may, in confidence, raise concerns about possible improprieties
in matters of financial reporting or other issues;
• to ensure the proportionate and independent investigation of such matters;
and
• for appropriate follow-up action.
• A whistle-blower, fearing repercussions, might otherwise go to an external
agency (e.g. the press) which could breach confidentiality. Therefore,
discussing such matters with an audit committee member provides
confidentiality and confidence in knowing that appropriate action will be taken.
• Report to the board on how it has discharged its responsibilities.
• Ensure that shareholder interests are adequately protected concerning
financial reporting and internal control.
• Consider the clarity of audit committee reporting and be prepared to meet
investors.

3.4 Benefits and Limitations

3.4.1 Benefits

Audit committees:
• Provide effective and informed oversight in helping to ensure market, public
and stakeholder confidence in high-quality financial reporting. Effective audit
committees:
• need to be able to investigate issues on their initiative, rather than as directed
by the CEO;
• must be clear about what they need to know and determined to receive the
information they require;
 • should act as a significant deterrent and minimise the opportunities for fraud
to be carried out undetected.
• Enable the board to delegate a thorough and detailed review of audit matters,
both internal and external, to enhance external confidence in the entity.
• Enable NEDs to contribute independent judgment on issues of critical
importance in running the business (e.g. investment decisions, risk analysis)
and play a positive role in areas for which their skills are particularly fitted.
• Offer the external and internal auditors a direct, formal link with NEDs. It also
results in informal communications with the NEDs.

3.4.2 Limitations

• Audit committees may be seen as an unnecessary legal or regulatory burden

placed upon the board: "We know how to run the company without anybody
else telling us what to do".
• The demands and expectations on the time and expertise of NEDs are such
that suitable candidates are harder to find. The audit committee is expected to
meet regularly and provide a high-level oversight function that may lead to
detailed work (e.g. if there is unease about management's accounting
estimates, the committee may need to seek external advice).
• The risks and burden of responsibility placed on audit committee members
may result in a sense that the "reward is not worth the effort" or rather that the
risks are too high. The overall ability of the audit committee may therefore be
less than what is required.
• Audit committees come at a price. The advantages of having one must be
effectively used to ensure appropriate cost benefit (e.g. enhancing public
credibility or providing an experienced "sounding board" for the executive
directors).
• Audit committees will only be effective where they can operate as intended by
the various governance codes. Anything less than respect and understanding
of their role by the board of directors, together with unfettered access to all
information, will diminish that effectiveness.

3.5 Risk Management and Internal Control

According to the UK Code:

• One of the primary roles of the audit committee is to review the company’s
internal financial controls and internal control and risk management systems
unless expressly addressed by a separate board risk committee (composed of
independent NEDs) or the board itself.
• The board should monitor the company’s risk management and internal
control (RMIC) systems and, at least annually, review their effectiveness and
report on that review in the annual report.
The Code is supported by the FRC’s Guidance on Risk Management, Internal
Control and Related Financial and Business Reporting, which states:
• The board has ultimate responsibility for RMIC, including
• determining the nature and extent of the principal risks it is willing to take to
achieve its strategic objectives (“risk appetite”);
• ensuring that an appropriate culture has been embedded throughout the
organisation;
• agreeing on how the principal risks should be managed or mitigated to reduce
the likelihood of their incidence or their impact.
•
Key Point

Culture and behaviour are crucial to high-quality risk management.

• Training and communication assist in embedding the desired culture and
behaviours.
• Effective controls are an essential element of RMIC systems and can cover
many aspects of a business, including strategic, financial, operational and
compliance.
• The board should agree on how the principal risks will be managed or
mitigated and which controls will be implemented. In approving the controls
the board should determine what constitutes a significant control failure.
Key Point

Management has day-to-day responsibility for implementing the board’s policies.

• A RMIC system will include:
• risk assessment;
• management or mitigation of risks, including the use of control processes;
• information and communication systems; and
• processes for monitoring and reviewing their continuing effectiveness.
• Risks will differ between companies but may include financial, operational,
reputational, behavioural, organisational, third party or external risks (e.g.
market or regulatory risk, over which the board may have little or no direct
control).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

1. Corporate governance
• Discuss the objective, relevance and importance of corporate governance.
 • Discuss the provisions of international codes of corporate governance (such
as OECD) that are most relevant to auditors.
• Describe good corporate governance requirements relating to directors'
responsibilities (e.g. for risk management and internal control) and the
reporting responsibilities of auditors.
• Evaluate corporate governance deficiencies and provide recommendations to
allow compliance with international codes of corporate governance.
• Analyse the structure and roles of audit committees and discuss their benefits
and limitations.
• Explain the importance of internal control and risk management.

Summary and Quiz

• Corporate governance includes oversight of an entity's strategy, economic

development, executives, risk and control activities, and auditors.
• The five main principles of the UK Corporate Governance Code concern:
• Board Leadership and Company Purpose
• Division of Responsibilities
• Composition, Succession and Evaluation
• Audit, Risk and Internal Control
• Remuneration.
• An audit committee of at least three independent NEDs is an integral element
of corporate governance for listed companies and is considered best practice
for unlisted entities.
• The audit committee is responsible for monitoring the integrity of the financial
statements and financial reporting controls, monitoring and reviewing the
internal audit function, overseeing the appointment of the external auditor and
reviewing and monitoring the relationship with the external auditor, including
the provision of non-audit services.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Typical Stakeholders

 1. Shareholders make an equity investment in the company and expect share
investment growth and dividend distributions.
2. Banks provide loans and expect to be repaid.
3. Executive management and employees provide services to an entity and
expect to be paid for the services and to receive various employee benefits.
4. Suppliers provide goods and services and expect to be paid for them.
5. Other companies with cross-holding interests have a vested interest and can
significantly influence the corporate behaviour of the entity.
6. National and local governments provide services to the entity and society
and need to receive revenue through taxation.

Activity 2 Corporate Governance Deficiencies

1,No
(This is not a corporate governance deficiency. An entity with strong corporate
governance should have a board of directors that comprises both executive and
NED.)
2Yes
Recommendation: The chairman of the board of directors should be an independent
non-executive director.
3.Yes
Recommendation: The board should have a combination of executive and non-
executive directors so that no group of individuals can dominate the board. Because
this is a six-member board, there should be three executive directors and three
NEDs.
4.Yes
Recommendation: The chairman/CEO is an executive director and should not chair
the nominations committee. An independent NED should head the nominations
committee.
5.Yes
Recommendation: The audit committee should include at least three independent
NEDs. Executive directors should not be part of the audit committee.
6.No
This is not a corporate governance deficiency. At least one audit committee member
should have recent, relevant financial experience, such as time spent as a CFO of a
major corporation.
7Yes
Recommendation: A remuneration committee composed of independent NEDs
should decide the remuneration and compensation of the executive directors and the
chairman. The board should set the remuneration of the NEDs.
8.No
This is not a corporate governance deficiency. Management should be required to
assess the effectiveness of internal controls at least annually.
Chapter 4: Professional Codes of Ethics and
Conduct

Visual Overview

Objective: To explain the ACCA Code of Ethics and Conduct, which students and
members of ACCA must comply with.

1.1 Complying with the Code

Key Point
 The Code establishes five fundamental principles:
1. integrity;
2. objectivity;
3. professional competence and due care;
4. confidentiality; and
5. professional behaviour.

As a member of IFAC, ACCA's Code of Ethics and Conduct is based on IESBA's

International Code of Ethics for Professional Accountants.
All students and members of the Chartered Association (e.g. in practice, commerce,
internal audit, education) must observe proper standards of professional conduct and
refrain from misconduct. Failure to observe standards may result in disciplinary
proceedings. The ACCA Code of Ethics and Conduct can be downloaded from Code
of Ethics and Conduct | ACCA Global.
References to relevant paragraphs of the Code have been provided throughout this
chapter for information only; they are not to be learnt. “R” denotes requirements and
“A” application material.

1.2 Fundamental Principles

1.2.1 Integrity (R111)

In all professional, business, personal and financial relationships, the professional

accountant should be straightforward and honest. This implies fair dealing,
truthfulness and having the strength of character to act appropriately, even when
facing pressure to do otherwise or when doing so creates potential adverse personal
or organisational consequences. This means, for example, standing one’s ground
when confronted by dilemmas or difficult situations or challenging others when
circumstances warrant.
Professional accountants should not knowingly be associated with reports, returns,
communications or other information which they believe:
• contains materially false or misleading statements;
• contains statements or information provided recklessly; or
• omits or obscures required information where such omission or obscurity
would be misleading.
Note that issuing a modified opinion (e.g. in an auditor’s report on historical financial
statements) does not breach this principle.

Key Point
 The critical test here is association. Integrity is a state of mind; however, it can
only be judged based on the information the professional accountant is associated
with (whether the accountant produced it or provided assurance on it).

Activity 1 Integrity

Describe THREE situations in which the integrity of a professional accountant may

be threatened.
*Please use the notes feature in the toolbar to help formulate your answer.

1.2.2 Objectivity (R112)

The professional accountant’s exercise of professional or business judgements must

not be compromised by:
• bias;
• conflict of interest; or
• undue influence of, or undue reliance on, individuals, organisations,
technology and other factors.
Key Point

A professional accountant should not undertake a professional activity if a

circumstance or relationship unduly influences the accountant’s professional
judgment regarding that activity.

1.2.3 Professional Competence and Due Care (R113)

A professional accountant must:

• Attain and maintain the level of professional knowledge and skill required to
ensure their competence based on current standards and relevant
legislation; and
• Act diligently and in accordance with applicable technical and professional
standards.
Maintaining professional competence requires a continuing awareness and
understanding of relevant technical, professional and business and technology-
related developments. This is achieved through continuing professional development
(CPD).
Professional accountants must take reasonable steps to ensure that those who work
in a professional capacity under their authority have appropriate training and
supervision.
Diligence encompasses the responsibility to act according to the assignment’s
requirements carefully, thoroughly and on a timely basis.
Where appropriate, clients or the employing organisation should be informed of the
limitations inherent in the services or activities.

Key Point

In providing assurance services, levels of assurance on information, may range

from “reasonable” assurance to “limited” assurance (see Chapter 1).
Professional judgement is required on the amount of sufficient appropriate
evidence to be obtained for the level of assurance to be provided by an assurance
report.

1.2.4 Confidentiality (R114)

The principle of confidentiality requires an accountant to respect the confidentiality of

information acquired as a result of professional and business relationships.
An accountant must be alert to the possibility of inadvertent disclosure (e.g. in a
social environment and to close business associates or family members).

Key Point

Confidential information should not be:

• disclosed to third parties without proper and specific authority or unless
there is a legal, professional right or duty to disclose;
• used for any personal advantage or the advantage of a third party.

Confidentiality is considered in more detail in s.4.

1.2.5 Professional Behaviour (R115)

An accountant must:
• comply with relevant laws and regulations; and
 • avoid any conduct that might discredit the profession.
In marketing and promoting themselves and their work, professional accountants
should not bring the profession into disrepute. They should be honest and truthful
and not make:
• exaggerated claims for their services, qualifications or experience; or
• disparaging references or unsubstantiated comparisons to the work of others.
A claim such as "We are the best, better than all the rest" is not professional.
Professional accountants should behave with courtesy and consideration towards
everyone they encounter in a professional capacity.

1.3 Conceptual Framework (R120.3-R120.5)

Key Point

The Code provides a conceptual framework that professional accountants must

apply to identify, evaluate and address threats to compliance with the
fundamental principles.

The framework requires professional accountants to consider the threats they face
and to match those threats with the appropriate action. It is not a set of rigid rules in
a fixed framework.
If identified threats are not at an “acceptable level”, the professional accountant must
implement safeguards to eliminate the threats or reduce them to an acceptable level
so that compliance with the fundamental principles is not compromised.

Definition

Acceptable level – a level at which a reasonable and informed third party

would likely conclude that the professional accountant complies with the
fundamental principles.

The framework should be applied to the particular circumstances. If a situation does

not match any of the examples, as a general rule, "if in doubt, avoid; do not do." Just
because a situation or circumstance is not prohibited, does not mean it is permitted.

1.4 Threats (R120.6)

An accountant must identify threats to compliance with the fundamental principles.

Compliance with the fundamental principles may potentially be threatened by a
broad range of circumstances which generally fall into one or more of the following
categories:
• Self-interest threat;
• Self-review threat;
• Advocacy threat;
• Familiarity threat; and
• Intimidation threat.
The term "management threat" is widely used to describe the threats that arise when
an audit firm undertakes an activity that is management's responsibility. However, it
is not a separate category of threat in the Code.

Exam advice

A scenario or situation in a question might pose multiple threats. This means

various actions might need to be taken to mitigate the threats.
For example, a close family member of the auditor who is an executive director of
an audit client gives rise to both self-interest and familiarity threats (and perhaps
intimidation).
1.4.1 Self-Interest Threat

A self-interest threat may occur due to the financial or other interests of the
professional accountant (including immediate or close family members). For
example:
• undue dependence on total fees from a client;
• loans or guarantees made to or from a client;
• close personal or business relationships with a client;
• audit team member negotiating employment with a client;
• financial interest in a client;
• gifts and hospitality; and
• concern over losing a client or employment security.

Example 1 Self-interest Threats

1. Breuger Co has offered the auditor an additional fee for issuing an

unmodified audit opinion for the current reporting year.
2. Douglas Lu, the auditor of Ayeland Bank, is also a customer of the bank.
Ayeland Bank has offered Douglas Lu preferential rates on his loan and
overdraft facilities.
3. Tucker Chartered Accountants, a relatively new audit firm, is conducting the
audit for Tubbletown Co. During a recent conversation, Tubbletown’s CEO
wished Tucker success in its future ventures and promised to take up the
offer of non-audit services from Tucker if an unmodified audit opinion is
issued on completion of the audit.

1.4.2 Self-Review Threat

• A self-review threat may arise when a professional accountant does not

appropriately evaluate the results of a previous judgment made by either
themselves or another individual within their firm or employing organisation,
which they will rely on when forming a judgment in providing a current service.
• Examples include, but are not limited to:
• reporting on the operation of systems after being involved in their design or
implementation;
• a member of an engagement team having previously been employed by the
client in a position that directly influenced the subject matter (e.g. financial
statements); and
• business decisions or data being reviewed and justified by the person
responsible for making those decisions or preparing those data.
 Example 2 Self-review Threats

1. Dregger & Co, currently appointed as the auditor of Turnbally Co, was
previously engaged by Turnbally Co to design and implement its digitalised
financial control system.
2. Mariana, the audit manager for the statutory audit of Ruger Co, was
previously engaged as a non-executive director of Ruger and the chair of
Ruger’s audit committee.

1.4.3 Advocacy Threat

An advocacy threat is created when the professional accountant promotes a client's

or employer's position or opinion to the point that subsequent objectivity may be
compromised. If the position has changed later, there may be pressure to ignore that
change.
Examples of advocacy threats include:
• promoting shares in an audit client;
• acting as an advocate on behalf of an audit client in litigation or disputes with
third parties;
• commenting publicly on future events in particular circumstances, having
made assertions without detailing the assumptions; and
• where information is incomplete or advocating an argument which is unlawful.

Example 3 Advocacy Threats

1. Pally & Co has been asked to make representations supporting its audit
client, Baroo Co, in applying for loan facilities from a consortium of banks
because Pally & Co had issued unmodified opinions on Baroo’s financial
statements for a few years.
2. Balsyer Co, impressed with the quality of work performed by TT Chartered
Accountants on its statutory audit, has invited TT to be its reporting
accountants for its upcoming initial public offering (IPO) and accompanying
promotions to institutional investors.

1.4.4 Familiarity Threat

A familiarity threat can arise when a professional accountant, because of a long or

close relationship, becomes too sympathetic to the interests of a client or employer
or too willing to accept their work and explanations.
 Key Point

There is a significant risk that professional scepticism will not be sufficiently

applied.

Examples of familiarity threats include:

• Over-familiarity (e.g. close or immediate family member) with management
such that professional judgement could be compromised;
• Long association with business contacts influencing business decisions;
• Acceptance of gifts or preferential treatment, unless the value is insignificant;
and
• A former partner of the audit firm becoming a director, officer or employee of a
client in a position to exert direct influence over the financial statements (or
other subject matter of the engagement).

Example 4 Familiarity Threats

1. The CEO of Rublus Co is also the wife of the engagement partner for the
company’s statutory audit.
2. Patrick, a former partner in Delim & Co has joined Pack Co as finance
director. Patrick was the audit engagement partner of Pack Co in previous
years and Delim & Co is still Pack Co’s auditor this year.

1.4.5 Intimidation Threat

An intimidation threat arises where the professional accountant may be deterred

from acting objectively by actual or perceived pressures, including attempts to
exercise undue influence over the accountant.
Examples of intimidation include:
• the threat of dismissal (as an employee) or replacement (as an auditor), for
example, over a disagreement about the application of an accounting
principle;
• a dominant personality attempting to influence the presentation of financial
information or controlling relations with auditors (e.g. their appointment);
• being threatened with litigation; and
• being pressurised to reduce necessary work to reduce costs or fees.
Example 5 Intimidation Threats

1. The finance director of Belmont Co has informed the auditor that the
company might start looking for a new auditor in the event of an
unfavourable audit opinion.
 2. Balsi Co’s management has informed the auditor, Truf & Co, that it would
hold Truf & Co liable for any drop in share price if the audit opinion is
unfavourable.

Key Point

A circumstance might create more than one threat, and a threat might affect
compliance with more than one fundamental principle.

1.5 Addressing Threats (R120.10)

There are three ways to address threats to the fundamental principles:

1. Eliminate the circumstances, including interests or relationships, that are
creating the threats;
For example, a member of the audit team may sell any direct holdings in a
client’s shares before the commencement of the audit.
2. Apply safeguards, where available and capable of being applied, to reduce
the threats to an acceptable level; or
3. Decline or end the specific professional activity. This may be the only course
of action (i.e. when a threat cannot be eliminated or reduced to an acceptable
level through safeguards).
For example, an auditor may decline to advise a client on a takeover bid
where the target company is another audit client.

Definition

Safeguards – actions, individually or in combination, taken by the professional

accountant that effectively eliminate threats to compliance with the fundamental
principles or reduce them to an acceptable level.

This means that:

• A safeguard must be an action by the professional accountant (not just a
consideration).
• Some actions which may be necessary to evaluate an ethical threat (e.g.
taking advice from a third party) may not themselves be a safeguard. A
safeguard would still need to be actioned (e.g. in response to the advice
received).

Key Point
 The professional accountant’s action is not a safeguard unless it is effective.

2.1 Independence, Objectivity and Integrity (400.5,

R400.11)

Independence is a requirement for all professional accountants and their firms when
performing audit engagements.

Key Point

An auditor's integrity and objectivity must be beyond question. Objectivity can only
be assured if the auditor is, and is seen to be, as independent as possible.

Independence requires both independence of mind and independence in

appearance.
Independence of mind means that the state of mind:
• permits the expression of a conclusion without being affected by influences
that compromise professional judgement; and
• allows an individual to act with integrity and exercise objectivity and
professional scepticism.

Independence in appearance means avoiding instances in which the facts and

circumstances are so significant that a reasonable and informed third party, knowing
all relevant information (including safeguards applied), would reasonably conclude
that a auditor's integrity, objectivity or professional scepticism had been
compromised.
The following examples describe specific circumstances and relationships that may
cause threats to independence. Although they mainly relate to professional
accountants in practice (i.e. audit and assurance), they can equally apply to the
provision of non-assurance services and professional accountants in industry,
commerce, etc.

2.2 Fees
2.2.1 General (410.3-410.4)

Fees for professional services are usually negotiated with and paid by an audit client.
This practice is generally recognised and accepted by intended users of financial
statements. However, it creates a self-interest threat and might create an
intimidation threat to independence.

The level of threats created will depend on many factors, for example:

• the level of the fees (having regard to the resources required);

• the extent of any dependency between the fee and the outcome of the
service;
• the operating structure and compensation arrangements of the firm;
• the significance of the client to the firm, office or partner;
• the nature of the client (e.g. whether it is a public interest entity); and
• the involvement of those charged with governance (TCWG) in appointing the
auditor and agreeing fees.

The existence of a system of quality management implemented (see Chapter 5) may

also affect the evaluation of whether threats are at an acceptable level.

2.2.2 Level of Audit Fees (410.5)

Factors that are relevant in evaluating the level of self-interest and intimidation
threats created by the level of the audit fee paid by the audit client include:
• The firm’s commercial rationale for the audit fee; and
• Whether undue pressure has been, or is being, applied by the client to reduce
the audit fee.
Actions that might be safeguards to address such threats include having an
appropriate reviewer who does not take part in the audit engagement:
• assess the reasonableness of the fee proposed, having regard to the scope
and complexity of the engagement;
• review the work performed.
•
2.2.3 Contingent Fees (410.8)

Definition
 Contingent fees – fees calculated on a predetermined basis relating to the
outcome of a transaction or the result of the services performed.

Key Point

A firm must not charge directly or indirectly a contingent fee for an audit
engagement.

Contingent fees are also prohibited for non-assurance services (NAS) to audit clients
if:
• the fee is material (or expected to be material) to the firm; of
• the outcome of the NAS, and therefore the amount of the fee, depends on a
future or current judgment related to the audit of a material amount in the
financial statements.

2.2.4 Total Fees – Proportion of Fees for Other Services (410.11)

The level of the self-interest threat might be increased when a large proportion of
fees is generated from other services to an audit client, due to concerns about the
potential loss of either the audit engagement or other services. Such circumstances
might also create an intimidation threat.
Factors that are relevant in evaluating the level of such threats include:
• the ratio of fees for other services to the audit fee;
• the length of time during which a high ratio has existed;
• the nature, scope and purposes of the other services (e.g. whether they are
recurring).
Examples of safeguards include:
• Having an appropriate reviewer who was not involved in the audit or the other
services review the relevant audit work;
• Reducing the extent of other services provided to the audit client.

2.2.5 Total Fees – Overdue Fees (410.12)

The level of the self-interest threat might be increased if fees payable by an audit
client are overdue during the period of the audit engagement.
It is generally expected that the firm will obtain payment of such fees before the
audit report is issued.
Factors that are relevant in evaluating the level of such a self-interest threat include:
• the significance of the overdue fees to the firm;
• the length of time the fees have been overdue; and
 • the ability and willingness of the audit client to pay the overdue fees.
Examples of safeguards include:
• Obtaining partial payment of overdue fees;
• Having an appropriate reviewer who did not take part in the audit engagement
review the audit work.

Key Point

When a significant part of the fees due from an audit client remains unpaid for a
long time, the Firm must determine whether:
• the overdue fees might be equivalent to a loan to the client (see s.2.7); and
• it is appropriate for the firm to be re-appointed or continue the audit
engagement.

2.2.6 Total Fees – Fee Dependency – All Audit Clients (410.14)

When the total fees generated by an audit client represent a large proportion of a
firm's total fees, the dependence on, and concern about the potential loss of, fees
increase the self-interest threat and create an intimidation threat.
The level of the threats will depend on factors such as:
• the operating structure of the firm;
• whether the firm is expected to diversify (such that dependence is reduced).
A self-interest or intimidation threat is similarly created when the fees generated by a
firm from an audit client represent a large proportion of the revenue of one partner or
one office of the firm.

2.2.7 Public Interest Entities (R410.18)

Definition

Public interest entity (PIE) – a listed entity, or an entity required by a regulator to

be audited as if it were listed, or an entity of significant public interest due to size
or business (e.g. banks).

When for each of two consecutive years, the total fees from a PIE client represent
more than 15% of the firm’s total fees, the firm must:
• determine whether, prior to issuing the audit opinion on the second year’s
financial statements, a “pre-issuance review” (equivalent to an engagement
 quality review) might be a safeguard to reduce the threats to an acceptable
level; and
• if so, apply it.
(Engagement quality reviews are described in Chapter 5.)

Key Point

If these circumstances continue for five consecutive years, the firm must cease to
be the auditor after the audit opinion for the fifth year is issued.

The only exception to this requirement is if:

• a regulatory professional body in the relevant jurisdiction agrees that there is
a compelling reason to continue “having regard to the public interest”; and
• a pre-issuance review is performed before the audit opinion is issued on the
sixth and any subsequent year’s financial statements.

2.2.8 Fee Dependency – Not PIEs (410.15)

When for each of five consecutive years, the total fees from a not PIE client
represent more than 30% of the firm’s total fees, the firm must determine whether
either of the following actions might reduce the threats to an acceptable level, and if
so, apply it:
• prior to issuing the audit opinion for the fifth year, a professional accountant
who is not a member of the firm, reviews that year’s audit work; or
• after the fifth year’s audit opinion has been issued (and before the sixth
year’s), a professional accountant reviews the fifth year’s audit work.

2.3 Inducements, including Gifts and Hospitality (R420.3)

Offering or accepting inducements might create a self-interest, familiarity or

intimidation threat to compliance with the fundamental principles, particularly the
principles of integrity, objectivity and professional behaviour.
An inducement can take many forms, for example:
• Gifts
• Hospitality and entertainment
• Political or charitable donations
• Appeals to friendship and loyalty
• Employment or other commercial opportunities
 • Preferential treatment, rights or privileges.

The professional accountant must comply with relevant laws and regulations that
prohibit the offer or acceptance of inducements in certain circumstances (e.g. those
related to bribery and corruption).
A firm or audit team member must not accept gifts and hospitality from an audit client
unless the value is trivial and inconsequential.
Any gift that is intended to influence behaviour improperly should not be accepted
(even if the value is trivial and inconsequential).

Key Point

Offering or accepting of inducements that are not prohibited might still threaten
compliance with the fundamental principles.

Safeguard include:

• Informing senior management of the firm or TCWG of the client regarding the
offer;
• Amending or terminating the business relationship with the client.

2.4 Actual or Threatened Litigation (430.3 A)

Actual or threatened litigation typically involves the issue (or threat) of a writ against
the firm for negligence or failure to conduct activities professionally resulting in a
breakdown of trust.
When litigation with an audit client occurs or appears likely, self-interest and
intimidation threats are created.
The firm and client may be placed in adversarial positions, therefore:
• the auditor may be unable to report impartially; and/or
• the client may be unwilling to disclose relevant information.
The significance of the threat will depend on:
• the materiality of the litigation;
• whether the litigation relates to a prior audit engagement.
Safeguards that may be applied include:
• independent review of the work carried out and subject to the litigation; and
 • if the litigation involves a member of the audit team, removing that individual
from the audit team.

2.5 Financial Interests

Financial interests may be held and controlled directly (e.g. personal shareholdings)
or indirectly (e.g. through a pension fund).
Holders of a relevant interest (e.g. direct interest or material indirect interest) in an
assurance client are at risk, and the self-interest threat should be assessed.
The threat depends on whether the relevant interest is held by:
• a partner (regardless of any involvement in the audit);
• an employee; or
• an immediate or close family member.

2.5.1 Audit Team Members and Partners (R510.4)

A relevant interest in an audit client cannot be held by:

• An audit team member; or
• Any partner in the office of the engagement partner; or
• Their immediate family (i.e. spouse, partner or dependent).
If held, there are no safeguards that would reduce the threat to an acceptable level,
so:
• the individual must dispose of the interest; or
• the firm disengage from the audit; or
• the audit team member/partner resigns from the firm.
If the individual receives the interest unintentionally (e.g. an inheritance or gift), it
must be disposed of immediately.
As an exception, an immediate family member may hold a relevant interest in an
audit client, provided that:
• It was received as an employment right (e.g. through a pension or share
option plans) and, when necessary, the firm addresses the threat created by
the financial interest (e.g. by removing the team member from the audit); and
• When he obtains the right to dispose of the interest, he does so as soon as
(or otherwise forfeits that right).

Key Point
 Many firms require all professional employees not to hold any interest in any audit
client. Where an immediate family holds an interest, the employee should not be
assigned to that audit.

2.5.2 Close Family Member (R510.5)

A close family member is a parent, child or sibling (brother/sister) who is not an

immediate family member.
When a close family member holds a relevant interest in an assurance client, their
relationship with the audit team member (partner or employee) and the materiality of
the interest should be taken into account in assessing the significance of any threat.
Disposal of the interest or removing the individual from the audit team would
eliminate the threat.
An example of a safeguard is an independent review of the work carried out by the
audit team member.

2.6 Family and Other Personal Relationships (R521.5-

R521.8)

Personal relationships (e.g. through mutual business interests or close friendship) or

family relationships (e.g. by marriage or birth) between a member of the audit team
and a client's directors, officers and other employees create self-interest, familiarity
or intimidation threats.
The significance of the threats will depend on factors such as:
• the nature or closeness of the relationship;
• the position held by the family member/client's employee; and
• the role of the audit team member.
The more senior the individuals involved, the greater the threat. Therefore, an
individual cannot be a member of an audit team if an immediate family member:
• Is a director or officer of the audit client;
• Is an employee in a position to exert significant influence over the preparation
of the client’s accounting records or the financial statements on which the firm
will express an opinion; or
• Was in such a position during any period covered by the engagement or the
financial statements.
In other situations, safeguards include restructuring the responsibilities of the audit
team, so the team member does not deal with the areas of responsibility of the family
member/client employee.

Activity 2 Family and Other Personal Relationships

Suggest how the threats arising in each of the following situations should be
addressed:
1. A trainee's uncle is a director of an assurance client.
2. A trainee's friend from university is the credit controller of an audit client.
3. An audit manager's fiancée is the credit controller of an audit client.
4. A partner's sister is a director of a company.
*Please use the notes feature in the toolbar to help formulate your answer.

2.7 Loans and Guarantees (R511.4-R511.7)

Loans and guarantees to an audit client by a firm, audit team member or immediate
family are prohibited unless immaterial to both:
• the firm (or individual) making the loan or guarantee; and
• the client.
Loans and guarantees from an audit client that is not a bank (or similar institution)
are similarly prohibited.
Where the client is a bank (or similar institution), loans (including mortgages, bank
overdrafts and credit card balances) and guarantees cannot be accepted unless
made under routine lending procedures, terms and conditions. Even in this situation,
a self-interest threat may arise if the loan is material to the loan recipient.
Where such loans are material, safeguards are required to address the self-interest
threat (e.g. an independent review of audit work).
Many firms prohibit their partners (and the firm) from having any material loan from
financial institution clients. This is particularly the case for the engagement partners.
Where a loan is material to an employee (which is likely to be the case), that
employee would not be assigned to the audit of the financial institution concerned.

2.8 Provision of Non-assurance Services to Assurance

Clients
2.8.1 General (R600.8)

There is no objection to providing non-assurance services (NAS) to audit clients. In

doing so, the firm better understands its clients' processes, controls, business and
financial risks. However, auditors are barred from providing additional NAS to listed
company clients in some jurisdictions.
Under corporate governance codes (e.g. the UK Corporate Governance Code), audit
committees must specifically approve non-audit services provided by auditors,
ensuring that independence has not been impaired and that there is no threat to any
fundamental principle.
Before accepting an engagement to provide a NAS to an audit client, the firm must
establish if providing the service would create a threat to independence.

Key Point

If a threat cannot be reduced to an acceptable level by applying safeguards, the

NAS cannot be provided.

2.8.2 Evaluating Threats (600.9 A1)

Factors to consider include:

• The nature, scope, intended use and purpose of the service.
• The degree of reliance that will be placed on the outcome of the service in the
audit.
• The legal and regulatory environment in which the service is provided.
• Whether the client is a public interest entity.
• Whether it is material;
• The degree of subjectivity involved.
• The client’s level of expertise concerning the type of service provided.
• Whether the outcome will affect the accounting records or matters reflected in
the financial statements, and, if so:
• Whether it is material;
• The degree of subjectivity involved.
• The extent of the client’s involvement in determining significant matters of
judgment.
• The degree of reliance that will be placed on the outcome of the service in the
audit.
• Whether the client is a public interest entity.
• The fee for the NAS.
 Key Point

Where the Code expressly prohibits the provision of a NAS to an audit client,
that is regardless of the materiality of the outcome or results of the NAS on the
financial statements.

2.8.3 Prohibition on Assuming Management Responsibilities

(R400.13 and R600.17)

Key Point

A firm must not assume management responsibility for an audit client.

Management responsibilities involve controlling and directing an entity, including

making decisions regarding acquiring, using and controlling human, financial,
technological, physical and intangible resources. Examples include:

• Setting policies and strategic direction.

• Hiring or dismissing employees.
• Directing and taking responsibility for employees’ actions concerning their
work.
• Authorising transactions.
• Controlling or managing bank accounts or investments.
• Deciding which recommendations of the firm or other third parties to
implement.
• Reporting to those charged with governance on behalf of management.
• Taking responsibility for designing, implementing, monitoring and maintaining
internal control.

Assuming management responsibility in providing a NAS creates self-review and

self-interest threats. It can also create familiarity threat and even advocacy threat
(because the firm becomes too closely aligned with the views and interests of
management).
Providing advice and recommendations to assist management in discharging its
responsibilities is not assuming management responsibility. (However, this might
create a self-review threat.)

Key Point
 To avoid assuming management responsibility when providing any NAS to an
audit client, the firm must be satisfied that management makes all judgments and
decisions that are the proper responsibility of management.

This includes ensuring that a designated individual (preferable senior management)

with suitable skill, knowledge and experience is responsible for the client’s decisions
and overseeing the services.

Activity 3 Management Decisions

Identify three areas, when preparing financial statements, that the accountant could
be considered to have made a management decision.
*Please use the notes feature in the toolbar to help formulate your answer.

2.8.4 Accounting and Bookkeeping Services – Self-review Threat

(R601.5-R601.7)

Examples of accounting and bookkeeping services include:

• Preparing accounting records and financial statements;
• Recording transactions;
• Payroll services.

Key Point

Such services must not be provided to a PIE audit client.

Such services cannot be provided to an audit client that is not a PIE unless:
• The services are of a “routine or mechanical” nature (i.e. requiring little or no
professional judgment); and
• Any threats that are not at an acceptable level are addressed. For example:
• Using professionals who are not audit team members to perform the service.
• Independent review of the audit work or service performed.

2.8.5 Valuation Services – Self-review or Advocacy Threat (R603.4-

R603.5)
A valuation involves making assumptions about future developments and applying
specific methodologies and techniques to compute a particular value, or range of
values, for an asset, a liability or the whole or part of an entity.
A self-review threat may be created when a firm performs a valuation for an audit
client that will affect the accounting records or the financial statements on which the
auditor will express an opinion.

PIE Not-PIE

If valuation might create a self-review If valuation involves a significant degree

threat, service cannot be provided. of subjectivity and will have a material
effect, service cannot be provided.

Safeguards for a not-PIE client include:

• independent review of the audit or the valuation work; and
• excluding members of the valuation team from the audit.

2.8.6 Tax Services – Self-review or Advocacy Threat (R604.10–

R604.26)

Tax services include activities such as:

• Tax return preparation;
• Tax calculations to prepare the accounting entries;
• Tax advisory and tax planning services;
• Tax services involving valuations; and
• Assistance in the resolution of tax disputes.

Providing tax services to an audit client might create a self-review threat when there
is a risk that the results of the services will affect the accounting records or the
financial statements. Such services might also create an advocacy threat.
• Tax return preparation services do not usually create a threat because:
• they are based on historical information presented under existing tax law; and
• tax returns are subject to review or approval by the tax authority.
• Preparing tax calculations (current and deferred) for the accounting entries
that will be subsequently audited creates a self-review threat.
• This is prohibited for a PIE audit client, if material;
• Appropriate safeguards should be applied to a not-PIE audit client.
• Tax advisory and tax planning services comprise a broad range of services
which might create a self-review or advocacy threat.
• Such services that might create a self-review threat for a PIE are prohibited;
 • Where permitted, as well as the usual safeguards, the firm may obtain
“preclearance” from the tax authorities.
• For tax services involving valuations, the provisions of the Code for
valuation services may apply (s.2.8.5)
• Providing assistance in the resolution of tax disputes to an audit client
might create a self-review or advocacy threat. For example, when the tax
authorities have notified the client that arguments on a particular issue have
been rejected and either the tax authority or the client refers the matter to a
tribunal or court.

Key Point

A firm must not assist in the resolution of any tax dispute which involves:
• Acting as an advocate for the audit client before a tribunal or court;
• Amounts which are material to the financial statements.

2.8.7 Internal Audit – Self-review Threat (R605.6)

Many internal audit services will not be directly related to the financial systems and
preparation of the financial statements. They may be undertaken without threat to
independence by the external auditors.
For a PIE audit client, internal audit services that relate to the following are
prohibited:
• internal controls over financial reporting;
• financial accounting systems that generate information for the client's
accounting records or financial statements; or
• amounts or disclosures that relate to the financial statements.
For not-PIE audit clients, professionals who are not audit team members may
perform the service as a safeguard.

2.8.8 IT Systems Services – Self-review Threat (R606.6)

Providing services to an audit client that involve the design and implementation of
financial information technology systems that generate information forming part of
that client's financial statements, may create a self-review threat.
For a PIE audit client, a firm cannot provide services that involve designing or
implementing IT systems that:
• form part of the internal controls over financial reporting; or
• generate information for the client's accounting records or financial
statements.
2.8.9 Recruiting Services – Self-interest, Familiarity or Intimidation
Threats (R609.5-R609.6)

The recruitment of senior management for an audit client may create current or
future self-interest, familiarity and intimidation threats.
The significance of any threat will depend on:
• the role of the person to be recruited;
• the nature of the assistance requested; and
• any conflicts of interest or relationships between the candidates and the firm
providing the advice or service.

Key Point

An audit firm is prohibited from acting as a negotiator on an audit client’s behalf.

The following recruiting services are prohibited for any audit client for the positions
of director, officer or senior management in a position to exert significant influence
over the accounting records or financial statements:
• Searching for candidates;
• Undertaking reference checks;
• Recommending who to appoint;
• Advising on terms of employment, remuneration or benefits of a particular
candidate.

2.8.10 Corporate Finance Services – Self-review or Advocacy

Threat (R610.5-R610.8)

Examples of corporate finance services include:

• assisting an audit client in developing corporate strategies;
• identifying possible targets for the audit client to acquire;
• advising on disposal transactions;
• assisting in finance raising transactions;
• providing restructuring advice; and
• providing advice on financing arrangements that will directly affect amounts
reported in the financial statements.
The significance of the threats created will depend on factors such as:
• the degree of subjectivity involved;
• the extent to which the outcome will directly affect amounts recorded in the
financial statements and their materiality; and
 • whether the effectiveness of the advice depends on a particular accounting
treatment or presentation about which there are doubts.
Safeguards that may be applied include:
• Using professionals who are not members of the audit team to perform the
service;
• Independent review of the audit work or service.

Key Point

The following corporate finance services are prohibited for any audit client:
• Those involving promoting, dealing in or underwriting an audit client's
shares.
• Those whose effectiveness depends on a particular accounting treatment
which is in doubt and material.

2.9 Long Association of Senior Personnel (R540.4-

R540.20)

A familiarity threat arises when senior staff have been involved with an audit
engagement for a significant time.
A self-interest threat might be created due to an individual’s concern about losing a
long-standing client or interest in maintaining a close personal relationship with a
member of senior management or TCWG. Such threats might influence the
individual’s judgment impairing objectivity and reducing professional scepticism.

Key Point

A long association can adversely affect objectivity and professional scepticism,

which are essential contributors to audit quality.

For a PIE, an individual cannot act in any of the following roles (or a combination
thereof) for more than seven cumulative years (the “time-on” period):
• The engagement partner;
• The individual responsible for the engagement quality review (see Chapter 5);
• Any other key audit partner role.
After the time-on period, the “cooling-off” period is:
• Five years – engagement partner;
• Three years – engagement quality reviewer;
 • Two years – other key audit partners.
When an audit client becomes a PIE, a key audit partner with a time-on of five years
or more may remain with the client for two additional years before rotating off the
engagement.
For other entities, the factors to take into account when assessing the threat include:
• how long the individual has been a member of the audit team;
• the extent to which their work is directed, supervised and reviewed;
• the extent to which the individual, due to their seniority, can influence the
outcome of the audit;
• their closeness to senior management/TCWG;
• the nature, frequency and extent of interaction between the individual and the
client;
• whether the client's management team has changed; and
• whether the nature or complexity of the client's accounting and reporting
issues has changed.
Safeguards that can be applied include:
• rotating senior personnel off the engagement;
• involving an experienced, independent professional to review the work of the
senior team members; or
• subjecting the whole assignment to internal or external quality control reviews.

2.10 Employment with an Audit Client

Employment relationships with an audit client might create a self-interest,

familiarity or intimidation threat.
A familiarity or intimidation threat might be created if a director or officer of an audit
client (or an employee in a position to exert significant influence over the financial
statements) was a partner of the audit firm or a member of the audit team.

2.10.1 Former Partner/Audit Team Member Restrictions (R524.4)

When a partner or audit team member joins an audit client as a director or in a

position of influence, the firm must ensure that no significant connection remains
between the firm and the individual who has left. However, even if there is no
significant connection (e.g. the individual does not receive any payments from the
firm or participate in its business), a familiarity or intimidation threat might still be
created.
The significance of the threat will depend on the specific circumstances, for example:
 • the position the individual has taken at the client;
• the amount of any involvement the individual will have with the audit team;
• the length of time since the individual was a member of the audit team or firm;
and
• the individual's former position in the audit team or firm.
Safeguards to address familiarity or intimidation threats include:
• modifying the audit plan;
• assigning a sufficiently experienced audit team; and
• quality review.

2.10.2 Audit Team Member Entering Employment with a Client

(R524.5)

A firm must have policies and procedures that require audit team members to notify
the firm when entering employment negotiations with an audit client.
A self-interest threat is created when an audit team member participates in the audit
knowing that they will, or might, join the client in future.
The threat may be eliminated by removing the individual from the audit team.
A safeguard would be to review any significant judgments made by the individual
while on the team.
For a PIE, a key audit partner joining the client will compromise the audit firm’s
independence unless he was not concerned with the audit of financial statements for
not less than 12 months.

2.10.3 Temporary Personnel Assignments (R525.4)

The loan of personnel to an audit client might create a self-review, advocacy or

familiarity threat.
Safeguards include:
• Conducting an additional review of the work performed by the loaned
personnel.
• Not including the loaned personnel in the audit team.
• Not giving the loaned personnel audit responsibility for any function or activity
they performed during the temporary assignment.

2.11 Close Business Relationships (R520.4)

A close business relationship between a firm (or an audit team member or his
immediate family) and the audit client (or its management) will involve a commercial
or common financial interest and may create self-interest and intimidation threats.
Examples of close business relationships include:
• financial interests in joint ventures with a client, directors, officers or
employees who perform managerial functions;
• combining one or more products or services of the firm with one or more
products or services of the client; and
• distribution or marketing arrangements between the firm and a client for a joint
product or the other's products and services.
In such circumstances, unless the financial interest is immaterial and the relationship
insignificant, no safeguards would be able to reduce the risk to an acceptable level,
Therefore, the auditor must:
• terminate such business relationships already established;
• decline any such business relationships offered; or
• decline the audit assignment.

2.12 Recent Service (R.522.3)

An audit team member who recently served as a director, officer or employee of the
audit client might create a self-interest, self-review or familiarity threat. Therefore,
an audit team should not include an individual who served with the audit client
during the period covered by the audit report.

2.13 Serving as a Director (R523.4)

Serving as a director or officer of an audit client creates self-review and self-interest

threats.

Key Point

A partner or employee of the firm must not serve as a director or officer of an audit
client of the firm.

Serving as Company Secretary for an audit client is similarly prohibited unless:

• Specifically permitted under local law, professional rules or practice;
 • Management makes all relevant decisions; and
• Duties and activities performed are limited to routine and administrative (e.g.
preparing minutes and maintaining statutory returns).

Activity 4 Independence for Audit Engagements

Comment and conclude on the following THREE situations.

1. Trainees of Porterhouse, a firm of Certified Accountants, have been offered
overdraft facilities up to $3,000, on student terms, by a client bank.
2. Ambit Co is preparing to apply for listing (admission) to a recognised stock
market while offering a proportion of its shares to the public. The directors
have asked Schilling & Co, as their auditors, to set up and maintain the
company's share register on a computer database.
3. Sean & Co is the auditor of Starck Co. During the current year, Starck has
expanded rapidly, taken over three other companies and is currently preparing to
float a proportion of its shares on a recognised stock exchange. As a result of
several special assignments connected with these events, total fees from Starck
amount to 19% of the total fee income of Sean & Co for the year.
4. In addition, Sean & Co's senior tax manager owns a small number of shares in
Starck, acquired several years ago when the company issued shares under a
business expansion scheme.
*Please use the notes feature in the toolbar to help formulate your answer.

3.0 Introduction

A second opinion is when a professional accountant is asked for an opinion on the

application of accounting, auditing, reporting or other standards or principles by an
entity that is not an existing client. This is also sometimes referred to as "opinion
shopping".

Key Point

Providing a second opinion to an entity that is not an existing client may threaten
compliance with the fundamental principles, unless the advice sought is
insignificant.
3.1 Threats to the Fundamental Principles (321.3 A)

A self-interest threat to compliance with the principle of professional competence and

due care arises when the second opinion is not based on the same set of facts that
were made available to the existing accountant, or is based on inadequate evidence.
The second opinion may create undue pressure on the judgement and objectivity of
the entity’s appointed auditor (i.e. threatening another professional accountant’s
independence).

3.2 Actions to Address

Examples of actions that might be safeguards to address such a self-interest threat

include:
• Obtaining information from the current auditor with the client's permission.
• Describing the limitations surrounding any opinion in communications with the
client.
• Providing the current auditor with a copy of the opinion.
The client's current auditor should:
• Seek the client's permission to reply to the request for information.
• If given, provide all information, facts and assumptions relevant to its
professional opinion.

4.0 Introduction

The Code highlights two aspects of confidentiality: improper disclosure and

improper use.

4.1 Disclosure of Confidential Information (R114.1)

Key Point

Information acquired in the course of professional work should not be disclosed to

third parties (including other clients or another employer) without first obtaining the
permission of the client/employer.
Confidentiality is an implied term of a contract between an auditor and client,
employee and employer. Therefore it cannot be disclosed against a
client's/employer's wishes. It is in the public interest that this professional duty of
confidence exists.

Definition

Public interest – the collective well-being of the community of people and

institutions the professional accountant serves.

However, there are circumstances in which disclosure may be required or

appropriate.
There is a statutory (legal) duty to disclose without first obtaining permission to do
so, for example:
• under the obligation of a court order; or
• disclosure to the appropriate public authorities of law infringements (where
required).
The firm has a professional duty or right to disclose (when not prohibited by law),
for example:
• to comply with quality-control reviews of regulatory bodies such as ACCA;
• to respond to an inquiry or investigation by ACCA or other regulatory body; or
• to comply with technical standards and ethics requirements.
Where there is a right (as opposed to a duty), disclosure should only be made to
pursue a public duty or professional obligation. (ISA 250 Consideration of Laws and
Regulations in an Audit of Financial Statements is covered in Chapter 11.)

Duty (obligatory disclosure) Right (voluntary disclosure)

UK examples include actual or In certain circumstances, information

suspected offences of: may be disclosed, whatever its nature.
Categories of disclosure include:
• Money laundering
• Proceeds of crime • In the "public interest" to a
• Drug trafficking person having proper interest to
• Terrorism receive information (e.g. the
• Corruption police, the stock exchange for a
• Tax evasion listed client).
• Insider dealing • To protect the auditor's interests
(e.g. defending against ACCA
disciplinary proceedings).
• If not prohibited by statute.
 Example 6 Improper Disclosure

During the current year's interim audit, the auditor becomes aware that the client
has misrepresented its sales tax return to the tax authorities, resulting in an
underpayment of sales tax. The client refuses to accept the auditor's advice to
notify the tax authorities and negotiate and correct the returns.
The auditor informs the client that he is no longer prepared to act for them in any
professional capacity. He also tells the client that he will be informing the taxation
authorities that he no longer acts for the client. Because of client confidentiality, he
should not disclose to the tax authorities why he has resigned (unless the client
gives permission for him to do so, which is highly unlikely).
In addition, in certain jurisdictions (e.g. the UK), the deliberate underpayment of
taxation is classified as proceeds of crime and possibly money laundering.
Therefore, the auditor is under a legal duty to report his suspicions to the
appropriate authorities (dealing with proceeds of crime), giving full details, even
though he does not provide a complete report to the taxation authorities.
It is essential for professional accountants to seek legal advice in such
circumstances.

4.2 Use of Confidential Information (R114.2)

Key Point

A professional accountant acquiring information in the course of their professional

work should neither use, nor appear to use, that information for his or a third
party's advantage.

When a professional accountant changes firm or employment, he should distinguish

between:
• experience gained in the previous firm or employment; and
• confidential information and documents acquired there.
A member should not deal in the shares of a company with which he has a
professional association, as it might appear that he was turning information obtained
in his professional capacity to his advantage.
5.1 Two Types (310.2)

A conflict of interest creates threats to compliance with the principle of objectivity

(and might threaten compliance with the other fundamental principles). Such threats
might arise when there is a conflict between:
1. the professional accountant's interests and the client's interests.
2. he interests of two or more clients.

5.2 Professional Accountant v Client

Key Points

• Professional accountants should place clients' interests before their own.

• A firm should not accept or continue an engagement in which there is or is
likely to be a significant conflict of interest between the firm and the client.
• Any financial gain that accrues or is likely to accrue to the firm as a result of
the engagement (other than properly earned fees, etc) will always amount
to a significant conflict of interest.

The professional accountant should apply the "reasonable and informed third party"
test.
Where any commission, referral fee or reward may be earned for the introduction of
a client or as a result of advice given to a client, a self-interest threat arises.
Safeguards include disclosing to the client, in writing:
• that such commission, etc will be received;
• as soon as practicable, of its amount and terms; and
• obtaining advance agreement from the client for the referral arrangement and
fee.

5.3 Client v Client (R310.5, R310.9)

Key points

• The firm's work should be managed to avoid the interests of one client
adversely affecting those of another.
 • Where the acceptance or continuance of an engagement would, even with
safeguards, materially prejudice the interests of any client, the appointment
should not be accepted or continued.

All reasonable steps should be taken to ascertain whether there are any conflicts of
interest between clients (both new and existing) or are likely to arise in the future.
• Relationships with existing clients must be considered before accepting a new
appointment and regularly after that.
• A relationship that ended more than two years ago is unlikely to lead to
conflict.
• A material conflict of interest between existing or potential clients should be
sufficiently disclosed to all clients involved so that they may make an informed
decision on whether to engage or continue their relationship with the firm.
Safeguards include:
• Separate engagement teams are provided with clear policies and procedures
for maintaining confidentiality.
• Appropriate reviewer, who is not involved in providing the service or otherwise
affected by the conflict, reviews the work performed to assess whether the
critical judgments and conclusions are appropriate.
Where a conflict of interest poses a threat to one or more of the fundamental
principles that cannot be eliminated or reduced to an acceptable level, the
professional accountant should conclude that it is not appropriate to accept a specific
engagement or resign from one or more conflicting engagements. When
disengagement is necessary, the process should be done as speedily as is
compatible with the interests of the clients concerned.

Example 7 Conflicts of Interest

All of the current Big Four firms were formed through the mergers of major firms
(originally referred to in the 1980s as the "Top 10"). As the number of audit and
assurance firms reduced, it was not uncommon for two major competitor
companies to find that they became clients of the same firm. Despite assurances
given concerning the confidentiality of the information and being able to minimise
and control conflicts of interest, many competitor companies decided that one of
them would need to change advisers.

Activity 5 Ethical Issues

Comment and conclude on the following THREE situations:

 1. The audit senior of Neutron Co has known the credit controller since they
were at university. During the week of the audit, the audit senior left the audit
files in his car while they dined at a restaurant. There are no other audit staff
available that the client considers capable of replacing him on the assignment.
2. A part-time partner in Spoils & Co is also a councillor in the local authority.
She has been acting for Radnor, a limited liability company whose business
venture now requires planning permission from the local authority. The
partner sits on the planning committee and recently vigorously opposed a
similar application.
3. To reduce audit fees, one of your corporate clients, Finders, has employed an
accountant temporarily to assist you with your audit work. The client feels that it will
be cheaper for the temporary accountant to perform some of the audit testing,
replacing one member of your staff.
*Please use the notes feature in the toolbar to help formulate your answer.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation

1. Professional ethics and ACCA's Code of Ethics and Conduct

• Define and apply the fundamental principles of professional ethics of integrity,
objectivity, professional competence and due care, confidentiality and
professional behaviour.
• Define and apply the conceptual framework, including the threats to the
fundamental principles of self-interest, self-review, advocacy, familiarity and
intimidation.
• Discuss the safeguards to offset the threats to the fundamental principles.
• Describe the auditor's responsibility with regard to auditor independence,
conflicts of interest and confidentiality.

Summary and Quiz

• The ACCA's Code of Ethics and Conduct applies to all students and
members.
• The five fundamental principles are:
• Integrity
 • Objectivity
• Professional competence and due care
• Confidentiality
• Professional behaviour
• The conceptual framework assists the auditor in identifying, evaluating and
responding to threats to compliance with the fundamental principles. The
categories of threats are:
• Self-interest
• Self-review
• Advocacy
• Familiarity
• Intimidation
• Threats must be eliminated, reduced to an acceptable level or the
professional activity declined/relationship ended.
• Safeguards are actions taken by the professional accountant (e.g.
independent review).
• Independence requires independence of mind and independence in
appearance.
• A public interest entity (PIE) is a listed entity, or an entity required to be
audited as if it were listed, or an entity of significant public interest.
• The fee dependency threshold is 15% for a PIE client and 30% for a not PIE
client.
• Many firms require all professional employees not to hold any financial
interest in any audit client.
• A partner or employee of the firm must not serve as a director or officer of an
audit client of the firm.
• A firm must not assume management responsibility for an audit client.
• Most accounting and bookkeeping services should not be provided to a PIE
audit client.
• Exceptions to the duty of confidentiality include:
• a statutory duty to disclose (e.g. under court order);
• a professional duty to disclose (e.g. suspected money laundering); and
• a professional right to disclose (e.g. in defending the auditor against
disciplinary proceedings).
• A professional accountant should not use or appear to use information
acquired during professional work for personal advantage or the advantage of
a third party.
• Conflicts of interest include conflicts between:
• the professional accountant's interests and the client's interests; and
• the interests of two or more clients.

Technical Articles
ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Integrity

1. As an auditor, if a set of financial statements contain a material misstatement

that the directors refuse to change, an unmodified opinion would not be
issued.
2. In the context of other work (e.g. preparing a cash flow forecast), if asked to
verify misleading data, the member would refuse to accept the engagement or
withdraw as soon as he becomes aware that the data is misleading and the
client refuses to change.
3. For an accountant in business, being asked by the CFO to sign off on
management accounts for the bank that contain significant differences from
the underlying records.

Activity 2 Family and Other Personal Relationships

1. The trainee should not be a member of the assurance team.

2. If the trainee remains on the team, he cannot be involved in auditing sales or
receivables.
3. The manager should not be involved with the audit as he would be
responsible for directing and reviewing the audit work on receivables carried
out by trainees.
4. The firm should not provide assurance services to the company. If requested
to tender for the audit, the firm should decline. If the sister is recruited as a
director by the company, which is already an audit client, the firm should
resign from the audit.

Activity 3 Management Decisions

Note: Only three were required.

 1. Determining or changing journal entries (e.g. bad debt allowance) or the
classifications for accounts or transaction or other accounting records.
2. Determining accounting policies or estimates (e.g. useful lives of non-current
assets).
3. Authorising or approving transactions.
4. Preparing source documents or making changes to such documents.

Activity 4 Independence for Audit Engagements

1. Comments - Loans (including overdrafts) on normal commercial terms may

be accepted by staff members (including trainees).
"Student terms" may be standard commercial terms if the bank offers them to all
accountancy trainees, not just Porterhouse’s. If these terms are not normal
commercial terms, the next step is to determine if the benefit is more than "modest".
Conclusions - Porterhouse's engagement and compliance partners may decide that
acceptance of the offer will not appear to threaten objectivity even if the terms are
special. However, as a safeguard, it should be confirmed that the terms are no more
favourable (or no less unfavourable!) than those offered to other trainees. If more
favourable, the loans (overdrafts) should be declined.
2. Comments - Provided this is a simple matter of entering data into the
database and the directors of Ambit have approved the specific programme
used by the auditor, the nature of additional service is unlikely to threaten
objectivity (i.e. no managerial involvement).
As a public interest company (intention to list), recurring fees (audit + maintenance)
should not exceed 15% of gross practice income. In addition, a pre-issuance review
of the audit file must occur.
Conclusions - The additional service is likely to be acceptable within ethical
constraints.
3. Comments - Starck Co will become a public interest entity when the shares
are listed. The 19% of total fees may not affect independence if the recurring
element is less than 15%. However, 19% may be undesirably high in
appearing to detract from objectivity.
Safeguard: Ensure that the recurring element of the fee will be less than 15% of the
firm’s total fee income. If not, determine whether a “pre-issuance review” of the audit
might be a safeguard to reduce the threats to an acceptable level.
The scenario implies that Sean & Co permits non-partner staff to hold shares in
clients. Accordingly, the senior tax manager should not be involved with Starck’s
audit (e.g. calculating tax liabilities, reviewing tax audit working papers) to avoid a
self-interest threat
Safeguard: Ensure that the senior tax manager does not have any involvement with
the audit of Starck. If he does, he must dispose of his shares immediately.
Staff involved in the special assignment should not have similar responsibilities on
the audit to avoid a self-review risk. The more senior the staff, the higher the
familiarity risk.
Conclusions - Provided that the recurring element of fees does not exceed 15% of
total fee income and appropriate safeguards (as above) are implemented, any
threats to the fundamental principles should have been reduced to an acceptable
level.

Activity 5 Ethical Issues

1. Comments – Objectivity appears to be threatened by the personal

relationship. Even if the credit controller is not regarded as a senior employee
at Neutron, the senior's objectivity may be impaired (e.g. when reporting
weaknesses in credit control).
Also, the audit senior is not keeping audit working papers in safe custody. This could
result in a breach of duty of confidentiality.
No audit senior is irreplaceable and it is not up to the client to determine who is
capable of undertaking the assignment. Letting the client decide would constitute
undue influence.
Conclusions – The audit senior should be replaced immediately. The audit's
timetable may have to be put back. The audit senior's work should be reviewed as
soon as possible and, if necessary, reperformed.
2. Comments – A conflict of interest has arisen between the part-time partner
and her client Radnor. She must declare her position with the local authority
to the client. She should also declare her Radnor interest to the local
authority.
Depending on the law applied by the local authority, to abstain from debating or
voting on this issue in council may be a breach of her duty as councillor. Therefore,
another partner in the firm may have to assume responsibility to act for Radnor in
this matter.
Conclusions – The client may not accept that any safeguards will resolve the
conflict. Therefore, the partner should disengage if she is not otherwise removed
from acting for Radnor.
3. Comments – The temporary accountant’s qualifications held/previous
experience should be assessed to determine if he is competent. The degree
of supervision and review of his work required may stretch the resources of
more senior audit staff.
Independence of the temp will be impaired (e.g. if he's an employee of the client
rather than a temping agency). Further, his objectivity may be impaired (e.g. if he will
be recording transactions to be audited).
Conclusions – If suitable (e.g. low-risk) work could be allocated on the basis that
the temp is preparing client schedules to be audited by the engagement team, the
conduct of the audit may not be impaired. He cannot be considered as being a
member of the audit team.
Chapter 5: Auditor Appointment

Visual Overview

Objective: To describe the professional appointment process as it specifically

applies to the auditor.

1.1 New Professional Work

Activity 1 Change of Auditors

Suggest FOUR reasons why an entity may wish to change its auditor.
*Please use the notes feature in the toolbar to help formulate your answer.
The prospective auditor may have been:
 • recommended directly to the potential client; or
• asked to compete against other firms as part of a tendering process (see s.3).
There are three main stages in the auditor appointment process:
1. Client screening and acceptance;
2. Engagement acceptance;
3. Professional appointment.

Key point

In all three stages, the prospective auditor should determine if there are any
threats to complying with relevant fundamental principles.

Although the syllabus refers specifically to the auditor, the procedures are equally
applicable to any assurance or other professional engagement (e.g. as an
accountant).

1.1.1 Client Screening and Acceptance

Client screening is an essential part of an auditor's risk management process. There

are three main issues to consider when screening a potential client.
1. Is the audit firm able to audit the potential client?
Factors that the auditor must assess include:
• Whether the firm has the expertise necessary to carry out the engagement.
• Whether the firm has the staff and capacity required to complete the
engagement and meet reporting deadlines.
• Whether the auditor is independent of the potential client.
• Whether there are any conflicts of interest.
2. Does the audit firm want to be associated with the potential client?
Factors that must be assessed include:
• The complexity of the client's operations and its overall audit risk.
• The reputation of the potential client.
• The apparent integrity of its management.
• Its commitment to the application of appropriate accounting policies. (As
evidenced, for example, by audit opinions in prior years.)
• The potential client's commitment to internal controls.
• Evidence of fraud or non-compliance with laws and regulations (see Chapter
11).
3. Is the potential client financially viable?
The audit firm will wish to avoid fee collection problems and disputes.
Also, in some jurisdictions, it is a legal requirement to "verify the identity" of the
potential client (e.g. under money-laundering regulations). This will be
straightforward (although onerous) for major, international entities, but for small
entities (e.g. with two directors), extensive checks and references on the entity and
its directors may be necessary.

1.1.2 Engagement Acceptance

The auditor should only agree to provide services that he is competent to perform
(fundamental principle of professional competence and due care).
The prospective auditor should do the following to determine whether the client can
be properly served:
• Understand the entity's business.
• Assess the specific requirements of the engagement and the purpose, nature,
and scope of the work to be performed (e.g. laws and regulations, use of
experts, assurance from controls, reliance on internal audit).
• Assess the logistics (e.g. locations, competent audit staff, time frame).

1.1.3 Professional Appointment

The significance of any threat to the fundamental principles should be evaluated

(e.g. threats to professional competence if an engagement is accepted without
understanding all the relevant facts).
An essential safeguard is a communication with the current auditor to determine
whether there are any professional or other reasons not to accept the engagement.

Key point

This is not merely a matter of professional courtesy.

1.2 Communication with the Existing Auditor

The procedure for communication with the existing/predecessor auditor is set out in
section R320 of the ACCA Code of Ethics and Conduct (2022)
The auditor should ask the prospective client:-
• to write to the existing auditor about the proposed change and to give them
permission to discuss the client's affairs with the proposed auditor.
• for permission, in writing, to communicate with the existing auditor.
If either of these permissions is refused, the appointment must be declined.
Once permission has been obtained, the auditor should write to the existing auditor
requesting information relevant to deciding whether to accept the appointment (e.g. if
there has been any action by the client which would, on ethical grounds, mean
declining to accept the appointment).
If the current auditor does not respond within a reasonable time, a final letter should
be sent by recorded delivery stating that "no matters" will be assumed unless
advised otherwise and, if there still is no reply, the auditor should:
• Seek to obtain information about potential threats from other sources (e.g.
enquiries to third parties and TCWG). This may also require the potential
client's permission.
• Report the current auditor to the relevant professional body (e.g. ACCA) for
unprofessional behaviour.

1.3 Relevant Matters to Consider

Any information supplied by the existing auditors should be considered carefully

before deciding whether to accept or reject the appointment.
Prospective auditors should try to find out the reason for the change of auditors.
They should be careful that they are not assisting clients to act improperly or
unlawfully by accepting an appointment.
If there is a conflicting view between the client and the current auditor, which has led
to the potential replacement of the auditor, discuss this with the client to be satisfied
that:
• the client's view can be accepted as reasonable; and
• the client will accept that the prospective auditor may express a similar
opinion to the current auditor.
If not satisfied on these points, the appointment must be declined.
If the client fails or refuses to supply the existing auditor with the necessary
information, the client will likely do the same to the new auditor.

Key point

This is effectively a limitation on the scope applied by the client, and the
prospective auditor should decline the appointment.
Unlawful acts or defaults by the client (e.g. defrauding taxation authorities) place the
prospective auditor on guard as to the integrity of the client. Such matters must be
discussed with the client to establish whether it is prepared to accept the advice
offered. If not, decline the appointment.
1.4 Unpaid/Overdue Fees to Existing Auditor

The existence of unpaid/overdue fees is not a reason for declining nomination (nor
the current auditor refusing to cooperate with the prospective auditor). However, as it
may signpost similar problems in the future for the prospective auditor, the reason for
not paying the fees needs to be established.
It is a matter of discussion between the auditors as to how much assistance the new
auditor will give to recover the fees of the old auditor.
Prospective auditors normally would be expected to draw the attention of their client
to the fact that fees are due and unpaid and to suggest that they should be paid.

1.5 Additional Professional Work

A member may be invited to undertake work in addition to the continuing work being
carried out by the client's existing auditor, who is not being replaced. Before
accepting the work, the member should notify the existing auditor of the work he has
been asked to undertake. By doing so, the existing auditor will be able to provide
relevant information needed for the proper conduct of the work.

2.1 Response

Obtain the client's permission to discuss all relevant matters with the prospective
auditor. (But, there may be a legal requirement to reply, even if the client withholds
permission.)
The existing auditor should answer without delay, stating, as relevant:
• that the client's permission has not been given for communication;
• that there are no matters of which the prospective auditor should be aware; or
• those factors of which the prospective auditor should be aware.
It is not sufficient to state that “[unspecified] factors exist”. However, legal advice
may need to be taken in some circumstances (e.g. suspicions of money laundering)
before providing details.
If the existing auditor is approached by a proposed auditor without prior notification
from the client, the client should be notified. The prospective auditor cannot be given
any information (other than stating that the client’s permission has not been given).
2.2 Transfer of Books and Papers

The former auditor should transfer the client's books and papers to the successor
auditor or to the client promptly.
If the auditor claims a right to possess the client's books and records to secure
unpaid fees for work done (a "lien"), care must be taken to comply with the law. For
example, no lien can be claimed over books and records which by law must be kept
at a client's registered office.
Any completed documents which are the subject of the engagement (e.g. financial
statements, tax returns, etc) must be transferred to the client.
Working papers and drafts prepared by the auditor belong to the auditor.

2.3 Transfer Information

The former auditor should provide the new auditor with all "reasonable transfer
information" (lack of which might prejudice the client's interest) promptly. No charge
should be made unless a significant amount of work is involved.
"Transfer information" is defined as:
• a copy of the last set of accounts formally approved by the client; and
• a detailed trial balance in agreement with the accounts.

2.4 Review of Working Papers

In most jurisdictions, clients and the successor auditor have no right to demand
access to documents and working papers that belong to the previous auditor.
However, the previous auditor may allow a new auditor to review some or all of his
working papers, especially concerning opening balances.

Key point

In the UK, it is a legal requirement for the previous auditor to allow the incoming
auditor reasonable access to working papers. This does not mean access to all
working papers or budgets, fee calculations, time records, etc.
3.1 Preconditions for an Audit

Key point

An auditor should accept or continue an audit engagement only when the basis on
which it is to be performed has been agreed, through:
• establishing whether the preconditions for an audit are present; and
• confirming that there is a common understanding between the auditor and
management and, where appropriate, TCWG, of the terms of the audit
engagement.

Definition

Preconditions for an audit – management and, where appropriate, TCWG use

an acceptable financial reporting framework to prepare the financial statements
and agree to the premise on which an audit is conducted.

To establish whether the preconditions are present, the auditor must:

• Assess the appropriateness and acceptability of the applicable financial
reporting framework.
• Obtain management's agreement that it acknowledges and understands its
responsibilities for:
• the preparation and fair presentation of the financial statements in accordance
with the applicable financial reporting framework;
• internal controls to enable the preparation of financial statements which are
free from material misstatement, whether due to fraud or error;
• providing the auditor with unrestricted access to all known information that is
relevant to the preparation of the financial statements;
• unrestricted access to additional information that the auditor may request from
the management; and
• unrestricted access to persons in the entity from whom the auditor determines
it necessary to obtain audit evidence.
For new engagements, the auditor would discuss these matters with TCWG before
issuing the engagement letter (which is a formal acceptance).
If doubts remain (after discussions with management) that the preconditions cannot
be met, the auditor must not accept or continue the engagement.
If the client proposes to subject the auditor to any limitations on the scope of the
audit or restrict access to information which would result in qualifying the auditor's
report, the engagement should not be accepted.
3.2 Engagement Letter

Key point

The engagement letter aims to help avoid misunderstandings between client and
auditor. This is done by documenting and confirming:
• management's and auditor's acceptance of their respective responsibilities;
• auditor's acceptance of the appointment;
• identification of the applicable reporting framework;
• objective and scope of the work (audit); and
• form and content of any reports, circumstances in which the form and
content may differ (e.g. modifications), limitation of such reports and to
whom reports will be delivered.

3.2.1 Importance

There are many reasons why the engagement letter is essential.

• It is the contract that defines the scope of the auditor's responsibilities and
obligations.
• It establishes communication that sets the tone for the engagement.
• It is often the first formal correspondence that the client receives, and the
client should feel that it is of value.
• It is a risk management tool that should protect the auditor against litigation
that might otherwise arise through misunderstandings.

3.2.2 Standard Form

A standard form of an engagement letter can be beneficial:

• It saves time.
• It helps ensure completeness.
• It can help ensure liability risks.
However, it should never be sent to a client as a standard form but always tailored to
accurately reflect the terms and issues specific to each client. If a standard letter is
used as a basis, it must be reviewed each year and updated for changes in legal and
professional requirements.

3.3 Principal Contents

Refer to s.3.5 for an example letter and note the following required content:
• The objective and the scope of the audit, including reference to applicable
legislation, regulations, ISAs, and ethical and other pronouncements of the
professional bodies to which the auditor adheres.
• The responsibilities of the auditor.
• Management's responsibility for the financial statements and for establishing
and maintaining effective internal control.
• Identification of the applicable financial reporting framework adopted by
management in preparing the financial statements.
• The form of any reports or other communication of results of the engagement.
• A statement that there may be circumstances in which a report may differ
from its expected form and content.
• The requirement that the auditor will communicate key audit matters in the
auditor's report.
In addition to the above, the letter may make reference to the following:
• The fact that there is an unavoidable risk that some material misstatement
may remain undiscovered.
• Expectation of receiving from management written confirmation concerning
representations made in connection with the audit (see Chapter 20).
• Unrestricted access to whatever records, documentation and other
information is required in connection with the audit.
• Agreement that management will inform the auditors of any material
subsequent events affecting the financial statements between the date of the
auditor's report and the issue of the financial statements.
• The basis on which fees are computed and any billing arrangements (see
s.3.6).
• A request that the client confirms, in writing, that the terms of the engagement
are understood by signing and returning a copy of it.
When relevant, the following arrangements may be included concerning:
• the work of others (e.g. internal auditors and experts);
• any restrictions on the auditor's liability (if allowed by law);
• any obligations (legal or regulatory) to report to other third parties;
• any obligations to provide audit working papers to other parties (e.g. external
quality management reviews, regulatory requirements).

Key point

The engagement letter is not a mere formality, and signing is not just a matter of
compliance.

3.4 Recurring Audits

3.4.1 Reappointment

The appointment of an entity's auditor is usually just for one year. After completing
the audit, the auditors will usually "offer themselves for reappointment" at the annual
general meeting (AGM).
Before doing so, the auditor must carry out similar procedures to those needed for
an initial appointment (see s.1.1):
• From the work carried out during the audit just completed and audit findings,
reassess their understanding of the business, etc (see s.1.1.1).
• Reassess the specific requirements for the continuing engagement and the
purpose, nature and scope of the work to be performed (these may well
change compared to the prior audit). The updated understanding of the
business enables the auditor to assess whether he can continue to service
the client.
• Reassess the risks to compliance with the fundamental principles, fees,
availability of audit staff and timing of services.
• Assess the risk to the auditor of continuing to be associated with the client
(e.g. recovery of fees, the integrity of management, risk of business failure).
Based on their experience and findings and expected changes, the auditor
determines whether they are still fit and proper, willing and able to continue their
relationship with the client.

3.4.2 Engagement Letter

For recurring audits, the auditor may decide not to send a new audit engagement
letter each year. However, the auditor should review the engagement letter before
commencing each audit cycle to ensure that the terms are still appropriate.
It may be appropriate for the auditor to revise the terms of the audit engagement or
remind the client of existing terms when:
• There is an indication that management or TCWG does not understand the
objective and scope of the audit.
• There are revised or special engagement terms.
• There has been a recent change in senior management (e.g. new directors).
• There has been a significant change, for example, in:
• ownership of the business;
• the nature or size of the business;
• legal or regulatory requirements;
• the financial reporting framework; or
• other reporting requirements.
Where an engagement letter needs revising, the client should approve it. If the client
refuses, the auditor should consider the implications for continuing to act for the
client.
Where the client insists on changes to the terms of engagement that are not
acceptable to the auditor, the auditor should consider the significance of the threats
(if any) to the fundamental principles and resign from the audit, if necessary.

Activity 2 Updating Engagement Letters

Suggest FIVE factors that may make it appropriate for the engagement letter to be
revised.
*Please use the notes feature in the toolbar to help formulate your answer.

3.5 Sample Engagement Letter

This will need to be varied according to individual requirements and circumstances.

To the appropriate representative of management or those Addressed to

charged with governance of __________

You have requested that we audit the financial statements of ID of

__________, which comprise the statement of financial statements
position as at __________, and the statement of
comprehensive income, statement of changes in equity and
statement of cash flows for the year then ended, and note to
the financial statements, including a summary of significant
accounting policies. We are pleased to confirm our
acceptance and our understanding of this engagement by
means of this letter.

The objectives of our audit are to obtain reasonable Objective

assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or
error, and to issue an auditor's report that includes our
opinion. Reasonable assurance is a high level of assurance,
but is not a guarantee that an audit conducted in accordance
with International Standards on Auditing (ISAs) will always
detect a material misstatement when it exists. Misstatements
can arise from fraud or error and are considered material if,
individually, or in the aggregate, they could reasonably be
expected to influence the economic decisions of users taken
on the basis of these financial statements.
We will conduct our audit in accordance with ISAs.
Those Standards require that we comply with ethical Standards
requirements. As part of an audit in accordance with ISAs, we followed
exercise professional judgment and maintain professional
scepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement Detail of what

of the financial statements, whether due to fraud or an audit is
error, design and perform audit procedures responsive about
to those risks, and obtain audit evidence that is
sufficient and appropriate to provide a basis for our
opinion. The risk of not detecting a material
misstatement resulting from fraud is higher than for
one resulting from error, as fraud may involve
collusion, forgery, intentional omissions,
misrepresentations, or the override of internal control.

• Obtain an understanding of internal control relevant to

the audit in order to design audit procedures that are
appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness
of internal control. However, we will communicate to
you in writing concerning any significant deficiencies in
internal control relevant to the audit of the financial
statements that we have identified during the audit.
• Evaluate the appropriateness of accounting policies
used and the reasonableness of accounting estimates
and related disclosures made by management.

• Conclude on the appropriateness of management's Report to

use of the going concern basis of accounting, and, management
based on the evidence obtained, whether a material
uncertainty exists related to events or conditions that
may cast significant doubt on the Company's ability to
continue as a going concern. If we conclude that a
material uncertainty exists, we are required to draw
attention in our auditor's report to the related
disclosures in the financial statements, or, if such
disclosures are inadequate, to modify our opinion. Our
conclusions are based on the audit evidence obtained
up to the date of our auditor's report. However, future
events or conditions may cause the Company to cease
to continue as a going concern.

• Evaluate the overall presentation, structure, and

content of the financial statements, including the
disclosures, and whether the financial statements
 represent the underlying transactions and events in a
manner that achieves fair presentation.

Because of the inherent limitations of an audit, together with Limitation

the inherent limitations of internal control, there is an because of
unavoidable risk that some material misstatements may not nature of an
be detected, even though the audit is properly planned and audit
performed in accordance with ISAs.

Our audit will be conducted on the basis that management

and, where appropriate, those charged with governance,
acknowledge and understand that they have responsibility:

a. For the preparation and fair presentation of the Management's

financial statements in accordance with International responsibility
Financial Reporting Standards; (may be
b. For such internal control as management determines is modified to
necessary to enable the preparation of financial include specific
statements that are free from material misstatement, responsibilities
whether due to fraud or error; and as defined by
c. To provide us with: local law)
i. Access to all information of which [management] is
aware that is relevant to the preparation of the financial
statements such as records, documentation and other
matters;
ii. Additional information that we may request from
[management] for the purpose of the audit; and
iii. Unrestricted access to persons in the entity from whom
we determine it necessary to obtain audit evidence.

As part of our audit process, we will request from Written

management and, where appropriate, those charged with representations
governance, written confirmation concerning representations
made to us in connection with the audit.

We look forward to full cooperation from your staff during our

audit.

The form and content of our report may need to be amended Insert additional
in light of our audit findings. information
Please sign and return the attached copy of this letter to regarding fee
indicate your acknowledgement of, and agreement with, the arrangements
arrangements for our audit of the financial statements and billings, as
including our respective responsibilities. appropriate
XYZ & Co
 Acknowledged and agreed on behalf of ABC Company by

(signed) Sign and return

__________

Name and Title

Date

3.6 Basis of Fees

3.6.1 Audit Fees

The auditor is in business. As business people, auditors will expect to earn a

reasonable return for their work, effort and expertise and to make a profit.
The level of fees charged for each assignment is a commercial decision. A standard
approach is to base the fees quoted (and charged) to reflect the time spent and the
skills and experience of the staff involved. The more complex or higher the risk, the
greater the level of expertise required and the higher the fee.
The basis of the fee should be stated in the engagement letter, together with any
arrangements for the timing and delivery of documents, processes, information and
other audit requirements by the client (e.g. schedules to be audited).
If the expected fee is exceeded (e.g. because of spending more time on a particular
area), the recoverability of additional costs should be discussed with the client. Good
client management includes giving a warning of such a possibility due to factors:
• caused directly by the client (e.g. non-delivery of agreed schedules resulting
in additional audit work); or
• outside the control of the auditor and client (e.g. new legal or financial
reporting requirements).
For new clients, it is important that a sustainable fee is initially quoted. This will
require a reasonable understanding of the business and the level of work which will
be required (e.g. initial time and service-level budgets).

3.6.2 Contingent Fees

It is unacceptable to charge audit and assurance fees based on a percentage of
profits or a contingency basis (e.g. "if we qualify our report, then no fee"). Special
offers (e.g. "buy one, get one free") are strictly prohibited. Such tactics would cast
doubt on the auditor's integrity and independence and bring the profession into
disrepute.
In areas other than audit and assurance, contingency or flat rate fees may be
charged, provided such action does not bring the profession into disrepute.
Examples include:
• Fixed fees for standard preparation of accounts and completion of tax returns.
• Contingency fees for certain consultancy services (e.g. management buyouts
or raising venture capital) where the ability to pay depends on the success or
failure of the project.

4.1 ISA 220 (Revised 2020)

ISA 220 (Revised 2020) Quality Management for an Audit of Financial Statements
deals with quality management at the "engagement level" for an audit of financial
statements and the related responsibilities of the engagement partner.

Exam advice

International Statement on Quality Management (ISQM) 1, which deals with

quality management at the “firm level”, is not examinable in AA.

Key Point

Quality must be managed at the engagement level to have reasonable assurance

that:
• The audit has be been conducted in compliance with professional
standards and legal and regulatory requirements; and
• The auditor’s report issued is appropriate in the circumstances.

The engagement partner is responsible for the following components of quality

management:
• Leadership – takes overall responsibility for managing and achieving quality
on the audit.
• Relevant ethical requirements – determines whether members of the audit
team have complied with relevant ethical requirements.
 • Acceptance and continuance –determines that appropriate procedures for
the acceptance or continuance of the audit engagement have been followed
and that the conclusion reached is appropriate and has been documented.
• Engagement resources – uses the resources assigned or made available to
the engagement team appropriately.
• Engagement performance – takes responsibility for:
• the direction and supervision of the audit team members and review of their
work (s.4.2);
• consultation on difficult or contentious matters;
• engagement quality review (s.4.2.5).
• Monitoring and remediation – remaining alert to information that may be
relevant to the firm’s system of quality management and responding
appropriately to identified deficiencies (s.4.3).

4.2 Engagement Resources

4.2.1 Assigned or Made Available to the Engagement Team

The appropriate capabilities and competence expected of the engagement team as a

whole include the following:
• An understanding of, and practical experience with, audit engagements of a
similar nature and complexity through appropriate training and participation.
• An understanding of professional standards and regulatory and legal
requirements.
• Appropriate technical knowledge, including knowledge of relevant information
technology.
• Knowledge of relevant industries in which the client operates.
• Ability to apply professional judgment.
• An understanding of the firm's system of quality management.

4.3 Engagement Performance

4.3.1 Direction

The engagement partner provides direction to the engagement team by informing

engagement team members of:
• their responsibilities including the need to comply with ethical requirements
and to plan and perform the audit with professional scepticism;
 • the objectives of the work to be performed;
• nature of the business;
• risk-related issues;
• problems that may arise; and
• the detailed approach to the performance of the engagement.
Direction is provided using the following communication tools:
• Team briefing;
• Audit programme;
• Time budgets;
• Overall audit strategy and plan.
Discussion between members of the engagement team enhances communication
because it allows more experienced team members to provide direction to less
experienced team members.

4.3.2 Supervision

Key Point

Supervision is closely related to direction and review and may involve elements of
both.

Functions of personnel carrying out supervisory responsibilities include:

• To monitor progress to consider whether:
• assistants have the necessary skills and competence;
• assistants understand the audit directions;
• work is being carried out following the overall audit plan and the audit
programme;
• To become informed of and address significant accounting and auditing
questions (e.g. by modifying the audit programme);
• To resolve, if possible, any differences in professional judgment between
personnel;
• To identify matters for consultation by more experienced engagement team
members during the audit engagement.

4.3.3 Review

More experienced team members review work performed by a team member.

Reviewers consider whether:
• work has been performed in accordance with professional standards,
regulatory and legal requirements;
 • work has been performed following the audit programme;
• there is a need to revise the nature, timing and extent of work performed;
• work performed and results obtained are adequately documented;
• all significant audit matters have been resolved, raised for further
consideration or are reflected in audit conclusions;
• objectives of audit procedures have been achieved;
• audit evidence is sufficient and appropriate to support the audit opinion; and
• conclusions expressed are consistent with the results of the work performed
and support the audit opinion.
The following must be reviewed on a timely basis:
• overall audit plan and the audit programme;
• assessments of inherent risk and control risk (see Chapter 8);
• documentation of audit evidence obtained from substantive procedures; and
• financial statements, proposed audit adjustments and the proposed auditor's
report.
It is, for example, too late for the audit partner to review the audit strategy after the
audit has been carried out.
Where the audit involves high risk and subjective matters, a second partner would
usually be involved at all key review stages.

4.3.4 Engagement Quality Review

Definitions

Engagement quality review – an objective evaluation of the significant

judgments made by the engagement team and the conclusions reached thereon,
performed by the engagement quality reviewer and completed on or before the
date of the engagement report.
Engagement quality reviewer – a partner, other individual in the firm, or an
external individual, appointed by the firm to perform the engagement quality
review.

Engagement quality (EQ) reviews are required for audits of the financial statements
of listed companies and unlisted companies when deemed necessary by the firm.
The engagement partner is required to
• determine that an EQ reviewer has been appointed;
• co-operate with the EQ reviewer;
• discuss significant matters arising during the audit (and the EQ control review)
with the EQ reviewer; and
• Not issue the auditor's report until completion of the EQ review.
4.4 Monitoring Quality

An effective system of quality management will include a monitoring process that will
provide reasonable assurance that the quality management system is relevant,
adequate and effective.
A deficiency in quality management does not necessarily indicate that an audit was
not performed as required by professional standards and regulatory requirements or
that the auditor's report is inappropriate.

4.4.1 Pre-issuance ("Hot") Review

A “hot” review is conducted before the auditor's report is signed and issued. It aims
to ensure that the audit file supports the audit opinion in matters of high risk to the
audit firm. For example:
• Does the audit file support the determination and discussion of the key audit
matters?
• If a modified opinion is to be issued, does the audit file adequately support the
basis for the modified opinion?
Such a review is usually applied:
• to high-risk audits such as listed companies, public interest entities, specialist
audits (e.g. banks, extraction industry);
• where the audit opinion is to be modified or where modification was
considered but subsequently not applied;
• to the largest clients of each partner.
It may be conducted by the audit review panel or an independent second partner and
typically concentrates on:
• conformity with firm's and professional standards (which ever are higher);
• compliance with ISAs;
• ensuring all significant points and issues are appropriately dealt with;
• compliance of financial statements with statutes and IFRS Standards;
• quality of discussions and reporting to TCWG;
• appropriate consultations and conclusions reached on contentious issues;
• quality of the report (and supporting arguments) to management;
• adherence to terms of engagement letter;
• content of written representations;
• all matters completely documented; and
• the audit file wholly supports the auditor's report.
4.4.2 Post-Issuance Review

"Cold" reviews are performed after the auditor's report is issued and conducted by
senior staff/partners from other offices. For international firms, the review team is
usually drawn from different countries. For smaller firms (e.g. national networks or
individual partnerships), the function of the "cold review" is often carried out by an
external independent reviewer as part of the training and technical services supplied
by a consortium.
The objectives of a cold review include the following:
• to evaluate the assessment of independence;
• to evaluate the process of planning;
• to confirm that significant risks were identified and responses adequately dealt
with;
• to assess the engagement team's review and response to the risk of fraud;
• to review:
• the judgments made on materiality and significant risks;
• audit sections for completeness and application of work programme;
• the significance of corrected and uncorrected errors;
• matters communicated to management and governance;
• to confirm closedown procedures were completed (e.g. going concern review,
subsequent events, management letter, written representations, etc.);
• to confirm that the firm's standards were applied;
• to check the adequacy of audit documentation;
• to confirm the appropriateness of the auditor's report issued;
• to identify any deficiencies in procedures and recommend improvements;
• to assist staff in the performance of auditor's work; and
• to recommend a more efficient and cost-effective audit approach.
Recommendations must be followed up to ensure implementation.
As reviews (and their follow-up) are time-consuming, they are applied to selected
audits covering all partners and managers on a rotational basis.

4.5 Compliance with Ethical Requirements

The engagement partner should remain alert for evidence of non-compliance with
ethical requirements through observation and inquiry throughout the audit.
The engagement partner should identify any threats to independence and take
appropriate action to eliminate such threats by:
• applying safeguards; or
 • withdrawing from the engagement, if appropriate.

Example 1 Recommendations for Quality Management Deficiencies

Consider the following scenarios and the recommended quality improvements:

1. Using a standard audit programme has led to insufficient appropriate
audit evidence being obtained as the basis for the audit opinion.
• Adapt the audit programme to the specific audit needs of clients, for which
the standardised procedures may not be suitable.
• Implement training and personal development for audit staff on adapted
audit programmes and additional audit procedures.
• Train engagement partners and team members in identifying significant
areas of audit risk that might require additional audit procedures and those
prescribed by the standard audit programme.
2. Audit staff were assigned to perform audit procedures on material
items on which they have not been satisfactorily trained. This has led
to the procedures not being properly performed, increasing audit risk.
• Ensure that staff have sufficient knowledge and competency in the audit
procedures. This may be determined by ensuring appropriate professional
development and training for staff and hiring staff of sufficient competency.
• Stringent review of work performed and audit documentation by
engagement partner to ensure that sufficient appropriate audit evidence is
obtained.
3. Insufficient oversight from the engagement partner on the procedures
and working papers performed.
• The engagement partner must take responsibility for the audit
engagement's direction, supervision, and performance in compliance with
professional standards and applicable legal and regulatory requirements.
• If the workload is too much for sufficient oversight to be exercised, other
engagements should be declined.
• Training for engagement partners on the effective oversight of audit
engagements.
• Appointment of engagement quality reviewer to provide additional
oversight.
4. An audit team member is faced with new and innovative financial
assets and arrangements for which they have no prior audit
experience.
• Appointment and consultation with a member of the engagement team with
sufficient expertise in the subject matter to perform necessary audit
procedures.
• Training of staff on the subject matter and audit procedures.
• Acquisition of the necessary staff expertise and other assets to support
audit procedures (such as appropriate software).
Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

1. Obtaining and accepting audit engagements

• Discuss the requirements of professional ethics and ISAs in relation to the
acceptance/continuance of audit engagements.
• Explain the preconditions for an audit.
• Explain the process by which an auditor obtains an audit engagement.
• Discuss the importance and purpose of engagement letters and their
contents.
• Explain the overall objectives and importance of quality management audit.
procedures in conducting an audit.
• Explain the quality management procedures which should be in place over
engagement resources, engagement performance, monitoring and
remediation and compliance with ethical requirements.
• Evaluate quality management deficiencies and provide recommendations to
allow compliance with quality management requirements.

Summary and Quiz

• The stages of the auditor appointment process are:

• client acceptance;
• engagement acceptance; and
• professional appointment.
• Before accepting a new engagement, the nominee should contact the existing
auditor to request information relevant to accepting the nomination.
• Both the prospective and current auditors must have the entity's permission to
communicate with each other. If permission is refused, the nomination must
be declined.
• The existing auditor should transfer the client's books and papers to the
successor auditor or the client promptly.
• Preconditions for an audit are management's use of an acceptable financial
reporting framework and acknowledgement of responsibilities (e.g. internal
controls).
• The engagement letter documents respective responsibilities, the financial
reporting framework, the scope of the audit, the form and content of the
reports, fees, etc.
 • Audit and assurance fees cannot be based on a percentage of profits or a
contingency basis.
• The level of fees for the audit engagement must not compromise audit quality.
• The engagement partner is responsible for quality management at the
engagement level.
• Engagement performance includes:
• the direction and supervision of the audit team;
• the review of their work;
• consultation on difficult matters; and
• engagement quality review.
• An engagement quality review is a requirement for listed companies.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Change of Auditors

1. The entity seeks to obtain better value for money for audit and other
professional services and/or a more comprehensive range of services (one-
stop shopping).
2. On change of ownership of an entity (e.g. as a result of takeover, merger or
management buyout (MBO)).
3. When audit firms merge (e.g. a conflict of interests arises or the entity
considers that the new firm is too large to give a "personal service").
4. Where an audit firm ceases to operate.
5. Users of the financial statements and finance providers (e.g. banks) expect
organisations of significant size or status (e.g. being listed on a recognised
stock exchange) to have multinational accountancy firms as auditors.
6. The entity has an auditor rotation policy (e.g. every 10 years).
7. Current auditors do not seek reappointment.
8. If a vacancy arises through the death or incapacity of the auditor (where
auditor is a sole practitioner).
Note: Only four reasons were required.
Activity 2 Updating Engagement Letters

1. Identification that the entity has misunderstood the objective and the scope of
the audit.
2. Revised terms of the engagement.
3. Changes in senior management (e.g. new directors).
4. Significant change in the nature or size of the business.
5. Change in legal or regulatory requirements, including references to legislation
in the letter which are no longer appropriate (e.g. Companies Act 1985
superseded by Companies Act 2006).
6. Change in the financial reporting framework.
7. Change in other reporting requirements.
Note: Only five factors were asked for.
Chapter 6: Audit Documentation

Visual Overview

Objective: To describe the procedures for documenting the audit process.

1.1 Definition and Scope

Definition
 Audit documentation – the record of audit procedures performed, relevant audit
evidence obtained, and the auditor’s conclusions.

Audit documentation ("working papers") includes ethical considerations, planning,

audit programmes, analysis, briefing documents, work schedules, reliance on
experts, summaries of significant matters, confirmations, reports to management,
reviews, checklists, written representations and other correspondence (including e-
mails, text messages, notes of oral or electronic conversations) relating to all matters
that may be considered significant.

1.2 Purpose

First and foremost, audit documentation provides evidence:

• Of the basis for the auditor’s conclusion; and
• That the audit was planned and performed in accordance with ISAs and legal
and regulators requirements.
Additional purposes of documenting the audit process include:
• Increasing the economy, efficiency and effectiveness of the audit.
• Assisting the audit engagement team in planning and performing the audit
(e.g. analysing information to assess risks).
• Facilitating the supervision and review of audit work (e.g., briefing and
instructing assistants; engagement partner can agree that the work has been
completed according to the audit plan).
• Retaining a record of matters of continuing significance to future audits.
• Enabling the engagement team to be accountable for its work.
• Enabling an experienced auditor, having no connection with the audit, to
understand the audit process and conclusions.
• Enabling the conduct of quality management reviews and external inspections
in accordance with applicable legal, regulatory or other requirements.

1.3 Importance

Both the definition and the purposes of working papers encompass their importance.
Initially, they provide a framework for planning the audit, then for conducting and
recording the audit and finally for showing the evidence that supports the
conclusions reached and the audit opinion. Without working papers, auditors would
find it very difficult to justify in a court of law their audit approach, the work carried
out, and the conclusions reached.
1.4 Objective of the Auditor

The auditor is to prepare documentation that provides:

Key point

The auditor must prepare documentation that provides:

• A sufficient and appropriate record of the basis for the auditor’s report; and
• Evidence that the audit was planned and performed in accordance with
ISAs and applicable legal and regulatory requirements.

Example 1 Use of Working Papers

Clara is an audit senior engaged on the audit of RQB Co. She is currently working
on the audit of plant and equipment.
On a particular day:
1. She refers to the audit plan and audit programme to determine the
procedures she needs to perform and the applicable materiality levels. She
notes if there are any significant risks to be aware of.
2. She records her computation of the materiality or provision and any risk
analysis on a mandatory working paper. This ensures audit quality and that
risk and materiality levels are appropriately assessed.
3. In performing the procedures, she records the details of the procedure, the
outcomes of applying the procedure, and the conclusion reached on a
working paper. She also highlights any significant issues that she had
encountered during the procedure.
4. Included in the working paper are the detailed tests performed and
procedures used to select samples.
5. At the end of the day, she forwards the working papers to her supervisor for
review.
6. Her supervisor reviews her work and the conclusions reached. If there is a
need for further procedures, her supervisor will discuss them with the team.
7. After the supervisor has signed off the working paper, the final copy is filed
in the current audit file for subsequent final review by the engagement
partner and assembly of the final audit file.
1.5 Timely Preparation

Preparing audit documentation on a timely basis:

• enhances the quality of the audit; and
• facilitates the effective review of the audit evidence obtained and conclusions
reached before the auditor’s report is finalised.
Documentation prepared after the audit work has been performed is likely to be less
accurate than documentation prepared at the time such work is performed.

2.1 Extent

Audit documentation should be prepared that is sufficient to enable an experienced

auditor, having no previous connection with the audit, to understand:
• the nature, timing and extent of the audit procedures carried out to achieve
the audit objectives;
• the results of those procedures and the evidence obtained to support the
conclusions reached; and
• significant matters arising and the conclusions reached thereon, and
significant professional judgments made in reaching those conclusions.

Example 2 Details of a Working Paper

Following on from Example 1:

Clara has performed an inspection of assets and computation of depreciation and
recorded her work on the appropriate working paper.
The completed working paper would include details such as:
1. Identifying information on the preparer, reviewer, working paper number, and
key dates.
2. Reference where necessary to applicable ISA and auditing framework.
3. Notes on the information sources (e.g. reference to the non-current asset
register).
4. Notes on any risks of material misstatement and materiality computations
(e.g. highlighting major items that are material in themselves).
5. The methodology of the audit procedure performed (such as the method used
to calculate depreciation).
6. Cross-references to transaction records related to the assets (such as bank
statements and purchase invoices for additions during the year).
 7. The conclusions reached from the performance of the audit procedure as a
basis for the opinion. (In this case, Clara was satisfied that assets recorded in
the company’s accounts exist. Based on her computation of depreciation, the
valuation of the assets had been accurately recorded in the accounting
system.)

2.2 Factors to Consider

In determining the form, content and extent of audit documentation, the following
factors (not inclusive) should be considered:
• The nature of the engagement (e.g. listed, private or public sector entity) and
procedures to be performed to support the report given (e.g. audit, review).
• The nature, size and complexity of the entity, its environment and controls.
• The identified risks of material misstatement in the financial statements.
• The reliance to be placed on control effectiveness.
• The extent of judgment required to carry out the work and evaluate the
results.
• The audit methodology and tools used (e.g. computer-assisted audit
techniques).
• The extent of schedules, analyses and other documentation prepared by the
entity.
• The significance of the evidence obtained.
• The nature and extent of exceptions identified.
• The need to document a conclusion or the basis for a conclusion not readily
determinable from the documentation of work performed or audit evidence
obtained.
• The need and extent for direction, supervision and review of tasks assigned to
assistants.
• The need to direct, supervise and review the audit team (see Chapter 7).

2.3 Standardisation

It is common for audit firms to use standard pre-printed audit documentation. For
example:
• Audit completion disclosure and other checklists.
• Internal Control Questionnaires/Evaluation Questionnaires.
• Audit programs.
• Specimen letters (e.g. written representations from management – see
Chapter 20).
• Indices for the standard organisation of working papers.
 Example 3 Audit Standardisation

Most audit firms employ audit software to help manage the audit, ensure
significant risk areas are appropriately covered, and save time and costs.
Most audit programmes include standardised audit working papers, with templates
and procedures built into the working papers. These audit programmes may also
include guidance that might be useful to inexperienced auditors on how to conduct
the audit procedures properly.
Audit programmes may also contain specialised modules with working papers that
cover audit areas that might require more scrutiny due to their nature, complexity,
or risk.

Activity 1 Standardisation

Suggest THREE advantages and THREE disadvantages of standardising audit

working papers.
*Please use the notes feature in the toolbar to help formulate your answer.
Wherever standard documentation is used, it must be:
• tailored for each client (e.g. work programmes to address assessed risks;
written representations to reflect different circumstances); and
• kept up-to-date for changes in ISAs, IFRS Standards, laws and regulations
(e.g. GAAP checklist, engagement letters).

2.4 Documentation Techniques

Narrative notes and detail By far the most common way of

recording information (e.g. business
 history, processes, controls, interviews,
work done, results, reviews).

Graphics Covers a wide range of charting

facilities to record information (e.g.
flowcharting of systems, organisation
charts, graphing trends, bar charts, pie
charts, etc.).

Questionnaires They are varied, with the most common

being internal control questionnaires
(ICQs) and internal control evaluation
questionnaires (ICEQs) to assist the
auditor in understanding the design of
appropriate controls and how they have
been implemented.

Checklists Used extensively to record set

procedures (e.g. pre-printed work
programmes, ratio analysis, going
concern, IFRS disclosure requirements)
and to demonstrate that crucial
procedures have been carried out (e.g.
for client acceptance, independence
review, planning, completion and
partner review).

Electronic media Now used extensively as audit tools

(procedural, administration and
technical) and to produce audit
documentation (see s.2.5).

See Chapter 9 for further details of documentation technique used to understand,

record and evaluate accounting systems.

2.5 Use of IT

Electronic working papers (EWP) software refers to any program that auditors can
use to compile and store audit documentation. Its core functionality is the ability to
upload work directly into the program, where it can be organised, reviewed and
approved with electronic signatures and date stamps and backed up.
The audit work is created using familiar tools like word processing, spreadsheets and
scanned documents, which can be enhanced by digital cross-referencing tools and
tick marks.
Most EWP software has additional capabilities, such as:
• email alerts to clients and members of the audit team;
• importing and rolling forward general ledger account balances;
• audit budget creation and time tracking tools, etc.

3.1 Permanent v Current Audit Files

For recurring audits, the working papers are usually split between two main files –
the permanent audit file (PAF) and the current audit file (CAF).
• The PAF contains documents of a permanent nature related to the audit and
the client's business, are of continuing importance to the audit process and
provide a history of significant audit-related matters.
• The CAF contains information directly relevant to the current audit (at
whatever stage).
• There will be only one PAF and a CAF for each stage of the audit (interim,
year end, final) for each year.

Activity 2 Working Papers

Suggest the audit working papers you would expect to be filed as "permanent" and
"current".
*Please use the notes feature in the toolbar to help formulate your answer.
Standard indices may be used for both permanent and current audit files. These are
usually tailored (e.g. by circling the references used).

Exhibit 1 Current Audit Index File

A Audit control papers

A1 Financial statements

A2 Audit completion
checklist
 A3 Review schedules

A4 Points forward to next

year

A5 Time record and budget

B Overall audit plan

C Intangible assets

D Tangible non-current
assets

E Investments

F Inventories

G Receivables

H Cash

J Payables

K Provisions and
contingencies

L Taxation

M Capital and reserves

N Statement of profit or
loss

P Revenue

Q Purchases

R Wages and salaries

 S Extended trial balance
and adjustments to profit

Alternative referencing systems might include separate sections for interim audit
working papers, systems work or analytical procedures.

3.2 Audit Section Structure

On every individual working paper, it is standard procedure to record (usually as the

header to each paper or written as a header on documents provided by the client):
• Client name
• Reporting date (financial year end)
• Subject of working paper (e.g. "Existence of non-current assets")
• Schedule reference
• Date of preparation
• Preparer's identification (e.g. initials)
• Date of review
• Identification of reviewer (e.g. initials)
An audit section (e.g. receivables, revenue, non-current assets) may include:
• A "lead" schedule showing the makeup of the audited balance together with
the comparative amounts for the prior year. (See Chapter 22 for a typical lead
schedule for non-current assets.)
• A section summary and conclusion outlining the audit objectives for the
section, any significant matters arising during the audit and the conclusion on
the section (see Example 4).
• A schedule showing the basis of accounting and accounting policy used.
• A work programme listing the audit procedures to be performed. Usually, each
test or group of tests will be related to a particular assertion (see Chapter 15).
• A test lead schedule stating, for example, the objective of the test, the
sampling approach, the work done, matters arising during the test and their
resolution, and the conclusion.
• Supporting schedules showing the work done, how it was done and the
matters arising. Work carried out should be indicated using "audit ticks", a key
to what such ticks mean, and appropriated cross-references to other
supporting schedules (see Exhibit 2).
Example 4 Conclusions

The work performed has been carried out according to the audit strategy and audit
plan (as adjusted).
The work performed and the results obtained have been adequately documented.
Any revision to the audit plan, risk assessments and materiality have been
detailed on Schedule XX and approved by the partner.
Matters outstanding have been detailed on Schedule XX for action by the partner.
In my (audit assistant's) opinion, this audit section is fairly stated subject to the
matters noted on Schedule XX.

Exhibit 2 Sample Working Paper

The following is a supporting schedule showing the audit work completed on the
depreciation expense for non-current assets:

Client: Hawk Co Prepared by: MC Date: 17 Feb 20X5

Period: Y/e 31 Dec Reviewed by: Date:

20X4

Subject: Non-current assets deprecation reconciliation

Y/e 31 $ $
Dec 20X3
Charge
Plus:
Effect of
20X4
Additions: 64,52 α
Warehous
e
equipment
$41,600 ✔ @ 20% α 8,320
Delivery
vehicles
$31,950 ✔ @ 25% α 7,990
Motor
@
cars
$19,709 ✔ 331⁄3% α 6,570
Fixtures
and
fittings
$17,202 ✔ @ 10% α 1,720
Less:
Effect of
20X4
Disposals
 Warehous
e
equipment
$18,250 d @ 20% α (3,650)
Delivery
vehicles
$11,570 d @ 25% α (2,890)
Motor
@
cars
$10,800 d 331⁄3% α (3,600)
Fixtures
and
fittings
$2,124 d @ 10% α (210)
78,770
Differenc
e
(immateri
al) 330
Y/e 31
Dec 20X4
Charge 79,100
Key
α Agreed
to prior
year
accounts
✔ Per
schedule
of
additions
d Per
schedule
of
disposals

3.3 Significant Matters

All significant matters must be recorded, including the detail of discussions with
appropriate client personnel. Where such detail is to be relied upon in concluding a
significant matter, a written representation from the client must be obtained (see
Chapter 20).
Examples of significant matters include:
 • matters that result in material risks (revenue is always considered a significant
risk, so detailed notes on the sales system and the risks involved must always
be made);
• details indicating that the financial statements may be materially misstated;
• the need to revise previous assessments of risks and material misstatements;
• factors that cause difficulty in applying ISA;
• findings that could result in a modification to the audit opinion or the inclusion
of an Emphasis of Matter paragraph in the auditor’s report, and the reasons
why or why not the opinion was modified;
• audit matters communicated to TCWG from which key audit matters will be
included in the auditor's report (see Chapter 30); and
• concerns about the entity’s ability to continue as a going concern (see
Chapter 31).
Where the auditor is aware of information that contradicts or is inconsistent with
conclusions reached on a significant matter, details of how that contradiction or
inconsistency was dealt with must be recorded.
Any necessary departure from applying ISAs must be recorded, including why and
how the audit objective was achieved under the circumstances.
It is usual for details of significant matters and how they were addressed to be
recorded in a summary document (e.g. completion memorandum, partner review
notes – see Chapter 29).

3.4 Assembly of Working Papers File

All matters that support the audit opinion must be on file, and the file reviewed and
signed off before the auditor signs the auditor's report. Any issues of an
administrative nature should typically be concluded within 60 days of the date of the
auditor's report. Such matters include:
• deleting or discarding superseded documentation;
• sorting, collating and cross-referencing working papers;
• signing off on completion of checklists relating to the file assembly process;
and
• documenting audit evidence that the auditor has obtained, discussed and
agreed with the relevant members of the engagement team before the
auditor’s report.
After the final assembly, the auditor should not delete audit documentation until the
completion of the retention period (see next section). If modification is required (after
final assembly), the following must be documented:
• the specific reasons for modification; and
• when and by whom they were made and reviewed.
If it is necessary after the date of the auditor's report for the auditor to perform further
procedures or revise the original conclusion (e.g. facts affecting the auditor's report
became known after the report was signed), the following must be recorded in the
file:
• the circumstances encountered;
• the new or additional audit procedures performed, audit evidence obtained,
conclusions reached, and their effect on the auditor’s report; and
• when and by whom the resulting changes to audit documentation were made
and reviewed.

4.1 Confidentiality and Safe Custody

Practical procedures include:

• locked cabinets or rooms at the clients for hardcopy data (although the client
may hold second keys);
• physical keys and logical passwords to prevent access to computers for
electronic data (the risk then is that the laptop may be stolen); and
• secure backup and encryption of data.
Electronic documentation may be particularly susceptible to corruption or loss. It
should be backed up (e.g. to a CD/USB/HD drive) on a regular basis (e.g. at
lunchtime and/or the end of each working day). The backup medium must then be
made secure.
Where secure access to a file server at the auditor's office is available, the backup
could be made directly to that office. If secure access cannot be guaranteed, the
data should be encrypted. Backing up to the office facilitates early/continuous review
of the file by the manager/partner.
IT systems at the auditor's office must also be secure. Therefore, general IT controls
should apply to access to data, security of data, etc (see Chapter 12).
The need for the confidentiality and security of working papers (and client data)
should be part of the terms and conditions of employment of audit staff and
considered a severe offence if breached.
Common sense must be applied when considering the security of data (electronic or
hard copy). For example:
• do not leave working papers unattended at the client;
• do not leave working papers in a car when it is unattended; and
• do not put working papers in luggage to be checked in at an airport.

Key point
 Working papers should be retained for a period sufficient to meet the needs of the
audit practice and in accordance with legal and professional requirements. The
IAASB requires at least five years.

4.2 Retention

Key point

ISA 230 only sets out general principles. It does not suggest a minimum or
maximum period for retention nor how ownership is determined.

4.2.1 General Considerations

Matters to be considered in determining for how long documents should be retained

include:
• Legal requirements (e.g. accounting records must be maintained for three
years for private companies and six years for other companies in the UK).
• General position in the law governing the period in which actions may be
brought in a court of law (e.g. six years for actions based on contract in the
UK).
• Requirements for compiling tax returns (e.g. assessments may be made six
years after the period to which they relate).
• Likelihood of seeking quotation on a recognised stock exchange – the
previous six years must be reported in UK.

4.2.2 ACCA Recommended Minimum Period

ACCA recommends the following minimum periods:

• Audit working papers – seven years.
• Tax files – seven years and then returned to the client (or former client).

4.3 Ownership

4.3.1 General Principles

The general principles of ownership of audit documentation include the following:

 • Working papers are the auditor's property and clients have no right to demand
access.
• Portions of or extracts from working papers may be made available to the
client at the auditor’s discretion. (They are not a substitute for the client's
accounting records.)
• All documents relating to clients are confidential.
• A client may require the auditor to disclose documents which belong to the
client (only) to a third party.

4.3.2 Determining Ownership

The primary consideration in determining ownership is the contract with the client,
which is agreed upon and evidenced in the engagement letter. If there is no specific
agreement, consider:
• the capacity in which members act, for example, as principals (auditing
services), or agents (tax compliance); and
• the purpose for which documents and records exist or are created (e.g. to
support the audit opinion).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

8. Audit planning and documentation

• Explain the need for, and the importance of, audit documentation.
• Describe the form and contents of working papers and supporting
documentation.
• Explain the procedures to ensure safe custody and retention of working
papers.

Summary and Quiz

• Working papers should provide a record of the basis for the auditor's report
and evidence that the audit was planned and performed in accordance with
ISAs and legal and regulatory requirements.
• Documentation techniques include narrative notes, graphics, questionnaires
and checklists (in paper and/or electronic media).
 • The permanent audit file contains information of continuing importance to the
audit and provides a history of significant audit matters.
• The current audit file (CAF) contains information relevant to the audit for the
current period and is usually split into stages (e.g. interim, year-end and final).
• Assembly of working papers should be completed within 60 days of signing
the auditor’s report.
• Working papers should be retained for a period sufficient to meet the needs of
the audit firm and to comply with legal and professional requirements (e.g.
ACCA recommends seven years minimum).
• Working papers are the property of the auditor.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Audit working papers
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Standardisation

Advantages:
• Preparation and review are more efficient when audit files, sections and
documents are presented systematically.
• It helps familiarise junior staff with standard procedures (e.g. attending
physical inventory counting and requesting direct confirmations from
customers).
• Similarly, it facilitates direction (and delegation), supervision and review.
• It helps achieve quality by requiring a consistent approach to all audits and
ensuring that essential procedures are not overlooked.
• It offers a consistent approach for specific audit functions (e.g. IFRS
checklist).
Disadvantages:
• A "mechanical" approach may lead to a lack of appreciation of test objectives
and the implications of errors and deviations found.
• Adopting a "standard approach" may stifle initiative and discourage the
exercise of professional judgment.
 • Standard programs may result in a "bare minimum" attitude.
• It may be inappropriate to follow set procedures for a particular client.
• Audit risk increases when the audit approach is not tailored to the client's
circumstances.
Note: Only three advantages and three disadvantages are required.

Activity 2 Working Papers

Permanent Audit File

Permanent audit files are usually broken into sections, for example:
• General business information
• Systems and control documentation
• Accounts and financial statements information
• Statutory and legal documentation
• Job administration
• Planning documentation
The content includes:
• Information concerning the entity’s legal structure (e.g. Memorandum and
Articles of Association).
• Major shareholders, debentures, debt structure, investments.
• Details of the business environment, the operating industry, nature and history
of the client's business, locations, products, key suppliers, key customers,
subcontractors, and employees.
• Organisational and management structure. Governance structure including
audit committee. Primary contacts in management and other key staff related
to the audit.
• Structure of critical departments (e.g. finance, treasury, internal audit).
• Major suppliers, customers – turnover, terms of trade, imports, exports.
• Detail, evaluation and analysis of:
• control environment;
• risk assessment procedures;
• information systems; and
• control activities and control monitoring.
• Rolling analysis of risks, key performance indicators and risk management.
• Main accounting and other vital records, showing where they are kept and of
what type (e.g. hand-written, computerised).
• Major assets and liabilities.
• Previous financial statements, auditor's reports and supporting details if
opinion modified.
• Principal accounting policies and any IFRS Standards not applicable.
 • New client checklist, other legal/regulatory documents for accepting a new
client.
• Major laws and regulations under which the entity operates, including
regulatory reporting requirements (e.g. charities, banks, environmental, health
and safety).
• Previous partner review notes and matters for the partner’s attention.
• Previous reports to management (of deficiencies found in the accounting
system).
• Previous reports and minutes of discussions with TCWG.
• Management representations.
• Insurance cover details, including claims history.
• Significant ratios, trends and performance indicators over the last (say) 10
years.
• Rotational control schedule (e.g. location visits, inventory observation,
document examination, controls tested).
• Other documents of continuing importance:
o terms of engagement o mortgages and charges

o letters of authority (e.g. bank o title deeds

mandate)

o minutes of important o trade agreements and labour

meetings contracts

o key legal resolutions o profit share, bonus and

share option agreements

o annual filing returns o royalty agreements

o debenture deeds

• Other professional advisers (bankers, lawyers, brokers).

• Past administration (e.g. budgets, costings).
Current Audit File
• Financial statements audited (evidenced as agreed to accounting records,
cross-referenced to supporting schedules with comparatives, accounting
policies, notes and disclosures, all evidenced as audited).
• Completion checklists:
• Compliance with statutory requirements and IFRS disclosures.
• Partner sign off completion, including confirmation of auditor's report.
• Second partner review (as necessary).
• Audit completion checklists (partner, manager, senior).
• Closedown:
• Written representations.
• Report to management (final and interim) plus responses from the client.
• Matters for the attention of the partner (final and interim).
• Minutes of meetings with directors and audit committee.
• Minutes of board meeting approving financial statements.
• Schedule of corrected and uncorrected misstatements.
• Queries raised during the audit and subsequent clearance.
• Review notes (partner, manager, senior) and how cleared.
• Analytical review and performance indicators.
• Going concern and subsequent events.
• Ethical matters (e.g. proposed acceptance to continue as auditor).
• Confirmation of continued independence.
• Audit team assessments and reviews.
• Initial planning for the next audit.
• Job administration:
• Engagement team and relevant experience.
• Budget and fee estimates.
• Actual time/cost summaries and variance analysis.
• Fee notes.
• Planning:
• Ethical matters (e.g. client acceptance, independence, competence).
• Minutes of meetings with client, audit committee and audit team.
• Initial audit strategy, audit plan and tailored work programmes.
• Updated plans with explanations.
• Understanding of entity and its environment.
• Design of internal control and its implementation.
• Risk assessments, analytical review, materiality, sampling approach.
• Direction, supervision and review of the audit team.
• Audit sections:
• Final audit lead schedule showing the makeup of key figures in the financial
statements (cross-referenced to financial statements and supporting
schedules).
• Work programmes (interim and final).
• Supporting schedules detailing the objective of the test, testing approach,
sampling, work done, matters arising, action taken and conclusion.
• Supporting work schedules detailing the actual work carried out, including
balances, transactions and evaluation of control effectiveness.
• Supporting internal and external documentation (e.g. bank letters, receivable
confirmations, expert valuations).
• Evidence of review, review notes and clearance of review point.
Chapter 7: Audit Planning

Visual Overview

Objective: To describe the process of establishing the audit strategy and plan – the
objectives, scope and critical aspects of an audit.

1.1 Overall Objectives of the Auditor

The overall objectives of the independent auditor are:

 • To obtain reasonable assurance (see Chapter 1) about whether the financial
statements as a whole are free from material misstatement (whether due to
fraud or error), thereby enabling the auditor to express an opinion on whether
the financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework; and
• To report on the financial statements and communicate as required by the
ISAs, in accordance with the auditor’s findings.

1.2 Audit Conducted in Accordance with ISAs

Key point

The auditor must conduct the audit in compliance with all relevant ISAs.

The auditor cannot report compliance with the ISAs in the auditor's report unless all
ISAs that are relevant to the audit have been complied with.
The auditor can only depart from a relevant requirement of an ISA in exceptional
circumstances (i.e. when the performance of the procedures would be ineffective in
achieving the purpose of the requirement). In this case, the auditor should perform
alternative procedures.

2.1 Objective

Key point

The objective of the auditor is to plan the audit (applying professional judgement
and scepticism) so that it will be performed effectively and efficiently.

Professional judgement and scepticism, which were discussed in Chapter 1, are

applied throughout the audit process, not only in planning.
The relevant standard for audit planning is ISA 300 Planning an Audit of Financial
Statements. The auditor requires a thorough understanding of the entity, its
environment and the risk of material misstatement in the financial statements (see
Chapter 8) to effectively plan. Planning sets the tone and direction of the audit. It
ensures that the right resources are allocated to the right areas (e.g. high risk,
material) at the right time.

2.2 Benefits of Adequate Planning

Adequate planning is necessary to help the auditor to:

• devote appropriate attention to important areas;
• identify potential problems and resolve them on a timely basis;
• organise and manage the engagement effectively and efficiently; and
• assign appropriate staff to the audit, direct and supervise them and review
their work.
Where applicable, adequate planning also assists in coordination of work done by
others (see Chapter 18).

Example 1 Key Areas in Audit Planning

Glardie & Co is currently planning the audit of BRZ Co. Glardie & Co had also
audited the financial statements of BRZ Co for the prior year.
In discussions with management and their knowledge of the actions in the current
year of BRZ, the engagement partner has found the following to be of significance
to the audit of BRZ:
1. BRZ’s revenue has increased significantly compared to the previous year,
since it launched its purchase financing programme.
2. Glardie is facing a shortage of experienced audit staff in the industry that
BRZ is operating in.
3. There have been significant changes in the financial control system of BRZ,
addressing certain deficiencies found by Glardie and communicated to BRZ
in completing BRZ’s statutory audit last year.
4. To raise finance to fund its expansion plans, BRZ had initiated a rights
issue, a full subscription of which will raise its equity capital by 30%.
5. For the first time in Glardie’s knowledge of BRZ operations, a
manufacturing and storage facility is maintained offshore.

2.3 Scope

Planning entails developing:

 • an overall audit strategy (using professional judgement and scepticism) which
sets the scope, timing and direction of the audit;
• a detailed approach (developed from the strategy and again using
professional judgement and scepticism) for the nature, timing and extent of
audit procedures to reduce audit risk to an acceptably low level – the audit
plan; and
• adequate two-way communication between the auditor and TCWG.
The engagement partner and other key engagement team members must be
involved in planning the audit, including any discussions between other engagement
team members concerning developing the strategy and plan. The engagement
partner must take full responsibility for the audit strategy and plan.

Example 2 Developing the Audit Strategy

Following on from Example 1:

The engagement partner is now in discussion with the engagement team on the
audit strategy to approach the audit:
6. BRZ’s revenue has increased significantly compared to the previous year,
since it launched its purchase financing programme.
Glardie will need to allocate additional resources to the audit of revenue, and test
for the recoverability of receivables, to ensure that both items are not overstated.
2. Glardie is facing a shortage of experienced audit staff in the industry that BRZ is
operating in.
Glardie might need to explore hiring experienced staff, contracting out certain
portions of the audit work, and determining its possible reliance on the work of
BRZ’s internal audit function, if available.
3. There have been significant changes in the financial control system of BRZ,
addressing certain deficiencies found by Glardie and communicated to BRZ in
completing BRZ’s statutory audit last year.
Glardie would need to ascertain the functions and the updated financial control
system and its impact on audit risk. Planning should include resources for testing
the effect of the new controls.
3. To raise finance to fund its expansion plans, BRZ had initiated a rights issue, a
full subscription of which will raise its equity capital by 30%.
Glardie needs to test that the reported figures are accurate and whether there are
any regulatory issues that might impact the presentation of and disclosures in the
financial statements.
4. For the first time in Glardie’s knowledge of BRZ operations, a manufacturing
and storage facility is maintained offshore.
Glardie might need to determine if it is appropriate to send staff to perform audit
procedures on-site or to engage the services of another auditor to perform the
offshore audit work. It would need to determine the suitability of reliance on the
offshore auditor and establish audit quality and confidentiality controls.
2.4 Planning Cycle

Planning is not just the initial phase of an audit but a continuing process which
begins shortly after the completion of the previous audit and continues until the
completion of the current audit engagement, for example:
• When a final audit is completed, planning for the next audit cycle will
commence (e.g. the interim stage), taking into account relevant audit findings
from the previous audit cycle (e.g. results from testing controls, particular
difficulties in carrying out any tests, suggestions for improvement in testing
effectiveness and efficiency).
• The effect of changes in the business, statutory and regulatory environment
during the audit cycle (and the client's reaction to such changes) on the
timing, nature and extent of audit procedures. As statutory and regulatory
changes are often announced well before implementation, there will be plenty
of time to discuss the audit's effect with directors and audit committees. A
sound understanding of the business should alert the auditor to strategic and
tactical changes. Operational changes (e.g. unexpected loss of a major
customer or supplier) may cause the auditor to revise the audit plan
immediately.
• Interim audit results will affect year-end and final audit procedures (e.g. if
direct controls are not operating effectively – see Chapter 12).
 • Identifying audit procedures that may be more efficient and effective to carry
out at or before the year end (e.g. non-current asset inspections, receivable
confirmations).
• During each audit stage, reassessment of the audit strategy and plan to take
into account errors and other factors which arise during audit procedures (e.g.
reassess risk and materiality on discovering errors, conflicting test results,
doubts about management's integrity, identification of going concern or
possible fraud indicators).

2.5 Planning Activities

Planning activities include:

• Initial evaluation of the ability to continue to carry out the audit of the client
(also discussed in Chapter 5).
• Considering the effect of a modified audit opinion, management (deficiency)
letters and points forward (for the attention of the following audit) from the
prior audit, including an assessment of uncorrected misstatements.
• Developing the overall audit strategy (scope, timing and direction of the audit).
• Establishing the resources required including, audit team members, their
experience, external experts and time budgets.
• Developing a detailed audit plan regarding the nature, timing and extent of
audit procedures.
• Establishing the necessary direction, supervision and review procedures
(which will depend on the nature of the audit, the assessed risk of material
misstatement and the experience of each audit team member).
 • Changing, as necessary, the audit strategy and the audit plan as the audit
progresses.
• Establishing and maintaining communication with TCWG and management
(see s.7).
Planning considerations specific to computer information systems are dealt with in
Chapter 12.

3.1 Need For

Performing preliminary engagement activities helps to ensure that the auditor has
considered events or circumstances that may adversely affect his ability to perform
the audit engagement.
These activities help the auditor plan to ensure that:
• the necessary independence and ability to perform the engagement are
maintained;
• there are no issues with management integrity which may affect the
continuation of the engagement; and
• there are no misunderstandings with the client regarding the terms of the
engagement.

3.2 Basic Approach

As part of the audit completion procedures, the auditor confirms that no matters
arose during the audit to cast doubt over his ability to conclude the audit and sign the
auditor's report (e.g. independence, technical competence).
This approach is "rolled forward" to planning the following audit assignment. This
includes consideration of any factors arising during the last audit (and since the
completion of that audit), which would cast doubt on the ability to re-accept
appointment (e.g. loss of essential expertise specific for that client or in management
integrity).
In many jurisdictions, the auditor decides whether to stand for reappointment at the
company's AGM. To do so, the auditor must demonstrate the ability to continue to
act as the auditor.
As previously discussed in Chapter 5 Auditor Appointment, preliminary activities
include:
 • reassessing the client relationship and management's integrity (e.g. does the
auditor wish to continue to act for the client);
• evaluating compliance with ethical requirements, including independence, of
the firm, partners and proposed assignment staff;
• assessing threats to the fundamental principles; and
• reviewing the terms of the engagement to ensure that they are up to date and
reflect any changes in the entity's circumstances, business, legal or regulatory
environment.

4.1 Establishing the Overall Audit Strategy

Key Point

The overall audit strategy sets the scope, timing and direction of the audit, and
helps guide the development of the detailed audit plan.

An appendix to ISA 300 provides examples of a broad range of matters to be

considered in establishing the overall audit strategy. Although many of these
considerations apply to many audits, not all will be relevant to every audit and the
lists which follow are not exhaustive.

4.1.1 Characteristics of the Engagement

• The financial reporting framework used.

• Industry-specific law and regulation requirements.
• Governance requirements.
• Reliance on the work of internal audit.
• Entity's use of service organisations.
• Possible use of the computer as an audit tool.
• Availability of client staff and data.
•
4.1.2 Reporting Objectives, Timing of the Audit, Nature of
Communications

• The entity's timetable for reporting at interim and final stages.

• The organisation of meetings with management and TCWG to discuss the
nature, extent and timing of the audit work.
 • Discussions with management identifying feedback required throughout the
engagement and the expected deliverables, for example:
• progress reports;
• the auditor's report;
• reports to management; and
• communications to TCWG.
• The expected nature and timing of communications between engagement
team members, including the nature and timing of team meetings and timing
of the review of work performed.
• Third parties, including any statutory or contractual reporting responsibilities
arising from the audit.

4.1.3 Significant Factors, Preliminary Activities and Knowledge

Gained

• Determination of appropriate materiality levels.

• Preliminary identification of material classes of transactions, account balances
and disclosures.
• Preliminary identification of areas where there may be high risks of material
misstatement.
• The effect of the assessed risk of material misstatement at the financial
statement (see Chapter 8) level on direction, supervision and review.
• The need for, and level of, professional scepticism.
• Evidence of management's commitment to the design and operation of sound
internal control.
• Placing reliance on the effectiveness of internal control.
• Recent industry, business, legal, regulatory, financial reporting or other
relevant developments affecting the entity.
• The selection of the engagement team, the assignment of audit work to the
team members and the engagement budgeting.

4.2 Nature, Timing and Extent of Resources

Establishing the audit strategy helps the auditor to ascertain the nature, timing and
extent of resources necessary to perform the engagement. For example:
• The use of appropriately experienced team members for high-risk areas or the
involvement of experts on complex matters.
• The number of team members assigned to observe the inventory count at
material locations.
 • The hours to allocate to high-risk areas, material areas, the planning process
itself, control testing, review and completion.
• When these resources are deployed at the interim audit (e.g. pre-year-end
circularisation), the year end (e.g. inventory observation) and final audit.
• How such resources are managed, directed and supervised. For example:
• timing of team briefing and debriefing meetings;
• timing and location of senior, manager and partner reviews of the audit
process; and
• the need for engagement quality reviews (e.g. second partner review before
audit completion).

4.3 Timetable

A "traditional audit" generally has three discrete phases: interim, year-end and final.

4.3.1 Interim Audit

ISA 330 The Auditor’s Responses to Assessed Risks considers the timing of audit
procedures and using audit evidence obtained during an interim period.
Interim audit procedures are performed before the year end. An interim audit is not
required, but may be performed:
• to reduce the workload and time pressure of the final audit;
• to better understand if reliance can be placed on internal controls to help plan
the year-end audit.
Interim procedures are more effective when the risk of material misstatement is low
and less effective when the risk of material misstatement is high. This is due to the
auditor's understanding of the effectiveness of the control environment (more
confidence in internal control effectiveness would allow more interim procedures to
be performed).
Interim audit procedures may include:
• Planning procedures (e.g. documenting systems and updating the
understanding of the client).
• Tests of controls (i.e. tests to assess their operating effectiveness), where
this is more efficient when the evidence is available, and the audit team is less
busy.
• Substantive procedures (i.e. tests to detect material misstatement) on audit
areas assessed as low risk.

Key point

Substantive procedures must be performed at or near the year end when the risk
of material misstatement is high.

4.3.2 Effect of Interim Audit on Final Audit

The audit opinion cannot be based solely on evidence gathered during the interim
audit.
• If the auditor performs tests of controls at an interim date, the auditor will need
to obtain evidence about significant changes to those controls after the interim
period and determine the additional evidence to be gathered during the final
audit.
• If substantive procedures are performed at an interim date, the auditor will
need to cover the remaining period (i.e. between the date of the interim
procedures and year end) by performing further substantive procedures or a
combination of additional substantive procedures and tests of controls.
Evidence gathered during the interim audit is used to plan the final audit. For
example:
• If tests of controls performed during the interim audit show that controls are
operating effectively, a lower level of substantive testing is required during the
final audit.
• If misstatements are detected at an interim date that the auditor did not
expect, the auditor should reassess the risk that the financial statements may
be materially misstated and reassess the nature, timing and extent of
substantive procedures covering the remaining period.

4.3.3 Final Audit

Audit procedures carried out during the final audit are mainly substantive (analytical
procedures and tests of details), emphasising completeness, carrying amounts,
presentation, existence and cut-off. Tests on items selected at the year end are
followed up (e.g. inventory valuation, confirming recoverability of trade receivables).
Where there is a tight reporting deadline (e.g. one month after the year end), some
final audit procedures (e.g. trade receivables confirmations) may be carried out just
before the year end (e.g. one month before) and "rolled forward" to the year end.

Activity 1 Year-end Audit Visit

Suggest three audit procedures typically carried out at a year-end audit visit.
*Please use the notes feature in the toolbar to help formulate your answer.

4.3.4 Stages of an Audit Summary

Interim Audit Final Audit

Timing Before year end At or after year end

Required No Yes

Procedures Primarily tests of controls Primarily substantive

with some substantive procedures or, when
procedures when risk is appropriate or necessary,
low and evidence is a combination of
available. substantive procedures
and tests of controls.

Basis for audit opinion Only when combined with Evidence gathered during
evidence gathered during the final audit can be
the final audit. used as the basis for the
audit opinion, even when
no interim procedures
have been performed.

5.0 Introduction

Key point
 The auditor should develop an audit plan for the audit to reduce audit risk to an
acceptably low level. The plan will include a description of:
• The nature, timing and extent of risk assessment procedures, as
determined under ISA 315 (see Chapter 8).
• The nature, timing and extent of audit procedures at the assertion level to
address identified risks, as determined under ISA 330 (see Chapters 22-
27).
• Other audit procedures that must be carried out so that the engagement
complies with ISAs.

5.1 Rationale

The audit plan should be developed once the audit strategy has been established. It
will address the various matters identified in the audit strategy, considering the need
to achieve the audit objectives through the efficient use of the auditor's resources.
It is more detailed than the audit strategy. It includes the nature, timing and extent of
audit procedures to be performed by the engagement team members to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
Also called audit work programme, separate audit plans cover all stages of the audit;
interim, year end and final.

5.2 Content

The audit plan includes:

• A description of the nature, timing and extent of planned risk assessment
procedures. These procedures must be sufficient to assess the risks of
material misstatement under ISA 315 Identifying and Assessing the Risks of
Material Misstatement (see Chapter 8).
• A description of the nature, timing and extent of planned audit procedures at
the assertion level for each material class of transactions, account balance
and disclosure, as determined under ISA 330 The Auditor's Procedures in
Response to Assessed Risks, including:
• audit procedures, if required, to test the operating effectiveness of controls;
and
• the nature, timing and extent of planned substantive procedures (see
Chapters 22-28).
 • Audit procedures must be carried out to comply with all relevant ISAs for the
assignment (e.g. external confirmations, accounting estimates, using the work
of an expert, subsequent events, going concern and management
representations).

Key Point

Working papers must identify:

• The specific items tested;
• Who performed the work and when it was completed;
• Who reviewed the work, and on what date.

5.3 Changes to Planning Decisions

Planning is a continuous process. The results of the interim audit will affect the plan
for the year-end work, the results of which (together with the interim audit) will affect
the final audit strategy and plan.
The auditor also will need to change the audit strategy and plan to take events into
account as they unfold. For example:
• unexpected events (e.g. loss of a key member of the client's management
team);
• changes in the entity's environment (e.g. a regulator's report requiring
changes to be made to the entity's procedures); and
• unexpected results from audit procedures (e.g. the results of substantive
procedures contradict the evidence obtained through testing the operating
effectiveness of controls).
As a result of such events, materiality and the risk of material misstatement may
need to be reassessed and the planned nature, timing and extent of audit
procedures reconsidered.

Example 3 Adjusting the Audit Plan

Following on from Example 2:

During the interim audit for the year, the engagement team identified several
events that would lead to a change in the final audit plan:
7. The growth in revenue for BRZ is significantly higher than expected, and
there is a corresponding deterioration in current and quick ratios.
Glardie has highlighted revenue as an area of increased audit risk in its audit
planning and that adjustment to materiality levels and extent of audit procedures
may be necessary.
 2. A fire at the offshore manufacturing plant, which forms a significant part of
BRZ’s non-current assets. The financial effects of the fire are still being
ascertained.
Glardie has indicated additional procedures to ensure that the final reported
carrying amount of the plant is materially correct and that any losses and
provisions are appropriately accounted for and disclosed.
3. One of BRZ’s customers instigated legal action against BRZ for the non-delivery
of promised services during the year. Initial discussions with management indicate
that the non-delivery was due to non-performance by one of BRZ’s subcontractors
and has brought in the subcontractor as a third-party defendant in the claim.
Glardie has indicated additional audit procedures to ascertain the impact of this
claim on BRZ’s financial statements and ensure the appropriate disclosures and
provisions have been made in case of any developments in the case.

6.0 Introduction

Key point

The nature, timing and extent of the direction and supervision of engagement
team members and the review of their work must be planned based on:
• the assessed risk of material misstatement; and
• the level of experience of the audit team members.

6.1 Direction

Direction is the means through which the members of the engagement team are
informed of:
• their responsibilities;
• the nature of the business;
• risk-related issues;
• the detailed approach to the performance of the engagement;
• the objectives of the tasks they are to undertake;
• problems that may arise; and
• matters which may affect the nature, timing and extent of audit procedures.
Communication tools (which are integral to the working papers) include:
 • engagement team briefing, which must be documented (e.g. in a planning
memo);
• overall audit strategy and plan;
• audit programme; and
• staffing and time budgets.

Example 4 Direction

Following on from Example 3:

Before the commencement of the final audit, the engagement partner had a
meeting with the engagement team. They have gone through all the significant
matters that might affect the audit, identified throughout the year and the
preliminary audit.
The audit objectives were also discussed and mitigations for foreseen problems
implemented (e.g. what to do if documentation and assets were missing due to the
fire at the manufacturing plant).
The audit programme was distributed digitally to the team, and the procedure time
frame was also shared and commented on for efficiency and audit quality.
The tasking of the engagement team for audit procedures is managed through
cloud-based audit software, which holds information on all the audit work to be
performed, retains all working papers, and updates time and resource budgets as
the audit progresses.

6.2 Supervision

Supervision includes monitoring progress and recording such progress in the

working papers to ensure that:
• assistants have the skills and competence necessary;
• assistants understand and follow their instructions;
• work is being done following the overall audit plan, audit programme and time
budget;
• significant accounting and auditing issues are identified and acted on (e.g. by
modifying the audit programme; noting for partner attention and action); and
• differences of professional judgement between members of the audit team are
resolved, including the use of (internal and/or external) consultation
procedures.
6.3 Review

A person of greater experience (e.g. senior reviewing junior, partner reviewing

manager) should consider whether:
• work has been performed following standards and the audit plan;
• there is a need to revise the nature, timing and extent of work performed;
• the results of work performed are adequately documented;
• audit objectives have been achieved;
• the evidence obtained is sufficient and appropriate to support the auditor's
report;
• significant audit matters have been raised and all resolved;
• relevant consultations have taken place and the resulting conclusions
documented; and
• conclusions are consistent with the results of the work performed.
The review process must be documented as part of the working papers. Review is a
continuous process; any changes necessary to the overall audit approach (as
identified during the audit) must be reviewed and approved by the audit partner.

Example 5 Supervising

Rachel is an audit senior in charge of supervising junior audit team members in an

engagement.
Her duties in reviewing the working papers of her juniors include:
8. Confirming that all identification information and key dates are correct.
9. Ensuring that the correct materiality levels have been applied.
10. Ensuring that the sources of information are correctly identified and the
audit procedure methodology has been properly applied.
11. Determining that the conclusions and basis on which they have been
reached are appropriate.
12. Evaluating the procedure's outcome in relation to the overall audit
objectives, any significant issues and prescribing additional audit
procedures where necessary.

7.0 Introduction
 Key point

The auditor should document the overall audit strategy and plan, including any
significant changes made during the audit engagement.

7.1 Audit Strategy

Documenting the overall audit strategy records the key decisions necessary to
properly plan the audit and to communicate significant matters to the engagement
team. The overall audit strategy may be summarised in a “planning memorandum”,
which sets out the overall scope, timing and conduct of the audit.

7.2 Audit Plan

The documentation of the audit plan must be sufficient to demonstrate the planned
nature, timing and extent of:
• the risk assessment procedures (see Chapter 8);
• the audit procedures (e.g. tests of controls, substantive tests, analytical review
procedures, going concern, review and completion) to be carried out on each
material class of transaction, account balance and disclosures in response to
the assessed risks; and
• the planning procedures themselves.
Standard, pre-printed audit programmes and audit completion checklists are often
used. However, such programmes and checklists must be tailored to each client's
circumstances.

7.3 Changes to the Audit Strategy and Audit Plan

When the original audit strategy and audit plan are updated, the reasons for the
changes and the auditor's response to the events, conditions, or results of audit
procedures that resulted in such changes, must be documented to update the
strategy and plan.
For example, when the testing of control procedures is no longer considered
necessary or additional audit tests are added to the work programme because of the
discovery of a material misstatement, the reasons for these changes must be
documented.
The audit file has to support the audit opinion.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

13. Objective and general principles

• Identify the overall objectives of the auditor and the need to conduct an audit
in accordance with ISAs.
• Explain the need to plan and perform audits with an attitude of professional
scepticism, and to exercise professional judgement.
14. Audit planning and documentation
• Identify and explain the need for, benefits of and importance of planning an
audit.
• Identify and describe the contents of the overall audit strategy and audit plan.
• Explain and describe the relationship between the overall audit strategy and
the audit plan.
• Explain the difference between interim and final audit.
• Describe the purpose of an interim audit, and the procedures likely to be
adopted at this stage in the audit.
• Describe the impact of the work performed during the interim audit on the final
audit.

Summary and Quiz

• The engagement partner is responsible for planning the audit, which includes
developing an overall audit strategy and plan.
• Preliminary planning activities include:
• reassessing the client relationship and management integrity;
• evaluating compliance with ethical requirements;
 • assessing threats to fundamental principles; and
• reviewing the terms of the engagement.
• The audit strategy establishes the scope, timing, and direction of the audit and
guides the development of the audit plan.
• Audit direction includes:
• determination of materiality;
• identification of high-risk areas;
• consideration of the likely effectiveness of internal control; and
• determination of staffing levels, timing, etc.
• The audit plan includes a description of the nature, timing and extent of:
• planned risk assessment procedures;
• audit procedures for each material class of transactions and balances; and
• other audit procedures (e.g. for audit finalisation).
• The audit strategy and plan should be revised during the audit as evidence is
gathered that causes the auditor to reassess materiality, the risk of material
misstatement and the planned nature, timing and extent of audit procedures.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Year-end Audit Visit

Suggest three audit procedures typically carried out at a year-end audit visit.
*Please use the notes feature in the toolbar to help formulate your answer.
• For clients holding material amounts of inventories (e.g. retailers,
manufacturers), there will usually be a physical counting of inventory at the
year end. The auditor must attend this. Where a year-end count is not
practicable, it may be conducted before the end of the reporting period and
supplemented with "roll forward" tests (see Chapter 23).
• While attending the year-end physical count, several other procedures also
may be carried out (e.g. tangible non-current asset inspection confirming
existence at the end of the reporting period and cash counts where material).
• Bank confirmation letters (see Chapter 26) will be organised shortly before or
after the year end to ensure that replies are received before the final audit.
• Other external confirmations also may be organised (e.g. receivable
circularisation sent with the client's month-end statements, see Chapter 24) to
ensure replies are received before the final audit.
Chapter 8: Identifying and Assessing Risk

Visual Overview

Objective: To describe how the auditor, through understanding the entity, aims to
minimise audit risk.

1.0 Introduction

The relevant standard is ISA 315 (Revised 2019), Identifying and Assessing the
Risks of Material Misstatement.

Key point
 The auditor must identify and assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and assertion levels, thereby
providing a basis for designing and implementing responses to the assessed risks
of material misstatement.

1.1 Steps

The steps required in identifying and assessing the risks of material misstatements
can be summarised as follows:
1. Design and perform risk assessment procedures to obtain an
understanding of:
• the entity and its environment;
• the applicable financial reporting framework and the entity’s accounting
policies;
• inherent risk factors.
Definition

Inherent risk factors – characteristics of events or conditions that affect

susceptibility to misstatement, whether due to fraud or error, of an assertion about
a class of transactions, account balance or disclosure, before consideration of
controls.

2. Evaluate whether the entity’s accounting policies are appropriate and

consistent with the applicable financial reporting framework
3. Obtain an understanding of the components of the entity’s system of internal
control (Chapter 9).
4. Identify the risks of material misstatements and determine whether they exist
at:
• the assertion level (i.e. affecting material classes of transactions, account
balances and their related disclosures); or
• the financial statement level (i.e. affecting the financial statements).
5. Assess the identified risks including whether any are significant risks.
5a. Optional. Assess control risk if the auditor plans to test the operating
effectiveness of controls (see s.3.5).
6. Plan, design and perform appropriate audit procedures in response to
identified risks as required by ISA 330 The Auditor’s Responses to Assessed
Risks.
In summary, the auditor must:
• understand the entity and its environment to assess the risk of material
misstatement (RoMM) in the financial statements; then
 • devise a work programme to test whether such misstatements have arisen
(ISA 330 and ISA 500 Audit Evidence).

1.2 Obtaining an Initial Understanding

The auditor obtains an understanding of the entity and its environment and the
applicable financial reporting framework by performing risk assessment procedures.

Definition

Risk assessment procedures – audit procedures designed and performed to

identify and assess the risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels

Risk assessment procedures include inquiries, observation and inspection and

analytical procedures. Observation and inspection are required to support,
corroborate or contradict inquiries and provide information.

Inquire • Of TCWG, management and

others (including internal audit).

Observe • Day-to-day activities and

operations.
• Behaviours and actions of
management or TCWG (e.g.
observe an audit committee
meeting).

Inspect • External sources of industrial,

legal and economic conditions
and events (e.g. trade journals,
credit rating agencies, financial
press).
• Internal documents (e.g.
business plans), accounting
records and procedure manuals.
• The entity’s premises and plant
facilities.
 • Reports prepared by
management (e.g. monthly
management accounts) and
TCWG (e.g. board minutes, audit
committee reports).

Analytical procedures • Internal and external information;

current and prior financial
history; financial and non-
financial information.
• Key performance indicators and
activity against similar
companies.
• Identifying unusual transactions,
amounts, relationships, ratios
and trends.
• See Chapter 16 for further
details.

Example 1 Inquiries

Inquiry to: Reason:

TCWG To understand the extent of their

oversight over the preparation of the
financial statements by management.

Employees who initiate, process or To evaluate the appropriateness of the

record complex/unusual transactions selection and application of specific
accounting policies.

In-house legal counsel To obtain information about litigation,

compliance with laws and regulations,
knowledge of fraud/suspected fraud,
warranties, after-sale obligations and
the meaning of contractual terms.

Marketing or sales personnel To obtain information about changes

in marketing strategies, sales trends or
contractual arrangements with
customers.

Risk management function To obtain information about

operational and regulatory risks that
may affect financial reporting.
 IT personnel To obtain information about system
changes, system or control failures or
other IT-related risks.

1.3 Audit Team Discussions

Discussions should be held between the senior and key members of the
engagement team (at least) about the susceptibility of the financial statements to
material misstatement, including fraud risk (see Chapter 11).

Key Point

Discussions must be documented along with the decisions made and the
implications for the audit approach.

By holding such discussions:

• the more experienced engagement team members brief other members and
share their insights based on their knowledge of the entity and audit
experience;
• information can be exchanged about the entity's risks and how and where the
financial statements might be susceptible to material misstatement;
• the audit team obtains a better understanding of the potential for material
misstatements resulting from fraud or error in the specific areas assigned to
them; and
• the audit team understands how the results of the audit procedures that they
perform may affect other aspects of the audit, including the decisions about
the nature, timing and extent of further audit procedures.
Team members not involved in the discussions must be informed of the outcomes
and specific effects on areas relevant to their responsibilities. This is usually
achieved through a client planning memorandum.

Example 2 Team Discussion

Bladd & Co holds an initial risk assessment meeting for the audit of WWQ Co, a
client for which the firm has been the auditor for a few years.
 There were certain factors identified during the year that have been identified as
accompanying risks of material misstatement to this year’s audit, and the
engagement partner wants senior members of the engagement team to be fully
aware of these risks.
There has been an observed worsening of WWQ’s current and quick ratios,
accompanied by rapid growth in revenues. The engagement team feels this has
significant risk, both for material misstatement and potential going concern issues.
The engagement partner also shared with the team that he was informed by the
board of WWQ that they would be expanding and diversifying the business to
include real estate development and sale and had acquired land and broken
ground for the construction of a property. The engagement partner informs his
team that this is an area of significant risk due to the issue of revenue recognition
and capitalisation of assets since the project has been financed by debt. It is also
unclear what operational and financial controls WWQ has over this division.

1.4 Sources of Information

Audit evidence is obtained through risk assessment procedures from multiple

sources, including the entity, the auditor’s acceptance or continuation procedures,
previous audits and third parties (e.g. regulators).

Activity 1 Sources of Information

Suggest examples of information that might be obtained from each of the following
sources:
a. Audit client;
b. Auditor;
c. Other sources.
*Please use the notes feature in the toolbar to help formulate your answer.

1.5 Using the Information

Key Point
 The auditor’s understanding of the entity and its environment and the applicable
financial reporting framework:
• assists the auditor in understanding the events and conditions that are
relevant to the entity;
• assists the auditor in identifying how inherent risk factors affect the
susceptibility of assertions to misstatement in the preparation of the
financial statements; and
• informs how the auditor plans and performs further audit procedures.

Example 3 Why an Understanding is Required

The auditor uses an understanding of the entity and its environment to:
• Identify and assess risks of material misstatement;
• Determine materiality levels and judge whether they remain appropriate as
the audit progresses (see Chapter 10);
• Perform procedures to help identify non-compliance with laws and
regulations that may have a material effect on the financial statements (see
Chapter 11);
• Evaluate whether the financial statements provide adequate disclosures;
• Consider the appropriateness of the selection and application of accounting
policies and the adequacy of financial statement disclosures;
• Develop expectations for use in analytical procedures (see Chapter 16);
• Identify areas where special audit consideration may be necessary (e.g. the
appropriateness of the going concern assumption);
• Design and perform further audit procedures to reduce audit risk to an
acceptably low level;
• Evaluate the sufficiency and appropriateness of audit evidence (see
Chapter 15), including management representations (see Chapter 20);
• Recognise conflicting information and unusual circumstances and
effectively apply professional scepticism;
• Make informed enquiries and assess the reasonableness of responses;
• Provide better service to clients and be responsive to their needs.

2.1 Matters to Consider

2.1.1 Before Accepting Appointment

Before accepting an appointment, the auditor should obtain a general understanding

sufficient to make an appropriate proposal.
2.1.2 After Accepting Appointment

After accepting an appointment, the auditor should obtain a more detailed

understanding sufficient to plan an effective and efficient audit.

2.2 Information Needs

ISA 315 requires the auditor to obtain an understanding of the following:

• nature of the entity and its environment, including:
• organisational structure, ownership, governance, and business model,
including the extent to which the business model integrates the use of IT;
• industry, regulatory and other external factors
• the measures used, internally and externally, to assess financial performance;
• the applicable financial reporting framework, the entity’s accounting policies
and the reasons for any changes to it; and
• how inherent risk factors affect the susceptibility of assertions to
misstatements and the degree to which they do so.

Activity 2 Information Requirements

Suggest, under the following headings, the information you will require to enable you
to obtain a sufficient understanding of the entity and its environment:
• General economic factors
• Industry
• Management and ownership
• Business
• Financial performance
• Reporting environment
*Please use the notes feature in the toolbar to help formulate your answer.
2.3 Selection and Application of Accounting Policies

The auditor needs to understand how the entity selects and applies accounting
policies. (Are they appropriate to the business and consistent with the financial
reporting framework and relevant industry?) An incorrect or aggressive application is
a risk of material misstatement.
The following may increase the risk related to the selection and application of
accounting policies:
• the methods used to account for unusual or complex transactions (including
those in controversial or emerging areas for which there is a lack of
authoritative guidance);
• changes in the environment (e.g. the financial reporting framework or tax
reforms) that may necessitate a change in the entity’s accounting policies;
and
• the effect of financial reporting standards and laws and regulations that are
new to the entity. For example, whether a new IFRS has been correctly
applied.

2.4 Updating Existing Clients

For entities audited in prior years, historic key information required for planning will
be available in the working papers and other files (e.g. computer knowledge bases).

Key Point

To use information obtained from previous experience and audit procedures

performed in previous audits, the auditor must evaluate whether such information
remains relevant and reliable as audit evidence for the current audit.

Previous experience and audit procedures may provide the auditor with information
about such matters as:
• Past misstatements and whether they were corrected on a timely basis;
• The nature of the entity and its environment and its system of internal control;
• Complex transactions and other events or account balances and related
disclosures;
 • Significant changes that the entity or its operations may have undergone
since the prior financial period.
Where changes are identified, their effects on the entity, its business and the
financial reporting environment must be understood. Changes that will affect the
business in a future financial period cannot be ignored. What risk arises from these
changes? Does that risk affect the current financial statements? For example, known
future changes in regulations may create a going concern risk.

Activity 3 Changes to be Documented

For an existing client, identify the internal and external changes (compared to the
previous year) that must be documented to understand the entity and its
environment.
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Concept

Definition

Audit risk – the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. It is a function of the risks
of material misstatement and detection risk. (ISA 200)

An audit in accordance with ISAs is designed to provide reasonable assurance that

the financial statements as a whole are free from material misstatement. The
concept of "reasonable assurance" implies a risk that the audit opinion may be
inappropriate.
This risk may be reduced to an acceptable level through the risk-based approach to
auditing:
• identifying and assessing risks of material misstatement at the financial
statement and assertion levels (ISA 315);
• designing and performing audit procedures to obtain sufficient appropriate
audit evidence to draw reasonable conclusions on which to base the audit
opinion (ISA 330).
The assessment of audit risk is a matter of professional judgment (rather than a
matter capable of precise measurement) and encompasses two types of risk:
 • the risk of material misstatement in the financial statements (i.e. before audit);
and
• the risk that the auditor may not detect such material misstatement (i.e.
detection risk).

3.2 Risks of Material Misstatement

The auditor must consider whether the risks of material misstatement identified exist
at:
• the financial statement level (i.e. affecting the financial statements overall or
as a whole); or
• the assertion level for classes of transactions, account balances and
disclosures (i.e. existence, completeness, occurrence, valuation, presentation,
etc of line items in the financial statements).
Risks at the financial statement level are pervasive and therefore affect many
assertions. For example, if there is a risk that the going concern basis of preparation
is inappropriate, this could result in overvalued assets, omitted liabilities and omitted
disclosures.
Risks at the assertion level are assessed to determine the nature, timing and extent
of further audit procedures necessary to obtain sufficient appropriate audit evidence.

Activity 4 Inherent Risk Factors

Should each of the following factors be evaluated at the financial statement level or
at the assertion level?

Financial Asser
statement tion

1. Doubts about the integrity of management.

2. Management inexperience in the preparation of the

financial statements

3. Accounts which involve a high degree of estimation.

4. Lack of sufficient capital to continue operations.

 5. Potential for technological obsolescence of products
and services.

6. Complex underlying transactions that might require an

expert’s work.

7. Highly desirable and movable assets (e.g. cash)

susceptible to loss or misappropriation (e.g. theft).

8. Unusual and complex transactions completed at or near

the reporting date.

9. Changes in consumer demand.

10. Transactions not subject to ordinary processing.

*Please use the notes feature in the toolbar to help formulate your answer.

Key point

No one audit risk model is used by all auditors. The main features of a risk-based
model are:
• the auditor's concern for material misstatement in the financial statements;
• audit risk is reduced to an acceptably low level by the exercise of
professional judgment; and
• audit procedures are designed to ensure that audit risk is at an acceptable
level.

Example 4 Audit Response to Audit Risks

It is 1 July 20X5. An audit manager is planning the audit of the financial statements
of Basil Co for the year ending 31 July 20X5. During a planning meeting with the
finance director of Basil Co, the audit manager noted the following:
• Basil Co replaced two major items of machinery on the production line in its
main factory. There were significant staff costs involved in preparing the site
for the new machinery and testing that it was operating correctly. These
costs have been included in wages and salaries expense for the period.
• During the year, Basil Co purchased land and a building adjacent to the
main factory and converted it to another production facility.
• The increased production capacity resulted in a significant increase in the
inventory quantities held. At the year end, inventory will be held in four
regional warehouses. The finance director plans to conduct full inventory
 counts at the warehouses on 2, 3 and 4 August and make necessary
adjustments for post year-end movements.
• Basil Co obtained an interest-bearing bank loan of $5 million to finance the
new machinery and purchase of land and buildings. The loan must be paid
in equal instalments over the next five years.
• A portion of the new production facility was used for research and
development. During the year, Basil Co spent $2 million researching and
developing new products.
• To increase revenues and expand its customer base, Basil Co relaxed its
credit terms. Due to the past success of the credit controller in collecting
past due accounts, the finance director has decided not to increase the
allowance for irrecoverable receivables.
• Basil Co introduced a new bonus plan in which managers are paid bonuses
based on the increase in total revenue during the year.
Based on this information, the audit manager has identified the following audit
risks and outlined the audit responses that the engagement team will need to
address during the audit.

Audit Risks Audit Response

Basil Co has included in wages and The audit team should discuss with
salaries, significant staff costs involved management the accounting treatment
in installing and testing new applied and request that the relevant
machinery. staff costs are included in the cost of
property, plant and equipment (PPE).
However, such costs that are directly
(See Chapter 22.)
attributable to bringing the asset to the
location and condition necessary for its The audit team should undertake a
intended use are an element of the review of the staff costs expensed and
cost of the asset (IAS 16 Property, the process for allocating staff costs to
Plant and Equipment). work undertaken to confirm the
amounts that should be capitalised as
It appears that these staff costs have
part of the cost of machinery. If an
been accounted for incorrectly,
adjusting journal is made by
resulting in understated PPE and
management this should be reviewed
overstated wages and salaries
for accuracy.
expense.

The costs of the land and building The audit team should confirm that the
purchased should be accounted for land was not depreciated and that the
separately. building was depreciated correctly
according to Basil Co’s depreciation
Only the cost of the building should be
policy. The accuracy of the
depreciated. If the cost of the land is
depreciation should be tested through
depreciated, PPE will be understated
recalculation. (See Chapter 22.)
and depreciation expense overstated.
There will be inventory counts at all The audit team should attend the
four regional warehouses shortly after inventory counts at all four
the year end. If inventory movements warehouses and document details of
are not completely and accurately inventory movements (goods
controlled, year-end inventory could be received/despatched) to ensure
under or overstated. recorded in the correct accounting
period. (See Chapter 23.)

Basil Co obtained a new interest- The audit team should review the loan
bearing bank loan in the year agreement and confirm the amount
repayable over five years. There is a repayable with the bank. The team
risk that the loan has not been should verify that the loan is correctly
correctly allocated between current analysed between current and non-
and noncurrent liabilities which would current liabilities. (See Chapter 26.)
give rise to a classification error and
misstated liabilities.

Basil Co has spent $2 million on The audit team should examine the
research and development. supporting documentation, such as
invoices and descriptions from the
Expenditure related to research should
board of director minutes, for
be expensed. Expenditure related to
significant research and development
development should be capitalised if it
expenses and apply relevant tests to
is distinguishable from research
determine whether it has been
expense and meets the asset
correctly classified as capital or
recognition criteria. If incorrectly
revenue expenditure. (See Chapter
classified, profit and intangible assets
22.)
could be overstated or understated.

Relaxing credit terms increases the The audit team should review the
risk that customers do not pay. There receivables age analysis to assess the
is a risk that receivables are need to increase the allowance for
overvalued because the allowance for receivables. The team should also
irrecoverable receivables has not been review irrecoverable debts and cash
increased. collection patterns for the year to
identify any changes that might
indicate a need to increase the
allowance. (See Chapter 24.)

There is a risk that management may Throughout the audit, the team should
have felt pressured to overstate be alert to this risk and any indications
revenue because of the new bonus that revenue has been overstated. The
plan. team will need to maintain professional
scepticism. Cut-off procedures should
be performed to verify that sales were
 recorded in the correct accounting
period. (See Chapter 24.)

Exam advice

Always answer risk questions from the auditor’s perspective (as shown in this
example). Answers from the client’s perspective concerning business risks (that
are not examinable in AA) rather than audit risks earn no marks.
If asked to identify audit risks, you should identify the risk, refer to the related
account balance and describe the possible misstatement in the financial
statements.
If asked to describe the auditor's response to identified audit risks, you should
describe the auditor’s approach to assess whether the balance or transaction is
materially misstated. A two column method, as used above, is recommended.

3.3 Audit Risk Model

The "traditional" audit risk model considers the essential components of audit risk to
be:
• inherent risk (IR);
• control risk (CR); and
• detection risk (DR).
Although IR and CR are separately assessed, their combined effect is the risk of
material misstatement (i.e. the risk that controls will not detect misstatements that
arise due to inherent risk). DR is then often referred to as the "residual risk".
An overall acceptable level of audit risk may be quantified as a matter of the audit
firm’s policy (e.g. 5% means that there is a 5% chance that a material misstatement
goes undetected or, conversely, that the auditor obtains 95% assurance that there
are no undetected material misstatements). This percentage may provide the basis
for a mathematical derivation of detection risk and sample sizes.
Alternatively, IR and CR may be expressed qualitatively as high, medium or low, with
DR being the inverse of this relationship. For example, where IR and CR are high,
DR must be minimised (rendered low) by the audit procedures performed.

3.4 Inherent Risk (ISA 315)

3.4.1 Assessing Inherent Risk

Definitions

Inherent risk – the susceptibility of an assertion about a class of transaction,

account balance or disclosure to a misstatement that could be material (either
individually or when aggregated with other misstatements) before considering any
related controls.

Key Point

Inherent risk is presumed to be high if not assessed as less than high.

3.4.2 Assertion Level

Definition

Relevant assertion– an assertion about a class of transactions, account balance

or disclosure that has an identified risk of material misstatement.

For identified risks at the assertion level, the auditor assesses inherent risk by
evaluating the likelihood and magnitude of misstatement by considering how and
the degree to which:
• Inherent risk factors affect the susceptibility of relevant assertions to
misstatement; and
• The risks of material misstatement at the financial statement level affect
assessing inherent risk at the assertion level.
The auditor must also determine whether:
• Any of the assessed risks are significant risks; and
• Substantive procedures alone can provide sufficient appropriate audit
evidence for significant risks.
3.4.3 Inherent Risk Factors

Definition

Inherent risk factors – characteristics of events or conditions that affect the

susceptibility of an assertion to misstatement, before consideration of controls.
Such factors may be qualitative or quantitative.

Qualitative inherent risk factors include:

• Complexity – factors arising from the nature of the information or the process
of preparing it (e.g. when there are many potential data sources for calculating
an accounting estimate or alternative valuation models).
• Subjectivity – arises from inherent limitations in the knowledge or information
that is reasonably available (e.g. in estimating allowances for potential
irrecoverability of trade receivables or inventory obsolescence).
• Change – arises from events or conditions that, over time, affect the entity’s
business or the environment in which it operates. For example, developing
new products, geographical expansion, installing new IT systems, new IFRS
Standards, etc.
 • Uncertainty – arises when there is a lack of sufficiently precise and
comprehensive data verifiable through direct observation. Constraints on the
availability of knowledge or data, which are not within management’s control,
are sources of uncertainty that cannot be eliminated. For example, estimation
uncertainty arises when a monetary amount cannot be determined with
precision (e.g. a warranty provision).
• Susceptibility to misstatement due to management bias or fraud – results
from conditions that create susceptibility to intentional or unintentional
management bias (i.e. a lack of neutrality). For example, pressure or incentive
to achieve the desired result (e.g. a target profit).

Definition

Management bias – a lack of neutrality by management in the preparation of

information.

3.4.4 Spectrum of Inherent Risk

The assessment of inherent risk depends on the likelihood and magnitude of

misstatement. The degree to which inherent risk varies is the “spectrum of
inherent risk”.
• The higher the likelihood and magnitude of a misstatement, the higher that
risk on the spectrum.
• Those risks assessed to be close to the upper end of the spectrum are
significant risks.

3.4.5 Significant Risks

Definition

Significant risk – an identified risk of material misstatement:

• For which the assessment of inherent risk is close to the upper end of the
spectrum of inherent risk; or
• That is to be treated as a significant risk in accordance with the
requirements of other ISAs.

Determining which of the assessed risks are significant risks is a matter of

professional judgment unless specified to be treated as a significant risk under an
ISA (e.g. presumption of risk of fraud in revenue recognition).
Significant risks may arise from matters such as:
 • Transactions for which there are multiple acceptable accounting treatments
(i.e. involving subjectivity);
• Accounting estimates that have high estimation uncertainty or use complex
models;
• Complexity in data collection and processing to support account balances;
• Account balances or quantitative disclosures that involve complex
calculations.

Key Point

The auditor determines significant risks to focus more attention on them through
the performance of required responses, including:
• The identification and evaluation of related controls (see s.3.5)
• Substantive procedures that are specifically responsive to the risk;
• Obtaining more persuasive audit evidence;
• Communication to TCWG (see Chapter 3);
• Determining key audit matters (see Chapter 30).

Example 5 Inherent risk Assessment

Dramatik Co manufactures fast-fashion apparel for distribution to wholesalers and

retailers.
You have uncovered the following information in an assessment of the Dramatik
Co’s business for this year’s audit:
The company has raw materials, consumables and work in progress at its factory
base. Finished goods are stored in a separate warehouse 10 kilometres away.
The company does not hold inventories owned by third parties.
Why would the inherent risk associated with inventory at Dramatik Co be
assessed as “high” in the financial statements of Dramatik Co for this year’s
audit?
The inherent risk associated with stocks would affect quantity and valuation.
7. The company has significant amounts of inventory at its factory base and
goods held at a separate warehouse and possibly third-party retail outlets.
8. There would be difficulties quantifying inventories at different stages of
work-in-progress and accounting for transfers/movements between stock-
holding locations. There is also the risk of theft or loss due to fire, weather,
or other factors.
9. There might be issues in the valuation of the inventory, which should be
measured at lower of cost and net realisable value. As Dramatik Co
operates in the fast-fashion industry, selling prices will fall rapidly in a short
time as product lines go out of fashion. This would significantly affect the
valuation of slow-moving product lines.
 10. Because of the reasons above, there is a significant risk that the inventory
of Dramatik Co might be overstated.

3.5 Control Risk (ISA 315)

Definitions

Control risk – the risk that a misstatement that could occur in an assertion and
that could be material (either individually or in aggregate with other misstatements)
will not be:
• prevented; or
• detected and corrected, on a timely basis,
by the entity’s controls.

3.5.1 Assessing Control Risk

Key Point

ISA 315 requires control risk to be assessed separately from inherent risk.
Control risk is assessed if the auditor plans to test the operating effectiveness of
controls. If not, the assessment of the RoM is the same as the assessment of
inherent risk.

• The auditor will only plan to test the operating effectiveness of controls if they
are expected to operate effectively.
• The initial expectation is based on the auditor’s evaluation of the design and
implementation of identified control activities.
• If tests of controls do not then confirm the initial expectation, the control risk
assessment must be revised.

3.5.2 Risk Assessment Procedures

Risk assessment procedures to obtain audit evidence about the design and
implementation of identified control components may include:
• Inquiring of entity personnel;
 • Observing the application of specific controls;
• Inspecting documents and reports.
Inquiry alone, however, is not sufficient for such purposes.

3.5.3 Testing Controls

The auditor may plan to test:

• direct controls (i.e. that are sufficiently precise to prevent, detect or correct
misstatements);
• indirect controls (i.e. that support direct controls), including general IT
controls.
Tests of controls are described in Chapter 12.

Key Point

No matter how well designed and operated, internal control can only reduce, but
not eliminate, the risk of material misstatement (RoMM) in the financial
statements because of the inherent limitations of controls.

3.6 Detection Risk (ISA 200)

Definitions

Detection risk – the risk that audit procedures performed to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could be
material (either individually or in aggregate).

Key Point

To obtain reasonable assurance, the auditor must obtain sufficient appropriate

audit evidence to reduce audit risk to an acceptably low level (to enable the
auditor to draw reasonable conclusions on which to base the audit opinion).
Detection risk, which relates to the nature, timing and extent of audit procedures, has
two elements:
1. sampling risk; and
2. non-sampling risk.
3.6.1 Sampling Risk

This arises from the possibility that the auditor's conclusion, based on a sample, may
be different from the conclusion reached if the entire population was subjected to the
same audit procedure.
• If the auditor concludes that CR is lower than it is or that a material
misstatement does not exist when in fact, it does, there is a higher risk of an
inappropriate audit opinion. This affects audit effectiveness.
• If he concludes that CR is higher than it is or that a material misstatement
exists when it does not, this affects audit efficiency, as more work than
necessary will be carried out (see also Chapter 19).
3.6.2 Non-sampling Risk

Non-sampling risk arises from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to sampling, for example:
• failure to adequately understand the entity or carry out the risk assessment;
inadequate audit strategy, planning and work programme;
• misapplication of an audit procedure by the audit team (e.g. through lack of
training);
• misinterpretation of test results (e.g. not recognising the significance of an
error or nor recognising that there is an error); and
• poor quality management (e.g. lack of briefing, supervision and review).
Non-sampling risk can be minimised through, for example, adequate planning,
assigning appropriate staff (e.g. experienced, professional and technically
competent), the application of professional judgment, supervision and review of audit
work.
As IR and CR assessments influence the nature, timing and extent of substantive
procedures, to reduce DR (and therefore audit risk) to an acceptably low level, any
inappropriate assessment will directly affect DR.

3.7 Application of Audit Risk Model

3.7.1 Calculating Detection Risk

Example 6 Mathematical Audit Risk Model

 An audit firm uses a mathematical audit risk model to determine the levels of
detection risk.
• Audit risk: a 5% risk of drawing the wrong conclusion is acceptable. (Most
firms operate between 1% and 5%.)
• IR: assessed at a 75% (“high”) risk that material misstatements could arise.
• CR: assessed at a 20% (“low”) risk that controls may fail to prevent or
detect and correct material misstatements.
Using the model, 0.05 = 0.75 × 0.2 × DR
Therefore DR = 0.33 (e.g. medium).
This means that planned substantive procedures will be adequate even if there is
a 33% chance that they fail to detect material misstatements.
Because of the high IR, audit tests will be specifically targeted at the factors giving
concern. The low CR implies that the controls should prevent or detect and correct
material misstatements for routine transactions. In addition, note that most audit
work programmes require material items (based on performance materiality) to be
selected and substantively tested anyway, regardless of the DR assessed and the
sample size calculated.

3.7.2 Relationship between Components of Audit Risk

The mathematical model demonstrates the relationship between IR, CR and DR.
The nature, extent and timing of substantive procedures are inversely related to the
assessment of IR and CR.
For a given acceptable audit risk (determined by the audit firm's policy), when both
IR and CR are high (i.e. when there is a high risk that the financial statements may
contain a material misstatement), DR must be rendered low (i.e. a higher degree and
level of substantive work is required) and vice versa:

Audit Risk Inherent Risk Control Risk Detection Risk

Policy H H L

Policy L L H

3.7.3 Implications of Detection Risk for Substantive Procedures

Definition
 Substantive procedure – an audit procedure designed to detect material
misstatements at the assertion level.

Low detection risk • The level and detail of

substantive procedures (e.g.
greater use of external, direct
and independent evidence and
larger sample sizes) must be at a
sufficiently high level that the risk
that a material misstatement is
not detected is low.

High detection risk • In theory, it is more likely that the

level of substantive procedures
will be insufficient to detect a
material error. However, as IR
and CR are low, the probability
of material error in the financial
statements is also low.
When detection risk is high, because of the low(er) risks of a material error in the
financial statements, a lower quantity (e.g. sample size), lower quality (e.g. indirect
evidence rather than direct evidence) and form (e.g. analytical procedures) of
substantive procedures may be acceptable (together with the fact that all material
items will be tested).
Low detection risk means that higher levels of substantive tests are required as there
is a greater risk that a material error exists (i.e. increased testing is necessary to
reduce the risk that a material error is not discovered).
There are three ways in which detection risk can be varied:
• change the nature of audit procedures; and/or
• change the extent of audit procedures; and/or
• change the timing of audit procedures.
•
Methods of Varying Detection Risk Examples where Inherent/Control
Risk are High

1. Change nature • Direct tests towards independent

parties rather than
documentation held by the entity.
• Use tests of details in addition to
substantive analytical
procedures.
• Use computer-assisted audit
techniques (CAATs).
 3. Change extent • Use a larger sample size.
• Reduce tolerable error (e.g. 50%
of materiality level). This will
mean testing more items.
• Extend the scope of CAATs for
100% testing, comparison and
analysis (e.g. re-perform 100%
calculation of inventory valuation
rather than just sample size).

4. Change timing • Perform a procedure at the

reporting date rather than at an
earlier (interim) or later (final)
date (e.g. receivables
circularisation at the year end or
before the year end and “roll
forward” the movements).

3.8 Matters Requiring Documentation

The following matters must be documented:

• The discussion between the engagement team regarding the susceptibility of
financial statements to material misstatement due to error or fraud and the
significant decisions reached.
• Key elements of the understanding obtained regarding each aspect of the
entity and its environment, for example:
• industry, regulatory and other external factors;
• the applicable financial reporting framework;
• nature of the entity, including selection and application of accounting policies;
• measurement and review of financial performance; and
• objectives and strategies and related risks that may result in a material
misstatement of the financial statements.
• Internal control components:
• the control environment;
• risk-assessment procedures;
• IS and related business processes relevant to financial reporting;
• the control activities; and
• the process of monitoring controls.
• The sources of information from which the understanding was obtained.
• The risk assessment procedures.
 • The identified and assessed risks of material misstatement at the financial
statement level and at the assertion level.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

3. Assessing audit risks

• Explain the components of audit risk.
• Describe the audit risks in the financial statements and explain the auditor's
response to each risk.
4. Understanding the entity, its environment and the applicable financial
reporting framework
• Explain how auditors obtain an initial understanding of the entity, its
environment and the applicable financial reporting framework.

Summary and Quiz

• Risk assessment procedures are required to obtain an understanding of:
• the entity and its environment;
• the applicable financial reporting framework and accounting policies; and
• how inherent risk factors affect the susceptibility of assertions to
misstatements.
• Risk assessment procedures include:
• Inquiry
• Observation
• Inspection
• Analytical procedures.
• Audit risk is the risk that the auditor will express an inappropriate audit opinion
on the financial statements. It is the risk of material misstatement arising
(inherent risk) which is not prevented or corrected by the entity (control risk) or
detected by the auditor (detection risk).
• Inherent risk factors arise from complexity, subjectivity, change, uncertainty,
and the susceptibility to misstatement due to management bias or other fraud
risk factors.
• Significant risks may be non-routine (e.g. fraud) or involve significant
estimation uncertainty (e.g. complex provisions) and require special
consideration (e.g. more persuasive evidence).
 • Inherent risk and control risk require separate assessments.
• Control risk is assessed if the auditor plans to test the operating effectiveness
of controls. If not, the assessment of the RoMM is the same as the
assessment of inherent risk.
• Detection risk is managed by changing the nature, extent and timing of audit
work. Detection risk is "inversely" related to inherent risk and control risk. Low
detection risk is achieved through increased substantive procedures.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Audit risk (s.1 and s.3)
• ISA 330 and responses to assessed risks (s.3)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Sources of Information

(a) Client (b) Auditor (c) Other sources

• Directors/senior • Previous relevant • Predecessor auditor

operating personnel experiences • Legal advisers
• Internal audit and • Specialist • Industry regulators
Governance publications (e.g. on • Government data
• Website hotel audits) • Customers
• Visit premises and • Technical experts • Suppliers
plant facilities (e.g. IS, extractive • Competitors
• Specific employees industries) • Trade journals
involved in the • In-house knowledge • Financial press
process base • Websites
• Minutes of meeting • Permanent audit file
• Documents sent to • Business process
shareholders/filed templates
with authorities
• Financial budgets
and management
reports
 • Chart of accounts
and job descriptions
• Procedures manuals

Activity 2 Information Requirements

General Economic Factors Industry

• Recession • Market/competition
• Growth • Costs of entry
• Interest rates • Cyclical/seasonal trade
• Sources of finance • Technology/fashion
• Inflation • Key ratios and performance
• Government policy (e.g. monetary, measures
fiscal, trade) • Specific accounting practices,
• Investment incentive (e.g. regional GAAP
development grants) • Regulatory/environmental
• Foreign exchange (rates and requirements
controls) • Energy supply and costs
• Availability and education of the • Workforce skills
workforce

Management and Ownership Business

• Corporate structure • Nature (manufacturer, exporter)

• Owners • Locations
• Local/foreign (office/production/storage)
• Capital structure • Employment (union contracts)
• Organisational structure • Products/services/markets
• Philosophy and strategic plans • Conduct of operations (e.g. service
• Acquisitions and disposals logistics, production, segments)
• Sources of finance • Major/dependent
• Board of directors and governance suppliers/customers (delivery
• Operating management methods such as JIT)
• Internal audit • Outsourced activities
• Attitude to internal control • Inventors (type, location, quantities)
environment • Research and development
• Information systems and use of
ecommerce (nature and
dependency)
• Debt structure (including covenants)

Financial Performance Reporting Environment

• Key ratios, trends • Legislation and regulations

 • Performance indicators (e.g. share • Appropriate selection and
price, EPS) application of accounting principles
• Employee measures and • Auditor's reporting requirements
compensation (shareholders, regulators and other
• Period-on-period financial third parties)
performance • Taxation
• Accounting principles • Revenue recognition
• Accounting policies • Use of fair values
• Earnings/cash flow • Users of financial statements
• Leasing commitments
• Lines of credit
• Off-balance sheet finance
• Foreign currency and interest rates

Activity 3 Changes to be Documented

Internal External

• Business developments (e.g. • New legislation and regulation (e.g.

ecommerce, discontinued environmental, health and safety)
operations) • New/updated IFRS Standards
• Changes in products, services • Application of accounting policies by
• Changes in key personnel and management
positions • Competitors and their products
• Business and financial control • Economic (interest/foreign
system changes exchange/ tax rates, etc)
• Governance/internal audit work and • Volatility of markets (supplier,
reports customer, financial)
• Regulator visits and reports • Industrial practices
• Administration and IT functions • Local and national governments
• Pending litigation

Activity 4 Inherent Risk Factors

Financial statement level

1 (see the following discussion), 2, 4, 5 and 9.
Per ISA 315 and 330, factors concerning the nature of an entity's business (5, 7 and
10) are also relevant to the assertion level.
Assertion level
3, 5, 6, 7 (see discussion), 8 and 10.
Discussion
1. Consider doubts about the integrity of management: could that inherent risk
affect the financial statements as a whole or just a few individual account
balances? Suppose management wanted to overstate profit (to pay
themselves bonuses, say). To increase profit, management could:
• overstate revenue (e.g. through a deliberate cut-off error by bringing forward
next year's revenue from contracts with customers into the current year);
• understate costs (e.g. by suppressing purchase and expense invoices).
• Because every DR has a CR, there are then implications for the statement of
financial position:
• overstatement of trade receivables (because they do not owe the money at
the year-end);
• understatement of trade payables (because liabilities are not recorded).
• Profit could also be increased by understating allowances against assets:
• obsolescence allowances against inventory;
• depreciation allowances against tangible long-term assets;
• credit loss allowances against trade receivables.
• In conclusion, doubt about management integrity has a pervasive effect on
the financial statements so this risk is assessed at the financial statement
level.
2. Consider cash balances (i.e. physical money rather than bank balances).
These balances may be minimal in relation to the assets as a whole (e.g.
cash floats in the till/register of a shop). At the financial statement level, the
auditor may take no account of these and ignore them in the overall audit
plan. However, cash is inherently risky (because it can be stolen if safeguards
are inadequate) and cannot be overlooked at the account balance level.
3. However, in a cash-based business (i.e. with cash revenue; purchases and
assets paid for in cash), this would be considered at the financial statement
level (i.e. in the preparation of the overall audit plan) because it has a
pervasive effect.
Chapter 9: System of Internal Control

Visual Overview

Objective: To explain the concepts of a system of internal control, the role of internal
control within corporate governance and the use and evaluation of systems of
internal control by auditors.

1.1 Obtaining an Understanding

 Definition

System of internal control – the system designed, implemented and maintained

by TCWG, management and other personnel to provide reasonable assurance
about:
• the reliability of financial reporting;
• the effectiveness and efficiency of operations; and
• compliance with applicable laws and regulations.

Key Point

The auditor’s understanding of the entity’s system of internal control is obtained

through risk assessment procedures (see Chapter 8) to evaluate each of the
components of the system of internal control.

1.1.1 Components

The system of internal control consists of five inter-related components:

The auditor's primary consideration is whether and how a specific control prevents,
or detects and corrects, material misstatements in the financial statements, rather
than its classification into any particular component.

1.1.2 Audit Requirements

The auditor must understand the five components of internal control as an essential
part of risk assessment. In particular:
 • the control environment (s.1.2);
• the entity’s risk assessment process (s.1.3);
• the information system and communication relevant to financial reporting
(s.1.4);
• the control activities that determine the auditor’s assessment of control risk
(s.1.5); and
• the entity’s process to monitor the system of internal control relevant to the
preparation of the financial statements (s1.6).
Example 1 Understanding the Information System

An understanding of the information system relevant to financial reporting includes

obtaining an understanding of the following:
• Classes of transactions which are significant to the financial statements.
• Procedures by which those transactions are initiated, recorded, processed,
corrected as necessary, incorporated in the general ledger and reported in
the financial statements.
• Related accounting records, supporting information and specific accounts in
the financial statements.
• How the information system captures events and conditions (other than
classes of transactions) significant to the financial statements.
• Financial reporting process used to prepare the financial statements,
including significant accounting estimates and disclosures.
In addition, auditors must also obtain an understanding of how the entity:
• has responded to risks arising from IT (see Chapter 12); and
• communicates financial reporting roles and responsibilities and significant
matters relating to financial reporting.

1.2 Control Environment

Definition

Control environment – includes:

• the governance and management functions; and
• the attitudes, awareness and actions of TCWG and management
concerning internal control.

The control environment provides the foundation for the operation of the system of
internal control because it:
 • Sets the tone of an organisation, influencing the control consciousness of its
management and employees.
• Strongly relates to how management (and governance) has created a culture
of honesty and ethical behaviour, supported by appropriate controls to prevent
and detect fraud and error.
A robust control environment may be a positive influence when assessing, for
example, the risk of fraud. However, elements must be considered collectively (e.g.
enforcing ethical values and appropriate recruitment policies for financial reporting
staff will not mitigate aggressive earnings reporting by senior management).
The control environment relevant to the preparation of the financial statements
addresses:
1. How management’s oversight responsibilities are carried out (e.g. the entity’s
culture and management’s commitment to integrity and ethical values).
2. Where relevant (i.e. when TCWG are separate from management), the
independence of TCWG and their oversight of the system of internal controls.
3. The assignment of authority and responsibility.
4. How competent individuals are attracted, developed and retained.
5. How individuals are held accountable for their responsibilities relating to the
system of internal control.
The auditor must evaluate whether:
• Management (with oversight of TCWG, where relevant) has created and
maintained a culture of honesty and ethical behaviour;
• The control environment provides an appropriate foundation for the other
components of the system of internal control; and
• Any control deficiencies identified in the control environment undermine the
other components of the system of internal control.
A single individual who dominates an entity may exercise a great deal of discretion.
Their actions and attitudes may have a pervasive effect on the organisation’s culture,
which, in turn, may have a pervasive effect on the control environment. Such an
effect may be positive or negative.

Example 2 Control Environment

Targal & Co is assessing the system of internal control of its audit client, Puddly
Co. It has ascertained the following information on Puddly Co’s control
environment:
6. Puddly Co does not have a written code of conduct or ethics.
7. Any issues related to alleged misdemeanours or control failures are dealt
with informally through the CEO.
8. The executive team is experienced in financial systems and has
implemented automated financial controls for which senior management
personnel are responsible.
 9. Puddly’s organisational structure is centralised with senior management
personnel responsible for decision making.
10. Any potential or suspected breaches of control, especially if flagged by the
automated financial system, are handled quickly by senior management.
11. Senior management informally trains staff on the operations and
compliance of controls within the financial system.
12. There is no internal audit function.
13. There is little evidence that the board of directors has paid significant
attention to matters relating to internal control.

Example 3 Dominant Individual

The direct involvement of a single individual may be vital to an entity in meeting its
growth and other objectives. This involvement can also contribute significantly to
an effective system of internal control. On the other hand, such concentration of
knowledge and authority can also lead to an increased susceptibility to
misstatement through management override of controls.

1.3 Entity’s Risk Assessment Process

The auditor must obtain an understanding of the entity’s risk assessment process
including how the entity:
• Identifies risks relevant to financial reporting objectives;
• Assesses the significance (including the likelihood of occurrence) of those
risks; and
• Addresses those risks.
The auditor must evaluate whether the risk assessment process is appropriate to the
entity’s circumstances, considering the nature and complexity. This is a matter of
professional judgment.
If the auditor’s risk assessment procedures identify risks of material misstatement
that management failed to identify, the auditor should:
• determine whether such risks should have been identified by management;
• if so, obtain an understanding of why the entity’s risk assessment process
failed; and
• consider whether the entity’s risk assessment process is appropriate.
Exhibit 1 Risk Assessment Process

The following are extracts are from the Annual Report 2020 of the Employees
Provident Fund (EPF) Board:
The EPF believes that a strong governance structure is important to ensure an
effective and consistent implementation of risk management throughout its entire
organisation. In achieving that, our risk governance places accountability and
ownership between three lines of defence where departments, branches, and the
Management are constantly engaging in healthy and productive discussions on
key risk matters and processes to create a robust risk-practicing culture. As such,
the Digital Risk Management Committee (DRMC) was established in 2020 to
provide guidance on the EPF’s technology plans and operations, and also be
responsible for overseeing the development and maintenance of the Information/
Cyber Security and Technology Risk Management Programmes within the EPF.
To further support its risk governance structure, structured policies and
procedures are also developed to address all key risk areas in the EPF.

The main elements of the Operational Risk Management process are as follows:
a. Establishing the context: Articulates the organisation’s objectives and
defines the external and internal parameters to be taken into account when
managing risks.
b. Risk assessment: The overall process of risk identification, risk analysis,
and risk evaluation.
c. Risk treatment: Actions to be taken to prevent, detect, or manage the Net
Risks to an acceptable level.
d. Communication and consultation: The two-way communication between
Risk Management Department and stakeholders about the existence,
nature, form, severity, or acceptability of risks.
e. Monitoring and review: Both activities are planned and are an integral
part of the risk management process that involves regular checking or
surveillance.
f. Recording and reporting: Risk management process where risks, its
details, and minutes of meetings are recorded and reported periodically.
 The EPF managed more than RM1,000 billion (about USD 239 billion) in assets in
2020.

1.4 Information System and Communication

1.4.1 Obtaining an Understanding

The auditor is required to obtain an understanding of the entity’s information system

and communication relevant to the preparation of the financial statements by:
• Understanding the information processing activities, including its data and
information, the resources used in such activities and the policies that define,
for significant classes of transactions, account balances and disclosures:
• How transactions are initiated, recorded, processed, corrected as necessary,
incorporated in the general ledger and reported in the financial statements;
• How information about events and conditions, other than transactions, is
captured, processed and disclosed in the financial statements;
• The accounting records, specific accounts in the financial statements and
other supporting records;
• The financial reporting process used to prepare the entity’s financial
statements; and
• The entity’s resources, including the IT environment.
• Understanding how significant matters that support the preparation of the
financial statements and related reporting responsibilities are communicated:
• Within the entity;
• Between management and TCWG; and
• With external parties (e.g. regulatory authorities).
• Evaluating whether the information system and communication appropriately
support the preparation of the financial statements in accordance with the
applicable financial reporting framework.
 Definition

Accounting records – include:

• the records of initial accounting entries and supporting records (e.g. records
of electronic fund transfers, invoices, contracts);
• the general and subsidiary ledgers, journal entries and other adjustments to
the financial statements that are not reflected in formal journal entries; and
• records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures.

1.4.2 Information System

Key Point

The overall objective and scope of an audit do not differ whether an entity
operates in an environment that is mainly manual, completely automated or some
combination of manual and automated.

An information system therefore consists of:

• physical and hardware (if IT-based) infrastructure;
• software (if IT-based);
• people;
• procedures; and
• data.
It includes the accounting system and consists of the procedures and records
established to initiate, record, process, report and maintain accountability of the
records and information necessary to satisfy management and financial reporting
objectives. This encompasses recording the correct monetary amount of
transactions and recording the transactions in the correct accounting period (i.e. cut-
off).

Initiate By manual or programmed procedures

(e.g. manual sales order, Internet order
through a website, re-order level
trigger).

Record Identify, capture and record valid

transactions and relevant information
on a timely basis, including information
for disclosure.
 Process Edit, validate, calculate, measure,
summarise, reconcile and classify.

Report Preparation of management, financial

and other statements so that the
transactions, disclosures and additional
information are correctly presented.

Maintain accountability For the related assets, liabilities and

equity.
Transactions may be standard (e.g. in the normal course of business – sales,
purchases, accruals, depreciation) or non-standard (e.g. asset impairment, bad debt
write-offs). How the information system deals with all types of transactions must be
understood (e.g. raising and authorising journal entries).
The information system must also be able to deal with errors and incorrect
processing:
• Is a suspense account used and regularly checked and cleared?
• Is it possible to override the system or bypass controls?
• If so, how does the management deal with such matters?

1.4.3 Communication

Communication involves understanding the individual roles and responsibilities of

those in the information system. It may take various forms, for example, policy
manuals, accounting and financial reporting records and memoranda.
Communication may also include how individuals understand how their roles and
responsibilities relate to others in the system and the means of reporting exceptions
to a higher authority (to management, TCWG and, if necessary, regulators).
Communication can also be made electronically, orally, or through management’s
actions.

1.5 Control Activities

Definition

Control activities – the policies and procedures that help ensure that
management directives are carried out.
Types of controls in the control activities component are described in ISA 315
(Revised 2019) from s.A153 onwards. Control activities are performed by employees
at all levels and may be:
• preventive or detective; and
• manual or automated.
Controls in the control activities component include:

Authorisation and approvals • An authorisation affirms that a

transaction is valid.
• It may take the form of approval
by a higher level of management
or an automated approval within
a system.
• Examples of matters to be
authorised:
• purchase or disposal of non-
current assets;
• new suppliers, supplier
payments;
• purchase and sales invoices;
• new employees, wage rates,
promotions;
• journal entries (e.g. bad debt
write-offs).

Reconciliations • Reconciliations compare two or

more data elements.
• Action must be taken to bring the
data into agreement when
differences are identified.
Reconciliations generally address the
completeness and accuracy of
processing transactions.

Verifications • Compare two or more items with

each other or compare an item
with a policy
• Follow-up action must be taken
when items do not match or are
not consistent with the policy.
• Verifications generally address
the completeness, accuracy, or
validity of processing
transactions.
• Examples include:
 • edit checks;
• validation checks; and
• automated calculations.

Physical or logical controls • Physical security of assets and

records includes safeguards
such as secured facilities.
• Logical controls authorise access
to computer programs and data
files.
• Periodic comparison of “book to
physical” amounts (e.g.
inventory, petty cash, non-
current assets).

Segregation of duties • Separating the authorisation,

recording and custody functions
reduces the opportunities for a
person to be able to make and
conceal errors or fraud.
• Actions of one employee are
checked by another.
To obtain an understanding of the control activities component, the auditor should:
• Identify controls that address the risks of material misstatement at the
assertion level, including:
• controls that address a significant risk;
• controls over journal entries: and
• controls for which the audit plans to test operating effectiveness.
• Based on these identified controls, identify:
• the related risks arising from the use of IT; and
• the entity’s general IT controls that address such risks

Example 4 Wages System

Activities for the processing of payroll include the following:

• A centralised wages software programme is used for wages computation.
Separate wage clerks based at head office process wages for each region.
Each clerk operates a terminal and has access to all files in the wages
system.
• Every week, regional managers prepare, and upload wages claim for all
employers, including timesheets for hourly workers and starter and leaver
forms (regional managers have the authority to process recruitment for
each region).
 • Weekly wages information and starters and leavers information are input
into a computerised system by wages clerks. The system will produce wage
slips that are automatically forwarded to the accounting function to issue
wage remittances directly into employee accounts.
• At the end of each weekly payroll process, a report by region is
automatically generated, showing the number of employees, employees
paid, and gross and net wages payments. The accountant verified this file
for the accuracy of payroll figures and regional managers for employee
details.
Note that there is no indication whether the controls are effective.

Activity 1 Reconciliations

For each of the following accounting reconciliations, state the data elements that are
being compared and list the transactions or other events that could be reconciling
items (i.e. contribute to the difference):
g. Bank reconciliation;
h. Supplier’s statement reconciliation.
*Please use the notes feature in the toolbar to help formulate your answer.

1.6 Monitoring Process

Key Point

Monitoring is a process that evaluates the effectiveness of controls and identifies

and rectifies control deficiencies.

In the absence of monitoring and feedback on the performance of controls,

management will not know whether a control, although still operating, is effective.
Monitoring activities may be ongoing (i.e. “24/7”) or separate evaluations.

Activity 2 Monitoring Activities

Suggest FIVE activities that might be included in a process to monitor the system of
internal control.
*Please use the notes feature in the toolbar to help formulate your answer.
To gain an understanding of the monitoring process relevant to the preparation of the
financial statements, the auditor considers:
• The design of monitoring entities (e.g. whether ongoing and separate, periodic
evaluations);
• The performance and frequency of monitoring activities;
• The evaluation of results on a timely basis to determine whether controls have
been effective;
• How identified deficiencies have been addressed through remedial action,
including timely communication of deficiencies.
If there is an internal audit function, the auditor will need to understand its nature,
responsibilities and actions relevant to monitoring the system of internal control (see
Chapter 14).

1.7 Limitations of Internal Control

1.7.1 Manual v Automated Controls

Information processing controls may be manual (e.g. input or output controls) or

automated (i.e. embedded in IT application). Even where IT is used extensively,
there will be some manual processes (e.g. authorisation of programme changes,
monitoring the effectiveness of IT).
In general, manual controls are considered to be less effective than IT controls
because:
• manual controls are performed by people who are less predictable than IT
applications and more error-prone (e.g. they are human, after all);
• manual controls are more easily bypassed, ignored or overridden than IT
controls (as IT controls are programmed – the applications run them
automatically); and
• manual controls are subject to random, simple errors and mistakes.
However, an IT application cannot “know” if a control is inappropriate – it will run the
control as programmed. Appropriate controls over the analysis, design, programming
and testing of IT applications are therefore crucial.
Manual controls may be more suitable where judgment and discretion are required,
for example:
• for large, unusual or non-recurring transactions;
• where errors are non-routine and challenging to define, anticipate or predict;
• where a control response is required outside of the routine automated control;
and
• in monitoring the effectiveness of information processing controls that use IT.
However, using judgment and discretion in internal control may mean high control
risk (e.g. where the control environment is weak).

1.7.2 Inherent Limitations

No system of internal control, no matter how effective, can provide management with
conclusive evidence that the financial reporting objectives are achieved. Only
reasonable assurance can be achieved.
No system of internal control can be 100% effective in preventing error, especially
deliberate error (i.e. fraud). ISA 240 The Auditor's Responsibilities Relating to Fraud
in an Audit of Financial Statements requires auditors to identify and assess the risks
of material misstatement due to fraud, including the effectiveness of fraud prevention
controls (see Chapter 11).

Activity 3 Inherent Limitations

Suggest SIX inherent limitations in a typical system of internal control, identifying

those which may directly lead to the potential for fraud.
*Please use the notes feature in the toolbar to help formulate your answer.

2.1 Control Environment, Risk Assessment and

Monitoring Process

The control environment provides an overall foundation for the operation of the other
components of the system of internal control:
• It does not directly prevent, or detect and correct, misstatements.
• It may, however, influence the effectiveness of other controls.
Similarly, the entity’s risk assessment process and monitoring process are designed
to support the entire system of internal control.
Because these components underpin the effectiveness of the system of internal
control, any deficiencies in their operation could have pervasive effects on the
preparation of the financial statements. Therefore, the auditor’s understanding and
evaluation of these components affect the auditor’s identification and assessment of
risks of material misstatement. In turn, the risks of material misstatement affect the
nature, timing and extent of the auditor’s further procedures.
2.2 Control Activities

Key Point

The auditor is required to identify and evaluate the design of control activities:
• to address the risk of material misstatement at the assertion level:
• controls that address a significant risk;
• controls over journal entries: and
• controls for which the auditor plans to test operating effectiveness.
• to support the operation of other controls (i.e. general IT controls – see
Chapter 12).

The control activities component includes:

• controls that are designed to ensure the proper application of policies (which
are also controls) in all the other components of the system of internal control;
• both direct and indirect controls:
• direct controls are sufficiently precise to prevent, detect or correct
misstatements;
• indirect controls (i.e. that support direct controls) include general IT controls.
If control activities are poorly designed (or well designed but not implemented),
control risk will be “high”, and the risk of material misstatement in the financial
statements will be the same as the assessment of inherent risk.

2.3 Evaluation Methods

2.3.1 Design and Implementation

To evaluate the design of identified controls and determine whether they have been
implemented, the auditor should:
• Consider whether the control, individually or in combination with other
controls, is capable of effectively preventing, or detecting and correcting,
material misstatements (i.e. the control objective).
• Establish that the control exists and that the entity is using it.
•
Key Point
 If a control is not designed effectively, there is no point in testing whether it has
been implemented.
An improperly designed control may represent a control deficiency (see Chapter
12).

2.3.2 Risk Assessment Procedures

Risk assessment procedures to obtain sufficient evidence about the design of

internal control may include previous inquiry, observation, inspection; however,
inquiry alone is not sufficient.

Inquiry • Usually of entity personnel (e.g.

management, internal audit,
TCWG, operational personnel).

Observation • Reviewing the application of

specific controls, especially in
manual systems (e.g. inventory
counts, inspection of goods
received, enforcement of ethical
practices).

Inspection • Documents and reports, for

example:
• the entity's risk-strategy
assessment and response;
• internal control procedure
manuals;
• management reports;
• system and control error reports;
• internal audit testing
programmes (including reports to
management and management’s
responses).
Where relevant, the auditor may draw on previous experience including walk-
throughs of relevant systems:

Previous experience • Past understanding and

assessments (as recorded in the
PAF). This must be updated
when changes have occurred in
the current year.
 Walk-through • Desktop walk-through, supported
by design and procedural
manuals, to gain a theoretical
understanding of the controls.
• Tracing a separate transaction
through each relevant element of
the system of internal control
(e.g. the sales system) and
reviewing the design of
appropriate controls.
• This will often require computer-
assisted audit techniques (see
Chapter 21 for CAATs) to enable
the transaction to be traced
through computer-based
information systems.

Definition

Walk-through test – involves tracing a few transactions through the financial

reporting system.

2.3.3 Internal Control Documentation

Auditors use questionnaires, flowcharts and narrative notes to document their

understanding of the design of internal controls.

2.3.4 Internal Control Questionnaires (ICQs)

ICQs are composed of questions for each control objective for each transaction cycle
(e.g. sales, purchases, wages). They are designed to identify whether particular
internal controls exist to ensure than control objectives are met (and, if they do not,
to identify a possible area of deficiency). For example:
• Is the customer credit limit checked before an order is accepted?
• Are goods received agreed to an authorised purchase order?
• Does the price charged by the supplier on the purchase invoice agree to an
authorised price list?
• Is each amendment to the standing payroll database reviewed to original input
and authorisation and approved by an independent official?
Questions are framed such that a "No" answer indicates a possible deficiency and
would highlight potential problems in segregation of duties, safe custody of assets,
management supervision, etc.
ICQs must be:
• Comprehensive to ensure all controls are covered and highlight key and
supporting controls.
• Easy to complete alongside flowcharts, narrative notes, walk-throughs and
enquiries of client staff.
• Completed by competent members of the audit team.
Limitations of ICQs include the following:
• Clients may be able to mislead the auditor, as they know a "Yes" answer is
required (so answers must be verified).
• ICQs may contain questions on controls that are not relevant.
• Actual controls operated by the client may not be included in the ICQ.
• ICQs may become a "tick box" exercise.

2.3.5 Internal Control Evaluation Questionnaires (ICEQs)

ICEQs go further than ICQs in that they are designed to assess whether errors or
fraud are possible. The questions asked are more open and principles-based than
the closed form (rules-based) questions of ICQs. They are also closely related to
control objectives. For example:
• How does the client ensure that goods are sent only to customers who can
pay?
• How does the client ensure that goods are accepted only if the correct
ordering procedures have been followed?
• How does the client ensure that payments are made only for goods and
services received and required by the company?
• How does the client ensure that amendments to the standing payroll data are
relevant and accurate?
Advantages include the following:
• The questions in an ICEQ can be concentrated (targeted) on the possibility of
error and fraud in each cycle and therefore specifically designed to cover such
possibilities, reducing the number of questions and increasing their relevance.
• Each question can relate to more than one client, as questions are open, and
each client may have different control activities that meet the question
requirement.
• At the same time, an ICEQ can be specifically tailored to each client.
• The answers will describe the nature and extent of the controls in operation.
The auditor can then assess the control design and decide whether or not to
rely on them (i.e. they can then form the basis of the control testing
programme).
Completing the ICEQ requires a higher understanding to link the controls to each
question. An ICQ may be completed first to aid such understanding.
Many auditors combine the ICEQ with the audit program for testing controls:
separate columns are used for:
• the control question;
• the control(s);
• the tests of controls;
• the results of the test with the effect, if any, on substantive procedures.

Activity 4 Payroll Control Objectives and Key Control Questions

For each of the following control objectives for payroll processing, write a key control
question that focuses on the risk rather than the objective. The first objective has
been completed as an example:

Control objectives Key control questions

To ensure that employees are only paid Can employees be paid for work not
for work done. done?

To ensure that wages are only paid to

valid employees.

To ensure that all wages are

authorised.

To ensure that wages are paid at the

correct rates of pay.

To ensure that wages are correctly

calculated.

To ensure all wages transactions are

correctly recorded in the books of
account.
*Please use the notes feature in the toolbar to help formulate your answer.

2.3.6 Flowcharts

A flowchart is a symbolic diagram representing the sequential flow of authority,

processes and documents.
An exemplary flowchart shows the origin of each document in the system, its
subsequent processing and its final disposal.
Flowcharts should:
• show the general flow of documents and data;
• start at the top of the page and move from top to bottom and from left to right;
and
• use descriptive wording.

2.3.7 Narrative Notes

A narrative is essentially a written version of a flowchart. It describes the auditor's

understanding of the system of internal control. A narrative is prepared by following a
sequence of events for a transaction through the accounting process.
Narrative notes may be prepared for less complex systems of controls and may be
used with flowcharts to document more complex systems.

2.3.8 Comparison of Documentation Techniques

Advantages Disadvantages

ICQs/ICEQs • Quick to complete • The client may

• Missing controls overstate the level
and deficiencies of controls when
are highlighted answering
questions
• A standard list of
questions may
overlook unusual
controls

Flowcharts • Can present an • Difficult to change

entire system of without redrawing
controls in a single the whole chart
diagram • Narrative notes
• Standard symbols may also be
make it easy to needed
see missing
controls

Narratives • Simple to record • May be

• Easy to cumbersome when
understand documenting
complex systems
 • May not clearly
identify control
exceptions

2.4 Impact on Audit Approach

As already noted, understanding the design of internal controls and whether they
have been implemented provides the auditor with an understanding of the risks of
material misstatement due to poor design or non-operation.
If the auditor decides that reliance on the effectiveness of the controls is an efficient
and effective approach to lowering audit risk to an acceptable level (i.e. control risk is
assessed), audit evidence must be obtained to confirm the effectiveness of the
control operations throughout the financial year (see Chapter 12).
If the auditor discovers that controls that were thought to be operating are not, the
risk of material misstatement will be the same as inherent risk (i.e. control risk cannot
be assessed). The audit strategy must then be revised to reflect the effect (e.g. the
implications for the nature, timing and extent of substantive procedures).

2.5 Reporting Deficiencies

The auditor must inform TCWG or management of significant deficiencies in the

design or implementation of internal control. For example, they must be informed of:
• risks of material misstatement which the entity has not controlled;
• risks of material misstatement for which the control activities are inadequate
or have not been implemented; and
• significant deficiencies in the entity's risk-assessment process (i.e. risk
approach and control procedures).
This will be done through the use of a report to management (see Chapter 13).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

C. Internal Control

1. Systems of internal control

• Explain why an auditor needs to obtain an understanding of the components
of internal control relevant to the preparation of the financial statements.
• Describe and explain the five components of internal control
• the control environment
• the entity's risk assessment process
• the entity’s process to monitor the system of internal control
• the information system and communications
• control activities.
2. The use and evaluation of systems of internal control by auditors
• Explain how auditors record systems of internal control including the use of,
narrative notes, flowcharts and questionnaires.
• Discuss the limitations of internal control components.

Summary and Quiz

• The system of internal control is the system that is designed, implemented

and maintained to provide reasonable assurance about:
• the reliability of financial reporting;
• the effectiveness and efficiency of operations; and
• compliance with laws and regulations.
• The components of internal control are:
• the control environment;
• the entity’s risk assessment;
• the information system and communication;
• control activities; and
• monitoring.
• The control environment, which includes the attitudes, awareness and actions
of management, provides the foundation for the operation of the system of
internal control.
• The entity’s risk assessment is the process of identifying risk, their
significance and how they are addressed.
• The information systems include procedures to initiate, record, process, report
and maintain information needed by management and financial reporting.
• Significant matters should be communicated within the entity, between
management and TCWG, and with external parties.
• Control activities are policies and procedures that help manage risk. They
include authorisation and approval, reconciliations, verifications, physical or
logical controls and segregation of duties.
 • Monitoring is a process that evaluates the effectiveness of controls and
identified and rectifies control deficiencies.
• The auditor must identify and evaluate the design of control activities (e.g.
through inquiry, observation, inspection, previous experience and walk-
throughs) and whether they have been implemented.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Reconciliations

1. Bank reconciliation
Reconciles the bank balance per the bank statement (external) to the balance on the
bank account in the general ledger. Reconciling items might include:
• “Timing differences”:
• Unpresented cheques (i.e. payments drawn by the business not yet shown on
the bank statement);
• Outstanding lodgements (i.e. money deposited with the bank but not yet
appearing on the bank statement).
• Items on the bank statement still to be recorded in the cash book/bank ledger
account:
• Bank interest/charges;
• Standing orders/direct debits;
• Credit transfers;
• Dishonoured ("bounced") cheques.
• Errors in the cash book/bank ledger account in the general ledger (will require
correction).
• Bank errors (to be corrected by the bank in the bank’s records).

Activity 2 Monitoring Activities

 • Confirming that activities (e.g. bank reconciliations) are carried out.
• Reports are produced when expected and actions carried out (e.g. follow up
on exception reports).
• Customers paying amounts as stated on their invoices (implicitly corroborates
billing data) or complaining that they have been overcharged.
• External regulators reporting on aspects of the internal controls relating to
regulations (e.g. financial services).
• Internal audit evaluations of internal control and risk procedures (e.g. whether
sales personnel comply with company policies on terms of sales contracts).
• A legal department’s oversight of compliance with the company’s policies on
ethics or business practices.
• External auditor's communications to management relating to the system of
internal control.
• Business activity and management accounts discussed at monthly board
meetings and challenged by non-executive directors and TCWG.

Activity 3 Inherent Limitations

• The cost of internal control should not exceed the benefits derived, especially
in smaller companies. For example, the cost of employing additional accounts
staff in order to segregate duties is likely to outweigh the maximum benefit
that might be derived from this control.
• Non-routine transactions are often less likely to be subject to routine controls
and systems may not be designed to cope with them. For example, the
acquisition of another business less usual and more complex than the
purchase of non-current asset. ⇒ Fraud risk
• Human judgement in decision-making can be faulty and/or human error may
lead to breakdowns in internal control. For example, an error in the design of
an information processing controls.
• Failure to understand the purpose of a control or take appropriate action may
mean a control does not operate effectively. For example, if an individual
responsible for reviewing a payroll exception report does not understand its
purpose or fails to take appropriate action on it.
• Collusion (between employees or between employees and customers or
suppliers) may lead to circumvention of controls. For example, a factory
employee, factory manager and a wages clerk might collude to claim,
authorise and process overtime that has not been earned. ⇒ Fraud risk
• Inappropriate management override of controls may render the system of
internal control to be ineffective. For example, a sales director may allow a
long-standing customer to exceed their specified credit limit in order to create
 customer goodwill, but in contravention of credit control procedures. ⇒ Fraud
risk
• Management also makes judgements on the nature and extent of risk the
company chooses to assume and the nature and extent of the controls it
chooses to implement. For example, if management judges the risk of losing
non-current assets to be low, it will implement of lower level of control than if
the risk had been judged to be high.

Activity 4 Payroll Control Objectives and Key Control Questions

Control objectives Key control questions

To ensure that employees are only paid for Can employees be paid for work not done?
work done.

To ensure that wages are only paid to valid Can wages be paid to fictitious employees?
employees.

To ensure that all wages are authorised. Can unauthorised wages be paid?

To ensure that wages are paid at the Can employees be paid at incorrect rates?
correct rates of pay.

To ensure that wages are correctly Can errors occur in wage calculations?
calculated.

To ensure all wages transactions are Can incorrect wage transactions be

correctly recorded in the books of account. recorded in the general ledger?
Chapter 10: Audit Materiality

Visual Overview

Objective: To describe the concept of materiality and its relationship with audit risk
and planning.
1.1 Concept

1.1.1 Accounting

Definition

Materiality – information is material if its omission or misstatement could influence

the decisions of primary users taken on the basis of the financial statements. …
Materiality depends on the nature and/or size of the items to which the information
relates. It is entity specific. The IASB does not (cannot) specify a uniform
quantitative threshold.

1.1.2 Auditing

The relevant standard is ISA 320 Materiality in Planning and Performing an Audit.

Definition

Performance materiality – the amounts set by the auditor at less than materiality
for the financial statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements
exceeds materiality for the financial statements as a whole.

Key Point

• The auditor must apply the concept of materiality appropriately in planning

and performing the audit.
• Materiality is an expression of the relative significance or importance of a
particular matter in the context of the financial statements as a whole.

1.2 Basic Principles

The auditor must exercise professional judgment to determine what is material (and
what is immaterial) based on:
• understanding of the entity and its environment;
• the entity’s financial results (transactions and balances) and disclosures; and
• the requirements of the users of the financial statements.
A rigid materiality model would not be practical because of the many differences
between entities and the users of their financial statements.
Materiality may be quantitative (based on values) or qualitative (based on the nature
of the matter). Qualitative misstatements include failure to disclose information as
required by laws, regulations or GAAP (e.g. IFRS disclosure requirements – but
remember that IFRS Standards apply only to material items).
Although an individual amount or procedure may not be material, consideration must
be given to the cumulative impact, for example:
• A deviation in a procedure may not be material, but repeated deviations (e.g.
each month) would indicate the potential for material misstatement.
• Individual immaterial pricing errors in purchases may result in a material
cumulative total, especially when extrapolated through work-in-progress and
finished goods.
• Failure to apply an accounting policy (e.g. depreciation of buildings) may not
be material to profit and loss in a given year. Still, cumulatively it may become
so (e.g. in accumulated depreciation on the statement of financial position).

1.3 Levels of Materiality

Materiality at the financial statement level must be set, as must performance

materiality. Determining materiality for particular transactions, balances and
disclosures is a matter of professional judgment, not routine. Performance materiality
will usually be less than other materiality levels.

Key Point
 Having determined a materiality level for the financial statements as a whole, the
auditor must consider if there are any particular classes of transactions, balances
and disclosures for which misstatements less than the overall materiality level
could reasonably be expected to influence the economic decisions of users.
Examples include:
• The effect of laws or regulations (e.g. remuneration, fraud).
• Key disclosures relating to the industry (e.g. research and development in a
pharmaceutical company).
• Events that would cause particular focus on a specific aspect of a
company's activities (e.g. acquisitions and disposals).

1.4 Performance Materiality

Key Point

Performance materiality is used when performing audit tests (e.g. receivables

confirmation, purchase transaction testing, inspection of non-current assets).

Planning the audit to consider only individually material misstatements overlooks the
cumulative impact of aggregated undetected immaterial misstatements exceeding
the overall financial statement materiality level.
The determination of performance materiality is not a simple mechanical calculation
but draws on:
• the nature of the entity;
• the auditor's experience (e.g. numerous immaterial misstatements found
during audit testing);
• the use of professional judgment; and
• the expectation of misstatements in the current period.
The aggregate of unadjusted immaterial misstatements must be compared with
performance materiality to ensure that the aggregate is not material.

Example 1 Applying Performance Materiality

GT & Co is conducting the audit of Werner Co. After planning considerations, it

has set an overall materiality level of 4% of profit before tax.
Werner Co has a high volume of credit customers and GT & Co has some
concerns about the valuation of trade receivables, as the effectiveness of
 Werner’s collection activities have deteriorated. Because of this, GT & Co has set
the performance materiality level for audit procedures performed on receivables to
be 3% of total receivables.
Applying this lower threshold during testing reduces the risk that the aggregate of
misstatements exceeds overall materiality.

1.5 Qualitative Materiality

Benchmarks for assessing materiality qualitatively include, for example, disclosure

requirements detailed by IFRS Standards and statutory disclosure requirements.
These may be subdivided into:
• objective disclosures that can be easily determined and verified (e.g.
disclosures concerning changes in accounting policies or prior period errors);
and
• subjective disclosures (e.g. wholly narrative disclosures).
To judge whether or not disclosures concerning subjective (and estimated) matters
are materially misstated, the auditor needs a thorough understanding of the entity's
business and sound professional judgment. Such disclosure matters must be
discussed with TCWG (e.g. the audit committee).

Example 2 Qualitative Materiality

Boros & Co is conducting the audit of Juggler Co, a listed company with extensive
holdings of non-current assets.
Juggler Co is reluctant to disclose how it applies its accounting policies for
depreciation and revaluation in its financial statements, especially in light of some
significant changes in the utilisation and market value of some of its non-current
assets.
Considering Juggler Co’s operating environment and business model, Boros & Co
deems the nondisclosure of Juggler’s accounting policies to be material and has
requested Juggler & Co to disclose them. Failure to do so might result in a
modification of the audit opinion.

1.6 Relevance to the Audit

Materiality is relevant to all stages of the audit:
• planning an audit (through its relationship with audit risk);
• determining audit procedures (their nature, timing and extent);
• carrying out the audit (identified errors may affect materiality levels);
• evaluating errors identified during the audit process; and
• evaluating misstatements in the financial statements.

2.1 Professional Judgment

Understanding the entity and its environment establishes a framework within which
the auditor can apply professional judgment to determine what is material in the
context of the entity, its environment and control procedures.
Professional judgment is also used to determine the classes of transactions,
balances and disclosures that are material. A material class of transaction (or
balance) for one entity may be immaterial for another (e.g. rental income may not be
material to revenue in a retail company but material to a property management
company).

Key Point

Understanding what is and is not material enables the auditor to consider the
nature, timing and extent of audit procedures (e.g. sampling, substantive analytical
procedures, stratification) to reduce audit risk to an acceptably low level.

2.2 Amount (Quantitative Materiality)

In designing the audit plan, the auditor initially sets an appropriate materiality level to
detect quantitatively material misstatements at the financial statement level.
By understanding users' economic decisions, lower materiality levels may also be set
based on the classes of transactions, account balances or disclosures that such
users would consider material.

Financial Statement Level Assertion Level

 Compare an item to the financial Compare an item to a category (e.g. an
statements as a whole. For example, inventory error of $50,000 compared to
compare to: a total inventory value of $650,000).
• revenue; It may be established as a set figure or
• profit before taxation; as a percentage of a total.
• total assets; The error of $50,000 may be
• capital and reserves. considered material to inventory but
Consider the elements of the financial may not be material to the statement of
statements (e.g. a different materiality financial position, if inventory as a
level for the statement of profit or loss whole is not a material item.
and the statement of financial position).

As a "yardstick", materiality must be relevant to the user rather than the preparer of
financial statements and consider critical points. For example:
• Turning a reported profit into a loss (might be material to employees);
• Turning net current assets into net current liabilities (may be material to
investors).
The auditor must also consider that some balances are capable of "precise
determination" and dictated by law and regulations, while others are not and are
determined by opinion and judgment rather than fact.

Precise Determination Use of Opinion/Judgment

For example, directors' emoluments For example, bad debt allowance,

and share capital. contingent liabilities and asset useful
lives.
Any error (however small) may be
considered material and adjusted, The depreciation expense based on five
especially as the precise amount must years may be material to profit and loss,
be disclosed by law. but if based on six years it may not be:
five or six years is a matter of opinion
and judgment. Both could be equally
acceptable.
Some reasonable degree of latitude is
acceptable.

2.3 Nature (Qualitative Materiality)

The nature of a misstatement (i.e. qualitative factors) must be considered when
determining whether the misstatement is material.
Misstatements are more likely to be considered material when they:
• Affect trends in profitability or mask a change in trend, or change a loss into
profit;
• Affect compliance with loan covenants, contracts or regulatory provisions;
• Increase management compensation or indicate a pattern of management
bias;
• Involve fraud;
• Affect significant financial statement elements.
Some transactions are material by nature, such as transactions with directors.

3.1 In Planning

Key Point

In planning the audit, the auditor makes judgments about the size of
misstatements considered material. These judgments provide a basis for:
• determining the nature, timing and extent of risk assessment procedures;
• identifying and assessing the risks of material misstatement; and
• determining the nature, timing and extent of further audit procedures.

Determining materiality involves the exercise of professional judgment. A percentage

is often applied to a chosen benchmark as a starting point in determining the
materiality level for the financial statements as a whole. The ISA does not specify
any particular guidelines or values; to do so might imply that professional judgment
need not be used.
Factors that may affect the identification of an appropriate benchmark include the
following:
• the elements of the financial statements (e.g. revenue, expenses, assets,
liabilities);
• elements that are of particular importance to users (e.g. to evaluate financial
performance, users may tend to focus on profit, revenue or net assets);
• the nature of the entity, where the entity is in its life cycle, and the industry
and economic environment in which the entity operates;
• the entity's ownership structure and the way it is financed (e.g. if substantially
debt-financed rather than equity-financed, users may put more emphasis on
assets, and claims on them, than on earnings); and
 • the relative volatility of the benchmark.
Past practice has, over time, established general percentage guidelines for the
calculation of an initial materiality level at the planning stage. For example:

5–10% net profit before taxation

1–2% net assets

½ –1% total assets

½ –1 % revenue
In general, less than the lower end of a range is immaterial and greater than the
upper end is material; the "grey area" in between is a matter for professional
judgment. In this approach, profit, net assets, total assets and revenue are
considered the main quantitative elements in the financial statements. The auditor
then uses professional judgment to determine:
• which element is the prime driver for materiality, or, more usually, which
combination; and
• where, within the range, to set materiality.

Example 3 Benchmark

High-turnover, low-margin operations would probably use revenue as the

benchmark as this would be the key to their success.
Industrial entities would typically use assets and revenue as benchmarks, with
profits as an indicator within the range suggested by assets and revenue.
Asset-based entities (e.g. property management and development) would use
assets as the benchmark.

Activity 1 Planning Materiality

The draft financial statements of an audit client show the following:

Revenue $5,000,000

Net assets $6,250,000

Profit before tax $417,000

Required:

a. Comment on the suitability of setting a materiality level for planning

purposes at:
 i. $20,000
ii. $40,000
iii. $100,000
b. Justify a materiality level that may be more suitable (if any).
*Please use the notes feature in the toolbar to help formulate your answer.

3.2 Effect on Audit Work

All matters that are identified as being material must be subject to detailed audit work
(e.g. tested in detail). The auditor must then use his judgment in dealing with the
remaining items (e.g. sampling or analytical procedures).

Example 4 Materiality Level

Having set a materiality level for the financial statements as a whole, the auditor
may (through judgment and expectations from experience of there being various
errors in the transactions and balances) set different performance materiality
levels for transactions, assets and liabilities (e.g. 50%, 75% and 50%) of the
financial statement materiality level when considering substantive testing.
Therefore, all balances greater than the performance materiality level will be
tested with the remaining items in the sample being selected using, for example,
random selection.
The performance materiality level would be used if sample sizes were calculated
using a materiality level.

Activity 2 Trade Receivables

Trade receivables total approximately $210,000, made up as follows:

Value range Number of Total
$000 balances $000
10-15 2 22.3
5-10 6 41.5
1-5 40 87.0
0-1 89 59.6
137 210.4
Prepayments amount to $16,450.
No material misstatements were found in the previous year's audit.

Required:
Suggest how a financial statement materiality level of $25,000 may affect audit
procedures on trade receivables and prepayments.
*Please use the notes feature in the toolbar to help formulate your answer.

3.3 Relationship with Audit Risk

The relationship between materiality and the level of audit risk is described as
inverse: as the materiality level decreases, audit risk increases (and vice versa).
The auditor compensates for this increase in audit risk by reducing detection risk:
modifying the nature, timing and extent of planned substantive procedures (i.e.
increasing the level of audit work).

Example 5 Materiality Level and Audit Risk

If the materiality level is lowered for a given population, more items will be greater
than the materiality level.
In this case, more items can be considered as potential material misstatements,
which, if left untested, increases audit risk.
So, by testing all items greater than performance materiality (in this example there
will be more of them, hence more work) the level of audit risk can be reduced back
to an acceptable level.

Key Point

A lower materiality level should be set if the risk of material misstatement is

assessed as high.
Setting the materiality level lower reduces detection risk because:
• more audit work will be performed;
• sample sizes will be larger.

3.4 Changing Materiality as the Audit Progresses

Setting the materiality level for the financial statements at the planning stage of the
audit only considers the understanding, transactions, balances and disclosures
known at that stage. As the audit progresses, information obtained and evidence
gathered, if known at the planning stage, may have resulted in a different
determination of materiality (and audit approach).
As material matters are determined, the auditor must consider their effect on the
performance materiality (quantitative factors) and the nature, timing and extent of
further audit procedures (quantitative and qualitative aspects).

Example 6 Changing Materiality Level

During an audit, material overstatements in the quantity and valuation of inventory

are noted. An increase in audit risk may be identified, requiring re-working the
financial statement materiality calculations.
The materiality level will need to be lowered, and further testing carried out (e.g.
larger sample sizes or additional items now greater than the materiality level will
need to be tested).
The auditor will need to use professional judgment to determine if a higher level of
testing is required on other balances and the effect on performance materiality.

3.5 Documentation

As discussed in Chapter 6, the auditor must document all matters to support the
audit opinion, especially those involving the use of professional judgment.

Activity 3 Documentation

List the key matters that should be documented concerning materiality.

*Please use the notes feature in the toolbar to help formulate your answer.

Syllabus Coverage
This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

1. Assessing audit risks

• Define and explain the concepts of materiality and performance materiality.
• Explain and calculate materiality levels from financial information.

Summary and Quiz

• Materiality is the expression of the relative significance or importance of a

particular matter to the financial statements as a whole.
• Materiality may be set for particular transactions, balances and disclosures for
which misstatements less than the overall materiality level may influence the
decisions of users.
• The auditor also sets performance materiality (at less than materiality for the
financial statements) to use in performing audit tests.
• Factors which affect the assessment of materiality include the economic
decisions of users, professional judgment, quantitative amounts and
qualitative aspects.
• Overall materiality is a matter of professional judgment based initially on a
percentage applied to a chosen benchmark.
• All material matters must be subject to substantive audit procedures.
• There is an "inverse" relationship between audit risk and materiality. The
amount considered material must be decreased as the risk of misstatement
increases.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Planning Materiality

 c. Suitability of Levels
iv. $20,000: This is likely too low as it falls below the lower limits for revenue,
total assets and profit before tax.
v. $40,000: This is more suitable because it is within the percentage ranges for
revenue and profit before tax. However, it may still be regarded as too low for
the statement of financial position.
vi. $100,000: Although suitable for the audit of the statement of financial position,
this is likely to be considered too high for classes of transactions. Therefore,
audit procedures may not detect material misstatements in the statement of
profit or loss.
d. Recommendation
e. This is a matter of judgment; however, as profit before tax is a function of the
make-up of balances and transactions (and at this stage in the audit only
draft), it is more likely that materiality will be determined based on revenue or
total assets. As these ranges have no overlap, no one range will satisfy both.
Therefore, an amount could be set to satisfy just one judged on users' needs
(e.g. if users are more interested in revenues than assets/liabilities, $50,000
may be appropriate). Alternatively, an amount could be set between ranges
as a compromise: $60,000.
WORKING
% $000

Revenue ½ –1 25–50

Net assets 1–2 62.5–125

Profit before tax 5–10 20.8–41.7

Activity 2 Trade Receivables

Trade Receivables
• Although there is no individual trade receivable balance greater than $25,000,
the eight largest balances total $63,800 and have the greatest potential for
containing cumulative material misstatement (of an overstatement). These
individual balances are likely to be tested in detail (see Chapter 24) to account
for performance materiality.
• The average balance in the range $1,000–$5,000 is $2,100 and the average
balance less than $1,000 is $670. If the profile of these balances is similar to
 the previous year's audit, analytical procedures may be used (see Chapter
16).
Prepayments
• If $16,450 is in line with the prior period, it is unlikely to be materiality
incorrectly stated and audit tests may be limited to an analytical comparison
with the prior year.

Activity 3 Documentation

Concerning materiality, the auditor will be expected to document:

• The materiality level for the financial statements as a whole and the
underlying factors considered in its determination.
• Any materiality levels, if applicable, for particular classes of transactions,
balances and disclosures that are important to users of the financial
statements (with underlying factors).
• Performance materiality with underlying factors.
• Any revision of any materiality level and why each revision was necessary.
• Reasons for any adjustments made that relate to material misstatements.
• All uncorrected misstatements and the aggregate of such errors for each
class of transaction, balance and disclosure, with reasons why each error
(and aggregate total) is not considered material.
Chapter 11: Fraud, Law and Regulations

Visual Overview

Objective: To describe the auditor's and management's responsibilities to consider

fraud and non-compliance with laws in an audit of financial statements.

1.0 Introduction

Key Point

The auditor is required:

• To identify and assess the risks of material misstatement of the financial
statements due to fraud;
• To obtain sufficient appropriate audit evidence regarding the assessed risks
of material misstatement due to fraud; and
• To respond appropriately to fraud or suspected fraud identified during the
audit.

Definitions

ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial

Statements distinguishes fraud from error.
 Definitions

• Error – unintentional mistakes in financial statements, including the

omission of an amount or disclosure.
• Fraud – an intentional act by one or more individuals that uses deception to
obtain an unjust or illegal advantage.
• Fraud risk factors – events or conditions that indicate an incentive or
pressure to commit fraud or provide an opportunity to commit fraud.

Activity 1 Fraud or Error

Classify each of the following as either "fraud" or "error":

Fraud/Error

Alteration, falsification or manipulation

of accounting records/documents

Applying accounting policies

inappropriately

Collusion

Arithmetic or clerical mistakes in

collecting/processing accounting data

Misapplication of accounting policies

Misappropriation of assets (i.e. theft)

Oversight or misinterpretation of facts

Recording transactions without

economic substance

Suppression or omission of effects of

transactions from records/documents
*Please use the notes feature in the toolbar to help formulate your answer.
1.2 Types of Fraud

Although there are many forms of fraud, only two basic types will result in a
misstatement of financial statements (and, therefore, will be of interest to auditors):
1. Fraudulent financial reporting; and
2. Misappropriation of assets.

1.2.1 Fraudulent Financial Reporting

Fraudulent financial reporting involves misstatements or omissions of amounts or

disclosures intended to deceive users of financial statements. It includes:
• Manipulation, falsification (including forgery) or alteration of accounting
records or supporting documentation from which the financial statements are
prepared.
• Misrepresentation, or intentional omission, of disclosure of significant events,
transactions, balances or other information.
• Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation or disclosure.

Example 1 Fraudulent Financial Reporting

Trabel Co’s management wants to improve its financial statements for reporting.
To create fictitious sales transactions near the year-end reporting date,
management has colluded with certain customers. After the reporting date, the
sales transactions are reversed with credit notes.

1.2.2 Misappropriation of Assets

Misappropriation of assets includes the theft or misuse of company assets. Theft

may be concealed (but is not necessarily) by falsifying records or documents (e.g.
bank statements or confirmation letters).
• When perpetrated by employees, the amounts involved are often not material.
• However, when perpetrated by management, the amounts are often material
and can be difficult to detect.
Misappropriation of assets is often motivated by persons "living beyond their means".
Examples include:
• Embezzlement (of monies).
• Stealing physical assets or intellectual property (e.g. collusion with a
competitor).
 • Using an entity's tangible assets for personal benefit (e.g. as personal loan
collateral).
• Causing the business to pay for goods and services not received.

Example 2 Misappropriation of Assets

Frod Co’s finance director is living a lifestyle beyond his means, financed by
misappropriating cash from Frod Co. He does this by embezzling payments made
to suppliers into his bank account and informing suppliers there might be a slight
delay in payment. He then uses payments authorised for subsequent invoices to
pay for earlier invoices.

1.3 Management and Auditor's Responsibilities

1.3.1 Management and External Auditor

Key Point

• Primary responsibility for prevention and detection of fraud and error lies
with management and TCWG.
• The external auditor's responsibility is to obtain reasonable assurance that
the financial statements are free from material misstatement, whether
caused by fraud or error.

Management External Auditors

• Management must set the tone • External auditors are not

at the top, emphasising fraud responsible for the prevention of
prevention/deterrence and fraud or error. However, the
establishing a culture of honesty external audit may act as a
and ethical behaviour. deterrent to fraud.

• The aim should be to persuade • The auditor should consider the

individuals at all levels in the firm risk of
(including executive material misstatement arising
management) not to commit from fraud
fraud because of the likelihood of and error when:
detection and punishment. • planning and performing audit
procedures; and
 • evaluating and reporting on the
results of procedures.

• The importance that • The auditor must be aware that

management attaches to internal the risk of not detecting a
audit indicates its commitment to material misstatement arising
effective internal control and from fraud is higher than that of
fraud risk management. error because of the nature of
• Those charged with fraud (i.e. it is concealed).
governance

• Must ensure that the appropriate • There is an unavoidable risk that

culture, risk management material misstatements resulting
procedures and internal controls from fraud (and to a lesser
exist and operate (including extent, error) may not be
compliance with laws and detected due to the inherent
regulations). limitations of an audit. However,
this risk should be minimised
(e.g. through the exercise of
professional scepticism).

• A key element is identifying the

potential for management
override of controls.

Activity 2 Management Override

Describe FIVE techniques that could be used by management to override internal

controls.
*Please use the notes feature in the toolbar to help formulate your answer.

Activity 3 Ability to Detect Fraud

Give FIVE factors that could affect the auditor's ability to detect fraud.
*Please use the notes feature in the toolbar to help formulate your answer.

1.3.2 Internal Auditors

Internal audit is just one element of the system of internal control that is established
and maintained by management. Internal auditors are responsible to management
for evaluating risks based on audit plans and appropriate testing. They must be alert
to the signs and possibilities of fraud and error (and non-compliance with laws and
regulations).
Internal auditors' continual presence in an organisation gives them a better
understanding of the organisation and its system of control to detect the symptoms
of fraud. (Whereas the external auditor's focus is on material misstatements in the
financial statements.)
Specifically, internal auditors can help management:
• In deterring fraud by examining and evaluating the adequacy and the
effectiveness of internal controls;
• In assessing the design of internal controls to detect error and fraud and
making recommendations for improvements;
• In evaluating errors to determine whether they could be an indication of fraud;
• In investigating actual or suspected fraud where appropriate (see below).
Although internal audit's role includes promoting best practices, testing and
monitoring systems and recommending change where needed, the responsibility for
the detection and prevention of corrupt practices (including fraud and bribery) and
error lies with executive management.
Internal audit should only be given extra responsibilities for fraud:
• If this does not prejudice its primary role and responsibilities;
• If it has the resource capacity and the specific expertise needed in a particular
case; and
• If approved by the board or audit committee.
Fraud investigation is considered in more detail in Chapter 14.

1.4 Professional Scepticism

Due to the characteristics of fraud, the exercise of professional scepticism is

essential when considering the risks of material misstatement due to fraud.
Professional scepticism:
• does not accept audit evidence at face value (e.g. suspicion that a document
may not be authentic; that external confirmations and explanations from
management contradict;
• requires continuous questioning of whether information and audit evidence
suggest that a material misstatement due to fraud may exist.
1.5 Discussions Within the Engagement Team

As part of the planning procedures, critical members of the engagement team should
discuss the susceptibility of the financial statements to material misstatement due to
fraud.

Example 3 Areas for Discussion

An auditor's discussions on fraud, the conclusions drawn from those discussions

and the effect on the audit strategy and audit program must be documented. For
example:
• How and where the entity's financial statements may be susceptible to
material misstatement due to fraud.
• How management could perpetrate and conceal fraudulent financial
reporting and how assets could be misappropriated.
• Circumstances that might be indicative of aggressive earnings
management.
• Known external and internal factors affecting the entity that may create
pressure for fraud or provide the opportunity for fraud to be perpetrated.
• Management's involvement in overseeing employees with access to cash
or other assets susceptible to misappropriation.
• Any unusual or unexplained changes in behaviour or lifestyle of
management or employees.
• How unpredictability will be incorporated into the nature, timing and extent
of the audit procedures to be performed.
• Whether certain types of audit procedures are more effective than others.
• Any allegations of fraud that have come to the auditor's attention.
• The risk of management override of controls.

1.6 Risk Assessment Procedures

Risk assessment procedures include:

• Understanding fraud-control design, implementation and effectiveness;
• Inquiries of management;
• Inquiries of TCWG;
• Inquiries of others;
• Consideration of fraud risk factors.
1.6.1 Fraud-Control Design, Implementation and Effectiveness

The auditor requires a thorough understanding of controls that management has

designed, implemented and maintained to prevent and detect fraud. This includes
understanding the roles of TCWG and internal audit.

1.6.2 Inquiries of Management

The auditor should inquire about:

• Management's assessment of the risk of fraud and the controls in place to
prevent and detect it;
• Management's approach to the prevention and detection of fraud and the
actions taken should fraud occur is indicative of management's attitude to
internal control (control environment); and
• Management's knowledge of actual, suspected or alleged frauds and the
action taken.

1.6.3 Inquiries of TCWG

As managers may be able to override internal control, understanding the role of

TCWG enables the auditor to assess the strength of oversight procedures and the
entity's exposure to management fraud.
Because oversight procedures are part of internal control, the auditor should
consider observing the governance process by attending appropriate meetings,
reviewing reports and discussing matters directly with the audit committee.
Inquiries should be made about any knowledge of actual, suspected or alleged fraud.
The response should be compared with management's, and any inconsistencies
should be investigated.

1.6.4 Others of Whom the Auditor May Make Inquiries

The auditor’s inquiries are not limited to management and TCWG but may extend to:
• Internal audit – procedures carried out specifically to detect fraud, the
level/type of fraud detected and action taken by management and TCWG.
• Direct and indirect (of the finance function) operating personnel.
• Employees who deal with complex or unusual transactions.
• Internal and external legal services.
• Chief risk officer, chief ethics officer, money laundering officer, etc.
1.6.5 Consideration of Fraud-Risk Factors

Any unusual or unexpected relationships identified using analytical review may

indicate risks of material misstatement due to fraud (e.g. fictitious sales). All
information received about the entity should be considered for the risk of material
misstatement due to fraud (e.g. information obtained during client acceptance
procedures or any interim engagements).
Examples of potential fraud risk factors include:
• events or conditions that indicate an incentive or pressure to commit fraud
(e.g. personal financial problems)
• events or conditions that provide the opportunity to commit fraud (e.g. large
amounts of cash, poor control environment, inadequate physical safeguards);
and
• an attitude that rationalises the fraud (e.g. tolerance of petty theft).
When potential fraud risk indicators have been identified, any risk of material
misstatements due to these factors must be identified and classified as significant
risks.
For all significant risks, specific procedures (control and substantive) must be
designed to minimise the risk that the auditor does not detect fraud.

Key Point

• A risk of fraud in revenue recognition is presumed a significant risk due to

fraudulent financial reporting (e.g. overstatement due to premature
recognition or fictitious sales or understatement through shifting revenues
to a later period).
• If the auditor determines that revenue recognition is not a significant risk
(e.g. because there is a single type of simple revenue transaction), the
reasons for this decision must be documented.

1.7 Effect on Audit Strategy and Extent of Work

Exam advice

The following examples of the effect of fraud and misstatements on the audit
strategy and extent of audit work are considered the most relevant to the Audit
and Assurance exam. This list is not exhaustive; more examples are given in
appendices to ISA 240.
Audit Strategy • Increase level of professional
scepticism.
• Reassess the overall audit
approach.
• Consider the nature, timing and
extent of substantive procedures.
• Design specific procedures to
match the risk, especially
management override of
controls.

Audit Team • Assign individuals with

specialised skills to match the
potential of fraud (e.g. forensic or
IS).
• Strong briefing and closer
supervision of team members.
• Assign more experienced staff
(e.g. managers and partners).

Extent of Audit Procedures • Altering the nature, timing and

extent of audit procedures to
incorporate an element of
unpredictability (from
management's viewpoint) to
reflect the fact that management
may be familiar with prior audit
approaches:
• different sample selection
procedure;
• different locations visited;
• different timing of audit visits;
• full year-end inventory count for
perpetual inventory systems;
• some final audit work carried out
at the inventory count visit.
• Physical inspection of at-risk
assets, rather than acceptance
of third-party confirmation.
• Greater use of CAATs, data-
mining and benchmarking to
identify unusual transactions and
trends.
• Greater use of analytical
procedures at a higher level (e.g.
linear regression analysis).
 • Circularisation of
agreement/contract terms and
conditions and the standard
approach for balances.
• Reviewing journal adjustments
after the last audit was
completed (to see what
adjustments were made after the
auditors had left and would likely
be repeated).
• Inquiry of non-financial personnel
involved in the risk area.
• Using external experts to re-
assess management estimates
and retrospective review of prior
year estimates.

Override of Controls • In addition to a thorough

understanding of controls and
the potential for override by
management, the auditor should
pay particular attention to:
• journal entries and other
adjustments (e.g. consider
volumes, values, timing and
supporting evidence);
• accounting estimates (consider
possible bias to "profit smooth");
and
• business transaction rationale
(e.g. if significant transactions
appear overly complex or involve
special-purpose entities).

1.8 Written Representations

Chapter 20 deals with written representations in greater detail and contains an

example of suitable representations.

Key Point
 Written representations must be obtained from management concerning its:
• responsibility for the design, implementation and maintenance of internal
control to prevent or detect fraud;
• disclosure to the auditor of the results of its assessment of the risk that the
financial statements may be materially misstated as a result of fraud;
• disclosure to the auditor of knowledge of fraud or suspected fraud involving
management, employees who have significant roles in internal control or
other employees where fraud would have a material effect on the financial
statements; and
• disclosure to the auditor of knowledge of alleged or suspected fraud
communicated by employees, former employees, analysts, regulators or
others.

1.9 Communication with Management and TCWG

Although the auditor's report is not explained until later (Chapter 30), note that if a
matter is assessed as immaterial there will be no grounds for modifying the audit
opinion (i.e. the opinion will be “clean”). Therefore, any fraud or error that is
immaterial will not be drawn to the attention of the users of financial statements.

Management Those Charged with Regulatory and

Governance Enforcement
Authorities

• Communicate • Communicate if • The auditor's duty

factual findings if: the fraud involves: of confidentiality
• fraud may exist • management; normally precludes
(even if potentially • employee with a any reporting to a
immaterial); or significant role in third party.
• fraud does exist. controls; • If duty is
• Report on a timely • others, resulting in overridden (e.g. by
basis for a material statute or courts of
management to misstatement. law), seek legal
take action. It may • If management is advice.
initially need to be suspected, report • In some
oral but must be and discuss the jurisdictions, there
followed up by nature, timing and may be a statutory
written support. extent of further duty to report fraud
audit procedures and/or material
misstatement to a
 • Level of needed to supervisory
management complete the audit. authority without
depends on: • If fraud is not first discussing it
• nature; material, discuss with management.
• magnitude; the approach to • In most cases,
• frequency; and reporting at seek legal advice
• likelihood of planning stage. or advice from
recurrence. • Report significant ACCA on the legal
deficiencies in the and ethical matters
• Report to a level
design/implementa involved.
above those
believed to be tion of internal
implicated – control to
otherwise seek prevent/detect
legal advice. fraud.
• Report significant • Report concerns
deficiencies in the about
design/implementa management's
tion of internal attitude to fraud
control to prevention,
prevent/detect detection and
fraud. systems
assessment.

Activity 4 Matters to Be Reported to Those Charged with Governance

Suggest other matters related to fraud that the auditors should discuss with TCWG
(other than those identified above).
*Please use the notes feature in the toolbar to help formulate your answer.

1.10 Resignation from the Engagement

Resignation ("Withdrawal") will be considered if the auditor encounters exceptional

circumstances that question his ability to continue the audit. For example:
• Management does not take the necessary remedial action for actual or
suspected fraud.
• Results of audit tests indicate a significant risk of material and pervasive
fraud.
• Significant doubts exist about the competence or integrity of management or
TCWG.
Factors to be considered include:
• Whether management or TCWG are implicated.
• The professional and legal responsibilities in such circumstances (e.g. need to
report directly to appropriate authorities without discussing with the client).
• Whether it is appropriate to withdraw (e.g. the auditor's professional
responsibility to complete the audit and issue an appropriate report).
• The effects on the auditor of continuing an association with the client (i.e.
engagement risk).

2.0 Introduction

The relevant standard is ISA 250 Consideration of Laws and Regulations in an Audit
of Financial Statements.

Key Point

The auditor is required:

• To obtain sufficient appropriate audit evidence regarding compliance with
provisions of laws and regulations that have a direct effect on material
amounts and disclosures in financial statements;
• To perform specified audit procedures to help identify instances of non-
compliance that may have a material effect on the financial statements;
and
• To respond appropriately to identified or suspected non-compliance
identified during the audit.

2.1 Definition

Definitions

Non-compliance – acts of omission or commission, intentional or unintentional,

committed by the entity, TCWG, management or other individuals working under
the direction of the entity, which are contrary to the prevailing laws or regulations.
Non-compliance includes personal misconduct related to business activities (e.g.
 accepting a bribe from a supplier) but does not include personal misconduct
unrelated to business activities.

Key Point

Non-compliance can arise through an act of omission (i.e. failure to act) or

commission (i.e. performance of an action).

2.2 Types of Laws and Regulations

There are two types of laws and regulations:

3. Those that relate directly to the financial aspects of the financial statements;
and
4. Those that relate to the operational aspects and could indirectly affect the
financial statements.
Laws and regulations that are generally recognised as having a direct effect are:
• well-established;
• known to the entity;
• within the entity's industry sector; and relevant to the financial statements.
The indirect effect on financial statements can range from going concern and
closure of business to fines, litigation and provisions. Generally, the further removed
non-compliance is from the events and transactions ordinarily reflected in financial
statements, the less likely the auditor is to become aware of it or recognise its
possible non-compliance.
Examples include the following:

Direct Indirect

• Form and content of the financial • Operating licence

statements (e.g. company acts, • Environmental regulations
listing requirements, IFRS • Health and safety requirements
Standards) • Regulatory solvency
• Industry-specific financial requirements
reporting issues (e.g. charities, • Data protection
pension schemes)
• Fraud, corruption and bribery
• Money laundering
• Tax liabilities

Example 4 Effect of Non-compliance on Different Organisations

A minor breach of health and safety regulations in an office environment is unlikely
to have any material consequence on the financial statements or the operating
capability of the business (unless of a repeated nature due to lack of remedial
action or in breach of a court order, for example).
However, in industrial or hospitality sectors, the consequence concerning the
business could be more serious (e.g. closure or loss of reputation leading to going
concern).

2.3 Management and Auditor's Responsibilities

Key Point

Management is responsible for ensuring that operations are conducted within the
laws and regulations applicable to the entity.
The auditor’s responsibility is to obtain reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or error.
An auditor's considerations of laws and regulations are very similar to fraud.

Management Auditor

• Monitor legal requirements and • Plan, perform and evaluate the

ensure operating procedures are audit, recognising that non-
designed to meet the compliance with laws and
requirements. regulations may materially affect
• Design systems to meet the financial statements.
applicable legal requirements. • Apply professional scepticism.
• Institute and operate appropriate • Obtain a general understanding
systems of internal control. of applicable laws and
• Develop, publicise and follow a regulations to understand the
code of conduct. business and its environment.
• Ensure employees are • Understand how the entity
adequately trained and complies with those laws and
understand the code of conduct. regulations, the risk procedures
• Monitor compliance with the and controls applicable to ensure
code of conduct and discipline laws and regulations are not
employees who fail to comply. breached.
• Engage legal advisors to assist • Identify critical laws and
in monitoring legal requirements. regulations (i.e. those that may
• Maintain a register of significant cause the entity to cease
laws and regulations. operations).
 • Identify non-compliance with
laws and regulations (e.g. by
inquiry of management, TCWG,
company solicitors and
inspection of correspondence
with relevant parties).
• Be aware when auditing
assertions of the effect that
breaches of laws and regulations
may have on them.

2.4 Indications of Non-compliance

There are many different sources of indicators of non-compliance:

• Notification by a whistleblower.
• Investigation by government departments.
• Payment of fines or penalties.
• Payments for unspecified services or loans to consultants, employees or
government employees.
• Excessive commissions or agent's fees.
• Purchasing at prices significantly above or below market price.
• Unusual payments in cash or transfers to numbered bank accounts.
• Complex corporate structures, including offshore companies where ownership
cannot be identified.
• Unusual transactions with companies registered in tax havens.
• Tax evasion (e.g. under-declaring income).
• Payments for goods or services made other than the country of origin.
• Payments without proper exchange control documentation.
• An accounting system which fails to provide an adequate audit trail.
• Adverse Media comment.

2.5 Non-compliance Discovered

2.5.1 Considerations
When non-compliance is discovered, the auditor needs to understand the nature of
the breach, the circumstances and the potential effect on the financial statements.
Potential consequences include:
• fines;
• penalties;
• damages;
• threat of expropriation of assets;
• enforced discontinuation of operations;
• litigation.
The auditor needs to understand whether potential consequences:
• require amendment or disclosure (e.g. if provisions need to be made for
penalties);
• are so severe as to question whether the financial statements “present fairly,
in all material respects …”.
If the non-compliance may give rise to a money laundering offence, the audit firm's
Money Laundering Reporting Officer may be required to report this to the relevant
regulatory authority. Examples of such situations that may be encountered during an
audit include:
• Theft of assets;
• Dishonesty (e.g. failing to refund customers for goods they have returned);
• Facilitation payments (i.e. bribes).
•
Exam advice

How suspicions of money laundering should be reported is assumed knowledge

from Business and Technology.

2.5.2 Procedures

When non-compliance is discovered, the auditor should:

• Document findings – include copies of records/documents and minutes of
conversations.
• Discuss with management and TCWG, where appropriate, to confirm facts
and circumstances. But not if prohibited (e.g. it might prejudice an
investigation).
• Consult with the entity's lawyer.
• Consider the need for external legal advice.
• Consider how other audit areas might be affected (e.g. need to re-assess
risk).
• Consider whether the size and nature of the breach call into doubt
management's integrity and, therefore, other representations made by
management.
2.6 Reporting Non-compliance and Withdrawal from the
Engagement

It may be appropriate for the auditor to obtain legal advice before withdrawing from
an engagement. For example:
• If management or TCWG do not take necessary remedial action; or
• If identified or suspected, non-compliance raises questions regarding the
integrity of management or TCWG (even if the non-compliance is not material
to the financial statements).
Identified or suspected non-compliance with laws and regulations may be
communicated in the auditor's report (see Chapter 30 for details):
• If the auditor has a reporting responsibility to do so;
• If it is a "key audit matter",;
• In exceptional circumstances, if the auditor is not permitted to withdraw from
the engagement.
The auditor may report to an appropriate authority if:
• Required by law, regulation or relevant ethical requirements (e.g. under
ACCA’s Code of Ethics and Conduct, reporting to an appropriate authority
does not breach confidentiality);
• It is an appropriate response in accordance with relevant ethical
requirements; or
• He has the right to do so.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

1. Fraud, laws and regulations

• Discuss the effect of fraud and misstatements on the audit strategy and extent
of audit work.
• Discuss the responsibilities of internal and external auditors for the prevention
and detection of fraud and error.
• Explain the auditor's responsibility to consider laws and regulations.
Summary and Quiz

• An error is an unintentional mistake in the financial statements. In contrast,

fraud is intentional.
• The types of fraud which result in financial statement misstatement are:
• Fraudulent financial reporting – the misstatement or omission of amounts or
disclosures to deceive financial statement users.
• Misappropriation of assets – the theft or misuse of company assets.
• Management is responsible for the prevention and detection of fraud and
errors.
• The auditor is responsible for obtaining reasonable assurance that the
financial statements are free of material misstatement, whether caused by
error or fraud.
• Fraud risk assessment procedures include consideration of fraud risk factors:
• events or conditions that indicate an incentive or pressure to commit fraud;
• the opportunity to commit fraud; and
• the attitude or environment that rationalises fraud.
• The nature, timing and extent of audit procedures should change in response
to the assessed risk of material misstatement due to fraud.
• Written representations regarding fraud should be obtained from
management.
• Actual or suspected fraud should be communicated to management on a
timely basis and to TCWG if the fraud is material or involves management or
an employee in a significant control role.
• Generally, the auditor does not report fraud to third parties unless there is a
statutory duty to report fraud.
• The auditor should obtain significant appropriate audit evidence regarding
compliance with laws and regulations that directly affect the determination of
material amounts and disclosures in the financial statements.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Law and regulations (s.2.1-2.3)
For more recent articles and other resources please visit the ACCA global website.
Activity 1 Fraud or Error

Fraud/Error

Alteration, falsification or manipulation Fraud

of accounting records or documents

Applying accounting policies Fraud (if intended) / Error (if mistake

inappropriately made in ignorance)

Collusion Fraud

Arithmetic or clerical mistakes in Error

collecting/processing accounting data

Misapplication of accounting policies Error

Misappropriation of assets (i.e. theft) Fraud

Oversight or misinterpretation of facts Error

Recording transactions without Fraud

economic substance

Suppression or omission of effects of Fraud

transactions from records/documents

Activity 2 Management Override

5. Recording fictitious journal entries, particularly close to the end of an

accounting period, to manipulate operating results or achieve other objectives
– such entries may need to be reversed in the following period.
6. Inappropriately adjusting assumptions and changing judgments used to
estimate account balances (e.g. aggressive application of accounting
policies).
 7. Omitting, advancing or delaying recognition in the financial statements of
events and transactions during the reporting period (e.g. recognising revenue
not yet earned).
8. Concealing, or not disclosing, facts that could affect the amounts or
disclosures shown in the financial statements (e.g. product liability claims).
9. Engaging in complex transactions that are structured to misrepresent the
entity's financial position or financial performance (e.g. off-balance-sheet
financing and the use of special-purpose entities).
10. Altering records and terms related to significant and unusual transactions.
Activity 3 Ability to Detect Fraud

1. Skill of the fraudster

2. Frequency and extent of the fraud
3. Degree of collusion
4. Relative size of individual amounts involved
5. Seniority of those involved

Activity 4 Matters to Be Reported to Those Charged with Governance

• Concerns about the nature, extent and frequency of management's

assessments of the controls in place to prevent and detect fraud and the risk
that the financial statements may be misstated.
• A failure by management to appropriately address identified significant
deficiencies in internal control.
• A failure by management to appropriately respond to an identified fraud.
• The auditor's evaluation of the control environment, including questions
regarding the competence and integrity of management.
• Actions by management that may indicate fraudulent financial reporting (e.g.
management's selection and application of accounting policies to manage
earnings and deceive users of the financial statement).
• Concerns about the adequacy and completeness of the authorisation of
transactions that appear outside the normal course of business.
Chapter 12: Tests of Control

Visual Overview

Objective: To describe computer systems controls and control objectives,

procedures and tests of control for the major transaction cycles.

1.1 General IT Controls

Exam advice

In exam questions, assume that the system is computerised unless explicitly told
otherwise.
 Definitions

IT environment – the IT applications and supporting IT infrastructure, and the IT

processes and personnel involved in those processes, that are used to support
business operations and achieve business strategies.
General IT controls – controls over the IT processes that support the continued
proper operation of the IT environment, including the continued effective
functioning of information processing controls and the integrity of information (i.e.
the completeness, accuracy and validity of information) in the information system.

1.1.1 Purpose

General IT controls are implemented to address risks arising from the use of IT and
are typically implemented for each aspect of the IT environment:
• Applications – controls will be more relevant for highly-integrated IT
applications with complex security options than a “legacy application” (e.g.
based on outdated technologies) supporting a few account balances.
• Database – controls typically address risks related to unauthorised updates to
financial reporting information (e.g. through direct database access or
execution of a program).
• Operating system – controls typically address risks related to administrative
access, which can facilitate the override of other controls (e.g. compromising
other user’s credentials, adding new/unauthorised users, loading malware or
executing unauthorised programs).
• Network – controls typically address risks related to network segmentation
(e.g. between branches and a head office), remote access and authentication.
Network controls may be relevant when, for example:
• web–facing applications (i.e. visible/accessible from the internet) are used in
financial reporting;
• there are significant business partner relationships or third-party outsourcing,
which may increase data transmissions and the need for remote access.

Key Point

A general IT control alone is typically not sufficient to address a risk of material

misstatement at the assertion level.

If general IT controls are not designed effectively or appropriately implemented (e.g.

controls do not prevent or detect unauthorised program changes or unauthorised
access to IT applications), the auditor may decide to not rely on automated controls
within the affected IT applications.
1.1.2 Classifications

There is no single classification of general IT controls. One classification is by IT

process, for example:
• Process to manage access;
• Process to manage changes to the program or the IT environment;
• Process to manage IT operations
Examples of general IT controls by this classification include the following:

Access Program or other IT operations

changes

• Authentication: • Change • Job scheduling:

To ensure users management Controls over
use their assigned process: Controls access to schedule
login credentials. over the process to and initiate
• Authorisation: To design, program, jobs/programs that
allow users to test and migrate may affect
access only the changes to a financial reporting.
information production (i.e. • Job monitoring:
necessary for their end user) Controls to monitor
job (facilitates environment. financial reporting
segregation of • Segregation of jobs/ programs for
duties). duties over successful
• Provisioning: To change execution.
authorise new migration: To • Backup and
users and modify segregate access recovery: Controls
existing users’ to making changes to ensure:
access privileges. to a production • data backups
• Deprovisioning: environment. occur as planned;
To remove user • Systems and
access upon development, • such data is
termination or acquisition or available and
transfer. implementation: accessible for
• User access Controls over initial timely recovery
reviews: To IT application after an outage or
recertify or development or attack.
evaluate user implementation. • Intrusion
access for • Data conversion: detection:
authorisation. Controls over data Controls to monitor
conversion during for vulnerabilities
 • Physical access: development, and intrusions in
To the data centre implementation or the IT
and hardware upgrading of the IT environment.
(unauthorised environment.
access may be
used to override
other controls).

Example 1 General IT Controls

As the financial controller at TRC Co, Lisa uses a computer to access and make
updates to the company’s financial system.
• To access her workstation, she needs to log in using an assigned
username and password. A two-step verification process requires her to
key in a PIN sent to an authenticator app on her phone.
• TRC Co has an automated policy that forces authorised users to change
their passwords every 60 days or in the event of a detected breach of the
system.
• Her workstation has up-to-date anti-virus, operating system (OS) and
firewall; the policies and updates are controlled by TRC Co.
• Her workstation automatically sends back-end operation and memory data
to TRC Co’s IT department, comparing processes to a database of threats
and flagging anomalies.
• Her workstation has restrictions on the installation of software and scripts.
Software can only be installed through the approved software portal on the
company’s intranet or if an exception case is submitted and approved
through the IT department.
• Her workstation automatically backs up Lisa’s data and folders to the cloud
every day at a specific time.
• Changes to programmes and settings are logged by the OS and sent to the
IT department.
• Specific to Lisa’s workstation, key dates, changes to settings and
processes relating to the financial software are automatically logged and
sent to the IT department.
• TRC Co’s cloud verification restricts financial system login by Lisa to only
one session at a time. Logins from multiple terminals simultaneously are
not allowed; any attempt will be logged and shared with the IT department.
An alternative classification is as follows:
1.2 Information Processing Controls

Definition

Information processing controls – controls relating to the processing of

information in IT applications or manual information processes that directly
address risks to the integrity of information (i.e. the completeness, accuracy and
validity of transactions and other information).

1.2.1 Purpose

Information processing controls provide reasonable assurance that all transactions

are authorised (valid), recorded and processed completely, accurately and on a
timely basis.

Exam advice

Appreciate that there can be overlap between the various classifications, for
example, passwords can be a general IT control (e.g. logical access to the
accounts department) and also an IT application (information processing) control
(e.g. permitting access to a specific program such as the payroll).
Some classifications include processing controls (e.g. control totals, check digits,
range, comparability, existence, sequence and exception checks) as input
validation controls (as input can be considered an aspect of processing).
In the exam, state the control and what it aims to achieve and give an example of
its use.
1.2.2 Classifications

Validation checks over input include:

• Limit tests to ensure that a numerical value does not exceed a predetermined
value;
• Range or reasonableness tests to ensure that the value in a field falls within
an allowable range of values;
• Sequence checks to determine if data is input in proper numerical or
alphabetical sequence;
• Field tests to ensure that a field includes only acceptable numeric or
alphabetic characters; and
• Sign tests to check that data in a field has the correct arithmetic sign.
Check digit verification is a check for arithmetic accuracy that computes a numeric
value to provide assurance that the original value was not changed.
A batch total is the sum of a particular numerical field in a collection (batch) of
items. It is used to ensure the completeness and accuracy of data input. For
example, a batch of sales invoices, invoice totals, sales tax totals and the number of
invoices are manually totalled before entry into the computer. These totals are then
compared to the computer's calculations. If the totals do not match, the source
documents are compared to the computer records to determine the source of error.
An alternative classification for information processing controls is as follows:

Transaction controls File controls

Aim to ensure: Aim to ensure:

 • completeness; • file continuity;
• accuracy; and • asset protection; such as:
• validity • keys, security-coded entry;
of transactions and hence the existence • approval and recording;
of assets and liabilities. • data security (e.g. library)
procedures.
→Mnemonic "CAVe".

2.1 Further Audit Procedures

Key Point

ISA 315 requires the auditor to:

• identify and assess risks of material misstatement at the financial statement
and assertion levels (see Chapter 9); and
• design further audit procedures (under ISA 330 The Auditor’s Procedures in
Response to Assessed Risks), including:
• audit procedures, if required, to test the operating effectiveness controls
(i.e. tests of controls);
• the nature, timing and extent of planned substantive procedures (see
Chapter 15).

Definitions

Test of controls – an audit procedure designed to evaluate the operating

effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level.
Substantive procedure – an audit procedure designed to detect material
misstatements at the assertion level (see Chapter 15).

The following diagram shows that the effectiveness of controls will only be tested
when there is potential for reliance on controls (*). If controls are effective, the level
of substantive procedures will be reduced, compared to the “full” substantive
approach.
A "full” substantive approach (i.e. all assurance comes from substantive procedures)
is adopted where:
• following the risk assessment, controls do not appear to be satisfactory; or
• tests of controls show them to be not effective (see middle of diagram); or
• the auditor does not seek to place reliance on controls.
Such a wholly substantive approach requires a high level of testing of transactions,
balances and disclosures (see Chapter 15).

Key Point

A control can potentially be relied upon (*) if it relates to an assertion and appears
suitably designed and implemented.

2.2 Operating Effectiveness

Testing the operating effectiveness of controls includes obtaining evidence
regarding:
• whether controls were applied at relevant times;
• how controls were applied;
• the consistency with which controls were applied; and
• by whom the controls were applied.
Tests of control are performed when:
• the auditor's control risk assessment is based on an expectation that control
activities are operating effectively (i.e. the auditor intends to rely on their
operating effectiveness in determining the nature, timing and extent of
substantive procedures); or
• substantive procedures alone do not provide sufficient appropriate audit
evidence (e.g. in highly automated systems).

Key Point

Tests of control cannot be used to eliminate the need to perform substantive

procedures. Substantive procedures must be performed for all material account
balances, transactions and disclosures (Chapter 15).

2.3 Nature, Timing and Extent of Tests of Control

The auditor uses professional judgment to determine:

• the control activities to test; and
• the design (i.e. nature, timing and extent) of tests of control.

2.3.1 Control Activities

Control activities (see Chapter 9) include:

• Authorisation and approvals;
• Reconciliations;
• Verifications;
• Physical or logical controls;
• Segregation of duties.
The auditor may plan to test:
• direct controls;
• indirect controls including general IT controls.
Definitions
 Direct control – controls that are precise enough to address risks of material
misstatement at the assertion level.
Indirect control – controls that support direct controls.

Controls in the control environment, risk assessment process and monitoring

process are primarily indirect controls (but may also be direct). Controls in the
information system and communication and control activities are mostly direct
controls (but may also be indirect).

Key Point

If a control to be tested depends on other (indirect) controls, the auditor must

consider whether it is necessary to obtain audit evidence to confirm the effective
operation of those indirect controls (e.g. general IT controls).

2.3.2 Nature of Tests of Control

Key Points

• Observation, inspection and reperformance are used to test controls.

• Inquiry may be used in addition to these but is not sufficient alone.

Control activity Examples Tests of controls

Authorisation and Authorisation/approval of: • Inspection of

approvals • Purchase/disposal documents
of non-current evidencing
assets authorisation (e.g.
• Payments to capital expenditure
suppliers requisition).
• Customer credit • Inquiry regarding
limits authorisation
• Purchase and procedures and
sales transactions authorising parties.
• New employees,
wage rates,
promotions
• Journal entries.
Reconciliations • Bank • Inspect
reconciliations. reconciliations and
• Supplier/customer evidence of
statement independent
reconciliations. review.
(See Activity 1 in Chapter • Reperformance of
9.) reconciliations.

Verifications • Arithmetical • Recalculation of

accuracy checks. arithmetical
• Extracting trial checks.
balances. • Reperformance of
• Sequence checks sequence checks.
of pre-numbered • Inspection of
documents. reports for
• Follow-up on evidence of follow-
error/exception up.
reports.
(See also information
processing controls
(s.1.2.2))

Physical or logical • Secured access to • Observation of

controls assets and secured/ password
records. access.
• Password access • Observation of
to computer inspection of
systems. physical assets.
• Comparing book to • Inspection of
physical assets evidence of
(e.g. inventory, comparison of
cash, non-current book to physical
assets). assets (e.g. in a
non-current asset
register).
• Reperformanceof
physical to book
comparisons (e.g.
test counts when
attending a
physical inventory
count).
 Segregation of duties • Separation of • Observation of
authorisation, segregation of
recording and duties
custody functions. • Inspection of
• Actions of one documents that
employee checked evidence
by another. segregation of
duties
• Inquiry regarding
segregation

2.3.3 Timing of Tests of Control

Testing a control at a point in time only provides evidence of its effectiveness (and
implementation) at that point. Depending on the objective of the test, it is often
necessary to test the effectiveness of controls over some time. For example:
• Year-end inventory counts only require testing of control (and substantive
procedures) at the year-end since no reliance is placed on day-to-day
controls.
• Controls over continuous inventory systems will need to be tested throughout
the year (e.g. regular test counting of significant inventory items, discrepancy
reports followed up and acted upon) if reliance is to be placed on inventory
records.
An efficient approach to testing controls is to conduct, wherever possible, procedures
during the interim audit. The auditor can reassess the audit approach, if necessary,
before the year-end audit (rather than discovering at the last minute that the audit
approach needs to be changed).
When an interim audit is carried out, the approach to auditing the remaining period to
the year-end must be considered. Factors to take into account include:
• the significance of the assessed risks of material misstatement during the
remaining period;
• the length of the remaining period (e.g. four months of transactions will be
more material than just one month);
• the control environment; and
• significant changes to the system of internal control since the interim audit.

Example 2 Interim Audit

• An interim audit is carried out two months before the year-end. The results
show that there is a high degree of operating effectiveness.
 • During the remaining two months, a change is made to the procurement
procedures. This is considered to be significant.
• Understanding and risk assessment is based on this change in control. The
operational effectiveness of the change and its effect on the procurement
system will be tested from the date of its introduction.
• As the monitoring of controls was assessed as effective at the interim audit,
the auditor decides that a review of the control monitoring procedures
during the last two months, supported by analytical procedures, will be
sufficient to cover the remaining internal controls relevant to the audit and
will not be affected by the change.

2.3.4 Extent of Tests of Control

The extent of tests of control should consider:

• The frequency of the performance of the control by the entity during the
period.
• The length of time during the audit period that the auditor is relying on the
operating effectiveness of the control. (This will generally be the whole
period.)
• The relevance and reliability of the audit evidence to be obtained.
• The extent to which audit evidence is obtained from tests of other controls
related to the same assertion.
• The extent to which the auditor plans to rely on the operating effectiveness of
the control in the assessment of risk (and thereby reduce substantive
procedures).
• The expected deviation (i.e. number of errors) from the control. If the
expected deviation is zero, any deviations may increase substantive
procedures.
• To the extent not already addressed, whether the direct controls to be tested
depend on other (indirect) controls) and, if so, whether it is necessary to
obtain audit evidence supporting the effective operation of those indirect
controls.
If the system is changed partway through a year (e.g. from a manual to a computer-
based system), effectively two systems will need to be assessed and tested,
depending on the length of time each has been in operation (e.g. if the change
occurred during the last month, detailed analytical procedures might provide
sufficient audit evidence for the previous month). Also, the auditor must ensure the
integrity of data transfer and that this did not result in any material misstatement in
the new data set.
2.4 Results of Tests of Control

2.4.1 Deviations Identified in Tests of Control

The concept of monetary materiality does not apply when dealing with tests of
controls. If the expected deviation is zero, any error (regardless of its monetary
value) means that the control did not work. The auditor must determine the reason
for the deviation(s).
If there was only one (or very few) deviations in a sample, this may indicate an
isolated incident (e.g. no purchasing authorisation for a day because the buying
manager was sick).
• A review should be undertaken to see if the deviation was repeated at any
other time, (e.g. at what other times was the manager ill and were alternative
controls in place?) together with analytical procedures on purchases made on
those days.
• It may then be concluded that, if there is no material effect on the financial
statements, substantive procedures may not need to be increased.
• A report of the deficiency and potential effect must still be made to the client.
If several or numerous deviations are found, the conclusion will usually be that the
controls are not effective and substantive procedures must be extended accordingly.
Reason(s) for the failure in control must be established and reported to management
(see Chapter 13).

2.4.2 Conclusions from Tests of Control

Conclusion Implication

• Controls are operating The remaining assurance must be

effectively. obtained through reduced substantive
procedures. This could mean smaller
sample sizes for testing transactions
and balances and the use of
substantive analytical procedures.

• Controls are not operating All audit assurance must be obtained

effectively. through increased substantive
procedures (e.g. tests of details and
larger sample sizes) on transactions,
balances and disclosures.
If the risk assessment or results of testing indicate that controls are not satisfactory:
 • significant deficiencies must be reported to management (see Chapter 13);
and
• the audit strategy and plan must be updated (and approved by the partner) to
include increased substantive procedures.

2.5 Reliance on Past Results

2.5.1 General

Audit evidence on the operating effectiveness of controls obtained in previous audits

may be relied on as audit evidence for the current period, subject to the following
conditions:
• inquiries, observations and inspections confirm that no changes were made in
the current period;
• if an individual control, that control is tested at least once in every third audit;
• if several controls, a sufficient portion of them are tested each audit;
• the control does not relate to a significant risk.

2.5.2 Significant Risks

For significant risks, the operating effectiveness of controls must be tested annually.
Although prior-year audit evidence relating to the design of such controls may be
relied on (in the absence of changes), the evidence of its implementation and
operating effectiveness must be assessed each year.
The higher the risk of material misstatement, or the greater the reliance on the
control, the greater the need for that control to be tested annually. Factors to
consider include:
• the effectiveness of other elements of internal control; the control
environment, monitoring of controls and the entity's risk assessment process;
• the risks arising from the characteristics of the control (e.g. if manual or
automated);
• the effectiveness of general IT controls, in computer systems;
• the effectiveness of the control and its application, including the nature and
extent of deviations in its application (from tests of operating effectiveness in
prior audits);
• whether the lack of a change in a control poses a risk due to changing
circumstances;
• the risk of material misstatement and the extent of reliance on the control.
Activity 1 Prior Period Audit Evidence

Suggest FIVE reasons for the auditor NOT to rely on the audit evidence obtained in
prior periods.
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Key Skills

The learning outcomes for this chapter cover the first three skills, the remaining two
skills are detailed in the next chapter.

3.1.1 Control Objectives

At the assertion level, control objectives aim to ensure that only:

• authorised (Valid – V) transactions are
• promptly recorded (Complete – C) in the
• correct (Accurate – A) amount in the
• appropriate (A) accounts in the
• proper (Correct Cut-off – C) accounting period and that
• recorded assets exist (Existence – E).

Exam advice
 Remember the mnemonic CAVE.

For example, the overall control objective over purchases might be "to ensure that
payments are only made for goods and services received and required by the entity".
This may be broken down into sub-objectives (e.g. "to ensure that goods are only
received for orders placed").
This requires control activities over placing the order, receiving and accepting the
goods/services, recording and analysing the invoice and settling the liability to
achieve the overall control objective.

Example 3 Sales Cycle

Consider the sales cycle. Identify the overall control objective (that all goods
despatched are correctly recorded in the general ledger), break down the
transaction into components (i.e. the flow of documentation) and ask, "What could
go wrong?" – that is, what would be an appropriate control objective for that
element (e.g. to ensure that goods cannot be despatched without the correct
authorisation)? Effectively, devise control objectives at each stage.

Then ask what control activities need to be in place to achieve the control
objective (e.g. authorisation, completeness checks, reconciliations, pre-numbering
of documents, segregation of duties, etc).

It is important to understand the difference between:

• the control objective (i.e. what does the control aim to achieve?); and
 • control activities (i.e. what actions are needed to ensure that the objective is
achieved?).

Activity 2 Purchases Cycle

Use the components of the purchases cycle to generate FOUR control questions.

*Please use the notes feature in the toolbar to help formulate your answer.

3.2 Transaction Cycles

Audits are often performed by transaction cycle. This enables the auditor to gather
evidence for related account balances, transactions and disclosures simultaneously.
The transaction cycles relevant to the examination are:
• Revenue (i.e. sales and trade receivables) (s.4)
• Purchases (i.e. purchases and trade payables) (s.5)
• Payroll (i.e. wages and salaries) (s.6)
• Inventory (s.7)
• Bank and Cash (s.8)
• Non-current assets (s.9)
The sections that follow outline, for each transaction cycle:
• the control objectives;
• control activities; and
• tests of control.

4.1 Control Objectives

Exam advice

"Complete", "accurate," and "valid" are keywords in accounting control objectives.

"Prompt" is a more commercial objective.

4.2 Internal Control Examples and Sample Tests of

Controls

Key Point

IFRS 15 Revenue from Contracts with Customers outlines five steps in the
revenue recognition process:
Step 1 – Identify the contract(s) with the customer
Step 2 – Identify the separate performance obligations
Step 3 – Determine the transaction price
Step 4 – Allocate the transaction price to the performance obligations
Step 5 – Recognise revenue when or as the performance obligation is satisfied
Internal controls need to ensure that each step is completed properly. For
example, an entity should have documentation showing that each contract meets
the revenue recognition criteria. Such documentation should be reviewed and
approved by a party not otherwise involved in the revenue recognition process for
material or unusual contacts. The auditor could test this control by selecting a
sample of material contracts entered into during the period and verifying that the
documentation related to the contract was reviewed and approved. Similar internal
controls and tests of controls could exist for each step in the revenue recognition
process.

Stage Internal Control Sample Tests of

Examples Controls

Overall • Segregation of
duties between:
• Order recording
• Order
authorisation
• Despatch of goods
• Invoice preparation
• Handling of cash
receipts
• Ledger posting
• Supervision

Sales orders • Sales order should • Test a sample of

be authorised and sales orders for
show evidence of evidence of
authorisation (e.g. authorisation.
sales manager's • Review and test
signature). (e.g. by re-
• Sales orders are performance) the
sequentially client's procedures
numbered and for accounting for
regularly sequence the numerical
checked to ensure sequence of sales
completeness (i.e. orders.
pre-numbered or
generated in strict
 numerical • Observe periodic
sequence). review of open
• An "open sales sales order files.
order" file should • Test a sample of
be maintained and sales orders for
periodically evidence of credit
reviewed to ensure approval.
all orders are
ultimately fulfilled.
• Sales orders
should be
validated for price,
quantity, goods
availability and
customer
creditworthiness.

Goods despatches • Goods despatch • Test a sample of

notes (GDNs) GDN for evidence
should be matched of matching to
to authorised sales sales orders.
orders. • Review and test
• GDNs are the client's
sequentially procedures for
numbered and accounting for the
regularly sequence numerical
checked to confirm sequence of
completeness. GDNs.
• Proof of delivery • Test a sample of
(e.g. customer sales invoices for
signature) should evidence of proof
be obtained (e.g. of delivery.
on a copy of the • Review and test
GDN). the client's
• Sequentially procedures for
numbered goods accounting for the
returned notes numerical
should be used to sequence of goods
ensure returned notes.
completeness of
recording of sales
returns.

Sales invoices • Sequentially • Review and test

numbered sales the client's
invoices should be procedures for
 used. Regular accounting for the
sequence checks numerical
should be carried sequence of sales
out to ensure invoices.
completeness. • Inspect a sample
• Sales invoices of sales invoices
should be matched for evidence of
to GDNs and sales authorised sales
orders to confirm orders and GDNs.
the accuracy of • Review a sample
product description of sales invoices
and quantity. for evidence of
• Arithmetic verification of
accuracy of sales arithmetic
invoices should be accuracy.
verified.
• Prices on sales
invoices should be
agreed periodically
against the
authorised price
list.
• Trade discounts
applied should be
agreed (e.g. to
contracts with
customers or
authorised price
list) to ensure that
the correct
discount has been
applied to the
quantity sold.

Recording • Monthly • Observe

statements should preparation and
be sent to sending of monthly
customers and statements.
disputes handled
independently.

Cash receipts • Where money is • Review and

received by post, observe the
"mail-opening client's procedures
procedures" for opening mail
should include two and handling
 staff members complaints and
(segregation of disputes about
duties). monthly
• Cheques should statements.
be restrictively • Observe the
endorsed when preparation of the
received and a pre-listing of
pre-listing of cheques.
receipts prepared. • Examine bank
• All monies statements to
received should be verify that cash is
banked intact on deposited daily.
that business day. • Review the
• Entries in the cash monthly bank
receipts book reconciliations for
should be proved evidence of review
by regular (usually by a responsible
monthly) official (e.g. a
reconciliations of signature).
the bank account
balance in the
general ledger to
the bank
statement.
• Bank
reconciliations
should be
reviewed regularly
by a responsible
official
independent of the
recording function.

Activity 3 Tests of Control

Using the schedule which follows:

A. For each sales-cycle control question, suggest a direct control.
B. For each direct control in (a), suggest an appropriate test of control.
Control question (a) Direct control (b) Test of control
 1. Can goods be
despatched but not
invoiced?

2. Can invoices be
raised but omitted
from the detailed
sales listing?

3. Can receivables
be improperly
credited by
fictitious or
incorrect credit
notes, journals,
bad debt write-offs,
cash receipts, etc?
*Please use the notes feature in the toolbar to help formulate your answer.

5.1 Control Objectives

5.2 Internal Control Examples and Tests of Controls

Stage Internal Control Sample Tests of

Examples Controls

Overall • Segregation of
duties between:
• Purchasing
department
• Order department
• Bookkeeping
functions
• Inventory handling
• Recording and
payment
Requisitions • Orders should be • Verify
requisitioned by authorisation of a
the user sample of
department and purchase
authorised by the requisitions.
head of the • Test the sequence
department. of purchase
• Sequential requisitions and
numbering should enquire into those
be checked for missing.
completeness. • Scrutinise all
• A buyer should tenders received,
coordinate where applicable,
requisitions (to in respect of a
secure value for sample of
money). Selected transactions and
tender should be verify the
authorised. authorisation of
• An economic order selected tender.
quantity (EOQ)
inventory system
or checks on
physical quantities
held (to prevent
"overstocking").

Purchase orders • Purchase orders • Verify

should be raised in authorisation of a
an order (buyer) sample of
department purchase orders.
independent of all • Agree a sample of
other departments. and agree
• Purchase orders purchase orders to
must be requisitions.
sequentially pre- • Scan the unfilled
numbered. Orders purchase order file
must be authorised for evidence of
and the sequence review.
periodically
checked for
completeness.
• Pending (unfilled)
orders should be
reviewed regularly
to ensure that
 purchasing
requirements are
met.

Goods received • Goods should be • Test a sample of

inspected on GRNs for evidence
receipt (product that goods were
description, inspected when
quantity and received.
quality) before • Test a sample of
acceptance. GRNs for evidence
• Documentation that they were
accompanying matched to a
goods received purchase order
(e.g. the supplier's when received.
despatch note) • Test sequence of
should be matched GRNs and enquire
to a purchase into those missing.
order to confirm
the goods were
ordered. (Note 1)
• Sequentially
numbered goods
received notes
(GRNs) should be
raised for all goods
received and
periodically
reviewed for
completeness.

Purchase invoices • Invoices should be • Test a sample of

recorded promptly invoices for
(e.g. in a detailed evidence of
purchases listing) recalculation and
and sequentially matching to
numbered on purchase orders
receipt. and GRNs (e.g.
• Invoices should be look for initials on
checked and "grid stamp").
matched to the
GRN and
purchase order.
• Performance of
these checks
should be
 evidenced on each
invoice (e.g. by
initials in a "grid
stamp").

Recording • Batch control over • Examine a sample

input (i.e. a control of invoice batches
total of a batch of for evidence of the
invoices is use of batch
predetermined and control totals.
agreed after • Review the
processing) to monthly
ensure accuracy reconciliations of
and completeness. individual
(Note 2) supplier’s balances
• Monthly to supplier
reconciliation of statements for
balances per the evidence of
list of individual independent
suppliers to review.
suppliers'
statements (and
independent
review thereof) to
ensure
completeness and
accuracy of
postings of
invoices.

Cash payments • The person who • Test sequence of

signs cheques or checks and
bank drafts should enquire into those
not be involved in missing.
the authorisation, • Test a sample of
recording or cash payments to
custodial functions. supporting
• Two signatures documentation
should be required (invoices, GRNs,
for larger purchase orders
payments. and purchase
• All cheques should requisitions). Look
be issued in for evidence of a
sequential order "PAID" stamp.
and their sequence • Review bank
reconciliations for
 should be evidence of review
controlled. by a responsible
• Unused cheque official.
books should be
kept under lock
and key.
• Spoiled or
cancelled cheques
should be retained.
• No cheque or
other payment
order should be
raised without
supporting
documentation,
including the
invoice, GRN and
purchase order.
• Invoices and
requisitions should
be stamped
"PAID".
• The payments
system should be
supervised by a
responsible official
who oversees and
reviews monthly
bank
reconciliations.
Note:
4. An incomplete order may be accepted rather than refused. However, any
shortfall must be documented.
5. A control total may be a monetary total (e.g. of the amounts of the purchase
invoices) or a meaningless "hash" total (e.g. the sum of supplier account
numbers). Either would confirm the completeness of processing but only a
monetary total can confirm accuracy.

6.1 Control Objectives

6.2 Internal Control Examples and Tests of Controls

Stage Internal Control Sample Tests of

Examples Controls

Overall • A record should be • Review a sample

kept for each of employee files
employee and verify that all
containing, in engagements,
writing, proof of dismissals or
engagement, status changes are
dismissal, changes in writing and
in pay rates, etc. authorised by a
Any changes in responsible official.
detail should be • Review payroll
evidenced in documentation for
writing by a evidence of
responsible official. independent
• The payroll should scrutiny.
be independently
scrutinised (e.g.
 month-on-month)
to identify any
unexpected
deviations.
• A responsible
official should
supervise the
recording of payroll
and the regular
discharge of
payroll-related
liabilities.
• Segregation of
duties between:
• Personnel
management
• Payroll recording
• Cash payment
• Overall supervision
of payroll system

Clock cards • Safe custody and • Observe the use of

the restricted issue time clocks.
of clock cards and • Examine a sample
security passes. of time records for
• Supervision of approval.
employees as they
clock in and clock
out. (Note 1)
• All time records
should be checked
and approved.

Payroll preparation • Details of new • For a sample of

employees to be new employees,
put on the payroll verify the
should be authorisation of
authorised (e.g. by details by the
the line manager responsible official.
or department • For a sample of
head). employees,
• All overtime hours examine overtime
should be payments and
authorised before sickness or holiday
leave for evidence
 inclusion in the of authorisation by
payroll run. the responsible
• Any sickness or official.
holiday leave • Review payroll for
should be evidence of
authorised. accuracy check by
• The payroll should people
be checked for independent of
accuracy of detail payroll
of names, hours preparation.
paid, rates of pay • Examine payroll
and calculations of for evidence of
gross pay by approval by
people signature of
independent of responsible official.
payroll • Verify that
preparation. documentation for
• A responsible starters and
official leavers is
independent of the independently
recording and maintained and
authorisation examine the
function should documentation for
formally approve evidence of
the payroll by periodic
signing it. comparison to
• Documentation of payroll.
starters and
leavers should be
independently
maintained (e.g. by
the HR
department) and
periodically
compared against
the payroll.

Cash payments • Where employees • Observe the

are paid in cash, preparation of
only the exact net wage packets.
payment amount • Observe payroll
should be distribution
withdrawn from the unannounced.
bank. • Examine a sample
of wage packets
 • At least two people for evidence of
should prepare receipt (e.g.
wage packets employee
before pay-out. signature).
Wage packets
must be kept
securely.
• Handing out of
cash payments
must be
witnessed.
• Receipt of wage
packet must be
evidenced (e.g. by
employee's
signature). (Note
2)
• Uncollected wages
should be
recorded, placed in
safe custody by a
responsible official
and re-banked
after a reasonable
period.

Recording • Payments of tax • Examine a sample

liabilities (including of tax liability
social deductions) payments for
should be agreed evidence of
to the source agreement to
payroll. source payroll.
Note:
6. Supervision may be the physical observation of employees arriving at and
leaving the workplace or automated (e.g. swipe-card barriers).
7. Specific written authority should be required for a person to collect a wage
packet on behalf of an employee.

6.2 Internal Control Examples and Tests of Controls

Stage Internal Control Sample Tests of

Examples Controls
Overall • A record should be • Review a sample
kept for each of employee files
employee and verify that all
containing, in engagements,
writing, proof of dismissals or
engagement, status changes are
dismissal, changes in writing and
in pay rates, etc. authorised by a
Any changes in responsible official.
detail should be • Review payroll
evidenced in documentation for
writing by a evidence of
responsible official. independent
• The payroll should scrutiny.
be independently
scrutinised (e.g.
month-on-month)
to identify any
unexpected
deviations.
• A responsible
official should
supervise the
recording of payroll
and the regular
discharge of
payroll-related
liabilities.
• Segregation of
duties between:
• Personnel
management
• Payroll recording
• Cash payment
• Overall supervision
of payroll system

Clock cards • Safe custody and • Observe the use of

the restricted issue time clocks.
of clock cards and • Examine a sample
security passes. of time records for
• Supervision of approval.
employees as they
clock in and clock
out. (Note 1)
 • All time records
should be checked
and approved.

Payroll preparation • Details of new • For a sample of

employees to be new employees,
put on the payroll verify the
should be authorisation of
authorised (e.g. by details by the
the line manager responsible official.
or department • For a sample of
head). employees,
• All overtime hours examine overtime
should be payments and
authorised before sickness or holiday
inclusion in the leave for evidence
payroll run. of authorisation by
• Any sickness or the responsible
holiday leave official.
should be • Review payroll for
authorised. evidence of
• The payroll should accuracy check by
be checked for people
accuracy of detail independent of
of names, hours payroll
paid, rates of pay preparation.
and calculations of • Examine payroll
gross pay by for evidence of
people approval by
independent of signature of
payroll responsible official.
preparation. • Verify that
• A responsible documentation for
official starters and
independent of the leavers is
recording and independently
authorisation maintained and
function should examine the
formally approve documentation for
the payroll by evidence of
signing it. periodic
• Documentation of comparison to
starters and payroll.
leavers should be
independently
 maintained (e.g. by
the HR
department) and
periodically
compared against
the payroll.

Cash payments • Where employees • Observe the

are paid in cash, preparation of
only the exact net wage packets.
payment amount • Observe payroll
should be distribution
withdrawn from the unannounced.
bank. • Examine a sample
• At least two people of wage packets
should prepare for evidence of
wage packets receipt (e.g.
before pay-out. employee
Wage packets signature).
must be kept
securely.
• Handing out of
cash payments
must be
witnessed.
• Receipt of wage
packet must be
evidenced (e.g. by
employee's
signature). (Note
2)
• Uncollected wages
should be
recorded, placed in
safe custody by a
responsible official
and re-banked
after a reasonable
period.

Recording • Payments of tax • Examine a sample

liabilities (including of tax liability
social deductions) payments for
should be agreed evidence of
to the source agreement to
payroll. source payroll.
Note:
8. Supervision may be the physical observation of employees arriving at and
leaving the workplace or automated (e.g. swipe-card barriers).
9. Specific written authority should be required for a person to collect a wage
packet on behalf of an employee.

7.2 Internal Control Examples and Tests of Control

Stage Internal Control Sample Tests of

Examples Controls

Overall • Segregation of
duties between:
• Purchasing
• Receiving
• Inventory
management
• Despatch

Goods received • See internal • See tests of

controls over control related to
goods received in goods received in
the purchases the purchases
cycle. cycle.

Goods despatched • See internal • See internal

controls over controls over
goods despatched goods despatched
in the revenue in the revenue
cycle. cycle.

Inventory (physical) • Appropriate • Observe and

physical inspect physical
safeguards. For safeguards.
example: • Observe regular
• Gate controls over physical inventory
access to the counts and
warehouse perform test
• Environmental counts.
controls (e.g. • Observe physical
controlled inspection of
temperature, fire inventory by senior
alarms) personnel.
 • Emergency • Test sequence of
equipment (e.g. materials
sprinkler systems) requisitions and
• Security guards enquire into those
and CCTV. missing.
• Periodic (at least • Observe
annual) segregation of
comparison of goods sold
goods on hand (as awaiting collection.
determined by
physical count)
with quantities
shown in inventory
records.
• Senior personnel
should inspect
inventory for
obsolete, slow-
moving, damaged
or excess
inventories.
• Raw materials,
components, etc
should be
transferred to
production using
pre-numbered
materials
requisitions, and
sequence checks
should be
performed
periodically.
• Goods sold
awaiting collection
or delivery should
be held securely
designated areas.

Inventory records • GRNs and GDNs • Examine a sample

are used to update of GRNs and
inventory records. GDNs for evidence
• GRNs and GDNs of possession.
evidenced as • Review the
processed (e.g. comparison and
 stamped) and filed reconciliation of
numerically. book v. actual
• Regular physical quantities.
inventory counted,
compared "book" v
actual quantities
and investigated
for discrepancies.

8.1 Control Objectives

8.2 Internal Control Examples and Tests of Control

Stage Internal Control Sample Tests of

Examples Controls

Request for payment • Standardised • For a sample of

cheque requisition cheques, examine
form should be the supporting
used. documentation to
• Cheques or bank verify the use of
drafts should be the standard
prepared only after cheque requisition
 all source form and the
documents have independent
been approval of all
independently source documents.
approved.

Payment authorisation • Suppliers' • Examine a sample

statements should of suppliers'
be reviewed and statements for
reconciled to evidence of
accounts payable review,
records before reconciliation and
payment is authorisation.
authorised.

Cash payments • See internal • See tests of

controls related to control related to
cash payments cash payments
made in the made in the
purchases and purchases and
payroll cycle. payroll cycle.

Cash receipts • See internal • See tests of

controls related to control related to
cash receipts from cash receipts from
the revenue cycle. the revenue cycle.

Recording • Bank • Inspect bank

reconciliations reconciliations and
should be verify an
prepared regularly independent
(at least monthly). review.
• Bank
reconciliations
should be
independently
reviewed.

9.1 Control Objectives

Control objectives for the non-current asset cycle include the control objectives for
the purchases cycle, plus the following:
 • To ensure that all material capital acquisitions and disposals are approved by
management or the board.
• To ensure that only asset expenditure is recognised as an asset.
• To ensure that tangible and intangible non-current assets are appropriately
depreciated or amortised.
• To ensure that impairments are identified and accounted for.

9.2 Internal Control Examples and Sample Tests of

Controls

Internal controls and tests of controls include the internal controls and tests of
controls for the purchases cycle, plus the following:

Internal Control Examples Sample Tests of Control

• Annual capital expenditure • Confirm approval (e.g. signed

("capex") budgets and material capex request or board minutes)
non-current asset acquisitions for a sample of material non-
approved by the board of current asset acquisitions.
directors.

• Detailed asset register including • For a sample of material tangible

asset description, location, assets, review asset register to
acquisition date, cost, confirm that it is up to date and
depreciation/amortisation includes all required information.
method.

• Periodic inspection of assets and • Review asset register for

comparison with the asset evidence of regular physical
register. inspection (e.g. date of
inspection and comment on
physical condition).

• Approval of useful lives and

depreciation/ amortisation
methods used.

• Regular maintenance and

servicing by suitably qualified
engineers.

• Adequate appropriate insurance • Review documentation that

(e.g. buildings against fire or shows that adequate appropriate
flood, equipment against insurance has been maintained.
 breakdown and vehicles against
accidents).

• Safekeeping of documents of
title (e.g. title deeds to property
kept by the bank, vehicle
registration documents kept in a
locked safe).

• Procedures for recording • Observe procedures for

physical assets leaving or being recording physical assets leaving
removed from the client's or being removed from premises.
premises. (Note 1)
Note:
10. For example, delivery vehicles leaving and returning to depots or laptop
computers taken from the office to work from home.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

C. Internal Control
11. Tests of controls
• Describe computer systems controls including general IT controls and
information processing controls.
• Describe control objectives, control procedures, control activities, direct
controls, indirect controls and tests of control in relation to:
• The sales system
• The purchases system
• The payroll system
• The inventory system
• The bank and cash system
• Non-current assets

Summary and Quiz

• The IT environment is the IT applications and supporting IT infrastructure
including the IT processes (and personnel involved in those processes) used
to support business operations and achieve business strategies.
• General IT controls are implemented to address risks arising from the use of
IT.
 • Information processing controls include controls in IT applications and manual
information processes that directly address risks to the integrity of information
(i.e. the completeness, accuracy and validity of transactions and other
information.
• Tests of control are audit procedures designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level.
• Tests of controls must be performed when the auditor decides to place
reliance on them (i.e. assesses control risk) or when substantive procedures
alone are not sufficient.
• Some substantive procedures must be carried out for all material account
balances, transactions and disclosures (regardless of the reliance on
controls).
• The procedures used to test control effectiveness are observation, inspection
and re-performance (also inquiry, but not inquiry alone).
• Tests of controls only provides evidence of effectiveness at a point in time.
• When tests of controls identify deviations, the auditor must determine how
they arose, whether they are isolated or whether more audit evidence must be
obtained from substantive procedures.
• Each control to be relied on must be tested at least once in every third audit
and must be tested in the current audit if it has changed or relates to a
significant risk.
• To answer exam questions related to internal controls, specify control
objectives and control activities, suggest tests of control, identify deficiencies
and make recommendations.
• The transaction cycles relevant to the exam are revenue, purchases, payroll,
inventory, bank and cash and non-current assets.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Auditing in a computer-based environment (s.1)
• Specific aspects of auditing in a computer-based environment (s.1.2)
• ISA 330 and responses to assessed risks (s.2)
• The audit of wages (s.6)
For more recent articles and other resources please visit the ACCA global website.
Activity 1 Prior Period Audit Evidence

• A weak control environment.

• Weak monitoring of controls.
• A significant manual component in control activities.
• Personnel changes that significantly affect the application of the control.
• Changing circumstances that indicate the need for changes in the control.
• Weak general IT controls.

Activity 2 Purchases Cycle

Activity 3 Tests of Control

(Only one direct control was asked for.)

Control question (a) Direct control (b) Test of control

12. Can goods be Goods despatch note and Check cross-reference to

despatched but not invoice are of the same invoice for a sample of
invoiced? despatch notes and
 set (matched) and check for evidence of
sequence checked. sequence check.
Regular reconciliation of Check for evidence of
inventory per physical regular reconciliations
count to records and and ensure that they
investigation of appear reasonable (i.e.
differences. no unexplained
differences).

13. Can invoices be Recording on listing Check digital signatures

raised but omitted evidenced on the invoice on a sample of invoices.
from the detailed (e.g. by a digital Check for evidence of
sales listing signature). sequence check (e.g.
Entries on the listing are proof of investigation of
sequence checked to missing items).
ensure all invoices are
entered.

14. Can receivables Authority for credit notes, Check for evidence of
be improperly journal entries and bad authority on a sample of
credited by debt write-offs evidenced. credit entries in the sales
fictitious or ledger.
incorrect credit
notes, journals,
bad debt write-offs,
cash receipts, etc?
Chapter 13: Communication on Internal
Control

Visual Overview

Objective: To outline the matters to be communicated with those charged with

governance and how significant deficiencies in internal control and recommendations
to overcome those deficiencies are communicated.

1.0 ISA 260

 Key Point

Under ISA 260 Communication with Those Charged with Governance, the
auditors should:
• communicate clearly with TCWG the auditor's responsibilities for the
financial statement audit, and an overview of the planned scope and timing
of the audit;
• obtain from TCWG information relevant to the audit;
• provide TCWG with timely observations arising from the audit that are
significant and relevant to the auditor's responsibility to oversee the
financial reporting process; and
• promote effective two-way communication between themselves and
TCWG.
An overview of each key point is given below to place them into the context of
communications with TCWG. Full details are provided in the chapters referred to.

1.1 Responsibilities

The auditor's responsibilities will usually be communicated through the engagement

letter (see Chapter 5). Clarification of management's responsibilities will also be
made in the engagement letter. The detail of the engagement letter should be
discussed with TCWG and signed by them as accepting and understanding its
contents.

1.2 Form, Timing and General Content of the Audit

Although the auditor needs to have good communication with TCWG, it is the
auditor's sole responsibility to establish the scope and timing of the audit; others
cannot dictate this. Matters to be discussed include:
• the consequences of the auditor's work;.
• the entity's business, environment, objectives and strategies (and changes
since the last audit) (Chapters 8, 9);.
• materiality and significant risks of material misstatement (Chapters 8-10);
• approach to and reliance on internal control, including risk management;
• oversight and monitoring of internal control, including reports from
management and internal audit;
• working in a constructive and complementary way with internal audit (Chapter
18);
• detection or possibility of fraud (including whistle-blowing reports) and
breaches of laws and regulations (Chapter 11);
 • changes in laws and regulations (e.g. IFRS, governance practice, listing rules)
and any effect;
• significant communications with regulators (if any);
• the specialised skill or knowledge needed to complete the audit, including the
use of an auditor's expert; and
• when ISA 701 applies, any key audit matters identified by the auditor. (ISA
701 Communicating Key Audit Matters in the Independent Auditor's Report is
covered in detail later in Chapter 30.)

1.3 Communication of Significant Findings from the

Audit

The auditor should communicate any views about significant qualitative aspects of
accounting practices, including accounting policies, accounting estimates and
disclosures, for example:
• if any practice is considered inappropriate, the reasons why and any available
alternatives;
• changes made by management that the auditor considers to be inappropriate;
• the effect in controversial or emerging areas;
• indicators of possible management bias (e.g. aggressive application of
accounting policies or estimates that may be considered financial statement
manipulation).

Key Point

"Significant" is not defined in ISA 260, and deciding whether a finding is significant
does not require an elaborate evaluation exercise. It is simply a matter of
determining whether, having considered the relevant facts and circumstances, the
issue (or a combination of cases) is sufficiently important that it should be brought
to the attention of TCWG. It is a matter of professional judgment.

The auditor should also communicate significant difficulties, if any, that were
encountered during the audit, for example:
• delays by management, the unavailability of personnel or an unwillingness to
provide information;
• time and other pressure exerted by management;
• unavailability of expected information;
• restrictions placed on the auditors by management (limitation on
scope/insufficient evidence); and
• management's unwillingness to co-operate with the auditors (e.g. refusal to
communicate).
The auditor may also communicate significant matters arising from the audit that
were discussed or subject to correspondence with management, for example:
• significant matters where there was a disagreement with management;
• control deficiencies (see remainder of this chapter);
• subsequent events (Chapter 29);
• corrected and uncorrected misstatements (Chapter 29);
• doubts on management's integrity (Chapters 5 and 7);
• second opinions secured by management (Chapter 4);
• doubts on continuing appointment (Chapters 5 and 7); and
• written representations (Chapter 20).

Key Point

Any circumstances that affect the form and content of the auditor's report MUST
be communicated to TCWG (Chapter 30).

1.4 Auditor Independence

Where the entity is listed, TCWG must be satisfied that the auditors have complied
with relevant ethical requirements (Chapter 4).
This will generally take the form of a statement from the auditors that:
• the engagement team and the firm have complied with relevant ethical
requirements;
• identifies all matters that, in the auditor's professional judgment, may
reasonably be thought to bear on independence; and
• the related safeguards that have been applied to eliminate identified threats
to independence or reduce them to an acceptable level.

1.5 Two-way Communication

ISA 260 places significant emphasis on the need for the auditor to promote effective
two-way communication with TCWG, as this:
• assists in developing a constructive working relationship between the auditor
and those charged with governance;
• sets clear expectations between the auditor and TCWG regarding
communication of matters of audit relevance;
• recognises that TCWG are an essential element in the control environment;
• assists TCWG in fulfilling their oversight responsibility for the risk
management and financial reporting process; and
 • recognises that TCWG is an essential source of information for conducting an
effective audit.
As two-way communication cannot be required, the auditor evaluates whether it is
adequate. If not, this may affect the auditor's:
• risk assessment;
• ability to obtain sufficient appropriate audit evidence;
• consideration of the audit opinion.
Example 1 Communication to Those Charged with Governance

Pratty & Co Chartered Accountants is conducting the statutory audit of TG Co, a

sports facility service provider which manages sports facilities across the country.
During the course of the audit, Pratty & Co has made the following
communications to those charged with governance of TG Co:
1. The recognition of a provision for damages for a sports injury incurred in
one of TG Co’s sports facilities. Pratty & Co highlights the need to
recognise the best estimate of the liability (in accordance with IFRS), which
might lead to a material change in the amount presented in the financial
statements.
2. There were some issues in the system of internal control regarding the
documentation for cash fees collected for the rental of sports facilities at
specific locations. Some missing documentation led to discrepancies in
reported cash figures and cash counts at some of the sites, and Pratty & Co
could not trace the missing funds. Cash sales are a material aspect of TG
Co’s revenue.

2.1 Deficiencies

The relevant standard is ISA 265 Communicating Deficiencies in Internal Control to

Those Charged with Governance and Management.

Definition

Deficiency in internal control – exists when:

• A control is designed, implemented or operated in such a way that it is
unable to prevent, or detect and correct, misstatements in the financial
statements on a timely basis; or
• A control necessary to prevent or detect and correct misstatements in the
financial statements on a timely basis is missing.
2.2 Significant Deficiencies

Definition

Significant deficiency – a deficiency (or combination of deficiencies) that is of

sufficient importance to merit the attention of TCWG.

Examples of matters that the auditor may consider in determining whether a

deficiency or combination of deficiencies in internal control constitutes a significant
deficiency include:
• The likelihood of the deficiencies leading to material misstatements in the
financial statements in the future.
• The susceptibility to loss or fraud of the related asset or liability (Chapter 11).
• The subjectivity and complexity of determining accounting estimates (Chapter
17).
• The financial statement amounts exposed to the deficiencies.
• The volume of activity in the account balance or class of transactions exposed
to the deficiency or deficiencies.
• The importance of the controls to the financial reporting process, for example:
• General monitoring (such as oversight of management).
• Prevention and detection of fraud.
• Selection and application of significant accounting policies.
• Significant transactions outside the entity's normal course of business.
• Period-end financial reporting process (e.g. non-recurring journal entries).
• The cause and frequency of the exceptions detected due to the deficiencies.
• The interaction of the deficiency with other control deficiencies.
Example 2 Control Deficiency

Tralla & Co is performing the audit of Weebli Co. In tests of controls on the wages
system, the auditor found significant control deficiencies in the wages system,
including:
3. Lack of necessary authorisation or authentication to create employee files
for starters and leavers. Wages clerks had full access to all files in the
wages system.
4. A significant number of fictitious employees have been paid regularly.
5. Lack of documentary evidence, such as timesheets, for work done.
6. Wages paid to fictitious employees had been removed from the monthly
wages report sent to management, resulting in accounting entries that do
not reflect actual wages paid.
 Tralla ∓ Co concludes that the risk of material misstatement in wages expense
is high and that the control deficiency is important enough to merit the attention of
those charged with governance.

Activity 1 Indicators of Significant Deficiencies

Suggest FOUR examples of indicators of significant deficiencies in internal controls.

*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Requirement to Report

3.1.1 Significant Deficiencies

The auditor is required to communicate in writing significant deficiencies in internal

control identified during the audit to TCWG on a timely basis.
This communication should be with the level of management that has the authority to
evaluate and take action on the deficiency (usually the CEO or CFO).

Key Point

If significant deficiencies call into question the integrity or competence of

management, the auditor may decide to report such matters to TCWG only.

TCWG must be made aware (by the auditor) of all matters discussed with
management relating to deficiencies.
Where the entity is subject to a specific regulatory regime, the auditor may be
required to report certain control deficiencies directly to the regulators. In some
cases, this may be without the awareness of TCWG. The auditor must take great
care not to breach legal requirements that restrict such communications (see s.1.9 in
Chapter 11).

3.1.2 Other Deficiencies

Deficiencies identified that are not significant, but (using professional judgment) the
auditor considers should be drawn to the attention of management, may be:
• discussed with TCWG if they wish to be made aware of such matters (e.g.
under corporate governance regulations);
• included as a subsection in the written report on significant deficiencies if
required by TCWG; or
• reported (orally or in writing) only to management if considered useful to
management.
Where the auditor notes that other deficiencies previously reported have not been
acted upon, there is no need to repeat them in the current year. However, if the non-
action is a significant deficiency in control, it should be reported to TCWG.

3.2 Report to Management

The most common way of communicating significant deficiencies to TCWG and

management is through a report to management (also called a management letter).
The requirement of ISA 265 to inform TCWG of significant deficiencies in writing is
explained in the engagement letter (see Chapter 5).

Key Point

As well as reporting control deficiencies, the report to management may be used:

• to provide constructive advice on business systems, risk systems and risk
management (e.g. by benchmarking the client's systems against expected
norms as part of the auditor's understanding of the entity and environment);
• to indicate areas in which audit efficiency could be improved and thereby
reduce audit costs (e.g. extended use of CAATs, preparation of documents
by the client);
• to protect the auditor against potential litigation by showing that significant
deficiencies had been identified and drawn to the attention of TCWG and
management

3.3 Content

The report to management must be addressed to TCWG (e.g. the board) and not to
an individual director. The auditor should ensure that its contents have been
discussed by TCWG (e.g. as shown by minutes of a board meeting).
The report should be clear, concise, constructive and structured. It will usually
consist of two elements:
 • a covering letter; and
• supporting detail and the possible effect of the deficiency, suggestions for
corrective action and management response.
The detail in the letter should not conflict with the opinion expressed in the auditor's
report (e.g. matters in the report indicate that proper books and records have not
been kept, yet the audit opinion is unmodified).
The covering letter should contain statements that:
• The purpose of the audit was for the auditor to express an opinion on the
financial statements;
• Internal controls were considered only to the extent necessary to determine
the auditing procedures and not to determine the adequacy of internal control
for management purposes or to provide assurance or express an opinion on
the systems of internal control;
• Only deficiencies in internal control which have come to the auditor's attention
as a result of audit procedures and that are considered to be of sufficient
(significant) importance to be reported are included;
• If the auditor had performed more extensive procedures on internal control,
more deficiencies might have been identified to be reported; and
• The report is provided to TCWG and management in the context of the audit
and may not be suitable for other purposes.
Activity 2 Qualities

Suggest SIX qualities that an audit manager might look for when reviewing a report
to management regarding significant deficiencies in internal control drafted by an
audit senior.
*Please use the notes feature in the toolbar to help formulate your answer.

3.4 Form and Presentation of Supporting Detail

Matters may be included in the body of the covering letter, or as a separate

appendix. They will usually be prioritised (e.g. high risk first, lower risk following; in
other words, significant matters first, and then other matters). They may also be
categorised into audit sections (e.g. sales, inventory, receivables).
A common structure of the recommendations covers:

Explanation/details • The description of each

deficiency is concise, but
specific, and the extent of the
 error is quantified where
appropriate.

Consequence/impact • Expressed in terms of the

financial statements (e.g. they
could contain errors in the future)
or the entity's assets (e.g. future
financial loss may result). It
should not imply that such errors
have led to financial loss unless
they have been quantified or that
any employee has taken
advantage of the deficiency
unless such action has been
quantified.

Recommendation • How each deficiency could be

eliminated. Recommendations
must be practical, beneficial and
cost-effective to encourage
management to adopt them.

Management response • If points have already been

discussed with TCWG/
management, include agreed-
upon actions. Otherwise, request
a reply to the points raised.
All matters raised should normally be in writing. However, if a written report is
considered unnecessary, inappropriate or not cost-effective, the matter should be
discussed with the client and recorded as audit evidence in the working papers.
Ideally, a copy of the note should be sent to the client for confirmation and response.

3.5 Follow-up

Once issued, the response of TCWG/management should be obtained as quickly as

possible and assessed for its effect on the next stage of the audit (e.g. if
recommendations can be implemented before the year-end and final audits). All
matters that would affect TCWG/management carrying out their duties should be
resolved before the financial statements are approved by management. Similarly,
any issues affecting the audit opinion must be resolved before the opinion can be
issued. All other issues should be documented as part of the working papers within
60 days of the issue of the auditor's report (ISA 230 Chapter 6).
Prior-year communications should be reviewed as part of the planning for the current
audit. If controls have been implemented, their design, implementation and potential
for testing must be assessed.

Activity 3 Deficiencies and Recommendations

You are the auditor of Homecontrols, a company which manufactures components

for domestic appliances. It operates a perpetual inventory system and performs
quarterly physical inventory counts, amending the perpetual inventory records to
reflect actual quantities counted.
During your interim visit, you review the results of the last physical count. Several
high-value items included in the records were not in inventory. Also, returns from
customers were added to physical inventory but are not recorded in the perpetual
inventory records.

Required:

Draft, for inclusion in a report to management, the identified deficiencies,

possible implications and recommendations to address them.
*Please use the notes feature in the toolbar to help formulate your answer.

Activity 4 Internal Control Deficiencies

Miller Co is a pharmaceutical manufacturer. The purchasing department is managed

by Mr Wurm, the buyer, and his assistant Walter Green. The value of purchases
annually is about $3 million. When goods are required, the inventory records clerk,
Frederica, sends a purchase requisition to Mr Wurm, who requires Walter to type out
a purchase order. Walter manually enters a sequential number onto the purchase
order and photocopies the order. The original is sent to the supplier, and a copy is
kept in a file.
When the goods arrive, they are stored in the warehouse, and the supplier's
despatch note is sent to Walter from the warehouse supervisor. Walter then marks
off the items received on the order and sends the despatch note to Frederica. She
uses it to update the inventory records before filing them in chronological sequence.

Required:

a. Identify FIVE deficiencies in the system and state their implications.

b. Suggest recommendations to improve the system, assuming that Miller
Co has sufficient resources to implement suitable recommendations.
3.6 Interested Third Parties

The auditor cannot disclose the detail of the report to management to any third party
without the client's consent, as it is confidential information. A disclaimer/caveat
would normally be included in the report, stating that:
• the report has been prepared for use by TCWG/management (or other
specific named party);
• the written consent of the auditor is required for the client to disclose the
information to another party;
• the auditor has no responsibility to third parties.
Example 2 Specimen Report to Management

The Board of Directors Per. Schorsa, 777

Revup Automotives Oceanana, 030598
Rada Str, 56A 21 May 20XY
Oceanana, 010145

To those charged with governance and management.

20XY Interim Audit
During our recent interim audit for the year ending 30 June 20XY, we examined
the controls and procedures that you have established to provide reasonable
assurance about the achievement of the company's objectives with regard to the
reliability of financial reporting, the effectiveness and efficiency of its operations,
and compliance with laws and regulations.
As stated in our engagement letter of 1 August 20XX, and reaffirmed at our
meeting on 26 April 20XY, we are writing to you to draw your attention to those
matters that have come to our attention as a result of our audit procedures and
that we consider to be of sufficient importance to be formally reported to you.
These matters are set out in the attached appendix together with our suggestions
on how internal controls could be improved.
It must be appreciated that the matters dealt with in this letter came to our notice
during the conduct of our normal audit procedures which are designed primarily to
enable us to express an independent opinion on the financial statements of the
company. Consequently, our work did not encompass a detailed review of all
aspects of the control systems and cannot be relied upon necessarily to disclose
all defalcations or other irregularities or to include all possible improvements in
internal control. In particular, our work does not determine the adequacy of internal
control for management purposes or provide separate assurance, or enable us to
express an opinion, specifically on the system of internal control.
As confirmed by the finance director and chief accountant in our meeting with
them on 15 May 20XY, all of these matters have been discussed by us with them,
and they are in broad agreement with the recommendations made.
This report has been prepared for the sole use of those charged with governance
and management (i.e. the board and audit committee) of Revup Automotives in
the context of our audit of the company's financial statements. No responsibility is
accepted to yourselves or other third parties without prior knowledge and
agreement with yourselves and those parties in writing, for any alternative use of
this report.
We look forward to formally hearing from you regarding the action that you intend
to take concerning the matters raised in this report.
Finally, we should like to take this opportunity to thank your staff for their co-
operation and assistance during the course of our audit.
Yours faithfully
A, B & C Chartered Certified Accountants & Registered Auditors

Deficiency Impact Recommendations

Hours worked by service employees

• The total hours • Employees may be • The service

worked by service paid for work that manager should
employees they have not done review and
(including (e.g. if other authorise the
overtime) are not employees input computer time
independently their time card and schedules as an
verified and code on arriving accurate record of
authorised. and leaving the time spent working
premises on their by service
behalf). employees.
• He should also
regularly review
the security
recordings
showing
employees
inputting their time
card and code to
check for potential
abuse (e.g. more
 than one card
being used).

Goods received

• Goods received • Financial loss • All goods received

notes are not would occur if, for should be checked
always authorised example, the for quantity, quality
to show that goods received and agreement to
details have been were not ordered the purchase
agreed to or were not of the orders.
purchase orders right quality. Using • Any goods
and that the poor quality goods received note sent
quantity and may result in to accounts (to
quality of the customer claims await the purchase
goods have been against the firm. invoice) should be
checked. From our tests returned to the
carried out, we goods received
estimate that 60% department if not
of goods received authorised or not
are not being in agreement with
agreed to the copy purchase
purchase orders or order already held
physically by accounts. The
checked. financial
accountant should
follow up any such
instances to
ensure appropriate
action has been
taken (e.g.
correctly
authorised or poor
quality goods
returned to the
supplier).

Data security

• There is no access • Because the • Although our tests

security for the password facility did not find any
computer terminals has been disabled, errors, the
in the wages anybody can password system
department. access the system should be
without authority reactivated
and, for example, immediately
 change or corrupt following the
data (e.g. add non- recommended
existent approach of the
employees or system designers
increase wage (e.g. at least 12
rates). characters in
length, a mix of
upper and lower
case, alpha and
numeric
characters, not a
dictionary word or
valid date).
• Passwords should
be remembered
and users should
not write them
down where they
can easily be
found (e.g. under
the keyboard or on
the side of the
computer monitor).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

C. Internal Control

7. The use and evaluation of systems of internal control by auditors

• Evaluate internal control components, including deficiencies and significant
deficiencies in internal control.
8. Communication on internal control
• Discuss the requirements and methods of how reporting significant
deficiencies in internal control are provided to management and those
charged with governance.
• Explain, in a format suitable for inclusion in a report to management
significant deficiencies within a system of internal control and provide control
recommendations for overcoming these deficiencies to management.
 • Discuss the need for auditors to communicate with those charged with
governance.

Summary and Quiz

• The auditor's communication with TCWG should include the auditor's

responsibilities for the financial statements, the form and timing of the audit,
any significant findings and a statement of auditor independence.
• Significant findings include matters related to accounting policies, estimates,
disclosures, significant difficulties encountered during the audit and important
issues discussed with management.
• The auditor should promote effective two-way communication with TCWG.
• A deficiency in internal control exists when a control is missing or unable to
prevent or detect and correct material misstatements on a timely basis.
• A significant deficiency is one of such importance that it merits the attention of
TCWG. All significant deficiencies should be reported in writing in a report to
management.
• The report to management generally includes a covering letter and supporting
detail that describes the significant deficiencies, the possible effects,
recommendations for corrective action and management response.
• The report to management should not be disclosed to third parties without
management's consent.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.
Activity 1 Indicators of Significant Deficiencies

• TCWG is not appropriately scrutinising significant transactions that

management is financially interested in.
• Management fraud, whether or not material, was not prevented by the entity's
internal control.
 • Management failed to implement appropriate remedial action on significant
deficiencies previously communicated.
• Lack of, or ineffective, risk assessment processes.
• Ineffective response to identified significant risks (e.g. absence of controls
over such a risk).
• Misstatements detected by audit procedures that were not prevented or not
detected and corrected by the system of internal control.
• Restatement of previously issued financial statements to reflect the correction
of a material misstatement due to error or fraud.
• Evidence of management's inability to oversee the preparation of the financial
statements.

Activity 2 Qualities

• Timeliness: as soon as possible after the completion of audit procedures.

• Use specific examples to illustrate deficiencies.
• Clear explanations of implications/risks.
• Commercial awareness of the client's expectations.
• Practicable recommendations for improvements.
• Inclusion of prior year points not acted upon, suitably amended.
• Clear, constructive and concise.
• Careful presentation (e.g. "tiered" structure).
• Factual accuracy.
• Evidence of discussion (e.g. inclusion of client's comments).
• No remarks of a personal nature.

Activity 3 Deficiencies and Recommendations

Deficiencies
• Authorised inventory movements (e.g. customer returns) may not be
recorded.
• Possibility of unauthorised inventory movements/misappropriation/theft.
Implications
• Records are unreliable for year-end inventory figures.
 • Management decisions (e.g. to place orders/make sales) are based on
unreliable figures.
• Receivables will be overstated if returns are not accounted for.
• Unexplained inventory losses represent financial loss.
Recommendations
• Improve physical security (e.g. with gate controls).
• All movements to be accompanied by a sequentially numbered document.
• Prohibit unauthorised movements: need a responsible person in charge of
stores.
• Monthly physical counts until the problem is resolved.

Activity 4 Internal Control Deficiencies

Deficiency Implication Recommendation

Purchase orders are • Orders could be • Use pre-numbered

numbered manually. placed on duplicated purchase orders to
purchase order ensure that all
numbers. These orders can be
could be placed with sequentially
a supplier without controlled (including
authorisation. those that are
cancelled before the
order despatch).
Regular sequence
checks should be
carried out to identify
unfulfilled orders to
take appropriate
action.

Only a photocopy of the • If a copy is not made • Multi-part, pre-

original purchase order is or is subsequently numbered order sets
made. altered, incorrect should be used:
quantities of goods 9. Retained in the
or incorrect goods purchasing
may be accepted. department;
10. Sent to the inventory
clerk to confirm the
order has been
placed;
11. Sent to the
warehouse; and
 12. Sent to the accounts
department

The warehouse has no • The warehouse may • The warehouse

notification of what has accept goods that should receive a
been ordered. have not been copy of the purchase
ordered. This would order.
incur additional • The warehouse
liabilities and costs manager should
in returning goods. agree goods
received (description
and quantity) to an
authorised purchase
order before
accepting them.

Orders do not show the • Incorrect prices • The agreed price for
agreed price of the goods charged by suppliers the goods ordered
from the supplier. may go unnoticed (e.g. according to
and result in the supplier's
overpayment for the catalogue) should be
goods received. recorded on the
purchase order. A
higher price on a
purchase invoice
can then be
disputed.

Purchase orders are placed • Unauthorised or • Mr Wurm should

without authorisation. incorrect purchases sign orders as
could be made, evidence of
committing the authorisation. This
company to goods it should mean that
does not require or the goods are
unfavourable required (e.g. from
payment terms. requisitions,
budgets, inventory
records) and that the
price is agreed
upon.

Goods are stored on receipt • The company may • Goods should be

before any checks are incur liability for physically inspected
made. goods that have not by the warehouse
been ordered (e.g. supervisor and
an over delivery) or agreed to the
are damaged. Costs purchase order
will be incurred before acceptance.
unnecessarily to • The warehouse
supervisor should
 rectify such complete a pre-
situations. numbered, multi-part
Goods Received
Note (GRN):
13. to update order files
so that outstanding
orders can be
identified;
14. to be agreed to the
purchase invoice;
and
15. to update the
inventory records.

Inventory records are • Inventory records • Inventory records

updated based on suppliers' will be inaccurate if should be updated
despatch notes. goods and/or based on actual
quantities according goods received as
to the despatch confirmed by the
notes do not agree GRN raised by the
to those physically warehouse
received. supervisor.
• Understated
inventory quantities
may result in goods
being ordered that
are not needed
(incurring costs of
holding unnecessary
excess);
• Overstated inventory
quantities may result
in "stock-outs"
(incurring costs of
emergency
replenishment).
Chapter 14 : Internal Audit

Visual Overview

Objective: To describe the role, scope and functions of internal audit and the nature
and extent of internal review assignments.

1.1 Internal Audit

Definition

Internal audit – an independent, objective assurance and consulting activity

designed to add value and improve an organisation's operations. It helps an
organisation accomplish its objectives by bringing a systematic, disciplined
 approach to evaluate and improve the effectiveness of risk management, control
and governance processes.
–Institute of Internal Auditors IIA

Key Point

One of the primary responsibilities of the audit committee is to monitor and review
the effectiveness of the internal audit function.

This definition usefully outlines the relationship between internal audit and the
management of an entity. Key elements that have not been covered already in this
text are:

Add value • Organisations exist to create

value or benefit their owners,
other stakeholders, customers
and clients.
• When gathering data to
understand and assess risk,
internal auditors gain insight into
operations and opportunities for
improvement that can benefit the
organisation.

Control • Any action taken by

management, the board, etc to
enhance risk management and
increase the likelihood that
established objectives and goals
will be achieved.

Adequate control • Present if management provides

reasonable assurance that:
• risks have been managed
effectively; and
• goals and objectives will be
achieved efficiently and
economically.

Governance process • The procedures used by

stakeholder representatives to
provide oversight of risk and
 control processes administered
by management.

1.2 Assessing the Need for Internal Audit

When the board and senior management are sufficiently close to the business and
the systems are not so complex, the following sources of assurance about the way
the business is operated may prove to be adequate:
• the views of, and representations from, executive directors and senior
managers;
• the views of other employees through, for example, a self- assessment
process;
• results of management's internal confirmation procedures;
• regular information on financial and operational matters;
• performance indicators;
• early warning mechanisms;
• external auditor's reports to management;
• reports of any relevant external regulators; and
• reports (if any) from relevant internal compliance functions.

Key Point

Where there is no internal audit function, the audit committee should consider
annually whether there is a need for an internal audit function.

However, management's time and attention can be significantly stretched as

organisations grow and:
• become more geographically diverse;
• business is undertaken in new environments (e.g. e-commerce);
• develop new products and competitive pressures increase;
• systems become more complex; and
• change is the norm.
In particular, when a company becomes listed, the demands placed on management
for transparency and effective running of the business by the stakeholders are
significantly increased.
Many stock exchanges require listed companies to have an internal audit function or
explain why they do not in their annual reports.
 Key Point

The reasons for the absence of an internal audit function should be explained in
the relevant section of the annual report.

Activity 1 Assessing Need for Internal Audit Function

Suggest additional matters which directors might consider when assessing the need
for an internal audit function.
*Please use the notes feature in the toolbar to help formulate your answer.

1.3 Relationship Between External and Internal Auditors

External Internal

Role • To provide an • To appraise,

independent examine and
opinion (in a evaluate
report) on financial organisational
statements (see activities and
Chapters 1 and assist
30). management in
discharging its
responsibilities.

Required by • Statute (typically). • Management,

usually in larger
organisations, will
be urged/required
by best practices
(e.g. governance
codes) to
continually review
the need for
internal audit.
Appointed by • Shareholders • Highest level of
(usually at an management
AGM) or directors. charged with
responsibility for
internal audit (e.g.
audit committee
under corporate
governance
codes).

Reports to • Shareholders • For listed

(primary statutory companies, usually
duty) and the audit
management committee under
(professional corporate
responsibility). governance codes.
For other
companies, the
highest level of
management
charged with
governance (e.g.
the board).

Reports on • Financial • Organisational risk

statements. management,
Primary internal control and
responsibility is of quality of
a financial focus. performance. The
focus is
operational as well
as financial.

Forms opinions on • Financial • Effectiveness of

statements risk management
“present fairly” (or strategy and
equivalent). operations,
operation of
corporate
governance,
adequacy and
effectiveness of
internal control and
other business
functions
contribute to the
 economical,
efficient and
effective use of
resources (see
s.3).

Status • Independent of the • Employee

client company. (therefore
potentially less
objective).

Qualification • Usually ACCA, • May also be

ICAEW, ICAI or members of other
ICAS. professional
bodies (e.g. IIA) or
unqualified.

Scope of assignment • Unlimited, to fulfil a • Prescribed by

statutory management,
obligation. Usually TCWG or audit
defined by committee.
legislation as well
as ISA.

Conduct of audit • In accordance with • Similar, Standards

ISAs, for example. for the
Professional
Practice of Internal
Auditing, including
ethics.

2.1 Role in Corporate Governance

Internal audit provides the board with assurance that it is maintaining sound risk
management and a system of internal controls to ensure:
• appropriate risk management and mitigation;
• the effective operation of controls;
• assets are safeguarded; and
• the integrity of financial information.
2.2 Scope of Function

The objectives and scope of an internal audit function, the nature of its
responsibilities and its organisational status vary widely, but typically include the
following:
• Understand the key risks (including fraud) and assess the adequacy of the
processes by which these risks are identified, evaluated and managed.
• Review the sufficiency of the information and the adequacy and operation of
controls used to manage those risks.
• Assess the reliability and integrity of key financial and operating information
and the means used to identify, measure, classify and report such
information.
• Review the processes and systems to ensure adherence with those policies,
plans, procedures, laws and regulations which could affect the company and
determine whether it complies.
• Review the means of safeguarding assets and other essential resources,
especially information in hard copy or on computer systems, including
business contingency plans and the security of computer systems.
• Review operations or projects (including systems under development) to
ascertain whether results are consistent with established objectives and
goals, and whether the operation or projects are performing as planned.
• Monitor corrective action plans to ensure that management implements them
promptly and effectively.
• Advise management on cost-effective controls for new systems and activities.
• Liaise with TCWG (e.g. the audit committee) and the external auditors (as
necessary).

Key Point

In summary, internal audit encompasses:

• Risk assessment;
• Assurance on controls;
• Compliance;
• Integrity of financial information;
• Safeguarding assets.

2.3 Limitations
 • Without the full support of management and TCWG the authority of internal
audit and the scope of its work may be severely limited.
• Internal audit may not be allowed to operate as an independent function.
• Scope of work may be limited by executive management.
• Reporting lines do not ensure that appropriate action will be taken.
• Internal audit is denied access to key personnel and information.
• The effectiveness of the internal audit function can be limited if management
is over-reliant on internal audit to the extent that internal audit does not have
the time and resources to fulfil its proper purpose.
• The high cost of setting up and maintaining may not be justifiable.
• Management may ignore reports or recommendations.

2.4 Structure of Function

As an internal audit department is not a legal requirement, there is flexibility in

establishing the function to best meet the needs of the organisation.
As previously noted, independence is a key issue. Internal auditors are often
employed by the organisation on which they report and managed as part of the
finance department. This creates a potential problem where they are expected to
report on systems they form a part of.
How the department is structured within the organisation is, therefore, an essential
safeguard in preserving the independence of the function. The structure is also vital
in ensuring that the department provides assurance effectively.
An appropriate structure should include the following features:
• A sufficiently qualified and experienced head of internal audit should report
directly to the audit committee (or to the board if there is no audit committee).
• Other departments should regard the internal audit department well. This will
be achieved through communication and education regarding its role. This
should come directly from the board through the organisational culture and
“tone at the top” as well as from the internal audit team:
• The internal audit team should be friendly and approachable;
• Organisational processes should ensure that the internal audit team is given
full access to records, systems and staff throughout the organisation;
• The board should encourage co-operation and communicate the benefits of
internal audit, creating a pro-audit culture.
• A whistle-blowing function to allow serious misconduct to be reported, in
confidence, to internal audit for investigation and, where appropriate, reporting
to the appropriate authorities.
• The scope of internal audit work should be set by the audit committee or the
head of internal audit.
 • Controls should be established to prevent self-review by internal auditors. For
example, a team member who provides advice about the set-up of a new
system should not be involved in the subsequent audit of that system.
• The internal audit department should be sufficiently resourced, both financially
and in terms of qualified and experienced staff
• The department must be well organised with well-developed working practices
Example 1 Internal Audit

Verely Co operates an internal audit (IA) function; its scope covers both financial
and operational aspects of Verely’s business processes. Verely Co’s IA reports
directly to its audit committee.
Verely Co’s IA has recently completed its audit of Verely’s procurement process.
Of 329 significant procurements, 18 did not comply with Verely’s risk processes
(e.g. three independent quotations, declaration of no conflict of interest, and a
post-delivery review before payment). The IA’s report was given to the audit
committee for action and control.
Verely’s IA also completed an audit on inventory handling for high-value,
environment-sensitive inventory items. It found that there was not enough
documentation nor management oversight of handling processes to complete the
audit trail in 128 instances during the year, which resulted in 14 units found
missing, with a further 20 units found to be in the wrong storage facility, and 12
units damaged and unusable.

An alternative approach is to outsource the internal audit function.

3.1 Meaning

Definition

Outsourcing – the process of contracting out one or more elements of operations

to a service provider outside of the organisation's management structure.

A third-party service provider delivers services for and in the name of the
organisation in many cases.
Outsourcing may also be referred to as "contracting out", "third party provision" and
"service provision".
3.2 Internal Audit

The practice of outsourcing internal audit has increased as the need for internal audit
has increased (e.g. to better meet the requirements of corporate governance):
• Smaller companies may outsource because they do not have the resources to
set up their own department.
• Larger companies may decide that resources are best used elsewhere and
not invest in this non-core (though essential) area.
• Specialised internal audit providers and the "global" and other accounting
firms offer such services.

3.3 Factors to Consider

Factors to be considered in deciding whether to outsource internal audit include:

• Whether there is a need to outsource. For example:
• In a high-growth or highly regulated industry where the demands on internal
audit are increasing.
• If the company is struggling to recruit and retain sufficiently skilled
professionals to maintain an effective internal audit function in-house.
• What to outsource – the whole of internal audit services or specific functions
(e.g. environmental auditing)?
• What (and who) to retain – the head of internal audit may be retained as an
employee (to keep a high level of responsibility in the company)?
• Terms of reference:
• What services will be provided?
• Whom does the service provider report to?
• What form will reports take?
• What action will be taken if problems occur?
• How will fees be determined and charged?

Key Point

The audit committee must consider the effect of outsourcing internal audit on the
effectiveness of the company’s overall arrangements for internal control and
investor perceptions.
3.4 Benefits

• Reduced costs – a company with an in-house internal audit service must pay
salaries, training and overheads. Although contractor's fees will be set to
cover these, there may be economies of scale. The company would only pay
for resources when required so the total cost may be cheaper.
• Consistency with external audit – if outsourced to the external auditors,
there may be greater consistency in approach. As external audit may be able
to place more reliance on internal audit (see Chapter 18) the company would
benefit from a lower fee.
• Skills – outsourcing provides access to new skills. External providers will
have a broader range of skills and experience from auditing other companies.
• New techniques –
• both the internal and external audit markets are very competitive. This
encourages firms to develop new techniques which are more efficient and
effective (e.g. data analytics). Contracting out gives the company access to
these techniques without a high level of investment.
• Management time – time and resources can be freed to concentrate on core
areas of the business.
• Liability – legal action may be brought against an external service provider if
its standards are not acceptable.

3.5 Disadvantages to the Company

• Skills – an external contractor may lack the specialist skills relevant to a

company that an in-house service will possess. Once a contractor is brought
in, these skills may be lost forever.
• Service constraints – the service provider will need to act according to the
terms of reference. It may be unable to follow up suspicious circumstances
beyond the duties specified without renegotiating the terms of reference.
• Flexibility – an in-house department will provide a permanent presence,
whereas contracted-out services may only be at the company for discrete
periods. Outsourcing may result in reduced staff availability and flexibility.
• Conflicting reporting lines – internal audit should report to the company's
audit committee or board of directors. However, as an employee of the
internal audit provider, the employee may be expected to report to the
management as a client.
• Standard of service – once an external provider has secured the contract,
the level of service provided may fall.
• Corporate culture – contracting out any service involves a change to
corporate culture.
3.6 Service Provider Issues

• Skills – the service provider must have the appropriate skills and expertise to
undertake the internal audit role. Although there are overlaps between internal
and external audit, internal audit usually fulfils a broader role.
• Staff management – undertaking internal audit functions may improve staff
management where the service provider is an audit/accountancy practice.
Internal audit work may be conducted with fewer external audit engagements
during slacker times.
• Effect on external audit – although there are overlaps, internal and external
audit roles are different. If the same firm performs both roles, the distinction
could become blurred. This could lead to a reduced level of service overall
and a lower level of credibility attached to the external auditor's report.
• Independence issues – outsourcing increases independence, as an in-
house department can never be truly independent. The service provider’s staff
are more likely to rotate, so close relationships are less likely to form.
• Drawbacks – the external provider could become dependent on the client.
The risk is particularly significant where the internal auditor is the external
auditor.
• Restrictions – although there are no legal restrictions on outsourcing internal
audit to a third-party service provider, legal or ethical standards may restrict
this practice to prevent external auditors from acting in client roles. For
example, statutory auditors are precluded from serving as the internal auditor
to clients whose financial statements they certify in many countries (e.g.
United States, France, India, Italy, New Zealand and Norway).

4.0 Introduction

As already stated, the primary purpose of internal auditing is to evaluate and improve
the effectiveness of risk management, control and governance processes. However,
the broad focus of internal audit and the diverse skills of internal auditors mean that
many other assignments may be undertaken by internal audit. This section covers
the assignments that are specifically mentioned in the AA syllabus.

4.1 Value for Money(VFM)

 Definition

Value for money auditing – the evaluation of management's achievements in

terms of the economy, efficiency and effectiveness (the "3 Es") of operations.

Economy • Concerned with obtaining

specified resources (i.e. inputs
such as material, finance,
human, time) at the lowest cost.

Efficiency • The achievement of either:

• the maximum output (at a given
quality) from a given input; or
• a given output (at a given level of
quality) from the minimum input.

Effectiveness • The achievement of outputs

which meet management's
objectives.
Value for money (VFM) audits are carried out to ensure that corporate resources,
shareholders' funds or taxpayers' contributions are not wasted. Whether VFM has
been achieved can only be judged by comparison with an external or internal
benchmark.
Internal audit can report on:
• unnecessary spending (e.g. overtime guaranteed when work is completed
during regular hours);
• misdirected spending (e.g. capital expenditure outlay on lower-quality assets
requiring a higher level of revenue expense quality);
• over-priced spending (e.g. discounts are unclaimed); and
• under-recovered revenue (e.g. failure to collect on disposals of assets).
Advantages Disadvantages
 • Management attention is focused • Economy and effectiveness are
on economy and efficiency but often opposed (e.g. saving
this is tempered by the need for money compromises quality).
effective performance. • It is difficult to balance short-term
• It promotes the use of and long-term benefits; savings
performance indicators. now may lead to additional costs
• It should eventually lead to self- in the future.
measurement with audit only • Savings in one area may create
used to compare performance additional costs in another area.
between business units • Once performance indicators
objectively. have been established, the audit
• Although VFM audit is often used work is routine and not
to promote cost savings, it may challenging.
identify revenue opportunities.
None of the disadvantages of a VFM audit are insurmountable, but overcoming them
requires active management.

4.2 Best Value

Definition

Best value – a duty to deliver services to clear standards – covering both cost and
quality – by the most effective, economic and efficient means available.

The best value audit has evolved from VFM auditing in the public sector and local
and central government. It seeks to secure continuous improvement in how its
functions are exercised regarding economy, efficiency and effectiveness. It
incorporates the "4 Cs":

Challenge • Why and how a service is

provided.

Consult • Local taxpayers, service users,

partners and the wider business
community in setting new
performance targets.

Compare • Benchmark against the

performance of others across a
range of relevant indicators to
aim to improve.
 Compete • Consider fair competition as a
means of securing efficient and
effective services.

4.3 IT Audit

Information systems are pervasive in most organisations and would, in most cases,
be considered a significant risk through, for example:
• no IS strategy or a strategy that does not fit the business strategy;
• poor project management;
• poor system design (including controls) development and implementation;
• acceptance of an inappropriate system;
• significant expenditure for a system that does not deliver;
• poor security, transaction integrity and process alignment;
• corruption of data used for decision-making;
• access to sensitive information by unauthorised personnel;
• unexpected (non-scheduled) downtime;
• breaches of laws and regulations; and
• no (or inappropriate) disaster recovery procedures.

4.3.1 Information Systems Auditing

The primary role of internal audit will be to review and report on all aspects of IS in
the organisation (e.g. ensure that the controls and systems operate as intended).
• Information processing controls (i.e. controls to ensure completeness,
accuracy, security and effectiveness of processing) exercised over input,
output, processing, computer files and master files; and
• General installation controls (i.e. controls over the acquisition, development,
maintenance and operation of computer-based systems).

4.3.2 System Development Project Audit

The deliverable of a systems development project is a new information system. The

primary purpose of auditing a system under development is to ensure that:
• adequate, effective controls are built into the system;
• complementary manual controls are designed to ensure adequate and
effective internal controls over the business system as a whole; and
• the most efficient combination of manual and automated, preventive and
detective controls are designed and implemented.
In addition, internal audit can:
• provide assurance that IS projects are being effectively and efficiently
managed; and
• carry out appropriate testing to ensure that the deliverable from each stage
meets the specifications of that stage.

4.4 Financial Processes Audit

The financial process audit is the traditional role of internal audit. Accounting and
financial processes include:
• receiving value from sales transactions, disposals of assets, investments
(interest income);
• "bought ledger" processing (of invoices for goods/services before suppliers
are paid);
• treasury functions;
• supplying financial and management information;
• appraising new business; and
• developing and maintaining accounting systems and financial controls.
The purpose of the accounting and financial process audit is to review all available
evidence to substantiate the information in management and financial reporting by
ensuring:
• the completeness and accuracy of recorded transactions;
• assets are safeguarded;
• that complete, accurate and relevant information is provided on a timely basis;
and
• that accounting and finance functions are managed efficiently.

4.5 Regulatory Compliance

Definition

Regulatory compliance – adhering to the rules and regulations applicable to an

activity prescribed by an external agency or authority.

Violations of regulations expose organisations to the risks of legal penalties,

regulatory sanctions and loss of reputation.
Where this risk is significant (e.g. in larger organisations generally and in regulated
industries in particular) management may implement a regulatory compliance
framework, through a compliance officer, that includes a compliance methodology,
policies and procedures.
The purpose of a regulatory compliance audit is to provide assurance to the board
that internal controls are in place to ensure adherence to regulations, reducing the
risks associated with non-compliance.
The specifics of the assignment will depend on the industry but will include, for
example:
• Confirming that the chief compliance officer report to the executive team;
• Reviewing the most recent compliance standards, policies and procedures to
confirm the existence, level of detail, clarity, that they are up-to-date and have
been authorised by senior executives;
• Confirming that suitable training programmes are in place to ensure that
employees are aware of their compliance responsibilities;
• Interviewing employees to ensure that they are clear about their
responsibilities; and
• Confirming enforcement of standards, policies and procedures (e.g.
disciplinary procedures).
Examples of regulated industries include oil and gas, pharmaceuticals, financial
services, car manufacturing, transportation and fishing.

4.6 Fraud Investigations

4.6.1 Nature and Purpose

When there is an allegation or suspicion of fraud, management (or TCWG, if

management may be involved) will decide how to proceed and investigate it.
The main objectives of a fraud investigation are generally:
• To verify the facts;
• To determine responsibility and accountability;
• To make recommendations to prevent re-occurrence or detect fraud more
quickly.
It may be conducted by:
• an internal investigative group (e.g. from internal audit) established on a
needs basis;
• a permanent internal fraud investigation department (e.g. a credit card fraud
department in a bank); or
• outside counsel (i.e. outsourced).
4.6.2 Benefits of Internal Investigation

• It can help determine the extent of potential liabilities and losses by gathering
relevant information and facts. Internal audit must have access to all records
and authority to investigate throughout the company.
• It may result in partial or complete recovery of losses, prevent future losses
and help mitigate other potential consequences.
• It may reduce the likelihood or scope of a separate investigation by a
regulatory authority.
• It may improve the public perception that management understands the
potential misconduct.
• It can assist in developing and implementing plans to address internal control
deficiencies and other issues identified during the investigation.

4.7 Customer Experience

Customer service is just one of many examples of a business function that may be
reviewed by internal audit. Other examples include health and safety, human
resources and social media.

Definitions

Customer service – the sum total of what an organisation does to meet customer
expectations and produce customer satisfaction.
Customer experience – what a customer feels and remembers about the
customer service received.
– Institute of Customer Service

Many organisations seek to improve customer experience to retain existing

customers and acquire new ones. Poor customer experience may result in a loss of
potential revenue; for example, if the experience is not consistent and seamless (e.g.
customers should not notice handoffs between departments).
A customer experience review by internal audit generally focuses on the customer
support function and includes:
• An evaluation of policies and procedures to determine how well commitments
to customers are met.
• An assessment of the suitability of the metrics used to measure customer
experience and the accuracy of this reporting. For example:
 • Shopping cart abandonment;
• Net Promoter Score (% of customers who would recommend);
• Frequency of visit (i.e. repeat visits by a single customer over time);
• Customer churn rate (% of customers who do not make a repeat purchase or
cancel a service).

4.8 Operational Audit ("Process-Based" Audit)

This is an audit of the operational processes (primary activities and support

activities) to ensure that management has:
• adequate controls and other risk management measures in place to achieve
business objectives (risk management) economically and efficiently; and
• adequate routine assurances which inform them that controls and risk
management measures are effective.
Operational audits may be wholly performance-based or compliance-based or
include elements of both approaches:
• Performance– based – processes or activities are evaluated to draw
conclusions on the adequacy of the products and effectiveness of the
processes associated with those products.
• Compliance– based – use investigation, discussion, observation,
examination or evaluation to determine the adequacy of and systems
compliance with established procedures and the effectiveness of systems
implementation (similar to the systems-based audit approach, but applied to
all controls).

5.1 Primary Purposes

The purpose of internal audit reports will be driven by the terms of reference of the
assignment. Mostly, they:
• provide management with an opinion (e.g. on the adequacy of the system of
internal control); and
• inform management of significant findings, conclusions and recommendations
arising from the work carried out.
Depending on the type of report issued, the aim of the report would be:
• to provide appropriate assurance to management or recommendations to
enhance business performance;
• to prompt management action to implement recommendations for change
leading to improvement in performance and control; and
 • to provide a formal record of points arising from the assignment and, where
appropriate, of agreements reached with management.

Activity 2 Business Performance Reports

Suggest differences between a review report of business performance and a report

on a systems compliance review.
*Please use the notes feature in the toolbar to help formulate your answer.

5.2 Reporting Arrangements

5.2.1 Format and Distribution

The format and distribution of internal audit reports should be agreed with
management. The head of internal audit should ensure that reports are sent to
managers who have a direct responsibility for the unit or function being audited and
who have the authority to take action on the recommendations.
Internal audit reports are confidential documents and their distribution should be
restricted to those managers who need the information, the audit committee and the
external auditor.
While the internal auditor may clear minor matters that do not indicate a consistent or
systematic weakness with staff members directly involved, matters of consequence
should be reported formally in writing to management.

5.2.2 Timing

An interim report, orally or in writing, should be made where:

• it is necessary to alert management to the need to take immediate action to
correct a significant deficiency in performance or control;
• there are reasonable grounds for suspicion of malpractice;
• there is a significant change in the scope of the assignment; or
• is desirable to inform management of progress.
Interim reporting does not diminish or eliminate the need for final reporting.
Before issuing the final report, the internal auditor should:
• discuss its contents with the appropriate levels of management;
 • include management comment where necessary; and
• obtain management's confirmation of factual accuracy.
It is management's responsibility to ensure that proper consideration is given to
internal audit reports. The internal auditor should ensure that:
• appropriate arrangements are made to determine whether action has been
taken on internal audit recommendations; or
• management has understood and assumed the risk of not taking action.

5.3 Structure of the Report

Unlike the external auditor's report, there are no formal structures for an internal
auditor's report. As for any business report, the structure of the report suits its
purpose be it formal, informal, a discussion paper, a presentation (e.g. with
PowerPoint notes for participants) or a monthly summary.
A typical business report would have the following elements:
• Terms of reference
• Executive summary
• Body of report:
• key findings and recommendations; and
• detailed findings and agreed action
• Appendices.
The body of the report will depend on the terms of reference. For example, for a
report on controls, the structure may be very similar to management reports
produced by the external auditor (see Chapter 13). However, the content will be very
different where the internal auditor is concerned with operational matters of
economy, efficiency and effectiveness.
The reports should be clear, constructive and concise and based on sufficient,
relevant and reliable evidence, which should:
• state the scope, purpose, extent and conclusions of the assignment;
• make recommendations which are appropriate and relevant and which flow
from the conclusions; and
• acknowledge the action taken or proposed by management.

5.4 Sample Internal Audit Report

INTERNAL AUDIT REPORT

Private and confidential
The contents of this report are confidential and may include comments of a
sensitive nature. Care should be taken to ensure that unauthorised personnel do
not have access to the report and that if it is circulated further, this is done with
discretion.
23 November 20X6
SCOPE
The systems review at … took place from 17 September to 5 October 20X6. The
objectives of the assignment were:
• To assess the adequacy of internal controls.
• To ensure adherence to statutory legislation and company policies.
• To review the efficiency and effectiveness of operations.
• To assess the quality of management reporting and information.
CONCLUSION
The branch has been operationally and financially poorly controlled. Branch
management have reacted positively to the draft report and are actively
addressing the issues raised. All the points raised in this report and subsequent
recommendations need to be implemented.
MAIN FINDINGS (References in brackets are to Appendix I)
Inventory
1. There is no investigation of "no stocks"1. No stocks have been very high –
up to 20%. This has led to considerable customer dissatisfaction.
2. Formal investigation of no stocks should be introduced to improve the
service level to clients. (1.1)
3. There is insufficient control over the warehouse systems. Before further
liability for inventory loss is assumed, staff access to the systems must be
restricted.
4. The inventory system cannot produce a report of adjustments to ensure all
adjustments are legitimate. The production of this report should be
prioritised to stop this aspect of the operation running blind.
Payroll
5. Not reproduced.
6. There has been an apparent lack of supervision and review of the work of
the payroll clerk who left the company at the end of August. There is a risk
that unauthorised amounts may have been paid. A complete reconciliation
to assess the situation will be performed at the beginning of December.
(2.2)
7. Etc …
Security
 8. It remains possible to gain unauthorised access to the warehouse because
of the lack of security on the route between the car park and the
warehouse. This should be addressed immediately following the audit. (3.1)
9. Etc …
Purchases
10. Purchases have been poorly controlled at the branch. Typically, invoices
have arrived in the accounts department and have been authorised for
payment by the former finance manager without reference to the
operational management to confirm the legitimacy of the expense. The
temporary finance staff have now addressed this situation. (6.1)
APPENDIX I (EXTRACT)

1.1 Observations There is currently no

investigation or recording
of no stocks.
The inventory department
is not aware of any "no
stock" report available
from the system.1

Effect Stores orders are not

fulfilled.

Recommendation The level of no stocks

should be traced using
either the "issues not
confirmed report" or,
more crudely, the number
of issues physically
returned to the office.

Management's Agreed
comments

Target date Immediate

2.2 Observations There appears to have

been little or no
independent review of the
payroll function by senior
management. The former
finance manager may
have performed some
checks; however, this has
not been evidenced.
 19 payslips on the payroll
of 29/09/06 have been
checked in detail. Five
employees' overtime was
overpaid because the
total hours had been
incorrectly summed in
input sheets.
The payroll clerk has left
the company, despite an
enhanced offer to stay
and with no new
employment to go to.

Effect The payroll does not

appear to have been
adequately supervised.
There is a possibility that
irregularity has occurred
in addition to processing
errors.

Recommendation Duties and controls

should be segregated as
described in point 2.1
above (not reproduced).
There should be
complete reconciliation
between the schedule of
employees who have
worked at the branch
prepared by the human
resources department
and the payrolls
processed to date to
ensure persons paid are
bona fide and that they
have worked the weeks
paid.
The casting of basic and
overtime hours by
authorising managers
should be checked by
payroll staff.
 Management's The reconciliation will be
comments performed in November
by Mrs Motley.
The accountant will
review the standing data
expense report every
month.
Payroll personnel will
check the addition of
hours.

Target date Immediate

3.1 Observations Site security is currently

being reviewed by Shield
Consultants who address
fencing, CCTV coverage
and recording and the
level of searches
(personnel and vehicle)
conducted.
There is still a problem
with the ease with which
unauthorised persons
may gain access to the
warehouse without being
challenged. Also, there is
uncontrolled access from
the warehouse to the staff
car park.

Effect Inadequate security

measures increase the
risk of damage to
premises and inventory
and inventory pilferage.

Recommendation All IDs should be checked

when staff enter the
warehouse.
Visitor access should not
be permitted until
management
authorisation is obtained
 or if visitors have been
pre-notified to the
gatehouse and the
visitor's IDs have been
checked.

Management's Agreed. The warehouse

comments access store will be
staffed full-time across all
shifts and locked at night
in the short term. There
will be 100% ID checks.

6.1 Observations Invoices 1129 – 1746

were checked for
adequate authorisation
and supporting
documentation. All
invoices were authorised.
The majority, by the
former finance manager.
Only six invoices were
supported by POs.
POs in this sample were
generally inadequately
completed, priced and
dated.
GRNs were not received
from the warehouse to
confirm receipts of goods.

Effect The managers initiating

purchases are often not
involved in checking or
authorising invoices.
Accruals are being
understated.

Recommendation Operational managers

should check non-
administration invoices.
Authorised GRNs should
be received from
 managers who have
raised requisitions.
All purchase requisitions
should be costed. POs
may not be priced unless
requisitions are priced.

Management's Agreed. The financial

comments manager may authorise
invoices if the
requisitioning manager
has checked them.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

C. Internal Control
11. Internal audit and governance, and the differences between external
audit and internal audit
• Discuss the factors to be taken into account when assessing the need for
internal audit.
• Discuss the elements of best practice in the structure and operations of
internal audit
• Compare and contrast the role of external and internal audit.
12. The scope of the internal audit function, outsourcing and internal audit
assignments
• Discuss the scope of internal audit and the limitations of the internal audit
function.
• Explain outsourcing and the associated advantages and disadvantages of
outsourcing the internal audit function.
• Discuss the nature and purpose of internal audit assignments including value
for money, IT, financial, regulatory compliance, fraud investigations and
customer experience.
• Discuss the nature and purpose of operational internal audit assignments.
• Describe the format and content of internal audit review reports and make
appropriate recommendations to management and those charged with
governance.
Summary and Quiz
• Internal audit is an independent, objective assurance and consulting activity
designed to add value and improve an organisation's operations.
• Internal auditors are appointed by the highest level of management with
responsibility for internal audit and, for listed companies, should report to the
audit committee.
• Internal auditors report on operational and financial risk management, internal
control and performance quality.
• Internal audit is needed as organisations become large, complex,
geographically diverse and develop new products or enter new markets.
• Internal auditors appear to be less objective than external auditors (because
they are employees).
• The benefits of outsourcing internal audit include lower cost, consistency with
external audit and access to a wider range of skills and new techniques.
• Disadvantages of outsourcing include loss of specialist skills in-house, service
constraints, less flexibility, conflicting reporting lines, expectation gap,
possible lower standard of service and potentially adverse effects on
corporate culture.
• Other internal audit assignments include value for money auditing.
• Internal auditors may issue reports that provide management with an opinion
or inform management of significant findings, conclusions and
recommendations.
• There is no formal structure for the reports of internal auditors.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Assessing Need for Internal Audit Function

• Corporate structure and the degree of autonomy of each business unit.

• Overall corporate culture and management's philosophy.
• The company's appetite for risk or its ability to tolerate risk.
 • Overall control environment.
• Changes in organisational structure (including delayering), reporting
processes and/or underlying information systems.
• Changes in key risks arising from:
• changes in internal processes (e.g. product or service lines or entry into new
markets);
• alterations in external factors (e.g. regulatory requirements).
• Complexity of the company's systems, especially IT systems.
• The number of moderate- to high-risk areas which are not appropriately
controlled.
• Deteriorating trends in the system of internal controls evident from the existing
monitoring systems.
• Concerns about the level of "risk and control awareness" and the need to
educate senior or middle management or staff.
• An increased incidence of unexpected or unacceptable results or
occurrences.
• The views of the company's external auditors.

Activity 2 Business Performance Reports

• Are effectively consultancy in nature, style and approach.

• Have a greater focus on performance, objectives and processes rather than
risks and controls.
• Deal with improvements to be made rather than mistakes already made.
• Recommendations concentrate on improvements rather than on actions to
address mistakes found.
Chapter 15: Audit Evidence

Visual Overview

Objective: To identify the assertions, sources of evidence and their relationship to

critical audit objectives.

1.1 Basic Principles

The auditor must design and perform audit procedures to obtain sufficient
appropriate evidence to draw reasonable conclusions on which to base the audit
opinion.
Audit evidence is necessary to support the audit opinion and the auditor’s report. It is
cumulative and mostly obtained from audit procedures performed during the audit.

Key points
 • Sufficiency relates to the quantity of evidence required.
• Appropriateness relates to the quality of that evidence (i.e. its relevance
and reliability in supporting the conclusions on which the audit opinion is
based).
Sufficiency and appropriateness are interrelated as explained in s.2.2.

1.2 Sources

Definitions

Audit evidence – is all the information used by the auditor in arriving at the
conclusions on which the audit opinion is based. It includes information from
contained in the accounting records underlying the financial statements and
information from other sources.
Accounting records – the records of initial accounting entries and supporting
records (such as checks and records of electronic fund transfers, invoices,
contracts, the general and subsidiary ledgers and journal entries) and records
such as work sheets and spreadsheets supporting cost allocations, computations,
reconciliations and disclosures.

Audit evidence is all the information used by the auditor in arriving at the conclusions
on which the audit opinion is based. It includes information from accounting records
underlying the financial statements and information from other sources.
Sources may be:
• internal or external to the entity (e.g. originated in the entity or externally);
• oral or written;
• direct or indirect (direct to the auditor from an external source or via the
client);or
• generated by the auditor (e.g. analytical procedures).
For example, documentary evidence may be:
• Generated and provided to auditors by a third party (i.e. external and
independent (direct)). For example, bank confirmation letters sent directly to
the auditor.
• Generated by a third party and held by the entity (i.e. external but not
independent (indirect)). For example, bank statements.
• Generated and held by the entity (i.e. internal and indirect). For example,
bank reconciliations carried out every month by the cashier.
Activity 1 Sources of Evidence for Tangible Non-current Assets

Use the following ideas list of sources of evidence to generate examples of sources
of evidence relevant to the audit of tangible non-current assets.

Sources of evidence Examples

Accounting systems

Documentation

Tangible assets

Management and employees

Customers and suppliers

Other third parties (e.g. banks, solicitors)

Analytical procedures

*Please use the notes feature in the toolbar to help formulate your answer.

Exam advice

This "ideas list" is a helpful memory jogger for planning an examination answer.

2.1 Factors to Consider

There are many factors to consider in assessing the sufficiency (i.e. quantity) of
audit evidence:
• Audit risk – derived from understanding the business, its environment and
controls (e.g. the higher the risk of a material misstatement, the more
evidence required (extent, nature and timing)).
• Nature of internal control – computerised or manual (e.g. if programmed, a
control will be consistently applied, but manual controls may be inconsistently
applied and more testing therefore required). Conversely, testing 100% in a
 computerised system using CAATs (see Chapter 21) may be costly but time-
effective.
• Reliance on effective controls – includes preliminary understanding and
evaluation (following tests). If controls cannot be relied on, a greater level of
substantive procedures will be required.
• Cumulative Audit Knowledge and Experience (CAKE) – first-year audit will
always have a high risk. As greater understanding and experience of the
client is gained, and a more effective and efficient audit approach is
developed, the level and detail of evidence required may reduce in
subsequent years.
• Materiality – immaterial items require little evidence (e.g. "reasonableness
test"). But remember, for example, that although IFRS Standards only applies
to material items, what is not material to one client may be very material to
another. Materiality is a relative term.
• Audit findings – errors may, for example, require further audit work to be
carried out. If audit evidence is found to be not as reliable as expected,
additional evidence will be required.
• Source and reliability of information – how persuasive is the evidence?
Does all the evidence point to the same conclusion?

Key point

As opposed to financial reporting, financial accounting should be accurate

regardless of materiality.

2.2 Interrelationship with Appropriateness

Sufficiency (i.e. the quantity of evidence required) relates to the risk of

misstatement and to the appropriateness (i.e. quality) of that evidence:
• the higher the risk, the more audit evidence required (which does not mean
that more is better – quality is essential as well);
• the higher the quality of the evidence, the less that may be required to confirm
an objective.

Key points

If evidence is not appropriate, sufficiency cannot be achieved.

3.1 Two Aspects

Appropriateness has two aspects in the context of audit evidence:

3.2 Relevance

Evidence is required to support management’s assertions (explicit or otherwise)

regarding the recognition, measurement, presentation and disclosure of the various
elements of the financial statements. These assertions are split into two categories:
1. account balances and related disclosures at the period end (i.e. mainly
statement of financial position); and
2. classes of transactions and events and related disclosures for the period
under audit (i.e. mainly statement of comprehensive income).
All tests in an audit programme should aim to obtain evidence on one (or more)
assertion. The worth of tests that do not provide such evidence should be carefully
considered.

Exam advice

When answering an examination question on audit tests to be carried out, your

answer must include why that test is necessary (i.e. the assertion being tested).
For example, "inspect purchase invoice to agree correct classification of the non-
current asset and the accurate and correct treatment of cost and sales tax".

3.2.1 Assertions
Definition

Assertions –representations, explicit or otherwise, with respect to the recognition,

measurement, presentation and disclosure of information in the financial
statements which are inherent in management representing that the financial
statements are prepared in accordance with the applicable financial reporting
framework.
 Assertions About Account Balances and Related Disclosure

Existence • Assets, liabilities and equity

interests included in the financial
statements existed at the
reporting date (e.g. a tangible
asset physically existed and had
not been lost or destroyed).

Rights and obligations • The entity holds or controls the

rights to assets recognised in the
financial statements (i.e. future
economic benefit will flow to the
entity).
• Recognised liabilities are the
obligations of the entity (e.g.
there is a current obligation,
because of a past event, to
future economic outflow).

Completeness • All assets, liabilities and equity

interests that should have been
recognised have been included
in the financial statements (e.g.
all liabilities have been
recognised). Similarly, all
disclosures have been made
(e.g. reconciliation of carrying
amounts of non-current assets).

Accuracy, valuation and allocation • Assets, liabilities and equity

interests are included in the
financial statements at
appropriate amounts and any
resulting valuation or allocation
adjustments are appropriately
recorded. Related disclosures
have been appropriately
measured and described (e.g.
inventory at lower of cost and net
realisable value).

Classification • Assets, liabilities and equity

interests have been recorded in
the proper accounts (e.g. capital
 expenditure as noncurrent
assets and not expenses in profit
or loss).

Presentation • Assets, liabilities and equity

interests are appropriately
aggregated or disaggregated
and appropriately described (e.g.
current liabilities are reported
separately from non-current
liabilities).
• Related disclosures are relevant
and understandable.

Assertions About Classes of Transactions and Events and Related

Disclosures

Occurrence • Transactions and events that

have been recorded or disclosed
took place and relate to the entity
(e.g. recorded sales were made
by the entity and not a third
party).

Completeness • All transactions and events that

should have been recognised
have been included in the
financial statements (e.g. all
sales made have been
recognised inrevenue).

Accuracy • Amounts and other data (e.g.

values, costs, descriptions,
analysis) relating to recorded
transactions and events have
been appropriately recorded and
related disclosures have been
appropriately measured and
described.

Cut-off • Transactions and events have

been recorded in the correct
accounting period to which they
relate (e.g. post year-end sales
not recorded as pre year-end).
Classification • Transactions and events have
been recorded in the proper
accounts (e.g. expenses as
expenses and not assets).

Presentation • Transactions and events are

appropriately aggregated or
disaggregated and clearly
described (e.g. required
disclosures related to sales from
contracts with customers are
included in the financial
statements).
• Related disclosures are relevant
and understandable.

3.2.2 Assertions Mnemonic

• To remember the list of all of the assertions, use the mnemonic ACCA
COVER OP:
ACCA COVER OP

• Accuracy • Classification • Obligations

• Completeness • Occurrence • Presentation
• Cut-off • Valuation
• Allocation • Existence
• Rights

3.2.3 Assertions by Category

Account Balances ("CARE PC") Transactions and Events ("COCO

AP")

Completeness Completeness
Accuracy, Valuation and Allocation Occurrence
Rights and Obligations Classification
Existence Cut-Off
Presentation Accuracy
 Classification Presentation

Exam advice

Do not write out mnemonics in the exam; use only as a "memory jogger".

3.3 Reliability

The critical assertions for any information used by the auditor when considering the
reliability of audit evidence are the accuracy and completeness of that information
(e.g. completeness of a population of documents to be sampled; the accuracy of the
inventory records when considering reliance on perpetual inventory systems).
Obtaining evidence about the completeness and accuracy of information may be
acquired concurrently when carrying out other audit procedures or, for example, by
using alternative techniques (e.g. CAATs).

3.3.1 General Presumptions ("Rules of Thumb")

Several general assumptions can be made about the reliability of audit evidence
depending on whether it is:
• external or internal;
• direct or indirect;
• written or oral; and
• consistent.
External v internal • External (independent) sources
are more reliable than entity
(internal) sources.
• Information generated by the
entity (e.g. accounting records) is
more reliable when related
internal controls are effective.

Direct v indirect • Auditor obtained information is

more reliable than indirectly
obtained information (e.g. direct
observation by the auditor of the
operation of a control, rather
 than an inquiry about the
application of that control).

Written v oral • Documentary/written information

is more reliable than verbal/oral.
• Any oral representation that is to
be relied on must be obtained in
writing.
• Original documents are more
reliable than photocopies, scans,
faxes, etc.

Consistency • Consistency from different

sources increases
persuasiveness (e.g. internal
evidence corroborated by
external sources).
• Any inconsistency creates doubt
(giving rise to further work) until
resolved.

Key Point

Information provided by a management’s expert (see Chapter 18) is assessed as

from an internal source even if the expert is an external individual or organisation.

3.3.2 Exceptions

There will always be exceptions to the generalisations above, and care must be
taken when considering the reliability of audit evidence. For example:
• evidence obtained from an independent external source may not be that
reliable if the source is not knowledgeable or has little experience of the
specific matter being considered; and
• original documents may not be available, only their electronic copies. But if
the controls over creation, maintenance and security of the copies are strong,
the copies become more reliable. (Otherwise, consider the implications for the
audit opinion.)

Activity 2 Ranking Evidence

Rank the following items of audit evidence concerning land ownership using a scale
of 1 (for worst) to 4 (for best).
 Rank

3. Ask management if the client company owns the

land.

4. Phone the bank and ask if it holds title deeds on the

client's behalf.

5. Visit the bank and examine title deeds.

6. Ask the bank for written confirmation that it holds

title deeds.

*Please use the notes feature in the toolbar to help formulate your answer.

3.4 Audit Objectives

Auditors must design audit programmes (i.e. detailed specifications of audit work to
be carried out) to determine whether all relevant assertions are valid. If they are,
classes of transactions and balances will not be misstated; neither overstated nor
understated.
The assertion(s) for which evidence is sought influences the source of evidence and
the "direction" of testing. It is essential to understand the source of evidence required
and the direction of the test to ensure the evidence obtained is relevant.

3.4.1 Overstatement

If the overstatement of a balance (e.g. an asset) or class of transactions (e.g.

revenue from contracts with customers) is an audit risk, the direction of testing needs
to be from the financial statements (where the overstated item is presented) to the
supporting evidence.
Tests for overstatement of amounts in the financial statements are effective in
addressing more than one assertion. For example:
• occurrence, cut-off, accuracy and classification of transactions; and
• existence, valuation and rights to assets.

Example 1 Existence of Plant and Equipment

 An assertion is that plant and equipment exist as presented in the financial
statements. Therefore:
• Agree balance in financial statements to an independent analysis such as a
plant register(i.e. from the statement of financial position).
• Select material items (plus a selection of others) from the register (as if a
material item does not exist, or a material error has been found) and trace
them to the physical asset (i.e. to evidence that the asset exists). If the
asset cannot be found, there is an overstatement in the financial
statements.
This means there is a corresponding error in another account. In this case, there
could be an understatement of cash (e.g. if the asset was sold without
authorisation and cash proceeds have been stolen), an overstatement of
accumulated depreciation (as the asset does not exist) or a misstatement in profit
or loss (on disposal of the asset).

3.4.2 Understatement

If the audit risk is an understatement of a balance or class of transactions, the

direction of testing needs to be from the source to the financial statements.
Although testing for understatement is generally more difficult (as an appropriate
source must be identified), understatement tests are effective in addressing the
assertions of completeness, accuracy and cut-off.

Key point

The source may not include monetary amount (e.g. goods despatch notes typically
show only quantities not prices).

Example 2 Disposal of Non-current Assets

The client may provide a list of non-current assets disposed of showing the
carrying amount and value received. As disposals are credit items, disposals
should not be selected from the list and traced to evidence of that disposal (i.e.
overstatement testing). By definition, any disposal that is not recorded on the list
(i.e. an understatement) cannot be selected, as it is not recorded on the list. A
reciprocal population has to be found from which to start the test.
• Select a sample of assets (including all material items) included in the asset
register plus as the beginning of the year additions in the year. If no assets
were disposed of during the year, all of these assets should exist at the
year end.
 •Inspect for existence. If the asset cannot be found, agree if recorded on the
list of disposals provided by the client. If not on the list, seek evidence of
sale after the year end.
• If there is no such evidence, disposals are understated and further
investigation will be necessary.
This test can be combined with the test for physical existence (see Example1). It
covers both elements (existence and completeness of disposal recording) from
one source (the asset register) by selecting items and testing for existence
(overstatement if not found) and if they cannot be found, following through to
disposals (understatement of disposals if not on the list). This will not usually be
the case for other audit areas, and care must be taken in selecting the correct
approach, direction and items.

3.4.3 Understanding the Test Objective

It is important to understand the objective of the test to be carried out (e.g.

overstatement or understatement):
• For example, when a client provides information, the test objective it is to see
if anything is missing (understatement) or if something is there that should not
be (overstatement).
• If understatement exists, the auditor must determine the source of that
information (or an independent source) and test to see that everything from
that source that should be included in the financial statements has been. This
is not the same as agreeing what is on the list back to supporting evidence
(i.e. overstatement testing).
Example 3 Sales Transaction Testing
 • A typical sales system has controls to ensure that all goods and services
provided will be correctly invoiced and recorded. A test of transactions for
understatement of revenue from contracts with customers needs to start
from the source, in this case the sales order or despatch note. In other
situations, the inventory records may be a more effective place to identify
goods despatched, or, if the goods are unique and have to be purchased
when a sales order is received (e.g. motor vehicles), then tracing the sale
from a purchase invoice would be the most effective way to test sales.
• Where the risk assessment shows that overstatement of sales throughout
the year is a high risk, then the direction of the transaction test would be
from the financial statements (i.e. whether the sale occurred and is
supported by an invoice, despatch note and entry in the inventory records).
• If the risk of overstatement is primarily due to cut-off (e.g. January sales
being recorded as December year-end sales), the auditor would also derive
audit evidence from standard cut-off testing of year-end balances.

4.1 Where Evidence Is Obtained From

Tests may be "dual purpose" (i.e. tests of control carried out simultaneously with
substantive tests of details) as illustrated in s.5.3.

4.1.1 Risk Assessment Procedures

Risk assessment procedures alone do not provide sufficient appropriate audit

evidence. They must be supplemented with tests of control and/or substantive
procedures.

4.1.2 Tests of Control

Tests of controls are necessary in two circumstances:

• when the auditor's risk assessment includes an expectation of the operating
effectiveness of controls; or
• when substantive procedures alone do not provide sufficient appropriate audit
evidence (e.g. highly automated systems).

4.1.3 Substantive Procedures

Sufficiency and appropriateness should be considered in relation to:

• evidence from risk assessment procedures;
• evidence from tests of control effectiveness (if any);and
• assertions.
As there are always inherent limitations in controls (e.g. human error), substantive
procedures for material classes of transactions, account balances and disclosures
are always required to ensure sufficient appropriate audit evidence will be obtained.
4.2 Procedures for Gathering Evidence

Procedures for gathering evidence are:

• inspection and observation;
• inquiry and confirmation;
• recalculation and reperformance; and
• analytical procedures.

Activity 3 Procedures

Distinguish between and give examples of the following procedures:

i. Inspection
ii. Observation
iii. Inquiry
iv. Confirmation
v. Recalculation
vi. Reperformance
vii. Analytical procedures
*Please use the notes feature in the toolbar to help formulate your answer.

Exam advice

These procedures can be remembered with the vowels:

• Analytical procedures
• Enquiry (and confirmation)
• Inspection
• Observation
• RecalcUlation (also reperformance)

4.3 Examination Skills

There are four techniques to help generate "client-specific" audit evidence –
assertions, the direction of testing, accounting entries and procedures.

4.3.1 Assertions

Use the assertions to help identify relevant audit evidence:

Activity 4 Additions to Plant and Equipment

Suggest substantive audit evidence for additions to plant and equipment for each of
the following assertions:
viii. Completeness
ix. Occurrence
x. Classification
xi. Cut-off
xii. Accuracy
*Please use the notes feature in the toolbar to help formulate your answer.

4.3.2 Direction of Testing and Assertions

Think about how the flow of accounting information is recorded and the assertion
objectives.

Key point

When describing a test, always include the assertion(s) tested and why it should
be carried out; its objective. "Inspect invoice" is an insufficient answer. Specify the
detail on the invoice that is to be inspected and why – what does the test achieve
(in terms of the assertions)?

Activity 5 Factory Payroll

Suggest audit tests relevant to the assertion that a factory payroll expense is not
overstated (i.e. payment is only made for services received).
Prompt: Consider “in reverse” how information flows through the accounting system
to the financial statements:

Financial Statements •
 •
↓ •
•
Ledger Account(s)
•

↓ •
•
Payroll/payslips •
•
↓ •
•
Clockards •

*Please use the notes feature in the toolbar to help formulate your answer.

4.3.3 Accounting Entries

Recollect the accounting entries (which are assumed knowledge of Financial

Accounting):

Example 4 Trade Receivables Account

Trade receivables account

$ $
Opening balance x Cash received x
Bad debts written
Sales x off x
Closing balance x
x x
• One assertion for sales transactions is occurrence and for the trade
receivables balance is existence (i.e. they are not overstated).
• Sales and accounts receivable are tested for both overstatement and
understatement in testing for cut-off.

Example 5 Receivables Cut-off

From the trade receivables account, trace sales before the year end back to
despatch evidence (sales invoice, despatch note, inventory records) to ensure
goods were sold, despatched and correctly recorded before the year end. If not,
there will be overstatement of receivables and sales.
 From cash receipts records, agree that cash received before the year end is
recorded in the trade receivables account. If entered in the trade receivables
account after the year end, receivables are overstated.
A bad debt write-off may be used to conceal a misappropriation of cash received
from credit customers (i.e. cash is understated). Tracing all write-offs to the trade
receivable account (via correct supporting documentation and authorisation) to
ensure that they are recorded in the correct period is a test for receivables
overstatement (if the bad debt is notrecorded in the correct period).

4.3.4 Procedures

Use the mnemonic AEIOU to generate ideas for a range of different

actions/procedures:

Activity 6 Trade Receivables

Suggest audit procedures for trade receivables.

*Please use the notes feature in the toolbar to help formulate your answer.

5.1 Aim

Key points

• Substantive procedures are performed to detect material misstatements at

the assertion level. They include:
• tests of details (of classes of transactions, account balances and
disclosures); and
• substantive analytical procedures.
• Full (100%) substantive procedures must be considered when:
• it will be more effective (e.g. low-volume, high-value, non-homogenous
items, such as non-current assets);
• the effectiveness of internal controls is not to be relied upon; or
• tests of controls show controls to be ineffective.

Substantive procedures specific to classes of transactions and account balances are

detailed in Chapters 22 to 28.
5.2 Nature, Timing and Extent

The relevant standard is ISA 330 The Auditor’s Responses to Assessed Risks.

5.2.1 Nature
Key point

The auditor's response to an assessed risk may be to perform:

• Only substantive analytical procedures;
• Only tests of details; or
• A combination of both.
Substantive analytical procedures are generally more applicable to large volumes of
transactions that tend to be predictable over time and are often used in conjunction
with a robust control environment and where audit evidence has been obtained from
testing the effectiveness of controls (e.g. computer information systems). See
Chapter 16 for further detail on substantive analytical procedures.
Tests of details on transactions are used to obtain audit evidence regarding the
assertions related to transactions (i.e. “COCO AP”). Transactions are traced through
a system; for example to ensure that a despatch is correctly recorded as a sale or
that a purchase recorded in the detailed purchases listing is supported by a
purchase invoice, GRN and purchase order.
If controls are not tested, the extent (i.e. sample size) of tests of details will be high.
If controls are effective, the extent of tests of details will be lower (and may be
performed with tests of controls (see s.5.3)).
The auditor may assess that audit risk can be reduced to an acceptable level with
evidence obtained from tests of controls and substantive analytical procedures rather
than tests of details (as above).
Tests of details on balances are used to obtain evidence about the assertions related
to account balances (i.e. “CARE PC”).

Example 6 Substantive Test

After carrying out a risk assessment, an auditor decides that tests of details on a
manual sales system are required as part of his procedures to reduce audit risk.
Reliance cannot be placed on the effective operation of internal controls.
Transaction tests carried out include:
• Agreeing a despatch entry in the inventory records to a despatch note, the
related customer order (if any; it may be a Web-based order) and sales
invoice.
 • Agreeing details on the sales invoice to supporting sources (e.g. customer
name, address, unit prices, sales tax) and checking the arithmetical
accuracy of the invoice.
• Agreeing that the invoice is correctly posted and analysed in the detailed
sales listing and agreeing the arithmetical accuracy of the listing.
• Agreeing the correct posting of the listing to the general ledger.

5.2.2 Timing
Substantive transaction procedures may be carried out earlier than the entity's year-
end and the final audit (i.e. at an interim audit). If carried out at an interim date,
further tests must be carried out to cover the remaining period. These tests
(substantive and/or tests of control) must be sufficient to ensure that the risk of
misstatement does not increase during this period.
Unlike tests of control, where prior-year audit evidence may be relied on under
certain circumstances, prior-year substantive evidence will be insufficient to address
a risk of material misstatement in the current period.

5.2.3 Extent
Generally, the greater the risk of material misstatement, the greater the extent of
substantive procedures.
For any substantive procedure, the extent of testing usually relates to sample sizes
(e.g. increasing the extent means increasing the sample size).
However, the extent of substantive procedures may also be considered in terms of:
• selecting large (e.g. material) or unusual items from a population; or
• stratifying the population into homogeneous subpopulations for sampling.
It is usual for tests of details to include all items greater than the materiality level
(taking into account performance materiality).Errors found in these items are more
likely to be material to the assertions.

5.3 Hybrid Approach

In some cases, a single test approach can be used as a test of control and a
substantive procedure at the same time. This is called a dual-purpose or hybrid test.

Example 7 Hybrid Tests

The auditor decides to test the operating effectiveness of controls in a sales

system on a sample of 30 transactions and also test the details of 30 transactions.
Without tests of controls, a sample of 50 transactions would need to be tested..
 • Rather than using two separate samples, one sample is used.
• The transaction is recognised on releasing goods from inventory, resulting
in a despatch document, sales invoice and entries in the detailed sales
listing and trade receivables account. 30 inventory issues are selected
(throughout the year) and traced through the system to the general ledger.
• At the various stages of the sales system where controls have been
identified for testing, control testing is also carried out. For example, the
control of sales invoice authorisation requires that the sales manager has:
• agreed the details to the authorised despatch note;
• agreed the sales price and discounts to the customer database;
• checked the sales tax and cross-cast the invoice;
• signed all copies of the invoice as evidence of the checks.
• As part of the transaction test, each invoice in the sample would have been
substantiated (inventory issue to despatch note, despatch note to sales
invoice, other details on invoice to supporting evidence, calculations and
casting).
• The auditor, therefore, effectively re-performs the control action of the
manager. The control can be considered effective if the manager's
signature is on all invoices. If invoices were found without the manager's
signature and the auditor concludes (after further investigation) that the
control cannot be relied on (e.g. no alternative control), an additional 20
inventory despatch items would be selected for further transaction testing.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

7. Assertions and audit evidence

• Explain the assertions contained in the financial statements about:
xiii. Classes of transactions and events and related disclosures;
xiv.Account balances and related disclosures at the period end.
• Describe audit procedures to obtain audit evidence, including inspection,
observation, external confirmation, recalculation, reperformance, analytical
procedures and enquiry.
• Discuss the quality and quantity of audit evidence.
• Discuss the relevance and reliability of audit evidence.
8. Audit procedures
• Discuss substantive procedures for obtaining audit evidence.
• Discuss the difference between tests of control and substantive procedures.
Summary and Quiz

• The auditor must obtain sufficient appropriate audit evidence to base the audit
opinion.
• Audit evidence may be internal or external, oral or written, direct or indirect, or
auditor-generated.
• Sufficiency (concerning quantity) depends on audit risk, reliance on effective
controls, the auditor's experience, materiality and audit findings. It also
depends on the quality (i.e. source and reliability) of the evidence.
• Appropriate evidence must be both relevant and reliable.
• Relevance means that the audit evidence supports management's assertions:
• For transactions and events and related disclosures, these are completeness,
occurrence, classification, cut-off, accuracy and presentation (COCO AP).
• For account balances and related disclosures, these are completeness,
accuracy, valuation and allocation, rights and obligations, existence,
presentation and classification (CARE PC).
• Reliability is influenced by source (e.g. external is more reliable than internal
and written is more reliable than oral). Evidence is more persuasive if it is
consistent with other evidence.
• When testing for overstatement, the direction of the testing is from the
financial statements to the supporting evidence.
• When testing for understatement, the direction of the testing is from the
source to the financial statements.
• Evidence is obtained in risk assessment procedures, tests of controls and
substantive procedures.
• Procedures to gather evidence include inspection, observation, inquiry,
confirmation, recalculation, re-performance and analytical procedures.
• Substantive procedures are performed to detect material misstatement at the
assertion level (i.e. classes of transaction, account balances and disclosures)
and include:
• substantive analytical procedures; and
• tests of details.
• The greater the reliance placed on controls, the lower the level of substantive
procedures.
• The greater the risk of material misstatement, the greater the extent of
substantive procedures.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
 • The audit of assertions (s.3)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Sources of Evidence for Tangible Non-current Assets

Examples

• Accounting systems The tangible asset register (which records

details of the tangible assets)

• Documentation Documents such as: Capital expenditure

requisition (asserts authorisation), purchase
invoices (evidence of cost)

• Tangible assets The actual tangible assets themselves in

situ: land and buildings, plant and
equipment, motor vehicles (confirms
existence)

• Management and employees Board minutes (authorisation/capital

commitments), Job description and
responsibilities (to identify persons-in-
charge)

• Customers and suppliers Tenants (of premises rented from the

client); users of client's assets (drivers,
lessees, etc.)

• Other third parties Bank (for mortgaged/securitised assets)

• Analytical procedures Depreciation "proof in total"

Activity 2 Ranking Evidence

Rank

9. Internal oral 1
10. External oral 2
11. Auditor obtained (on originals) 4
12. External documentary 3
Activity 3 Procedures

Description/Examples

xv. Inspection The examination of:

13. Records and documents – manual
and electronic. Reliability depends
on the source.
14. Employees – existence.
15. Tangible assets – non-current
assets and inventory existence (not
necessarily ownership, cost or
value).

xvi. Observation Watching a process or procedure being

performed (e.g. mail opening, physical
inventory count). Evidence is only reliable
at that time.

xvii. Inquiry Of knowledgeable persons – written or

oral/inside or outside (e.g. bank request).
Responses produce new information or
corroborative evidence.

xviii. Confirmation Response to inquiry to corroborate

information (e.g. confirmation of trade
receivable by communication with credit
customers).

xix. Recalculation Checking arithmetical accuracy (e.g. source

documents, accounting records, analysis
schedules); For example, using CAATs.

xx. Reperformance Independent execution of procedures and

controls that were originally performed as
part of internal control.
Use of CAATs to reperform receivables age
analysis.

xxi. Analytical procedures Study of plausible relationships between

both financial and non-financial data.
Investigation of identified fluctuations and
relationships that are inconsistent with
predictions and expectations.
Activity 4 Additions to Plant and Equipment

Assertion Substantive procedure

xxii. Completeness Review repairs and renewals accounts in

the general ledger (asset expenditure)
Trace a sample of non-current asset
purchases to receiving reports and the non-
current asset register

xxiii. Occurrence Agree a sample of additions to a receipt

notification and purchase invoice

xxiv. Classification Examine a sample of significant charges to

repairs and maintenance for items that
should have been capitalised (also a
completeness test)
Review lease transactions for proper
classification as operating or finance

xxv. Cut-off Review non-current asset purchases from

shortly before and after the year end for
recording in the proper period

xxvi. Accuracy Recalculate depreciation expense,

revaluation losses and surplus, and
impairment losses

Activity 5 Factory Payroll

• Agree to general ledger accounts

Financial Statements (via trial balance) – inclusion,

↓ •
completeness, classification.
Check casts/balance – correct,
Ledger Account(s) accurate.
•
↓ Agree to payroll summaries –
correct, complete.
Payroll/payslips • Check (a sample of)

↓ casts/calculations – valuation,
correct.
Clockards • Agree hourly rate to personnel
records – correct, accurate.
• Agree hours worked to clock cards
– correct, accurate, occurrence.
• Confirm authorised – occurrence,
complete, accurate.
• Check total hours – correct,
accurate, complete.
• Physically inspect employees and/or
HR records – existence.
Chapter 16: Analytical Procedures

Visual Overview

Objective: To describe the role of analytical procedures in the audit process and the
use of substantive analysis.

1.1 Meaning

Definition

Analytical procedures – evaluations of financial information through analysis of

plausible relationships between both financial and non-financial data. Analytical
procedures also encompass such investigation as is necessary of identified
fluctuations or relationships that are inconsistent with other relevant information or
that differ from expected values by a significant amount.
Various methods may be used to perform analytical procedures. These range from
simplistic comparisons and ratio analysis to complex analysis using advanced
statistical techniques (e.g. linear regression analysis, fair value models).
1.2 Purposes

Analytical procedures are used throughout the audit process and are conducted for
three primary purposes. The auditor's objectives are:
• To perform risk assessment procedures at the planning stage (Chapter 8)
through inquiry, analytical procedures, observation and inspection (ISA 300
and ISA 315);
• To obtain relevant and reliable audit evidence when using substantive
analytical procedures (ISA 520 Analytical Procedures); and
• To design and perform analytical procedures at the overall review stage (see
Chapter 29) to assist in forming an overall conclusion as to whether the
financial statements are consistent with the auditor's understanding of the
entity (ISA 520).
Key point

Analytical procedures must be used at the planning and review stages of the
audit. Their use in obtaining substantive audit evidence depends on the auditor's
professional judgment regarding the sufficiency and reliability of the evidence they
can provide.

1.3 Consideration of Relationships

The uses of analytical procedures include consideration of the relationships

between:
• elements of financial information expected to conform to a predicted pattern;
and
• financial information and relevant non-financial information.
Relationships between Examples

• Elements of financial information Gross profit % to sales.

expected to conform to a
Interest income/expense as a % of
predicted pattern.
bank balance/overdraft.

• Financial information and Payroll costs to the number of

relevant non-financial employees.
information.

1.4 Comparisons of Financial Information

Analytical procedures also include comparisons of financial information with, for
example:

Illustration

• Prior periods 20X2 20X2 20X1

(e.g. days,
Actual Budget Actual
months,
years) 11,900 12,000 10,000

• Anticipated Revenue
results (from ($)
budgets and
forecasts)

• Predictive • Depreciation for year ≈ 15% × year end

estimates cost

• Patent income for year ≈ patent rate

per item × number of items produced

• Similar • Receivables turnover vs industry

industry average
information

• Gross profit vs market sector average

1.5 Expectations

Before performing analytical procedures, the auditor should develop an expectation

of the results of the analytical procedures based on his understanding of the entity
and its environment and the accounts, balances and transactions reported in the
financial statements.
To form a conclusion based on analytical procedures, the auditor must compare the
expectation to the actual results of the analytical procedures and investigate any
differences or unexpected fluctuations.

Example 1 Using Expectations

Following discussions with management during the year, a review of the

management accounts and an understanding of the business environment in
which an audit client operates, the auditor expects the current year's results to be
lower than those of the previous year.
 However, according to the draft financial statements, revenue has increased and
the gross profit percentage has also improved. The auditor would need to gather
additional audit evidence to determine why the results of the analytical procedures
are not consistent with expectations.

2.1 Need For

Analytical procedures performed during planning help the auditor to:

• understand the business;
• identify risks of material misstatement; and
• plan the nature, timing and extent of other audit procedures.
"Preliminary" analytical procedures are used to:
• assess financial condition and the associated risk (e.g. of deliberate
misstatement);
• increase knowledge of the business through the accumulation of information
about trends in key relationships;
• identify the existence of unusual transactions, events, trends and
relationships; and
• plan the nature, timing and extent of other audit procedures (by directing tests
to areas of potentially material misstatement).
Preliminary analytical procedures are based on, for example:
• interim financial and non-financial information;
• budgets/forecasts and management accounts;
• draft financial statements;
• discussions with the client; and
• internal and external benchmarks.

2.2 Typical Approach

The auditor will perform analytical procedures based on key financial ratios as a risk
assessment procedure.
• Depending on the complexity of the client, this may be a simple spreadsheet
detailing the key ratios with a requirement for comment on ratios and trends
for audit action.
• Alternatively, it may be an integrated part of the auditor's client knowledge
base with links to internal/external benchmarks, the client's management and
financial accounting system and similar regulator's/industrial databases. As
well as routine ratio analysis, analytical procedures may use statistical and
 probability techniques and data mining to identify unusual relationships and
events.
• Comparison should be made with at least the prior year equivalent ratios, if
not a three- to five-year trend. Trend analysis will generally provide more
enlightening information than a simple comparison with the prior year.
Analytical procedures at the planning stage should be updated throughout the audit
as material adjustments are found. Ratios affected are then reconsidered and further
work is undertaken as necessary.

Example 2 Financial Ratios

• The deterioration of short-term and/or long-term financial ratios potentially

increases the risk that the entity is nota going concern.
• Key performance indicators such as gearing may indicate a potential
breach of loan agreements.
• An increase in receivable days may, for example, indicate credit risk and a
potential increase in irrecoverable debts.
• A decrease in gross profit percentage may indicate, for example, inventory
"shrinkage" (i.e. theft), poor cut-off procedures or an increase in competition
(such that prices were reduced) or increased costs not passed on to the
customer.

Exam advice

An examination question may require you to suggest why specific ratios have
changed and the implications of the changes for planning the audit.

2.3 Ratio Analysis

Ratios used in analytical procedures include:

• Performance ratios (e.g. profit margins and return on capital employed);
• Liquidity ratios (e.g. current and quick ratios, gearingand interest cover);
• Efficiency ratios (e.g. receivables collection period and payables payment
period).
When used in audit procedures it is important to remember that some differences
may arise due to cut-off errors or factors which affect the reliability of the figures
used (e.g. ineffective controls).

2.3 Ratio Analysis

Ratios used in analytical procedures include:

• Performance ratios (e.g. profit margins and return on capital employed);
 • Liquidity ratios (e.g. current and quick ratios, gearingand interest cover);
• Efficiency ratios (e.g. receivables collection period and payables payment
period).
When used in audit procedures it is important to remember that some differences
may arise due to cut-off errors or factors which affect the reliability of the figures
used (e.g. ineffective controls).

2.3.1 Performance Ratios

Gross profit % • Measures the margin earned on
𝐺𝑟𝑜𝑠𝑠 𝑝𝑟𝑜𝑓𝑖𝑡
× 100 sales and is often considered a
𝑆𝑎𝑙𝑒𝑠
measure of the quality of the
profits. Like for like, it should
remain reasonably stable.
• Variations may be attributable to:
• change in sales prices;
• change in sales mix;
• change in purchase/production
costs;
• inventory obsolescence; and
• errors in inventory counting and
valuation.

Return on capital employed (ROCE) • Measures the company’s overall

Pr 𝑜𝑓𝑖𝑡 𝑏𝑒𝑓𝑜𝑟𝑒 𝑖𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝑎𝑛𝑑 𝑡𝑎𝑥
(𝑆ℎ𝑎𝑟𝑒 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 + 𝑟𝑒𝑠𝑒𝑟𝑣𝑒𝑠 + 𝑑𝑒𝑏𝑡)
× 100 efficiency in employing available
resources.
• Care should be taken when
comparing different companies
as carrying amounts of assets
may be based on different
accounting policies (e.g. cost or
revaluation models under IAS
16).
• Rapidly declining ratio may
indicate potential going concern.

2.3.2 Liquidity
Current ratio • Current ratio measures
𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝑎𝑠𝑠𝑒𝑡𝑠
adequacy of current assets to
𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝐿𝑖𝑎𝑏𝑖𝑙𝑖𝑡𝑖𝑒𝑠
meet and settle current liabilities.
• The quick ratio removes the
slowest moving item(inventory)
from the calculation and
measures short-term liquidity.
 • Low ratio may indicate liquidity
problems; high ratio may indicate
poor use of shareholders' funds.

Quick ratio ("acid test") • Link to constituent components

𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝑎𝑠𝑠𝑒𝑡𝑠 − 𝐼𝑛𝑣𝑒𝑛𝑡𝑜𝑟𝑦 of ratio – inventory obsolescence
𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝐿𝑖𝑎𝑏𝑖𝑙𝑖𝑡𝑖𝑒𝑠 (in case of current
ratio),recoverability of
receivables (in case of both
ratios).
• Be aware of manipulation,
especially if a ratio is a condition
of loan finance – if a company
has positive cash balance sand a
ratio greater than 1:1, the
payment of payables just prior to
the year end will improve the
ratio ("window dressing").

As the quick ratio omits inventory, it is a better indicator of liquidity but is subject to
distortion. For example, retailers have few receivables and quickly use cash from
sales, but finance inventory from trade payables. So their quick ratios are usually
low.

Gearing • Measures relationship between

𝐷𝑒𝑏𝑡
company's borrowings and its
𝐸𝑞𝑢𝑖𝑡𝑦
share capital and reserves.
• A highly-geared company has a
substantial proportion of capital
in the form of preference shares,
debentures or loan notes.
• Interest on fixed return capital
(and dividends on preference
shares) generally has to be paid
irrespective of profits earned –
this may raise doubts about the
company’s ability to continue as
a going concern if it is unable to
meet its fixed return capital and
interest obligations. High gearing
therefore needs to be
accompanied by stable profits.
• Asset backing – generally loan
capital is secured on assets
which should be suitable for this
purpose (not depreciating quickly
 or subject to rapid changes in
demand and price).
High gearing usually indicates increased risk for shareholders as, if profits fall, debts
will still need to be financed, leaving much smaller profits available to shareholders.
Highly geared businesses are also more exposed to insolvency in an economic
downturn. However, shareholders' returns will grow proportionately more where
profits are increasing.
Gearing is significant to lenders as they are likely to charge higher interest (and be
less willing to lend) to companies which are already highly geared (as they are more
likely to default on the interest or debt repayments).

Interest cover • Indicates the ability of a

Pr 𝑜𝑓𝑖𝑡 𝑏𝑒𝑓𝑜𝑟𝑒 𝑖𝑛𝑡𝑒𝑟𝑒𝑠𝑡
company to pay interest
𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡
obligations from profits
generated.
• Interest cover of less than two is
usually considered
unsatisfactory. This indicates
that the company may have
difficulty financing its debts if its
profits fall and also indicates to
shareholders that their dividends
are at risk as interest must be
paid first, even if profits fall.

2.3.3 Efficiency
Inventory turnover • Shows how many times a
𝐶𝑜𝑠𝑡 𝑜𝑓 𝑠𝑎𝑙𝑒𝑠
= 𝑅𝑎𝑡𝑖𝑜 𝑎𝑠 𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑡𝑖𝑚𝑒𝑠 company's inventory is sold and
𝐼𝑛𝑣𝑒𝑛𝑡𝑜𝑟𝑦
Inventory holding period replaced over a period or the
number of days it takes to turn
𝐼𝑛𝑣𝑒𝑛𝑡𝑜𝑟𝑦
= 𝑅𝑎𝑡𝑖𝑜 𝑖𝑛 𝑑𝑎𝑦𝑠 over an inventory level.
𝐶𝑜𝑠𝑡 𝑜𝑓 𝑠𝑎𝑙𝑒𝑠 × 365
• The ratios should be compared
against industry averages (e.g.
fresh vegetables have a far
shorter shelf life than jewellery).
A low turnover/high number of
days implies poor sales,
inefficient use of resources and
excess inventory
(obsolescence). A high ratio
indicates strong sales but
increases the risk of stock-outs.
• The ratio may be further
analysed as follows:
 • raw materials to volume of
purchases;
• WIP to cost of production;
• finished goods to cost of sales.

Receivables collection period • Measures the period of credit

𝑇𝑟𝑎𝑑𝑒 𝑟𝑒𝑐𝑒𝑖𝑣𝑎𝑏𝑙𝑒𝑠
× 365 taken by customers (typically
𝐶𝑟𝑒𝑑𝑖𝑡 𝑠𝑎𝑙𝑒𝑠
30–40 days, depending on the
𝑌𝑒𝑎𝑟−𝑒𝑛𝑑 𝑟𝑒𝑐𝑒𝑖𝑣𝑎𝑏𝑙𝑒𝑠
× 365 industry).
𝐶𝑟𝑒𝑑𝑖𝑡 𝑠𝑎𝑙𝑒𝑠
• A change in the ratio may
indicate:
• bad debt/collection problems;
• change in nature of customer
base;
• change in settlement terms.
• Need to ensure year-end
receivables give a reasonable
indication of receivable profile for
the year.

Payables payment period • Measures the number of days'

𝑇𝑟𝑎𝑑𝑒 𝑝𝑎𝑦𝑎𝑏𝑙𝑒𝑠 credit taken by a business from
× 365
𝐶𝑟𝑒𝑑𝑖𝑡 𝑝𝑢𝑟𝑐ℎ𝑎𝑠𝑒𝑠 suppliers. It should be broadly
𝑌𝑒𝑎𝑟−𝑒𝑛𝑑 𝑝𝑎𝑦𝑎𝑏𝑙𝑒𝑠 consistent with receivable days
× 365
𝐶𝑟𝑒𝑑𝑖𝑡 𝑝𝑢𝑟𝑐ℎ𝑎𝑠𝑒𝑠 (e.g. cash needs to be received
to pay suppliers).
• An increase may indicate
liquidity problems, extended
credit terms taken, the threat of
payment before delivery from
suppliers or potential
appointment of a receiver by
aggrieved suppliers.

Exam advice

In the calculation of these efficiency ratios, the account balance may be the year-
end balance or, if comparative information is available, a simple average of the
opening and closing balances.
Days should be rounded to whole numbers rather than show decimal points.

3.1 Approach
The relevant standard is ISA 520 Analytical Procedures.
Substantive analytical procedures are just ONE means of obtaining audit evidence.
The auditor should:
• Determine the suitability (and sufficiency) of particular substantive analytical
procedures for given assertions.
• Evaluate the reliability of the underlying data – source, comparability, nature,
relevance and controls over preparation.
• Develop an independent expectation of recorded amounts or ratios and
evaluate whether the expectation is sufficiently precise to identify a
misstatement.
• Determine the amount of any difference that is acceptable without further
investigation.

3.2 Suitability

Substantive analytical procedures can be used:

• by themselves, to provide suitable and sufficient audit evidence;
• to test all assertions related to transactions (completeness, occurrence,
classification, cut-off and accuracy);
• to test the completeness, allocation and valuation, and existence assertions
for balances (but do not provide evidence related to rights and obligations).
The procedures may also provide corroborative evidence (e.g. comparison of gross
margin or profit percentages alone is usually insufficient audit evidence for sales but,
in combination with other tests, can be useful corroborative evidence).
Analytical procedures may be particularly effective in testing for understatement (i.e.
completeness). For example, in predicting sales from purchases and known margins.
Where sufficient substantive evidence is not obtained by analytical procedures
alone, tests of details will also be required.

Key points

• Substantive analytical procedures are generally more applicable to large

volumes of transactions that tend to be predictable overtime where known
relationships are expected to continue.
• They are also suitable where strong controls over transactions are in place.
If controls are weak, more audit evidence should be obtained from tests of
details. There should not be tests of control at this stage of the audit.

Example 3 Substantive Procedures for Payroll

Payroll assertions Analytical procedures Tests of details
(Ideas in outline)

Completeness • Compare the cost • Postings from

with the payroll to general
budget/prior ledger.
period(s) – month- • Agreeing the
on-month and existence of
year. employees (e.g.
• "Proof in total" by physical
(e.g. the number verification or
of employees on agreement to
the payroll can be personnel
verified to records).
independent
control totals –say
in HR).

Occurrence • Compare the cost • Agreeing Cash

with the /bank payments
budget/prior and transfers.
period(s). • Starters and
• Ratio analysis leavers (e.g.
(e.g. average cost confirm all leavers
per employee by in a period were
department)and excluded from
comparison with that period's
prior periods and payroll and all
other joiners included).
departments.

Accuracy, cut-off and • Compare accruals • Postings from

classification (e.g. statutory payroll to general
deductions, ledger.
holiday pay, etc) • Sample payroll
with prior transactions
period(s). (accuracy, etc)
• Labour turnover and cut-off testing
(should decrease at period end.
with increasing
remuneration).

Presentation • Compare • Postings from

disclosure with general ledger to
prior-year payroll.
 financial
statements.
• Ratios (e.g.
payroll to cost of
sales, average
pay per
employee).

Activity 1 Substantive Procedures for Revenue

Required:

Suggest a suitable analytical procedure for each of the following assertions relevant
to revenue from contracts with customers. Where analytical procedures may not be
applicable or insufficient, suggest a test of detail.
• Completeness
• Occurrence
• Accuracy, cut-off and classification.
*Please use the notes feature in the toolbar to help formulate your answer.

3.3 Reliability of Data

The reliability of data is influenced by its source and nature and the circumstances
under which it is obtained. Accordingly, the following are relevant when determining
whether data is reliable for purposes of designing substantive analytical procedures.

Factors to consider Impact on use

• Audit objectives (see assertions See the extent of reliance (below).

above) and extent of reliance.

• Degree of disaggregation of Procedures are more effective when

available information. applied to components rather than the
whole.

• Availability of financial and non- Independently prepared non-financial

financial data. data should result in more effective
procedures.
 • Nature and relevance of the Budgets prepared with sufficient care
information available. will facilitate more effective procedures.
They will be more useful if based on
expectation rather than goals to be
achieved.

• Sources of information. Independent sources are more reliable.

• Comparability of information Broad industry data may not be relevant

to specialised products.

• Knowledge gained previously Effective procedures are based on

(“CAKE”– cumulative audit recognising unusual/unexpected
knowledge and experience) variations. If knowledge is limited, it is
difficult to know what to expect.

• Nature of business and its Steady trends develop in some

operations. businesses; therefore easier to know
what to expect and identify variations.

• Controls in operation Consider the need to test the

effectiveness of controls over the
production of the data.

Activity 2 Analysis of Payroll

Albatross Co had 100 employees last year with total wages of $840,000 and 100
employees this year with a wage bill of $950,000, an increase of 13%. The annual
pay rise was 6% and the level of business has remained approximately constant.

Required:

a. Suggest reasons other than error or fraud, which could account for the
greater-than-expected increase.
b. In the absence of a satisfactory reason for the increase, suggest how
the payroll could have been inflated by error or fraud.
*Please use the notes feature in the toolbar to help formulate your answer.

3.4 Precision

Matters relevant to the auditor's evaluation of whether the expectation can be

developed with sufficient precision to identify a material misstatement include:
 Relevant matter Example

• The accuracy with which the Greater consistency in comparing gross

expected results of substantive profit margins from one period to
analytical procedures can be another can be expected than in
predicted. comparing discretionary expenses (e.g.
research and development or
advertising).

• The degree to which information Substantive analytical procedures may

can be disaggregated. be more effective when applied to
financial information on individual
sections of an operation rather than the
financial statements

• The availability of the Is the information (e.g. budgets,

information, both financial and forecasts, number of units produced or
non-financial. sold) available to design substantive
analytical procedures? If the information
is available, its reliability also must be
considered (see above).

Key point

In summary, the expected use of analytical procedures will be for highest:

• for existing well-established clients;
• in well-known, stable industries;
• where predictive information is available (budgets, cash flow forecasts);and
• where internal controls operate effectively.

3.5 Differences Identified

The higher the risk assessment, the more persuasive audit evidence needs to be.
Accordingly, as the assessed risk increases, the amount of difference between the
expected and actual analytical result considered acceptable without further
investigation decreases to achieve the desired level of persuasive evidence.
The auditor must use professional judgment to determine when and what further
investigation is required.

Example 4 Testing Petrol Cost in a Taxi Firm

Steps Application

1. Identify Petrol costs are determined by kilometres driven

factors
likely
to
influen
ce the
amoun
t to be
tested

2. Clarify Kilometres per litre range from 4.6 to 5.3

the
relation
ship
and
confirm
it is
credibl
e and
relevan
t

3. Predict Kms driven Average Expected

the price per petrol cost
likely litre ($) ($)
range
of Jan 2,387 1.59 825 – 716
values
Feb 2,954 1.61 1034 – 897
etc

4. Compa Prediction ($) Actual ($)

re
predicti Jan 716 – 825 755
ons
with Feb 897 – 1034 1200
actual

5. Investi January is within range; February is not

gate
varianc
es and
corrob
orate
 explan
ations

Activity 3 Proof in Total

Describe how proof in total may be used as a substantive analytical procedure for
the following financial statement elements:
c. Depreciation;
d. Payroll;
e. Investment income;
f. Hotel revenue.
*Please use the notes feature in the toolbar to help formulate your answer.

4.1 Near the End of the Audit

Key Point

Towards the end of the audit, analytical procedures are performed to help form an
overall conclusion about whether the financial statements are consistent with the
auditor’s understanding of the entity.
The aim is to corroborate, or otherwise, conclusions formed during the audit of the
individual elements of the financial statements.

The analytical procedures at the review stage are usually similar to those carried out
when understanding the entity at the planning stage. In practice, the analytical
procedures including ratio analysis done during planning will be updated with the
final figures and the auditor's findings during the audit (e.g. changes to balances
because of discovered errors), reviewed, further work undertaken, and conclusions
formed.
In addition, the analytical procedures would be summarised for the engagement
partner's attention as part of the closedown procedures.

5.1 Fluctuations or Inconsistent Relationships

Key Point
 Any fluctuations or relationships which are inconsistent with other relevant
information or which differ from expected values by a significant amount should be
investigated through:
• Inquiring of management and obtaining appropriate audit evidence relevant
to management's responses.
• Performing other audit procedures as necessary in the circumstances.

Unexpected trends or deviations should be discussed with management in the first

instance (or other knowledgeable persons among the client's staff).
• Explanations must be substantiated (e.g. by reference to existing knowledge
and audit evidence already obtained).
• If management's explanation is inadequate, further audit procedures may be
necessary.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

B. Planning and Risk Assessment

6. Understanding the entity, its environment and the applicable financial

reporting framework
• Describe and explain the nature, and purpose of, analytical procedures in
planning.
• Compute and interpret key ratios used in analytical procedures.

D. Audit Evidence

7. Audit procedures
• Discuss and provide examples of how analytical procedures are used as
substantive procedures.

Summary and Quiz

• Analytical procedures evaluate financial information by analysing plausible

relationships between financial and non-financial data.
 • Analytical procedures are required during the planning and review stages of
the audit and may be used as substantive procedures.
• Analytical procedures are performed during the planning stage to assist in
understanding the business, identifying areas of risk and planning the nature,
extent and timing of further audit procedures.
• Key ratios include:
• Gross profit percentage;
• Liquidity ratios (e.g. current ratio);
• Efficiency ratios (e.g. inventory holding period).
• Substantive analytical procedures are particularly suitable for obtaining
evidence on large volumes of predictable transactions with effective internal
controls.
• Analytical procedures performed during the overall review stage assist the
auditor in forming an overall conclusion and corroborate the conclusions
formed during the audit.
• The auditor must investigate further when there is an unacceptable or
unexpected difference between the expected and actual analytical result.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Analytical procedures
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Substantive Procedures for Revenue

Revenue assertions Analytical procedures Tests of details

(ideas inoutline)

• Completeness • Comparison with the • Cut-off tests (goods

budget, prior despatch).
period(s),etc. • Postings from
• Review of gross detailed sales listing
profit%(s). to general ledger.
 • Reasonableness • Sales orders to
test(where margins despatch notes and
known). invoices.

• Occurrence • Ratio of sales • Sales invoices to

returns to sales. customer orders.
• Average number or • Post year-end credit
value of credit notes notes.
per month. • Sales returns and
allowances.
• Direct confirmation.

• Accuracy, cut-off • As for • Postings from

and classification completeness. detailed sales listing
• Ratio of discounts to to general ledger
credit sales. • Cut-off tests (goods
despatch).
• Sample of invoices
(prices, etc).
• Direct confirmation.

Activity 2 Analysis of Payroll

As an additional exercise consider what the audit response would be.

g. Business reasons
• There may have been a change in sales mix with previously bought-in goods
being replaced by goods manufactured in-house, resulting in substantial
authorised overtime.
• There could have been a switch to more skilled (therefore more expensive)
labour. Response: confirm via payroll and production records.
h. Possible error or fraud
• Misposting in the general (nominal) ledger (i.e. error). Response: direct
substantive procedures towards finding any errors of this nature.
• "Dummy" employees on the payroll (i.e.fraud).
• Unauthorised overtime being paid (this could be unintentional).
• Employees being paid at a higher rate than authorised (not necessarily on
purpose).

Activity 3 Proof in Total

i. Depreciation – for each category of asset:

• (Cost + Additions − Disposals) × straight-line % = Charge for year
• Alternatively, using the reducing balance method, adjust accumulated
depreciation for additions and disposals also, and calculate depreciation on
the net amount.
j. Payroll
• Use information about the workforce (numbers of starters and leavers, wage
rates, pay rises, productivity bonuses, etc) to construct a model for the total
payroll figure. For example:
• (Last year's audited expense (confirmed base data) ± starters/leavers) × (1+i),
where i is the average percentage pay rises.
• It can be further adjusted to reflect when the pay raises took effect.
k. Investment income
• Apply known interest rates to the nominal value of investments (audited).
l. Hotel revenue – income for the year
• Occupancy Room rate; or
• Last year's income (audited) × (1+i), where i is the percentage increase in the
room rate
Chapter 17: Accounting Estimates

Visual Overview

Objective: To describe and consider the audit approach to accounting estimates.

1.1 Definitions

The relevant standard is ISA 540 Auditing Accounting Estimates and Related
Disclosures.

Definitions

Accounting estimate – an approximation of a monetary amount in the absence of

a precise means of measurement.
Estimation uncertainty – the susceptibility of an accounting estimate and related
disclosures to an inherent lack of precision in its measurement.

Key Point
 The auditor's objective is to obtain sufficient appropriate audit evidence about
whether accounting estimates and related disclosures in the financial
statements are reasonable in the context of the applicable financial reporting
framework.

1.2 Nature

Some financial statement items cannot be measured precisely but can only be
estimated.

Activity 1 Examples of Accounting Estimates

Give FIVE examples of items found in financial statements for which accounting
estimates may be required.
*Please use the notes feature in the toolbar to help formulate your answer.
The nature and reliability of information available to management to support the
making of an accounting estimate vary widely, thereby affecting the degree of
estimation uncertainty associated with accounting estimates.
The degree of estimation uncertainty affects, in turn, the risks of material
misstatement of accounting estimates, including their susceptibility to unintentional
or intentional management bias.
The basis for the estimation will mainly be determined by the requirements of the
relevant financial reporting standard.

1.3 Determination

Key Point

Management is responsible for establishing the need for and making accounting
estimates included in financial statements.
Any formulae used (e.g. standard depreciation rates) need to be reviewed regularly
(e.g. every year) by management to assess their appropriateness and continued
use. This will include the review of the outcome of the prior year's use of estimation
formulae.
Estimates may be:
• simple (e.g. accrued expense for rent, depreciation expense, etc) and
therefore estimation uncertainty will be very low and point estimates easily
made;
• relatively complicated (e.g. requiring analysis of current data and sales
forecasts to estimate slow-moving inventory or the unknown outcome of
litigation);
• complex (e.g. involving modelling) and therefore high estimation uncertainty
with a range of estimation points that the auditor must carefully establish;
• routine (i.e. operating continuously);
• non-routine (e.g. operating only at the period end);
• one-off (i.e. not expected to occur again).
Audit evidence may be more difficult to obtain and less conclusive than that available
to support other items in the financial statements. It may rely on management's "best
guess" under the circumstances (e.g. the possible or probable outcome of litigation)
or management's development of a fair value model.

2.1 Planning

Key Point

When performing risk assessment procedures, the auditor must understand how
management determines accounting estimates to identify and assess the risks of
material misstatement in accounting estimates. The more subjective the estimate,
the greater the need for professional judgment and scepticism.

2.1.1 Applicable Financial Reporting Framework

The auditor must understand the requirements of the applicable financial reporting
framework relevant to accounting estimates, including related disclosures.
• IFRS examples include IAS 2 (inventory net realisable value), IAS 16
(depreciation, fair value for revaluation) and IAS 37 (future economic outflows
for provisions).
 • IFRS also requires disclosures concerning the material assumptions to which
accounting estimates are sensitive. This can be "simple" (e.g. about debt
collection) or complex (e.g. credit default swaps).

2.1.2 Identification by Management

The auditor must understand of how the management identifies transactions, events
and conditions that may give rise to the need for accounting estimates to be
recognised.
• The auditor will make enquiries directly of management, gaining additional
insight from his understanding of the business and assessment of internal
control.
• This is particularly important when an estimation process has changed or a
new estimation process is required.

2.1.3 Management Procedures

The auditor must understand how management makes accounting estimates and the
data on which accounting estimates are based (i.e. the method, including the model,
where applicable. Considerations include:
• control activities;
• whether management uses an expert (Chapter 18);
• the reasonableness of underlying assumptions;
• whether there has (or should have) been a change from the prior period
methods and, if so, why;
• whether and how management assesses the effect of estimation uncertainty
(e.g. using sensitivity analysis); and
• the outcome of estimations made in the prior period or their subsequent re-
estimation for the current period.
From these procedures, the auditor can establish the risk of material misstatements
relating to estimates and plan the work programme accordingly.

Activity 2 Controls Over Accounting Estimates

Describe the matters an auditor may consider when obtaining an understanding of

control activities over management's process of making accounting estimates.
*Please use the notes feature in the toolbar to help formulate your answer.
2.2 Estimation Uncertainty

The degree of estimation uncertainty must also be evaluated when identifying and
assessing the risk of material misstatement in estimates. Factors that may influence
estimation uncertainty include:
• the extent to which the accounting estimate depends on management
judgment (e.g. this may give rise to concern about management bias);
• the sensitivity of the accounting estimate to changes in assumptions;
• the existence of recognised measurement techniques that may reduce such
uncertainty;
• the length of any forecast period (i.e. the longer the period, the lower the
reliability of the data) and the relevance of data drawn from past events to
forecast future events;
• the availability of appropriate data from external sources (if such sources are
reliable); and
• the extent to which the accounting estimate is based on observable (more
precise) or unobservable inputs (less precise).

2.3 Response to Assessed Risk

The auditor should use one, or a combination, of the following three approaches:
1. Obtain audit evidence from subsequent events;
2. Test how management made the accounting estimate; and/or
3. Develop an auditor’s point estimate or range.

2.3.1 Obtain Audit Evidence from Subsequent Events

In some circumstances, obtaining audit evidence from events occurring up to the

date of the auditor’s report may provide sufficient appropriate audit evidence to
address the risks of material misstatement. For example, the sale of all inventory of a
discontinued product shortly after the reporting date may provide sufficient
appropriate audit evidence relating to the estimate of its net realisable value.
(Subsequent events are considered in detail in Chapter 31.)

2.3.2 Testing How Management Made the Accounting Estimate

The auditor should obtain sufficient appropriate audit evidence relating to:
• Management’s selection and application of methods, significant assumptions
and data used;
• Management’s selection of the point estimate (i.e. the amount recognised)
and disclosures about estimation uncertainty (i.e. why measurement cannot
be precise).
This may be an appropriate approach when, for example:
• The auditor’s review of similar accounting estimates made in the prior period
suggests that management’s current period process is appropriate;
• The accounting estimate is based on a large population of similar items that
are not significant individually;
• The applicable financial reporting framework specifies how management is
expected to make the accounting estimate (e.g. the loss allowance for trade
receivables);
• The accounting estimate is derived from the routine processing of data.

2.3.3 Auditor’s Point Estimate or Range

Developing an auditor’s point estimate or range may be an appropriate approach

when, for example:
• The auditor’s review of similar accounting estimates made in the prior period
suggests that management’s current period process is not expected to be
effective;
• Controls over management’s process for making accounting estimates are not
well designed or properly implemented;
• Subsequent events or transactions appear to contradict management’s
estimate;
• There are appropriate alternative assumptions or sources of relevant data can
be used in developing an auditor’s point estimate or a range.
Ways in which the auditor’s estimate can be developed include using, for example:
• A different model to the one used by management;
• Management’s model but with alternative assumptions or data sources to
those used by management;
• An expert to develop or execute a model or to provide relevant assumptions
(see Chapter 18).

Example 1 Warranty Provision

Draco & Co is auditing the financial statements of Pilga Co, a manufacturer of

consumer electronics for sale in regional markets.
A significant audit area involving accounting estimates is the warranty provision to
be recognised for products sold.
 All sale contracts include a warranty for manufacturing defects; Pilga Co
guarantees to repair or exchange faulty products returned within the warranty
period.
Historically, Pilga Co’s provision for warranty claims has been relatively stable,
with little change in the percentage claim rate or costs of meeting claims.
During the year, Pilga Co expanded into a new regional market, increasing sales
by about 18%, and invested in a new offshore factory to produce its products.
There have been some concerns about the quality of output from this factory and
this had been evidenced by higher claims for the period.
Draco & Co has identified the measurement of the provision as a significant risk as
the current year provision has not increased.
In response to the assessed risk of misstatement, Draco & Co:
• Performs analytical procedures to compare the level of warranty provision
year-on-year and actual to budgeted provisions. If possible the data is
disaggregated, for example, comparing provisions for specific product
ranges.
• Discusses with management the assumptions underlying the percentage
claim rate used in calculating the provision and considers whether these
are consistent with its understanding of the business.
• Compares last year’s provision with actual expenditure on warranty claims
in the current year to assess the reasonableness of management’s
estimate.
• Recalculates the warranty provision.
If Draco & Co concludes that the provision is materially understated, it will report
its findings to TCWG and ask that the financial statements be adjusted.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

4. Audit procedures
• Discuss the problems associated with the audit and review of accounting
estimates.
Summary and Quiz

• An accounting estimate is an approximation of a monetary amount in the

absence of a precise means of measurement. Accounting estimates are
subject to estimation uncertainty.
• The auditor must obtain sufficient appropriate audit evidence that accounting
estimates are reasonable and adequately disclosed.
• Management is responsible for making accounting estimates and regularly
reviewing the methods used to calculate them.
• The auditor must understand the financial reporting framework and how
management develops its estimates.
• The auditor performs substantive procedures to assess their reasonableness
using the following methods:
• Obtaining audit evidence from subsequent events;
• Test how management made the accounting estimate; and/or
• Develop an auditor’s point estimate or range.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Examples of Accounting Estimates

• Allowance for trade receivables (“credit losses”).

• Inventory obsolescence (allowance reduces cost to net realisable value).
• Provision for warranty obligations or product returns.
• Depreciation/amortisation expenses and accumulated
depreciation/amortisation.
• Costs arising from legal claims.
Activity 2 Controls Over Accounting Estimates

Describe the matters an auditor may consider when obtaining an understanding of

control activities over management's process of making accounting estimates.
*Please use the notes feature in the toolbar to help formulate your answer.
• How management determines the completeness, relevance and accuracy of
the data used to develop accounting estimates.
• The review and approval of accounting estimates, including the assumptions
or inputs used in their development, by appropriate levels of management
and, where applicable, TCWG.
• The segregation of duties between those committing the entity to the
underlying transactions and those responsible for making the accounting
estimates, including whether the assignment of responsibilities appropriately
takes account of the nature of the entity and its products or services.
• Where specific estimation models are used:
• The design and development or selection of a particular model for a specific
purpose.
• The use of the model.
• The maintenance and periodic validation of the integrity of the model.
Chapter 18: The Work of Others

Visual Overview

Objective: To describe the extent to which auditors can rely on the work of others.

1.0 Introduction

The expert may be either internal or external (e.g. in interpreting contracts and law,
he may be a partner in the audit firm's legal department, an organisation's internal
solicitor, the client's external lawyer or another unconnected lawyer).

Definition

Management's expert – an individual or organisation possessing expertise in a

field other than accounting or auditing, whose work in that field is used by the
entity to assist the entity in preparing the financial statements. (ISA 500)
Auditor's expert – an individual or organisation with expertise in a field other than
accounting or auditing, whose work is used by the auditor in obtaining sufficient
appropriate audit evidence. (ISA 620)
1.1 Management's Expert (ISA 500)

1.1.1 Audit Evidence

Typical examples of management's use of an expert include:

• Asset valuations (e.g. land and buildings, plant and equipment, works of art,
precious stones, intangible assets).
• Quantities/physical condition of assets (e.g. mineral reserves, stockpiles, work
on contracts in progress).
• Legal services (e.g. expectation of a claim against the entity being negligible,
possible or probable).
Therefore, management's expert prepares information that the auditor may seek to
use as audit evidence.

Activity 1 Considering the Work of an Expert

Describe the matters that would affect the nature, timing and extent of audit
procedures when considering the work of an expert.
*Please use the notes feature in the toolbar to help formulate your answer.
The auditor must consider the following factors in determining the reliability of the
expert's work:
• competence, capabilities and objectivity of the expert (see s.1.1.2);
• understandability of the expert's work (see s.1.1.3); and
• the appropriateness of the expert's work as audit evidence for the relevant
assertion (see s.1.1.4).

1.1.2 Competence, Capabilities and Objectivity

Definition

Competence – possession of a level of expertise.

Capability – the ability to exercise competence.
Objectivity – the possible effects that bias, conflict of interest or the influence of
others may have on the expert's judgment.

When assessing the competence of management's expert, the auditor considers:

 • Personal experience from previous work of the expert (e.g. through the same
or another client – professional scepticism must still be applied).
• Discussions with the expert (e.g. does he understand how his work relates to
the audit?).
• Discussions with others who are familiar with the expert's work.
• Knowledge of that expert's qualifications, membership of a professional body
or industry association, licence to practice or other external recognition. A
"recognised" expert will be subject to professional standards.
• Published papers or books written by that expert.
An auditor's expert, if any, assists the auditor in obtaining sufficient appropriate audit
evidence on information produced by the management's expert.
When assessing the capability of the expert, the auditor should evaluate the effect
of any limitations placed on the expert's work by the client.
The auditor should:
• Discuss with management and the expert if any interests and relationships
exist that may threaten the expert's objectivity. Where the client directly
employs the expert, this does not automatically mean that his work cannot be
relied on, but that the threat is increased (and therefore the auditor's
professional scepticism).
• Evaluate the adequacy of any applicable safeguards.

Activity 2 Threats to Objectivity

List and give examples of threats that may affect the objectivity of a management
expert.
*Please use the notes feature in the toolbar to help formulate your answer.

1.1.3 Understanding the Work of the Expert

An understanding of the field of expertise of management's expert should be

obtained, including:
• the relevance of the expert's work to the audit assertions;
• the auditor's ability to understand and evaluate the expert's work and findings;
• applicable professional standards or other requirements;
• assumptions and methods used by the expert and whether they are generally
accepted in the expert’s field and appropriate for financial reporting purposes;
• the nature of the internal and external data used by the expert; and
• the need for the auditor (i.e. the engagement partner) to use an auditor's
expert.
The terms of reference between management and management's expert (e.g. letter
of engagement, written instructions and internal procedures manual) should be
reviewed, including:
• the nature, scope and objectives of the expert's work;
• the assumptions and methods to be used;
• access to appropriate records and personnel;
• respective roles and responsibilities;
• the nature, timing and extent of communications; and
• the form/content of the expert's report (in writing), including limitations of use.

1.1.4 Evaluation of Expert's Work

The appropriateness of the expert's work should be assessed in relation to the

relevant assertions. For example, attending a physical count (existence) or a
valuation of work-in-progress on a building site (existence, stage of completion for
valuation). This may include evaluating:
• the relevance and reasonableness of the expert's findings or conclusions their
consistency with other audit evidence, and whether they have been
appropriately reflected in the financial statements;
• the relevance and reasonableness of significant assumptions and methods
used;
• the relevance, completeness and accuracy of sources of data; and
• the relevance and reasonableness of information from an external source.
Wherever possible, the expert's opinion should be corroborated and reviewed for
consistency with other sources of evidence. For example:
• Correspondence (e.g. regarding legal disputes).
• Client or auditor "reasonableness" calculations (e.g. for inventory valuations).
• Minutes of board meetings.

Example 1 Evaluation of an Expert’s Work

When evaluating a surveyor's report on the revaluation of an office building, the

following matters would be considered relevant to the auditor's knowledge:
• report addressed to the client;
• building identified (e.g. address, photograph);
• terms of reference referred to;
• basis of valuation (freehold, leasehold, existing use);
• assumptions made;
• calculations re-performed; and
• valuation comparable to similar buildings in the local market.
1.1.5 Reservations

Any reservations about the work of management’s expert may be should be

discussed with management and documented.
Additional audit procedures may be undertaken (i.e. evidence is not sufficient) or the
evidence of another expert may be sought.
If the auditor is unable to obtain sufficient appropriate audit evidence, the
implications for the auditor's report of the limitation on scope should be considered
under ISA 705 (see Chapter 30).

Example 2 Reservations about the Work of Management’s Expert

Farawat & Co is performing the audit of RBG Co, a firm specialising in property
development and management. The company’s main sources of revenue are sale
proceeds and rental income, as well as fees for property management.
Farawat & Co is considering the valuations of the properties made by RBG Co’s
experts and has some concerns about management’s experts:
1. RBG Co experiences a high turnover of experts and the current expert has
only been employed for three months.
2. Each expert has a preferred methodology and some valuations on the
same property are materially different.
3. Experts do not appear to apply their valuation methodologies consistently to
similar properties.

1.2 Auditor's Expert (ISA620)

The main difference between the management's expert and the auditor's expert is
who employs/engages them. Many of the considerations are broadly the same. In
many complex cases, both the client and the auditors will use their own experts.

Key point

The auditor's objectives are:

• to determine whether to use the work of an auditor's expert; and
• if using the work of an auditor's expert, to determine whether that work is
adequate for the auditor's purposes.
1.2.1 Need for

If specific expertise, other than accounting or auditing, is required to obtain sufficient

appropriate audit evidence, the auditor will need to rely on the work of an appropriate
expert. The engagement partner will exercise professional judgment in deciding
whether sufficient appropriate audit evidence can be obtained from the work of the
management's expert, if any, or if an auditor's expert is needed.
Typically, an auditor's expert may be needed:
• Where the work of management's expert does not provide sufficient
appropriate audit evidence.
• In interpreting contracts or laws and regulations.
• If there are complex or unusual tax compliance issues.
The auditor's expert may be needed to assist the auditor in:
• Identifying and assessing the risks of material misstatement.
• Determining and implementing overall responses to assessed risks at the
financial statement level.
• Designing and performing further audit procedures to respond to assessed
risks at the assertion level, comprising tests of controls or substantive
procedures.
• Evaluating the sufficiency and appropriateness of audit evidence obtained in
forming an opinion on the financial statements.
Many audit firms have separate departments and expert staff that are integrated with
audit teams or who carry out audits on specialised clients in their field of expertise
(e.g. hotels and leisure industry).

1.2.2 Competence, Capabilities and Objectivity

The expert is considered a member of the audit team and should show the same
competence, capability and objectivity (and independence) as the auditor. Even
where the expert is from the same firm but a different department, the audit partner
must be sure of his competence, capability and objectivity – just as for any member
of the audit team.
The approach is very similar to that of a management's expert. Where the auditor's
expert is an external agent, care must be taken to ensure that the expert is
independent of the client.

1.2.3 Understanding the Expertise of the Expert

Again, the approach will be similar to that of the management's expert. The
difference is in the use that is made of that understanding.
Understanding the auditor's expert allows the engagement partner to:
• determine the nature, scope and objectives of the expert's work for the
engagement partner's purposes; and
• evaluate the adequacy of the work carried out by the expert.
Where necessary, the engagement partner agrees in writing, with the auditor's
expert, the following:
• the nature, scope and objectives of the expert's work;
• the respective roles and responsibilities of the auditor and the expert;
• the nature, timing and extent of communication between the auditor and the
expert, including the form of any report to be provided; and
• the need for the auditor's expert to observe confidentiality requirements. An
engagement letter will not be issued where the expert is effectively
"embedded" in the audit firm. The detail will usually be included in the audit
plan. An "embedded" expert will also be subject to the firm's ethical and
quality requirements.

1.2.4 Evaluation of Expert's Work

Broadly the same approach as for the management's expert. Just because an
auditor's expert may be part of the same firm does not mean that his work can be
accepted without review and understanding by the engagement partner.
The expe
1.3 Reporting

1.3.1 Insufficient or Inconsistent Evidence

The reasons for the insufficiency or inconsistency must be ascertained (e.g. if the
expert did not adhere to the terms of reference). Was the scope insufficient?
• If insufficient, the auditor must consider other means of obtaining the audit
evidence needed. This includes the use of other experts.
• If inconsistent, which audit evidence is reliable? Is there doubt about the
evidence obtained from the entity or the expert's competence? Reasons for
inconsistency must be established and appropriate action taken (e.g. further
work carried out).
In extreme cases, doubt may be cast on the integrity of management, which would
have implications for other audit areas where representations have been given.

1.3.2 Reference to Expert

If the audit opinion is unmodified, the auditor must not refer to an auditor’s expert
unless required by law or regulation. (Such a reference might suggest some division
of responsibility which would be inappropriate.)
The auditor's responsibility is to provide an opinion based on the work carried out,
including the expert's work. The auditor assumes responsibility for the expert's work
and his findings.
If reference to an expert is relevant to understanding a modification to the audit
opinion, the auditor:
• Must again state that it does not reduce the auditor’s responsibility for the
opinion;
• May need to obtain the expert's permission before making such a reference.

1.3.3 Modified Opinions

Examples that may lead to modified opinions include:

• The auditor is unable to obtain all the evidence required to be able to form an
opinion (e.g. management is unable or unwilling to obtain expert evidence
when required or refuses to allow the auditor's expert access to confidential
information).
• The auditor disagrees with an assertion made by management – material
misstatement (e.g. management refuses to accept the counter opinion of the
auditor's expert).
rt is treated as is any member of the audit team (i.e. his work is reviewed).

2.0 Introduction

Key point

When an audit client has an internal audit function, the external auditor must
determine whether, in which areas, and to what extent:
• the work of internal audit can be used, and
• internal auditors can provide direct assistance.

Definition

Direct assistance – the use of internal auditors to perform audit procedures under
the direction, supervision and review of the external auditor.
The external auditor will seek to place reliance on the work of internal audit as audit
evidence. Using that work will modify the nature and timing and/or reduce the extent
of the external auditor's work; it should be an effective and efficient audit approach.

2.1 Activities

2.2 Basic Principles

The relevant standard is ISA 610 Using the Work of Internal Auditors.

Key point

The external auditor has sole responsibility for the audit opinion expressed. This
responsibility cannot be reduced regardless of the scope and quality of the
internal audit function.

Although the objectives of internal audit and external audit differ, there often is
overlap in their work.
Neither internal auditors nor external auditors can dictate the other's work
programme. They can, however, assist each other by:
• sharing information obtained for planning purposes;
• discussing business developments with key personnel;
 • discussing materiality, risk assessments and audit objectives;
• reviewing each other's work plans and programmes; and
• liaising on the timing of internal audit reviews to allow the external auditor to
use their findings.

2.3 Whether to Use

2.3.1 Nature and Extent of Work to Be Used

Key point

The external auditor must make all significant judgments in the audit engagement.
Significant judgments include:
• Assessing the risks of material misstatement;
• Evaluating the sufficiency of tests performed;
• Evaluating the appropriateness of management's use of the going concern
basis;
• Evaluating significant estimates;
• Evaluating the adequacy of financial statement disclosures and other
matters affecting the auditor's report.

The external auditor should consider the nature and scope of internal audit work and
its relevance to the overall audit strategy and plan.
The external auditor should use less internal audit work and perform more of the
audit work directly when:
• more judgment is involved (e.g. in performing procedures and evaluating
evidence);
• the assessed risk of material misstatement is higher at the assertion level;
and
• the internal audit function is less objective or less competent.
The external auditor should communicate the planned use of the internal audit
function when communicating the planned scope and timing of the audit to TCWG.

2.3.2 Evaluating the Internal Audit Function

The external auditor should determine whether to use internal audit work by
evaluating:
• Whether the objectivity of the internal auditors is supported by organisational
status and relevant policies and procedures.
 • The level of competence of the internal auditors.
• Whether the internal audit function applies a systematic and disciplined
approach, including quality control.
Key point

The external auditor should not use the work if internal audit is not competent and
objective or does not apply a systematic and disciplined approach.

Factors that affect the assessment of the internal auditor's objectivity include:
• Whether internal audit reports to TCWG. If reporting to management, the
internal auditor should have direct access to TCWG.
• Whether it is free of conflicting responsibilities (e.g. management or
operational duties outside of internal audit).
• Whether TCWG oversee employment decisions related to internal audit.
• Whether management or TCWG have placed constraints or restrictions on
internal audit.
• Whether internal auditors are members of a professional body.
Factors that affect the assessment of the internal auditor's competence include:
• Whether the internal audit function has enough resources given the size of the
entity and the nature of its operations.
• Whether there are established policies for hiring, training and assigning
internal auditors.
• Whether the internal auditors have:
• adequate technical training and proficiency in auditing;
• the knowledge and skills necessary to perform work related to the financial
statements.
• Whether the internal auditors are members of relevant professional bodies.
•
Key point

The higher the combined levels of competence and objectivity, the greater the
potential use of internal audit work. However, a high level of objectivity cannot
compensate for lack of competence (or vis versa).

Internal audit should be distinguishable from other monitoring control activities by its
systematic and disciplined approach to planning, performing, supervising, reviewing
and documenting its activities. Evidence of this should include:
• documented internal audit procedures; and
• appropriate quality control policies and procedures.
2.4 Using the Work

2.4.1 Essential Procedures

Key point

If it is to be used, the work of internal audit should be evaluated and tested to

confirm its adequacy.

The external auditor should discuss plans to use the internal auditor's work with
them, to coordinate their respective activities.
The external auditor should perform sufficient audit procedures on internal audit work
to determine that it is adequate for the audit, including whether:
• the work was properly planned, performed, supervised, reviewed and
documented;
• sufficient appropriate evidence was obtained to enable the internal auditors to
form reasonable conclusions; and
• conclusions reached were appropriate.
The nature and extent of the external auditor's procedures are based on:
• the amount of judgment involved;
• the assessed risk of material misstatement; and
• the objectivity and competence of the internal auditors.

2.4.2 Documentation

The following matters must be documented:

• Whether internal audit's organisational status and relevant policies and
procedures adequately supported their objectivity.
• The level of competence of internal audit.
• Whether a systematic and disciplined approach was used, including quality
control.
• The nature and extent of the work used and the basis for that decision.
• The audit procedures performed by the external auditor to evaluate the
adequacy of the internal audit work used.

Example 3 Planned Uses

 • Documentation of internal controls and procedures by internal audit. The
external auditor would carry out walk-though testing to assess the reliability
of the documentation.
• Effectiveness of controls requiring observation.
• The external auditor can only observe the operation of controls while at the
entity's premises. Internal audit may be able to monitor continuously.
• Procedures, reports and actions would be reviewed by the external auditor
and reconciled to their on-site observations.
• Development of computer-based systems and controls.
• Internal audit would be able to conduct quality control testing of the systems
development life cycle from initial feasibility studies, design and
programming through implementation.
• It also would ensure that appropriate financial (and other) controls were
built into the system.
• External audit would review procedures and deliverables of internal audit
plus selective testing of new systems using CAATs.
• Continuous auditing of computer-based systems. Internal audit may use
CAATs to audit the operation and effectiveness of computer-based controls
continuously.
• External audit would assess the procedures used (including the CAAT
programs), the reports produced, and actions taken. It would use its CAAT
programmes to test the work of internal audit selectively.
• Inventory and other material assets are held at different locations.
• Internal audit may observe, for example, year-end inventory procedures at
some locations with the external auditor observing the rest.
• Visits would be rotated each year, but the external auditors would ensure
that they cover all high-risk locations each year.
• Similar procedures could be used to verify the existence of non-current
assets.
In all cases, the auditors must skill understand the business, its environment and
internal control. They cannot abdicate to the internal auditors.

2.5 Direct Assistance

Internal auditors can provide direct assistance to external auditors unless

prohibited by law or regulation.

Key point
 Direct assistance may be prohibited (e.g. in an audit conducted in accordance
with ISAs (UK and Ireland)).

If the external auditor plans to use the internal auditors to provide direct assistance,
he should evaluate the threats to the objectivity and the level of competence of the
internal auditors.

Key point

Internal auditors cannot provide direct assistance if there are significant threats to
their objectivity or the internal auditors lack sufficient competence.

The nature and extent of the planned use of the internal auditors in providing direct
assistance should be communicated to TCWG and mutual agreement reached that
such use is not excessive.
The external auditor cannot use internal auditors to perform audit procedures that
relate to:
• Making judgments in the audit;
• Areas of higher assessed risks of material misstatements;
• Work performed by the internal auditors that will be reported to management
and TCWG;
• Decisions made by the external auditor regarding the internal audit function
and the use of its work or direct assistance.
Before using the internal auditors to provide direct assistance, written agreements
should be obtained from:
• An authorised representative of the client – that the internal auditors will be
allowed to follow the external auditor's instructions and the client will not
intervene; and
• The internal auditors – that they will keep audit matters confidential and will
inform the external auditors regarding any threats to their objectivity.
The external auditors are responsible for directing, supervising and reviewing the
work of the internal auditors.

3.0 Introduction

Definition
 Service organisation – a third-party organisation that provides services to user
entities that are likely to be relevant to user entities' internal control related to
financial reporting.

ISA 402 Audit Considerations Relating to an Entity Using a Service Organization

deals with the user auditor’s responsibility to obtain sufficient appropriate audit
evidence when a client uses a service organisation.
A service organisation may provide its services to many (related or unrelated)
entities or be dedicated to one entity.

Key point

The objectives of the user audit are:

• To obtain an understanding of the services provided and their effect on the
audit client's system of internal control, sufficient to identify and assess the
risks of material misstatement; and
• To design and perform audit procedures responsive to those risks.

3.1 Use by Client

Examples of services relevant to the audit include:

• Maintaining accounting records;
• Initiating, recording or processing transactions (e.g. payroll);
• Asset management (e.g. leasing of vehicles); and
• Finance functions (e.g. credit control, debt factoring).
If the service provider initiates and executes transactions (e.g. credit or payment
authorisation), its policies and procedures will affect the client's accounting functions
and controls.

3.2 Basic Principles

Key point

The auditor must identify and assess the risk of material misstatement in the
financial statements. Where control activities are at the service organisation, the
 user auditor must still evaluate their design and determine whether they have been
implemented.

Example 4 Service Organisation

A service organisation will be part of a user entity's information system (including

related business processes) relevant to financial reporting if its services affect any
of the following:
• significant classes of transactions in the user's financial statements;
• the procedures (electronic and manual) by which the user's transactions are
captured, initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial statements;
• the related accounting records (electronic or manual), supporting
information and specific accounts in the user's financial statements;
• how the user's information system captures other events and conditions
that are significant to the financial statements;
• the financial reporting process used to prepare the user's financial
statements, including significant accounting estimates and disclosures;
• controls over journal entries, including non-standard entries that record non-
recurring, unusual transactions or adjustments.

If the service organisation's involvement is considered to be significant, the user

auditor must understand that organisation's business, its environment and controls
and, where appropriate, consider the approach to test the effectiveness of the
controls.

3.3 Obtaining an Understanding

Many sources of information may be used to understand the effect of the service
organisation, its services and necessary controls.

3.3.1 From the Client

Information about the services provided may be obtained from a wide range of
sources available from the client, for example:
• Relationship between the audit client and service provider, the nature of the
services provided and contractual terms.
• The nature and materiality of the transactions processed, the financial
reporting processes and relevant assertions.
• The significance of the services to the client and effects on internal control.
 • The controls exercised by the client over the service provider's processes and
monitoring of its activities (e.g. input/output controls to ensure completeness,
accuracy, validity).
• User and/or technical manuals that the service organisation provides to the
client.
• Third-party reports on the service organisation's controls (e.g. reports by
internal or external auditors or regulatory agencies).
• Experience of the service provider (if used by other audit clients).
Contractual terms will typically cover responsibilities, activities undertaken,
maintenance and ownership of data, rights to access data and communicate with
auditors, access to reports issued by the service provider's auditors and regulators (if
any), data protection, and non-performance criteria and dispute resolution.

3.3.2 Further Understanding

The auditor’s understanding must be sufficient to identify and assess the risks of
material misstatement. If understanding from the client alone is insufficient, the
auditor should obtain further understanding, for example, by:
• Obtaining a type 1 or type 2 report, if available (see s.3.6);
• Contacting the service organisation, through the client, to obtain specific
information;
• Visiting the service organisation and performing procedures to provide the
necessary information about the relevant controls; or
• Using another auditor (with the client’s agreement) to perform procedures that
provide the necessary information.

3.4 Assessing Risk

Much of the detail noted above will provide the auditor with sufficient knowledge to
asess the client's (user) risks related to the service provider.
From this understanding of the controls over the service provider (and processes) in
operation at the client, the auditor may decide that appropriate (sufficient) audit
assurance can be obtained without further work on controls at the service provider.
In this case, the auditor would only need to assess the design and implementation of
the controls in operation at the client.

Example 5 Controls at the Client

 Appropriate records of assets and transactions dealt with by the service
organisation are kept and regularly reconciled by the client.
Reconciliations (e.g. control totals) and reviews/re-computation of data sent to and
received from the service provider are regularly carried out, such as:
• comparison of payroll totals;
• analytical procedures on key indicators (e.g. tax deductions); and
• re-computation of a sample of individual employee payslips.
Only if the client's controls do not provide sufficient assurance, the auditor will need
to engage with the service organisation directly.

Activity 3 Risks of Outsourced Accounting Functions

Using the following guidelines, classify the following examples of outsourced

accounting functions as high, medium or low risk.
• High-risk functions are relatively costly to insource once outsourced, require
effective controls and business knowledge, and carry a high cost of
performance failure. Sufficient audit assurance cannot usually be obtained
without considering controls in operation at the service provider.
• Medium-risk functions include those which relate to discrete functions but
require some business knowledge.
• Low-risk functions require little judgment, are non-complex and relate to
discrete functions; outsourcing can be relatively easily rearranged. Sufficient
audit assurance can usually be obtained through controls in operation at the
client.
Low/Medium/High

Processing salary payments

Credit control

Data entry

Maintenance of accounting records

Preparation of budgets and control

reports

Leasing arrangements (e.g. of vehicles)

 Business records of a retail business

Invoice preparation

*Please use the notes feature in the toolbar to help formulate your answer.

3.5 Responding to Assessed Risks

For a "simple processing facility" (e.g. payroll processing), the user should have
sufficient batch or other controls to ensure that the data sent has been accurately
processed and returned. The user's auditor should then be able to obtain sufficient
assurance from the client's controls.
However, if sufficient appropriate audit evidence concerning relevant assertions is
not available from records held at the user entity, the user auditor (or another auditor
on the user auditor’s behalf) must perform further audit procedures.
Audit evidence about the operating effectiveness of controls at the service
organisation may be obtained from one or more of the following:
• Obtaining a type 2 report, if available (see s.4.6);
• Performing appropriate tests of controls at the service organisation (or using
another auditor to perform such tests).

3.6 Assurance Reports

3.6.1 Two Types

In obtaining an understanding of the service organisation's control system and its

implementation, and (if appropriate) in testing the effectiveness of the controls, the
auditor may conclude that sufficient appropriate audit evidence can be obtained
through reliance on an assurance report issued by the service organisation's auditor.
There are two types of assurance reports:
• A Type 1 report deals with the design and implementation of the control
systems and should always be obtained to understand the control system.
 • A Type 2 report also covers the effectiveness of the control system and is
obtained when audit assurance is sought from reliance on control
effectiveness.
In seeking to place reliance on the assurance report, the entity's auditor should
consider:
• the competence and independence of the service organisation's auditor; and
• the adequacy of the standards under which the report is issued.
The same principles apply as when an auditor uses the work of others.

3.6.2 Report Contents

A Type 1 report only provides the auditor with an understanding of the design of
internal controls and whether or not they have been implemented. It does not give
any assurance on the effectiveness of the operation of the controls.
For a Type 2 report, the auditor must consider that the controls tested by the service
provider's auditor are relevant and adequate concerning the audit client's
transactions, balances, disclosures and assertions. In particular, the controls tested
must cover the client's financial year, rather than the service provider's financial year.

Type 1 Type 2

A description of the service As for Type 1 plus an opinion on the

organisation's internal control systems operating effectiveness of the controls
(usually prepared by the organisation's based on tests of such controls. For
management and appended to the example:
report). • The description, as noted on
An opinion by the service organisation's page [xx], fairly presents the
auditor (as shown by the first two Type [type or name of] system as
2 bullet points) on: designed and implemented
throughout the period from [date]
• the accuracy of the description;
to [date];
• the suitability of design to meet
• The controls related to the
stated objectives; and
control objectives stated in the
• whether or not the controls have description were suitably
been implemented. designed throughout the period
from [date] to [date]; and
• The controls tested, which were
those necessary to provide
reasonable assurance that the
control objectives stated in the
description were achieved,
operated effectively throughout
the period from [date] to [date].
 Details of the tests carried out and the
nature, timing and results would be
appended to the report.

3.6.3 Substantive Procedures

If the entity's auditor requires substantive procedures to be carried out at the service
organisation (e.g. inspection of records or assets held), such procedures may:
• be treated as an "agreed-upon procedure" between the service organisation
and its auditors, with an appropriate report being provided by the service
organisation auditors; or
• carried out during a visit to the service organisation by the client's auditor; or
• carried out as an agreed-upon procedure with an independent third party firm
of auditors.

Exam advice

The specific detail of agreed-upon procedures is outside of the scope of the AA

syllabus.

3.7 Auditor's Report on the Financial Statements

In most jurisdictions, an entity's auditor is solely responsible for his audit opinion;
there should be no reference to third-party opinions or work (e.g. the service
organisation's Type 1 or 2 report) in the auditor's report.
A limitation on the scope of the audit exists if the auditor concludes that he has been
unable to obtain sufficient appropriate audit evidence regarding the services
provided by the service organisation.

Example 6 Matters Giving Rise to Limitation of Scope

• Insufficient understanding of the services provided.

• Inability to obtain appropriate Type 1 or 2 reports.
• Inability to verify operating effectiveness of controls.
• Lack of access to appropriate records held at the service organisation.
Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

4. The work of others

• Discuss why auditors rely on the work of others.
• Discuss the extent to which external auditors are able to rely on the work of
experts, including the work of internal audit.
• Explain the audit considerations relating to entities using service
organisations.
• Explain the extent to which reference to the work of others can be made in the
independent auditor's report.

Summary and Quiz

• Management's expert is an individual or organisation whose work in a field

other than accounting or auditing is used by the entity to prepare its financial
statements.
• An auditor's expert is used to help obtain sufficient appropriate audit evidence.
• When an expert is a source of audit evidence, the auditor must consider the
expert's competence and objectivity and the relevance of the expert's work to
audit assertions.
• An auditor's expert is effectively a member of the audit team (i.e. competent,
independent, etc.).
• The use of an expert is not mentioned when the audit opinion is unmodified.
• If the audit opinion is modified, reference to management's expert may be
appropriate. However, the auditor must obtain the expert's permission to refer
to the expert by name.
• The external auditor is responsible for the audit opinion. This responsibility
cannot be delegated or assigned to the internal auditor.
• If the external auditor plans to rely on the internal auditor's work he should
assess the internal auditor's competence, objectivity and methodology.
• The external auditor should evaluate and test the internal auditor's work if
seeking to rely on it.
• The external auditor cannot use the internal audit function to provide direct
assistance if there are significant threats to its objectivity or it lacks sufficient
competence.
 • When an audit client uses a service organisation, the auditor must understand
the services provided and assess the service organisation's controls when
determining the risks of material misstatement.
• The auditor may obtain sufficient appropriate evidence about a service
organisation's controls by relying on a report issued by the service
organisation's auditor:
• A Type 1 report addresses the design and implementation of the service
organisation's controls (i.e. is relevant to obtaining an understanding).
• A Type 2 report also addresses the operating effectiveness of the controls.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Using the work of internal auditors (s.2.5)
For more recent articles and other resources please visit the ACCA global website.
Activity 1 Considering the Work of an Expert

• The risks of material misstatement in the matter.

• The availability (and cost-benefit) of alternative sources of audit evidence.
• The nature, scope and objectives of the management's expert's work.
• Whether the management's expert is employed by the entity or is a party
engaged by it to provide relevant services.
• The extent to which management can exercise control or influence over the
work of the management's expert.
• Whether the management's expert is subject to technical performance
standards or professional or industry requirements.
• The nature and extent of any controls in the entity over the management's
expert's work.
• The auditor's knowledge and experience of the management's expert's field of
expertise.
• The auditor's previous experience of the work of that expert.

Activity 2 Threats to Objectivity

 Threats cover: Key examples are:

• self-interest; • financial interests (e.g. shares,

loans, overdue fees);

• self-review; • business and personal relationships

(e.g. fee dependence, family in key
management positions); and

• familiarity;

• advocacy; and • provision of other services (e.g. fear

of losing client).

• intimidation.

Activity 3 Risks of Outsourced Accounting Functions

Low/Medium/High

Processing salary payments Low

Credit control Medium

Data entry Low

Maintenance of accounting records High

Preparation of budgets and control reports High

Leasing arrangements (e.g. of vehicles) Medium

Business records of a retail business High

Invoice preparation Low

Chapter 19: Audit Sampling

Visual Overview

Objective: To identify and describe audit sampling and other selective testing
procedures.

1.1 Basic Principles

ISA 500 Audit Evidence requires that sufficient appropriate audit evidence be
obtained. In designing tests, the auditor determines how to select items that will be
effective in meeting the purpose of the test. That will be any or a combination of:
• selecting all items (100% examination);
• selecting specific items; and
• audit sampling.

1.1.1 Selecting All Items

Selecting all items is most likely to be suitable:

• For a population of a small number of large value items (e.g. non-current
asset additions).
 • When a significant risk exists and other methods do not provide sufficient
appropriate evidence.
• When the repetitive nature and reliability of an operation (e.g. performed
automatically by an information system) makes a 100% examination cost-
effective.
100% examination is unlikely to be suitable for tests of controls and is more common
for tests of details.

1.1.2 Selecting Specific Items

The judgmental selection of specific items may include:

• High-value or key items (e.g. suspicious, unusual, risk-prone, or with a history
of misstatement).
• All items above a certain amount (e.g. performance materiality level). It is
likely to be material if a misstatement is discovered in this population.
• Items to obtain information (e.g. about the nature of the entity or transactions).
Judgmental selection is subject to non-sampling risk (see definition in s.1.2).

1.1.3 Audit Sampling (ISA 530)

Definitions

Audit sampling – applying audit procedures to less than 100% of items in a

population, such that all sampling units have a chance of selection, in order to
draw a conclusion about the population.

Activity 1 Why Not 100%

Suggest reasons why it is unnecessary for an auditor to carry out tests on all the
transactions and balances of a business.
*Please use the notes feature in the toolbar to help formulate your answer.

1.2 Terminology
 Definitions

Anomaly – a misstatement or deviation that is demonstrably not representative

of misstatements or deviations in a population (e.g. because it arises from an
isolated event that has not reoccurred other than on specifically identifiable
occasions).

Key Point

ISA 530 does not use the term “error” but distinguishes between:
• Misstatement (i.e. a monetary difference) identified by a test of details;
and
• Deviation (i.e. when an internal control procedure has not been applied as
prescribed) as identified by a test of controls.

Definitions

• Population – the entire set of data from which the auditor wishes to sample
(e.g. all items in an account balance or a class of transactions).
• Sampling risk – the risk that arises from the possibility that the auditor's
conclusion, based on a sample, may be different from the conclusion that
would be reached if the entire population were subjected to the same audit
procedure.

Sampling risk can lead to two types of incorrect conclusions that affect the
effectiveness or efficiency of the audit:
1. effectiveness – the risk the auditor will conclude that control risk is lower than
it actually is (conclude that controls are more effective than they actually are)
or that for a test of details, a material misstatement does not exist when in
fact, it does. These risks affect audit effectiveness and are more likely to lead
to an inappropriate audit opinion.
2. efficiency – the risk the auditor will conclude that control risk is higher than it
actually is (conclude that controls are less effective than they actually are) or
for a test of details that a material misstatement exists when in fact, it does
not. These risks affect audit efficiency, as they required additional work to
show that the initial conclusions were incorrect.

Key Point

The smaller the sample size, the greater the sampling risk.

Definitions
 Confidence level – the mathematical complement of risk (e.g. 5% risk = 95%
confidence).
Non-sampling risk – arises from factors that cause the auditor to reach an
erroneous conclusion for any reason not related to the size of the sample. For
example, the auditor might use inappropriate procedures or misinterpret evidence
and fail to recognise a deviation or misstatement. (Judgmental selection is subject
to non-sampling risk.)
Sampling unit – the individual items that constitute a population, for example
credit entries on bank statements, sales invoices, trade receivable balances or a
monetary unit ($1).
Statistical sampling – any approach to sampling that has the following
characteristics:
a. random selection of a sample; and
b. use of probability theory to evaluate sample results, including measurement
of sampling risk.

Key Point

A sampling approach that does not have both characteristics is non-statistical

sampling.

Definitions

Stratification – the process of dividing a population into subpopulations, each of

which is a group of sampling units with similar characteristics (usually monetary
value).
Tolerable misstatement (in tests of details) – the highest misstatement that could
occur before the population would be considered materially misstated.
Tolerable rate of deviation (in tests of controls) – the highest deviation rate (i.e.
the proportion of items with deviations from controls) the auditor could accept and
still conclude that the design and operation of an internal control over the
population is effective.

Tolerable misstatement reflects the application of performance materiality to a

sampling procedure; it cannot be greater than performance materiality.
The tolerable deviation rate may be zero (i.e. any deviation in a control must be
investigated)
2.1 Stages

For both statistical and non-statistical audit sampling, the stages in the sampling
process include:
• sample design;
• sample size;
• sample selection;
• performing audit procedures ("testing"); and
• evaluating results.
The distinction between statistical and non-statistical audit sampling is considered
later in s.3.

2.2 Design

Matters to be considered when designing an audit sample include:

• Specific purpose to be achieved (the test objective);
• The nature of the audit evidence sought;
• Evidence that the population from which the sample is drawn is complete;
• Characteristics of the population;
• What will be regarded as a deviation or misstatement (e.g. when testing
collectability of receivables, reconciling items – cash or goods in transit –
would not be considered misstatements); and
• Whether the approach will be statistical or non-statistical.

2.3 Sample Size

Key Point

• The sample size should be sufficient to reduce sampling risk to an

acceptably low level.
• In general, the lower the sampling risk the auditor is prepared to accept, the
greater the sample size will need to be.
• The sample size can be determined statistically or using professional
judgment.
Different firms use different methodologies to determine sample sizes (e.g. based on
population value and performance materiality). For example, a minimum of 30 and a
maximum of 60 randomly selected items for a “robust” sample (i.e. representative of
the population as a whole).

Activity 2 Tests of Controls

For each of the following factors, decide whether the effect on sample size is an
increase, decrease or no effect.
3. Increase in intended reliance on operating effectiveness of internal controls.
4. Increase in the tolerable deviation rate.
5. Increase in the expected deviation rate.
6. Increase in confidence level (i.e. decrease in risk).
7. Increase in the number of sampling units in the population.
*Please use the notes feature in the toolbar to help formulate your answer.

Activity 3 Tests of Details

For each of the following factors, decide whether the effect on sample size is an
increase, decrease or no effect.
8. Increase in the auditor’s assessment of the risk or material misstatement.
9. Increase in the use of other substantive procedures aimed at the same
assertion.
10. Increase in confidence level (i.e. decrease in risk).
11. Increase in tolerable misstatement.
12. Increase in expected misstatement.
13. Stratification of the population.
14. Increase in the number of sampling units in the population.
*Please use the notes feature in the toolbar to help formulate your answer.

2.4 Selection

Key Point
 • In audit sampling, all sampling units must have a chance of selection, by
definition. It is important to avoid bias when selecting a representative
sample.
• For statistical sampling, sample items must be randomly selected.

The principal sample selections methods are:

• random selection;
• systematic (interval) selection;
• haphazard selection;
• block sampling; and
• monetary unit sampling.

2.4.1 Random Selection

A random sample may be selected using random number tables or a computerised

random number generator.

2.4.2 Systematic (Interval) Selection

Systematic selection uses a constant interval (number of population units divided by

the sample size) between items selected (with a random start). For example, every
20th voucher number.
Care must be taken to ensure that the population is randomly distributed and that no
bias is introduced due to how the population is structured.

Example 1 Systematic Selection

The auditor of Jolly Co is to perform tests of details on the sales for the year
ended 31 December 20X1. The recording of a sales transaction is initiated by a
goods dispatch note. The first and last goods dispatched notes raised in the year
to 31 December 20X1 are numbered 10,500 to 15,496 respectively.
The sample size is to be 50, so the sampling interval is 100 (15,496 − 10,500)/50
= 99.9). A random number generated between 1 and 100 is 42 The first goods
dispatch note number to be selected is therefore 10,542 (10,500 + 42). Each
100th goods dispatch note will be selected thereafter (i.e. 10, 642, 10742 …) until
the sample size reaches 50.

Systematic selection may be “value-weighted” using monetary unit values rather

than the items as the sampling population (e.g. monetary unit sampling).
2.4.3 Monetary Unit Sampling (MUS)

In MUS, items are selected from the specific monetary units (e.g. dollars) that make
up the population. Each unit has the same (i.e. equal) chance of selection, but the
likelihood of each item in the population being selected is "value-weighted".
Having selected the monetary units from the population, the auditor will examine
each balance (e.g. amounts receivable from specific customers) that contains each
unit selected. (Or, if the population is made up of transactions, the auditor examines
each transaction that includes each selected unit.)
This sample selection method will test the higher-value items because they have a
greater chance for selection, resulting in a smaller sample size. Any amount in the
population that exceeds the sampling interval is guaranteed to be selected.

Example 2 Monetary Unit Sampling

A company’s trade receivables balance is $500,000 and includes 900 customer

accounts. The auditor selects the sample for the external confirmation (see
Chapter 24) of trade receivables using monetary unit sampling. He selected a
random start of $300 and used a sampling interval of $5,000. The auditor will
therefore select the customer accounts that include the $300, $5,300, $10,300,
$15,300 etc. These are identified by looking at the cumulative monetary amounts
of the balances as follows:

Customer account Balance Cumulative total

$ $

1 150 150

2 800 950^

3 1,400 2,350

4 4,350 6,700^

5 2,300 9,000

6 4,900 13,900^

7 8,500† 22,400^

8 990 23,390

9 6,000† 29,390^
 10 1,500 30,890

… … …

900 1,000 500,000

^ Balances including the selected dollar(s) are included in the sample.
† All items in the population greater than the sampling interval must be selected.

2.4.4 Haphazard Selection

Haphazard selection does not follow a structured technique. It may be an acceptable

alternative (to random methods), if conscious bias and predictability can be avoided.

2.4.5 Block Selection

In block sampling, all items selected are adjacent (e.g. all items on the same
daybook page, pre-numbered documents held in order and issued on the same day).
This approach is not generally appropriate because populations may be structured
so that items in a sequence have similar characteristics but different characteristics
to items elsewhere in the population. It does not allow the auditor to draw valid
inferences about the entire population based on the sample taken (e.g.
characteristics on a particular day may not be indicative of the whole year).
Block selection is mainly used for testing the completeness of populations (e.g.
sequence testing of pre-numbered goods despatch notes) before selecting a sample
by some other method.

2.5 Testing

Audit procedures appropriate to the test objective should be performed on each item
selected.
• If an inappropriate item is selected (e.g. a document made "void"), an
appropriately chosen replacement must be tested instead. There is no
deviation or misstatement if the item is properly voided.
• If the planned procedure cannot otherwise be performed (e.g. if a customer
does not reply to a direct confirmation request), a suitable alternative should
be performed (e.g. examination of after-date cash receipts).
 • If no suitable alternative test can be performed, assume that item to be a
deviation or a misstatement.

2.6 Results

Key Point

• The auditor must:

• consider the nature and cause of any deviations or misstatements found
during testing;
• consider their potential effect on test objectives and other audit areas; and
• evaluate results to confirm or revise the preliminary assessment of the
relevant characteristic of the population.
• For statistical sampling, results must be evaluated using probability theory.

All misstatements and deviations should be analysed to identify why they occurred
and whether they are isolated incidents or indicative of a common feature (e.g. type
of transaction, location, product line or period).
• If isolated, obtain corroborative evidence of the anomaly.
• If a common feature, identify the sub-population and extend audit procedures
in the sub-stratum.
For example, a deviation that is found to be isolated may not be indicative of the
population as a whole (e.g. a manual control was not operated on a particular day
because of specific circumstances that were found not to have been repeated).
Alternatively, such deviations and misstatements may indicate possible fraud
(whether isolated or sharing a common feature).

2.7 Projecting Misstatements

Key Point

• Monetary misstatements (i.e. derived from tests of details) in the sample

that indicate misstatements in the population should be projected to the
population to estimate the potential misstatement.
 • Isolated misstatements (i.e. that are not indicative of the population) should
not be extrapolated.
• The effect of the projected misstatement (on the test objective and other
audit areas) should be considered to see if any additional work needs to be
undertaken.

Example 3 Recoverability of Receivable Balances Through Confirmation

Population of trade receivables 800,000

Sample value 274,330

Known isolated misstatements 1,450

Reconciliation differences (cash/goods 4,678

in transit)

Actual misstatements (e.g. overpricing 4,311

of invoices)

Tolerable misstatement (1% of the 8,000

population)
Projected misstatement (ratio method):
Reconciliation differences are not a misstatement as the receivable balances are
still collectable in full.
𝑃𝑜𝑝𝑢𝑙𝑎𝑡𝑖𝑜𝑛 𝑣𝑎𝑙𝑢𝑒 798550
𝐴𝑐𝑡𝑢𝑎𝑙 𝑚𝑖𝑠𝑠𝑡𝑎𝑡𝑒𝑚𝑒𝑛𝑡𝑠 × = 4,311 × = 12,549
𝑆𝑎𝑚𝑝𝑙𝑒 𝑣𝑎𝑙𝑢𝑒 274330

Known isolated misstatement = $1,450

Total potential misstatement = $13,999
Conclusion: Trade receivables may be materially overstated (as the potential
misstatement is greater than the tolerable misstatement of $8,000).
Further action: Include in material misstatements to be discussed with the client.
Note: The client can only correct accounting records for actual misstatements.
Further investigation by management or the auditor may be necessary to identify
additional misstatements.
2.8 Evaluation of Results

If projected and uncorrected anomalous misstatement exceed the tolerable

deviation/misstatement, the sampling risk should be reassessed.

2.8.1 Tests of Controls

If control risk is higher than initially assessed (i.e. controls doe not appear to be
operating effectively as expected), modify procedures. For example:
• extend sample size; or
• test alternative controls to achieve the objective; or
• extend substantive procedures.
2.8.2 Tests of Details
If maximum potential and/or most likely misstatement exceeds the tolerable
misstatement:
• request management to adjust for identified misstatements; and
• re-evaluate uncorrected misstatements.
Example 4 Evaluating the Results of a Test of Controls

Summary of deviations:
A sample size of 125 despatch notes was selected randomly based on a pre-
numbered note sequence. Block tests were carried out to confirm the
completeness of the population.

GDN ref.
No. of despatch notes
not found 1 (13,685)
No. of despatch notes
without invoices 4
Authorised cancellations
in above (3) (17,345)
Actual deviations 2
Statistical sampling approach:
2
Deviation rate: 125
= 0.016 = 16%

If the tolerable deviation rate is 1% (say), the sample size could be extended (to at
least 200).
If no further deviations were found, the deviation rate would be acceptable.
Non-statistical sampling approach (using judgment on results):
 Two deviations have been discovered. Therefore the controls may not have been
effective (based on a tolerable deviation of zero). Further work should be carried
out to identify if deviations are isolated before deciding how this affects the audit.

3.1 Statistical Sampling

As defined earlier, statistical sampling involves:

• use of random sample selection; and
• probability theory to evaluate sample results and measure the sampling risk.
Statistical sampling therefore precludes the haphazard and block selection methods.
In practice, a high level of mathematical competence is required if valid conclusions
are drawn from sample evidence. When firms use statistical sampling, they draw up
complex plans that staff can operate without detailed statistical training (e.g. using
tables, graphs or computer methods).

Activity 4 Statistical Sampling

Suggest relative advantages and disadvantages of statistical sampling.

*Please use the notes feature in the toolbar to help formulate your answer.

3.2 Non-statistical Sampling

Non-statistical sampling is any approach which does not fulfil all the conditions set
out in the definition of statistical sampling.
It includes non-random selection and evaluating results on a "judgment" basis.

Activity 5 Non-statistical Sampling

Suggest relative advantages and disadvantages of non-statistical sampling.

*Please use the notes feature in the toolbar to help formulate your answer.
Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

15. Audit sampling and other means of testing

• Define audit sampling and explain the need for sampling.
• Identify and discuss the differences between statistical and non-statistical
sampling.
• Discuss and provide relevant examples of, the application of the basic
principles of statistical sampling and other selective testing procedures.
• Discuss the results of statistical sampling, including consideration of whether
additional testing is required.

Summary and Quiz

• When gathering evidence about a population, the auditor may select all or
specific items or use audit sampling.
• Stages in audit sampling include:
• Sample design;
• Determination of sample size;
• Sample selection;
• Testing;
• Evaluation.
• Sample size can be determined using probability theory or professional
judgment. The lower the acceptable sampling risk, the larger the sample size.
• When selecting a sample, all sampling units should have an equal chance of
being selected (for meaningful extrapolation of results). The principal methods
are random selection, systematic selection, monetary unit sample selection,
haphazard selection and block selection.
• The auditor should consider the nature and cause of deviations or
misstatements and determine whether they are isolated or indicative of a
common feature.
• Monetary misstatement should be projected to the population to determine
whether the potential misstatement is material.
 • If a sample in a test of controls indicates that control risk is higher than initially
assessed, the auditor may extend the sample size, test alternative controls or
extend substantive procedures.
• If the result of a sample in a test of details indicates that the potential
misstatement exceeds the tolerable misstatement, the auditor should ask
management to correct identified misstatements and then re-evaluate the
uncorrected misstatements.
• Statistical sampling uses random sample selection and probability theory to
evaluate sample results and measure sampling risk.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Audit sampling (s.2.4 and s.3)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Why Not 100%

Cost/benefit – testing all transactions and balances would incur higher costs without
meaningfully reducing detection risk.
Time – the additional time it could take to test all transactions and balances might
result in undue delay in issuing the financial statements.
Reasonable assurance – the auditor’s responsibility is to obtain reasonable
assurance; this is not a guarantee.
Materiality – the auditor concludes on whether the financial statements are free from
material misstatement; this does not require 100% accuracy.

Activity 2 Tests of Controls

Factor Sample size Explanation

16. ↑Reliance on ↑Increase To support a lower
internal controls (i.e. assessment of CR will
↓CR) require larger sample sizes
for tests of control.
If zero assurance is placed
on controls, the sample size
for testing controls would be
zero

17. ↑Tolerable deviation ↓Decrease If the auditor is prepared to

rate accept, say, a 3% deviation
rate rather than 1%, the
amount of testing (and
hence sample size) is
reduced.

18. ↑Expected deviation ↑Increase If a higher proportion of

rate deviations is expected
(perhaps because they are
suggested by a prior period
or other findings) more work
(i.e. greater sample size) is
required.
Note: If deviation rates are
expected to be high, CR
would be the same as IR;
therefore, no tests of
control.

19. ↑Confidence (i.e. ↑Increase More confidence requires

↓Risk) more audit work (i.e. larger
sample sizes).
If the confidence
(assurance) is to be 100%,
the entire population would
need to be tested.

20. ↑Population Negligible A large population has little,

if any, effect on the sample
size (e.g. a sample size
may be 100 regardless of
whether the population
contains 1,600 items,
16,000 items or 160,000
items). For small
populations, evidence is
usually gathered by
selective testing procedures
other than audit sampling.
Activity 3 Tests of Details

Factor Sample size Explanation

21. ↑RoMM ↑Increase Consider the audit risk

model. If RoMM is higher,
DR must be reduced – by
doing more substantive
work (i.e. greater sample
sizes).

22. ↑Other substantive ↓Decrease If assurance is (to be)

procedures obtained by analytical
procedures, less assurance
is required from tests of
details.

23. ↑Confidence ↑Increase As for Solution 2

24. ↑Tolerable Decrease↓ If the auditor is prepared to

misstatement accept a higher $
misstatement, the amount
of testing (and hence
sample size) is reduced.

25. ↑Expected ↑Increase More work (i.e. larger

misstatement sample size) is required if
more misstatements are
expected.

26. Stratification ↓Decrease The aggregate of the

sample sizes from the strata
will usually be less than that
of a single sample drawn
from the whole population.

27. ↑Population Negligible As for Solution 2. However,

an increase in the monetary
value of a population may
increase sample size unless
materiality is increased
proportionately.
Activity 4 Statistical Sampling

Advantages Disadvantages

• Imposes more formal discipline to • The expense of implementation.

planning the audit of a population. • Sample sizes may be "too large".
• Objectively determines sample • It may be time-consuming, as higher
sizes. levels of sample sizes are often
• Evaluates test results more required to evaluate misstatements.
precisely. • Requires extensive staff training.
• Quantifies sampling risk. • In tests of control, qualitative
• Use of judgment is not precluded aspects of the evaluation of
but is limited to setting objectives. deviations cannot be statistically
analysed.

Activity 5 Non-statistical Sampling

Advantages Disadvantages

• Approach (usually statistical sample • Sample sizes may be too small to

selection, but with judgmental satisfy stated objectives.
analysis of results) has been in use • Sampling risk cannot be quantified.
for many years and is well • Statistical sampling might be
understood and refined by cheaper if CAATs are used.
experience. • Sample sizes may be unnecessarily
• It may use greater judgment and large.
expertise. • Personal bias in sample selection
• Non-random selection may be may be unavoidable (e.g. if using
quicker or more cost-effective in haphazard selection)
certain circumstances.
• It requires no special knowledge of
statistics.
• Less expensive to apply (usually).
Chapter 20: Written Representations

Visual Overview

Objective: To describe the use of written representations as audit evidence.

1.1 Purpose

The relevant standard is ISA 580 Written Representations.

Definitions

Written representations – a written statement by management provided to the

auditor to confirm certain matters or to support other audit evidence.
Written representations in this context do not include financial statements, the
assertions therein, or supporting books and records.

Written representations are necessary information that the auditor requires in

connection with the audit of the financial statements.
Many representations relate to areas of the audit which are subjective and depend
on management's responsibilities, judgement and actions (or lack thereof).
Although written representations provide necessary audit evidence, they do not
provide sufficient appropriate audit evidence for any of the matters they deal with,
but assist in reducing residual risk to an acceptable level.
The fact that management has provided reliable written representations does not
affect the nature or extent of other audit evidence that the auditor obtains about the
fulfilment of management's responsibilities or specific assertions.

Key Point

The auditor's objectives are:

• To obtain written representations from management (and, where
appropriate, TCWG) that they believe they have fulfilled their responsibility
for preparing the financial statements and for the completeness of
information provided to the auditor.
• To support other audit evidence relevant to the financial statements (or
specific assertions therein) through written representations if determined
necessary by the auditor (or required by other ISAs).
• To respond appropriately if management or TCWG do not provide the
written representations requested by the auditor.

1.2 Procedure for Obtaining

Written representations are provided to the auditor in a management representation

letter.
• The auditor prepares the written representations which are then printed on the
client's letterhead for signature by the client.
• The letter should be signed by the members of management responsible for
the financial statements and knowledgeable about the matters contained in
the letter (e.g. by the chief executive officer on behalf of the board of
directors).
• Written representations should cover all the financial statements and period(s)
referred to in the auditor's report.

Key Point
 The date of the written representations should be as near as practicable to, but
not later than, the date of the auditor's report. After the date of the auditor's report
would be too late to be audit evidence.

2.1 Circumstances Where Necessary

2.2 Essential Representations

Evidence of the following should be obtained:

• Management's acknowledgement of its responsibility for the preparation of the
financial statements (including fair presentation) in accordance with the
applicable financial reporting framework.
• Management has provided the auditor with all relevant information (including
answers to auditor enquiries) and access (e.g. to books, records and
personnel) as agreed in the terms of the audit engagement.
• All transactions have been recorded and are reflected in the financial
statements.
These representations should be framed the same way they are phrased in the
engagement letter (see Chapter 5).

2.3 Other Representations

Many ISAs require the auditor to obtain specific written representations. The auditor
may also consider it necessary to request written representations to support the
audit evidence already obtained and any oral representations made by management.
Where representations are made by management during the audit (which are
material to the financial statements), the auditor should:
• seek corroborative evidence (this implies an expectation that it should be
available);
• evaluate reasonableness/consistency against other evidence available; and
• consider whether individuals making representations can be expected to be
adequately informed on the particular matters.
Where representations are material to the financial statements and other sufficient
appropriate audit evidence does not or cannot reasonably be expected to exist, such
representations should be obtained in writing from management. Confirming oral
representations in writing reduces the risk of misunderstanding.

2.4 Specific Instances

In specific circumstances, written representations may be the only audit evidence

which can reasonably be expected to be available (e.g. management's intention to
settle a legal claim out of court).
In areas of the audit which are susceptible to understatement (e.g. liabilities, income,
disclosures), written representations state that management is not aware of any
understatement or non-disclosures. Although such matters will be audited, there
always will be a residual risk because of the nature of understatement.
If a management representation is contradicted by other audit evidence, the matter
should be investigated (and the reliability of other representations reconsidered if
necessary). Such inconsistency creates doubt and must be resolved.

Exam advice

In a question calling for audit work/procedures/tests, it may be appropriate to refer

to "obtain written representation" (especially if accounting estimates are involved).
But be specific, for example:
"Ask the directors to provide a written representation that they are not aware of
any legal claims against the company other than those disclosed in the financial
statements."
 Do not throw in "obtain written/management representation" for good measure.
Suggesting it as either a substitute for "better" evidence or as an unnecessary
extra item of evidence will not earn any marks.

3.1 Reliability of Representations

If there are inconsistencies between one or more representations and audit evidence
obtained from another source, the auditor should reconsider the initial risk
assessment. This may require further audit procedures to be carried out.
If there are concerns about management’s competence, integrity, ethical values or
diligence (or its commitment to or enforcement of these), the auditor must consider
the reliability of representations (oral or written) and audit evidence in general. This
may mean that the auditor decides to issue a modified opinion or, in extreme cases,
resign (if allowed to by law).
The nature of the modification will depend on the particular circumstances. However,
if the risk of management misrepresentation in the financial statements is considered
high, a disclaimer of opinion may be appropriate.

3.2 Management's Responsibilities

If there are significant doubts about the reliability of management's representations

about management's responsibilities, the auditor will be unable to obtain sufficient
appropriate audit evidence. This would lead to the auditor disclaiming an opinion in
the auditor's report as the doubts would be pervasive to the financial statements.
Audit opinions are explained in Chapter 30.

3.3 Refusal by Management to Provide Representations

Where management refuses to provide representations concerning its

responsibilities, the auditor will be unable to obtain sufficient appropriate audit
evidence. As above, this could lead to the auditor disclaiming an audit opinion.
If management refuses to provide any representations requested by the auditor or
wishes to modify a representation, the auditor should consider:
• Discussing the matter with management and TCWG;
 • Re-evaluating management’s integrity and the effect this may have on the
reliability of representations (oral or written) and audit evidence in general;
and
• If there is no satisfactory solution, consider the implications for the auditor's
report.
Where management has not complied with a particular requirement of the applicable
reporting framework, the auditor may require this to be stated in the written
representations. In doing so, the representation states the facts and can therefore be
considered reliable. The auditor will, of course, need to consider the implications for
the auditor's report because of the non-compliance with that reporting requirement.

4.1 Illustrative Letter

The following Exhibit provides typical examples of representations. Note that the
references to ISAs would not be included in the letter; they are provided for
reference.

Exhibit 1 Written Representations

(Entity Letterhead)
(To Auditor) (Date – must not be after the date of auditor's report)
This representation letter is provided in connection with your audit of the financial
statements of ABC Company for the year ended 31 December 20XX, for the
purpose of expressing an opinion as to whether the financial statements are
presented fairly, in all material respects (or give a true and fair view), in
accordance with International Financial Reporting Standards.
We confirm that (to the best of our knowledge and belief, having made such
inquiries as we considered necessary for the purpose of appropriately informing
ourselves):
Financial Statements
• We have fulfilled our responsibilities, as set out in the terms of the audit
engagement dated [insert date], for the preparation of the financial
statements in accordance with International Financial Reporting Standards;
in particular the financial statements are fairly presented (or give a true and
fair view) in accordance therewith.
• The methods, the data and the significant assumptions used by us in
making accounting estimates and their related disclosures are appropriate
to achieve recognition measurement or disclosure that is reasonable in the
 context of the applicable financial reporting framework. (ISA 540 Auditing
Accounting Estimates and Related Disclosures)
• All events subsequent to the date of the financial statements that require
adjustment or disclosure under IFRS have been adjusted or disclosed. (ISA
560 Subsequent Events)
• The effects of uncorrected misstatements are immaterial, both individually
and in the aggregate, to the financial statements as a whole. A list of the
uncorrected misstatements is attached to the representation letter. (ISA 450
Evaluation of Misstatements Identified During the Audit)
• [Any other matters which the auditor may consider appropriate. For
example:
• The selection and application of accounting policies are appropriate.
• Classification of assets and liabilities are appropriate.
• Plans or intentions which may affect the carrying amount or classification of
assets and liabilities.
• Recognition, measurement and disclosure of all liabilities, both actual and
contingent.
• Title to, or control over, assets, and assets pledged as security.
• Aspects of laws, regulations and contractual agreements which may affect
the financial statements, including non-compliance.]
Information Provided
• We have provided you with:
• Access to all information of which we are aware that is relevant to the
preparation of the financial statements, such as records, documentation
and other matters;
• Additional information that you have requested from us for the purpose of
the audit; and
• Unrestricted access to persons in the entity from whom you determined it
necessary to obtain audit evidence.
• All transactions have been recorded in the accounting records and are
reflected in the financial statements.
• We have disclosed to you the results of our assessment of the risk that the
financial statements may be materially misstated as a result of fraud. (ISA
240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements)
• We have disclosed to you all information in relation to fraud or suspected
fraud that we are aware of and that affects the entity and involves:
• Management;
• Employees who have significant roles in internal control; or
• Others where the fraud could have a material effect on the financial
statements. (ISA 240)
• We have disclosed to you all information in relation to allegations of fraud,
or suspected fraud, affecting the entity's financial statements communicated
by employees, former employees, analysts, regulators or others. (ISA 240)
 •
We have disclosed to you all known instances of non-compliance or
suspected non-compliance with laws and regulations whose effects should
be considered when preparing financial statements. (ISA 250 Consideration
of Laws and Regulations in an Audit of Financial Statements)
• [Any other matters that the auditor may consider necessary (e.g.
communication to the auditor of all deficiencies in internal control of which
management is aware).]
Management________(CEO and CFO on behalf of the board or the board as a
whole).
Management________

If the CEO and CFO sign the letter, the auditor should ensure that the board, as a
whole, is aware of the contents (e.g. minuted and discussed at a board meeting).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

E. Review and Reporting

1. Written representations
• Explain the purpose of and procedure for obtaining written representations.
• Discuss the quality and reliability of written representations as audit evidence.
• Discuss the circumstances where written representations are necessary and
the matters on which representations are commonly obtained.

Summary and Quiz

• Written representations include statements by management provided to the

auditor to confirm certain matters or support other audit evidence.
• Representations include:
• Acknowledgement of responsibilities for the financial statements.
• All relevant information has been provided.
• All transactions have been recorded and events disclosed.
• Other specific representations that provide audit evidence.
 • When representations are inconsistent with other audit evidence, the
contradiction must be resolved.
• If there are significant doubts about the reliability of management's
representations or if management refuses to provide representations, the
auditor will be unable to obtain sufficient appropriate audit evidence and
should issue a disclaimer of opinion (see Chapter 30).

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.
Chapter 21: Automated Tools and Techniques

Visual Overview

Objective: To explain the use of automated tools and techniques in the context of an
audit.

1.1 Auditing around v through the Computer

* Auditing around the computer (the "black box" approach) is not concerned with
programs and processes in the computer.

1.2 Small Computer Installations

Features Consequences

• Lower level of general (IT) • Less reliance on the system of

controls. internal control.
• Greater emphasis on tests of
details of transactions and
balances and analytical
procedures.
• Increased effectiveness of audit
software.

• Smaller volumes of data. • Manual methods may be more

cost-effective.

• Lack of technical assistance in • Use of CAATs may be

the entity. impracticable.

• Certain package programs may • Restricted choice of CAATs.

not operate. • Client data files may be copied
and processed on another
computer using appropriate
 software (e.g. database
management system).

2.1 Use in an Audit

Definition

Computer-assisted audit techniques (CAATs) – computer applications of audit

procedures.

Traditional CAATs are the forerunner of big data analytics (see s.5).

2.1.1 Tests of Controls

By definition, CAATs used in tests of controls can only be applied to programmed

controls.

2.1.2 Substantive Procedures

CAATs may enable more extensive testing of electronic transactions and account
files. For example:
• to select sample transactions from key electronic files;
• to sort transactions with specific characteristics; or
• to test an entire population instead of a sample.
2.2 Considerations Affecting Use

Matters Consequences

• IT skills, expertise and • Must be sufficient to plan,

experience of the auditor. execute and use results of CAAT
adopted.

• Availability of CAATs and • Use of CAATs may be

suitable computer facilities. uneconomical or impractical (e.g.
if the auditor's package program
and client computer are
incompatible).
• Auditor may download data and
use own laptop.
• Client's staff may be required to
cooperate and assist. Internal
audit may use "24/7" facilities.

• Impracticability of manual tests if • See Activity 1.

no visible evidence is available.

• Effectiveness and efficiency. • Execution (e.g. selecting a

sample, analytical procedure) is
quicker than manual equivalent.
• Design and printing of forms
(e.g. for confirmations), mail
merge facilities, etc.

• Timing. • Certain transaction data may

need to be retained for audit
purposes or the CAAT used in
the short time when such data
are available. 24/7 may be
available.
Activity 1 No Visible Evidence

The following is a simplified representation of the main elements of a computerised

system:
Required:

Suggest an example of a lack of visible evidence relating to each of the following:

a. Input/initiation;
b. Processing;
c. Output.
*Please use the notes feature in the toolbar to help formulate your answer.

2.3 General Advantages

• Enable the auditor to test program/information processing controls. If CAATs

were not used, those (non-manual) controls could not be tested.
• Enable the auditor to test a greater number of items (e.g. 100%) quickly and
accurately. This will also increase the overall confidence in conclusions on
which the audit opinion is based.
• Allow effective and efficient in-depth data analysis for analytical procedures
including trend analysis. Dealing with such data would not be a practical
option if approached manually.
• Are an effective and efficient means of testing where the systems are fully
integrated (e.g. data files and processes can easily be compared).
• Allow the auditor to directly test the accounting system (program functions)
and records (raw data) rather than printouts, which are only a copy of those
records and could be incorrect.
• Are cost-effective after initial set up, as long as the company does not change
its systems.
• Allow the results from using CAATs to be compared with "traditional" testing; if
the two sources of evidence agree, this will increase overall audit confidence.

2.4 General Difficulties

• Substantial setup costs are likely to be incurred in developing bespoke CAATs

and testing them. (However, once established, providing the client's system
does not change, they can be reused with only the parameters changed.)
 • Standard audit software may not be available for the client’s specific systems,
especially if those systems are bespoke. The cost of writing audit software to
test those systems may be difficult to justify against the possible benefits to
the audit. In most cases specific customised interrogation programmes will
have been written as part of the system (e.g. for use by internal audit). The
external auditor will need to assess the usefulness of such systems for audit
purposes. In addition, provided that the data held in the system can be
exported (e.g. into Excel or Access format), they can be interrogated on the
auditor's laptops.
• The software may produce too much output due to either poor design or using
inappropriate parameters on a test. The auditor may waste considerable time
checking what appear to be transactions with errors when the fault is actually
in the audit software.
• When checking the client's files in a live situation, there is a danger that the
audit program may disrupt the client's systems or data. Any changes made
during testing must be reversed and removed from history files (otherwise
they will appear in data printouts).
• Although program and data files can be used offline, it is essential to ensure
that they are true copies of the live files.

Example 1 CAAT Procedures

Theresa is using CAATs for the audit of Plagar Co. As Plagar Co’s financial
system is mainly software-based with integrated controls, CAATs have been
deemed necessary, more efficient, and more effective and obtaining sufficient
appropriate audit evidence.
Theresa’s audit software allows for integrated audit procedures with Plagar Co’s
financial software, which has audit plug-ins designed to enable audit procedures to
be done directly to held financial data.
Some of the CAAT procedures Theresa performs are:
1. Validate system logs and audit trails to expedite the tests of controls on
transactions and account balances.
2. Perform tests of details directly on the financial information and account
balances directly, on sample sizes close to 100%.
3. Expedite evaluation of the need for additional audit procedures through the
assessment reports produced by the audit software.
4. The integrated audit module allows for testing within the computer to
ensure the financial systems are executing transactions and tasks as
expected.
5. Automated performance of analytical procedures on account balances and
transactions.
6. Automatic flagging of any control/authorisation failures for transactions that
have been reviewed.
7. Compilation of potential adjustments and their effect on financial statements
into a report for discussion with management.
3.1 Description

Definition

Test data – data (valid and invalid) generated by the auditor and processed
through the client's system to enable the auditor to assess the effectiveness of
programmed controls.

The objective of test data is to ensure that the controls in the system are operating
as intended. If this is the case, valid data should be correctly processed, and errors
(invalid data) should be captured and rejected. Consequently, test data should
contain data of both a valid and invalid nature.
The test data may be:
• selected from previously processed transactions; or
• created specifically by the auditor.
It may be processed during:
• a normal production run ("live" test data); or
• a special run at a point in time outside the normal cycle ("dead" test data).

It may use:
• live units (e.g. actual clients, suppliers, employees, etc); or
• "dummy" units against which the auditor's test data transactions are
processed in a routine in the client's accounting system.
3.2 Process

The auditor must understand how the system operates and the
application/programmed control environment. Initially, the auditor must test that the
system processes data as intended. Valid data entered into the system should be
correctly processed, updating controls and balances.
Using a sales system as an illustration (see Example 2 below) the process will be to:
• establish a dummy customer profile;
• identify current control balances;
• prepare valid test data;
• enter valid test data;
• review reports; and
• reverse/remove test data.

Example 2 Sales System

Establish a dummy customer profile:

•Set up name, address, discounts, credit limit, current balance and
transaction history on the system (or select a live client for testing).
• Ensure that the system being used is the actual client system (or an exact
duplicate if the live system cannot be accessed).
Identify current control balances:
•
To include trade receivables account, sales tax and list of individual
customers balances.
Prepare valid test data:
•
This will include the details of items to be ordered (part number, quantity,
value, total net value, sales tax and total gross value).
• Identify the documentation and new balances expected to be produced by
the system (e.g. credit check, goods despatch note, sales invoice, changes
in trade receivables, sales, sales tax, list of balances).
Enter valid test data:
•
Enter the data and compare the results with what was expected: this
includes inspecting documentation produced (despatch notes, sales
invoices) and verifying that balances have been correctly updated.
• If agreed, the system is operating as expected. If not agreed, the reason(s)
why must be established.
• With Web-based systems, the data entry will be via the client website. The
auditor should enter the data as a customer and agree that the appropriate
data are correctly processed and stored.
Review reports:
 •
Produce all reports (e.g. daily sales) that are necessarily produced by the
system to ensure the test data are reflected in them.
Reverse/remove test data:
• It is critical to ensure that all test data (dummy units, sales etc.) is
completely removed from the client systems.

If correct data is input and processed by the system, many of the information
processing controls designed to prevent errors will not have been tested.
Therefore, in understanding the system, the auditor must identify the information
processing controls in operation and what they are designed to do. Each control
must be tested or "error-trapped" (i.e. input false data for the control to identify as
invalid and reject). These tests could be incorporated in the auditor's walk-through
procedures to understand the system (and the design and implementation of
controls).

Activity 2 Error-Trapping

Describe the forms of test data that could be entered into a system to error-trap
information processing controls.
*Please use the notes feature in the toolbar to help formulate your answer.

3.3 Precautions

Generally, when using test data:

• Test data should be run "live" if possible. If not possible, it is necessary to
ensure that the programs used are identical to or are the actual programs
used by the client.
• Any fictitious items included as test data must be retrieved/eliminated from
files before the client uses those files in normal processing.
• If test data is run "dead", there must be adequate computer time available and
the special run required must not prove unduly expensive.
• Since controls are being tested, all discrepancies between predicted and
actual results must be resolved and documented, regardless of the monetary
amounts involved.
3.4 Advantages and Disadvantages

3.4.1 Advantages

• Provides direct evidence on the effectiveness of application program controls.

• Testing the correct functioning of programmed controls is essential for large
volumes of transactions.

3.4.2 Disadvantages

• Associated time and cost of ascertaining which controls to be tested,

constructing test data and predetermining the results manually. (However,
once set up, the ongoing cost of use is minimal – until controls change.)
• Live testing is risky, but the alternative involves more time and cost.
• Tests only controls (and it may be difficult to test all control activities).

4.1 Description

Definition

Audit software – software ("computer audit programmes") specially designed for

audit purposes. It is used to process and analyse the client's data independently of
the client's program, to verify the system's accuracy.

Audit software is effectively a database management system (DBMS) used for

reperformance tests and analysis and reanalysis of information. It can be:
• Off-the-shelf;
• Bespoke; or
• Embedded.

4.2 Off-the-Shelf
Packaged programs are designed to:
• read and compare computer files;
• select and analyse data;
• perform calculations and analytical reviews;
• print reports in a format specified by the auditor; and
• create data files for export to other programs (e.g. mail merge).

4.2.1 Advantages 4.2.2 Disadvantages

• Relatively inexpensive and • Requires auditing after the client
generally easy to use. has processed data rather than
• Independent of client's while the data is processed.
programmes and personnel. • May not have all the capabilities
• It can run on a variety of the auditor needs for specific
systems. clients.
• Limited IT experience and • It cannot examine items that are
programming skills are required. not in machine-readable form.

4.3 Bespoke

Bespoke audit software is purpose-written to perform general and specific tasks

required by the audit methodology and procedures.
Bespoke programs may be necessary when a client's computer system is not
compatible with an off-the-shelf program or when the auditor wants to perform tests
that are not possible with an off-the-shelf program.
Bespoke programs are proprietary to the audit firm and therefore good economies of
scale are required to make the development cost-effective.

4.3.1 Advantages 4.3.2 Disadvantages

• Provided data can be imported, • Expensive to develop (i.e. high
these programs can be used set-up cost). It may require a
across various system platforms. long development time and may
• It can be tailored to the auditor's be difficult and costly to modify if
methodology and specific client client systems change.
requirements. • Enquiry programmes may be too
elaborate, making a review of
findings expensive.
• Requires auditing after the client
has processed data rather than
while the data is processed.
4.4 Embedded

Audit routines are built into the client's application software also known as resident
audit software.
Embedded audit facilities (EAFs) can have similar functionality to bespoke systems
(e.g. designed to meet internal audit requirements) or have specialist functionality.
For example:
• Snapshots: routines are embedded at different points in the processing logic
to capture images of the transaction through the various stages of processing.
The technique allows the auditor to track data and evaluate the computer
processes applied to it.
• System Control Audit Review File (SCARF) provides continuous monitoring of
transactions. Information is saved to a computer file for the auditor to
examine.
• Tagging: Transactions that meet parameters set by the auditor are recorded
for subsequent audit review.
EAFs can be used in historical or real-time (24/7) auditing. Real-time systems are
commonly used where an independent party requires 24/7 assurance.

4.4.1 Advantages 4.4.2 Disadvantages

• Provides continuous monitoring • It may require the auditor to have

in real time. had access to the clients'
• Audit work is more timely as it systems to develop the
allows the auditor to perform embedded audit module.
tests while the client is • Requires clients to have
processing the data. relatively stable application
• Surprise test capability as client's systems.
users are unaware of the
evidence when it is collected.
• It can be used when the audit
trail is less visible and the costs
of errors or fraud are high.

4.5 Uses

Whatever can be done with data in a DBMS (e.g. access) can also be done with
audit software. Audit software can also replace repetitive, manual audit tasks such
as selecting, analysing and sorting data.
Activity 3 Audit Software

Briefly describe EIGHT uses of audit software.

*Please use the notes feature in the toolbar to help formulate your answer.

4.6 Precautions

Generally, when using audit software:

• Client's data must not be corrupted or damaged.
• Data used for testing must be complete and accurate and identical to, if not
the same as, files currently used by the client.
• Audit software must be updated for developments in the client's applications.

Exam advice

Assume systems to be computer-based unless told otherwise.

For example, if required to explain the various tests to be carried out in tracing a
transaction through a system, explain each test accordingly (e.g. select x items
from File A and agree transfer of data to File B for completeness and accuracy).
THEN state that as the system is computerised, audit software could be used to
carry out completeness, comparison and reconciliation tests to ensure all items in
File A transferred to File B (or to identify items in File A not correctly transferred to
File B).
Avoid leaping straight in with "use CAATs" as an answer unless the question
specifically asks you to explain the use of CAATs.
This approach demonstrates that you know what the tests are about (and answers
the requirements). As it is computer-based, you understand how CAATs could be
used efficiently and effectively to achieve the objective.

5.1 Big Data

Big data refers to the dynamic, large and disparate volumes of data created by
people, tools and machines. It is typically characterised by the “five Vs”:
 • Volume: The amount of data created is vast; more than can easily be handled
by a single computer, spreadsheet or conventional database management
system.
• Variety: Non-uniform data, from internal and external sources, much of which
is unstructured, is created by machines and people.
• Velocity: Data arrives continually and must be processed quickly to yield
useful results.
• Veracity: Given its numerous sources, its accuracy and quality must be
validated and verified.
• Value: The benefit obtained from capturing and processing big data must
exceed the cost of obtaining it.

5.2 Data Analytics (DA)

Definition

Data analytics – the science of examining raw data to draw insights from it.

When used to obtain audit evidence, DA is the science and art of:
• discovering and analysing patterns, deviations and inconsistencies;
• and extracting other useful information;
• through analysis, modelling and visualisation;
• to plan or perform the audit.

5.3 Audit Applications

Examples of audit applications of data analytics include the following:

• Analytical procedures: Preliminary analysis of all transactions during a set
period:
• Provides additional insight into the nature of business activities;
• Can identify trends and anomalies that may indicate potential risk areas and
concerns that require specific audit focus.
• Tests of controls: Examination of 100% of transactions to determine whether:
• Each transaction appears to comply with a specific control rule;
• There is an indication of activities occurring for which no control has been
implemented.
 • Substantive procedures: Analysis of transactions (or a statistical sample) to
determine whether they are complete, valid and accurate.
• Fraud detection: Analysis of transactions to identify fraud indicators.
• General analysis and communication: The application of analytics to identify
anomalies in business processes or transactions and communicate
recommendations to management.

5.4 Benefits

• Productivity and cost savings:

• Ability to deliver considerably more with current staff levels or reduce audit
staff requirements;
• Travel is limited to locations where needed (e.g. identification of apparent
control problems).
• Audit quality is enhanced as far more extensive audit procedures are
performed.
• Professional scepticism and judgment are improved as the auditor has a more
robust understanding of the entity and its environment.
• Reduced audit risk, as entire populations can be subjected to broad ranges of
test procedures and 100% testing increases confidence in audit procedures.
• Capabilities for independent data access and analysis increase auditor
independence.
• Continuous auditing and monitoring techniques provide ongoing automated
analysis highlighting the areas of greatest risk and audit concern. Results can
be immediately provided to management to identify areas requiring
investigation and response.

Activity 4 Limitations of Data Analytics

Suggest FOUR limitations that auditors need to be aware of in using data analytics.
*Please use the notes feature in the toolbar to help formulate your answer.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence
8. Automated tools and techniques
 • Explain the use of automated tools and techniques in the context of an audit,
including the use of audit software, test data and other data analytics tools.
• Discuss and provide relevant examples of automated tools and techniques
including test data, audit software and other data analytics tools.

Summary and Quiz

• CAATs are computer programs and data used to process data of audit
significance contained in the entity's information system.
• Test data incorporates correct and incorrect data, which is processed to test
the effectiveness of programmed controls and determine whether the controls
are operating as intended.
• The test data process involves:
• establishing a dummy profile;
• identifying current control balances;
• preparing and entering test data;
• review reports; and
• reversing/removing test data.
• Error-trapping is the programmed handling of exceptions (e.g. the error
routine for a credit sale to a customer not included in the customers' master
file).
• Audit software, which may be off-the-shelf, bespoke or embedded, is used to
process and analyse the client's data independent of the client's system to
verify the accuracy of the system.
• Audit software is widely used for data file interrogation (e.g. sequence
checking and sample selection).

Chapter 21 Quiz

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Auditing in a computer-based environment (s.3 and s.4)
• Specific aspects of auditing in a computer-based environment (s.3 and s.4)
For more recent articles and other resources please visit the ACCA global website.
Activity 1 No Visible Evidence

d. Input/initiation;
e. There will be no visible evidence of authorisation of individual transactions
where:
• Sales orders are entered online or by voice-activated input;
• Discounts and interest calculations are generated by computer program.
f. Processing;
g. Some aspects of processing may only be visible when reported on an
“exception” basis, for example, where the computer program:
• Matches delivery notes and suppliers' invoices;
• Checks customer credit limits.
h. Output.
• Output reports may not be produced.
• Printed report may contain only summary totals.

Activity 2 Error-Trapping

• Invalid user names and passwords (e.g. for changing standing data).
• Data outside of a specified accepted range (e.g. age, units ordered, delivery
date).
• Incorrect customer codes, product codes (incorrect format and non-existent).
• Incorrect dates (e.g. 31 February).
• Negative numbers.
• Quantity in excess of inventory held.
• Sales values in excess of credit limits.
• Incomplete data.
• Incorrect payment details (e.g. credit card code when payment is required
online before delivery).
The above examples should result in error messages and/or error reports. The
system should not be able to "go to the nearest" and complete the process (e.g. the
nearest product code or a default substitute).

Activity 3 Audit Software

 • Selecting a sample of records from a file for audit testing (e.g. random
selection of goods despatched notes or selection of all inventory items valued
over a certain amount).
• Printing out transactions or balances over a specified amount (e.g. invoices,
inventory items or accounts receivable) for investigation.
• Checking computations and calculations by re-performance, for example:
• agreeing the accuracy of an aged-debtor listing or stratification of an inventory
file;
• recalculating depreciation expense;
• recalculating interest expense.
• Confirming information processing controls (e.g. when testing input controls
over completeness, a computer audit program can identify any missing items
from a sequence).
• Reorganising data into a form for audit use (e.g. sorting a file of purchases
grouped by product into a file grouped by supplier and product for a year-end
cut-off test).
• Comparing two or more different files (e.g. sales invoices with the list of
individual customers to ensure that all invoices have been posted, or
comparing inventory held at two different dates).
• Recalculating closing balances, extracting balances (e.g. receivables listing).
• Re-performing allocation of invoices, payments, journals etc.
• Identifying duplicate suppliers and/or employees (and/or duplicate addresses)
which may be a source of possible error or fraud.
• Selecting exceptions (e.g. invoices approved on a national holiday, credit
limits exceeded, excess overtime, payments above a set limit).
• Identifying missing data fields (e.g. references not obtained for new customers
or employees).
• Conducting analytical procedures, statistical data analysis and data-mining.

Activity 4 Limitations of Data Analytics

• Analysis of data that is not relevant to the audit, is not well controlled, is
unreliable, or its source is not well understood could have negative
consequences for audit quality.
• Analysis of relevant and reliable data provides valuable insights but does not
provide everything the auditor needs to know.
• 100% testing still only provides reasonable assurance.
• The need for professional judgment (e.g. in assessing accounting estimates
and qualitative disclosures) cannot be replaced.
• Risk of overconfidence in technology where results are not infallible.
Chapter 22: Non-current Assets

Visual Overview

Objective: To determine risk areas in tangible non-current assets and describe the
procedures necessary to obtain appropriate audit evidence that non-current assets
are not materially misstated.

1.0 Introduction

Definition

Asset – a present economic resource controlled by the entity due to past events.

Non-current means that the asset is not working capital and is not routinely traded
but used to generate revenues and is expected to remain in the business for at least
12 months after the reporting period.
1.1 Audit Risks

Risks that should generally be considered in the audit of tangible non-current assets
(i.e. property, plant and equipment) include the following:
• Recorded non-current assets will be overstated if expenses that should be
charged to profit or loss are misclassified as asset expenditure. (Conversely,
non-current assets will be understated if asset expenditure is expensed to
profit or loss.).
• Non-current assets will be overstated if they do not exist (e.g. have been
sold), have been impaired or are not generally in good condition.
• Non-current assets may be purchased, misappropriated, used for non-
business purposes (e.g. sole use in a director's private life), sold or scrapped
without appropriate authorisation.
• Obsolete and idle assets may not be written down to a realistic valuation (i.e.
recoverable amount).
• Assets may not be depreciated (at all) or depreciated over unrealistic lives or
continue to be depreciated when already fully depreciated.
• Secured assets (e.g. those charged as security for bank loans) may not be
disclosed in the financial statements.

Activity 1 Classification of Expenditure

Explain under what circumstances expenditure on an item of property, plant and

equipment would be classified as asset expenditure and when it should be expensed
to profit or loss.
*Please use the notes feature in the toolbar to help formulate your answer.

1.2 Assertions

Audit considerations for the main assertions that are specific to property, plant and
equipment include the following (”CARE”):

1.2.1 Completeness

Assets accounts may be incomplete if:

• Asset expenditure is posted to an expense account in error;
• Disposals are not recorded (i.e. the asset is not derecognised).
1.2.2 Accuracy, Valuation and Allocation

• The depreciable amount of all non-current assets must be depreciated each

year and expensed to profit or loss.
• If revalued, the revalued amount must be verifiable (e.g. a market value or
expert valuation). Any revaluation gain must be correctly accounted for and
the surplus recognised in the statement of changes in equity (IAS 16 Property,
Plant and Equipment).
• If there are indicators of impairment (e.g. damaged assets, assets not in use,
reduced capacity of production, adverse change in market conditions),
impaired assets must be written down to recoverable amount.
• The cost of self-constructed assets should include relevant overheads as well
as materials and labour costs.

1.2.3 Rights (Control)

• Physical possession is evidence of control but is not conclusive evidence of

ownership.
• Control without ownership may signify a liability (e.g. a lease liability for a
leased asset).
• Assets may be owned but not possessed (e.g. if they are leased to another
party).

1.2.4 Existence

• Recorded assets will be overstated if they do not exist (e.g. if stolen or

scrapped without authorisation).
• Overstatement will also arise if disposals of assets have not been recorded.

1.3 Sources of Evidence

Sources of audit evidence were covered earlier, in Chapter 15 section 1.

Activity 2 Non-current Asset Register

List the information you would expect to find in a tangible non-current asset register.
*Please use the notes feature in the toolbar to help formulate your answer.

1.4 Substantive Procedures

1.4.1 Property, Plant and Equipment

The following is an example of a typical lead schedule, which would also include
accounting policies and depreciation rates:
Land and Plant and Motor Railway
buildings equipment vehicles trucks Total
Cost or
revaluatio
n $ $ $ $ $
1 January
20X2 100,000 875,000 1,500,000 500,000 2,975,000
Revaluatio
n 20,000 20,000
Additions 10,000 125,000 525,000 995,000 1,655,000
Disposals – (100,000) (325,000) – (425,000)
31
December
20X2 130,000 900,000 1,700,000 1,495,000 4,225,000
Depreciation
1 January
20X2 60,000 550,000 750,000 200,000 1,560,000
Revaluatio
n (5,000) (5,000)
Charge 2,000 180,000 425,000 199,000 806,000
Disposals – (80,000) (325,000) – (405,000)
31
December
20X2 57,000 650,000 850,000 399,000 1,956,000
Carrying amount
31
December
20X2 73,000 250,000 850,000 1,096,000 2,269,000
Carrying amount
31
December
20X1 40,000 325,000 750,000 300,000 1,415,000
 Key point

For all audit areas (not only non-current assets):

• Recast all clients’ schedules and agree (if appropriate) balances to the
general ledger, trial balance and financial statements, including necessary
disclosure analysis (use disclosure checklist).
• Agree opening balance/comparatives to prior year's financial statements,
general ledger and current year financial statements.
• Agree accounting policies with previous years and consider whether they
are still appropriate.

1.4.2 Additions

• Obtain the list of additions from the client (or extract it from the asset register).
• For appropriate sample (e.g. all material items):
• agree to delivery received confirmation and purchase invoice (completeness
and occurrence)
• agree value, treatment of sales tax, description and account allocation to
purchase invoice ensuring the invoice is addressed to the entity and
arithmetically correct (accuracy, classification);
• if self-constructed, obtain cost analysis for materials, labour and appropriate
overheads. Agree material to purchase invoices, agree labour to time records,
agree overheads as reasonable and to supporting documents (completeness,
occurrence, classification);
• agree correctly posted to asset register (completeness).
• Review expense accounts for possible mis-postings (e.g. repairs and
maintenance) to ensure that asset expenditure has not been expensed to
profit or loss (completeness, classification).
• Review non-current asset purchases shortly before and after the year end for
recording in the proper period (cut–off).
The cut-off assertion is explained in more detail in the next chapter in relation to
inventory.

1.4.3 Revaluations

For each class of property, plant and equipment, the revaluation model is an
accounting policy choice for measurement subsequent to initial recognition (IAS 16).
It is most commonly chosen for land and/or buildings.
• Assess whether assets should have been revalued during the year (e.g. if
there is high property inflation) (valuation and allocation).
• Recalculate revaluation gains (and losses) (accuracy).
 • Where an asset has been revalued, confirm that requirements of IAS 16 have
been applied (e.g. all assets in the same class also revalued).
• Apply audit procedure relevant to reliance on management's expert (accuracy,
valuation and allocation).

1.4.4 Rights

• Inspect evidence of control or ownership for material assets, for example:

• property title deeds (may be held as security by the bank);
• vehicle registration documents;
• "put into use" certificates;
• lease agreements.

1.4.5 Existence

• For appropriate sample (e.g. material items), inspect each asset and note if
damaged or obsolete (existence, rights, valuation). The asset register is
usually used to select the sample, provided it is independently maintained
from the general ledger.
• If the asset is not accessible (e.g. container on a boat, lorry travelling across
Europe) inspect other documentary evidence for proof of existence (e.g. GPS
location if used by the company, licence, insurance, fuel costs, maintenance,
contracts of hire/use by customers).
• Consider conducting asset inspection at year-end during inventory
observation to improve audit efficiency.

1.4.6 Disposals

• Obtain the list of disposals or identify them from the general ledger and asset
register. Disposal testing relates to the existence of non–current assets and
the completeness of the recording of disposals.
• Incorporate testing of disposals into the existence test:
• Select items for inspection from opening balances and additions in the year.
• If an asset cannot be found, check that it is on the list of disposals or was
disposed of after the year–end (inspect evidence of such sales).
• If an asset is not on the list of disposals, make enquiries of management.
• For material disposals, verify:
• Extraction from records;
• Authorisation to dispose of;
• Proceeds received and banked;
• Write–off of accumulated depreciation;
• Recording of profit or loss on disposal.
 • Profit or loss on disposal is tested through recalculation by comparing the
proceeds received (if any) to the asset’s carrying amount at the time of
disposal.

1.4.7 Depreciation

Definitions

Depreciation – the systematic allocation of the depreciable amount of an asset

over its useful life.
Depreciable amount – the cost of an asset, or other amount substituted for cost
(i.e. revalued amount), less its residual value.

Depreciation is an example of an accounting estimate (see Chapter 17).

• Confirm that depreciation has been systematically applied to all depreciable
assets including additions to reflect consumption of economic benefits
(completeness).
• Confirm that no assets have a negative carrying amount (accuracy, valuation)
as the depreciation of an asset ceases when it is "fully written down".
• Confirm that assets disposed of have been depreciated, or not, following the
accounting policy (e.g. no depreciation in the year of disposal or monthly until
the date of disposal).
• For assets revalued, confirm the correct treatment of accumulated
depreciation and that the charge for the year reflects the revalued amount
(accuracy, valuation, allocation).
• Recalculate depreciation on material assets and that entries have been made
appropriately in the records (accuracy, valuation).
• Review rates applied against asset lives, replacement policy and experience
of gains/losses on disposal (valuation).

Key Point

Analytical procedures which could be used to test depreciation (accuracy,

valuation, allocation) include:
• Reasonable tests (e.g. reconciling current year's charge to prior year's as
adjusted for additions, disposals and revaluations in the current year);
• Comparison of ratios of depreciation expense to the related depreciable
asset accounts with prior year ratios.

1.4.8 Impairment
 • Obtain a schedule of impaired assets and confirm that potentially impaired
assets identified during a physical inspection are included (valuation).
• Agree management's estimate of recoverable amount (e.g. net disposal
proceeds if replaced after the reporting date).

1.4.9 Disclosure Requirements (IAS 16)

• Accounting policy, measurement basis used, useful lives or depreciation rates

(for each asset category).
• Gross carrying amount and accumulated depreciation at beginning and end of
year and reconciliation showing additions, revaluations, disposals,
depreciation for the year (see lead schedule above).
• The existence and amounts of any restrictions on assets pledged as security
for liabilities (e.g. a company may have no right to sell a property that is
security for a bank loan until the loan is repaid).
• The amounts for:
• expenditures recognised in assets in the course of construction;
• contractual commitments (to acquire assets);
• third-party compensation for assets impaired, lost or given up, included in
profit or loss.

2.0 Introduction

Definition

Intangible asset – an identifiable non-monetary asset without physical substance.

An intangible asset is a non-current asset without physical form. Examples include:

• Goodwill
• Development costs
• Patents and trademarks
• Brands
• Copyrights
• Know-how.
2.1 Audit Risks

Most of the general risks for tangible non-current assets apply equally to intangible
non-current assets. For example:
• Recorded intangible assets may not represent deemed capital expenditure
under IAS 38 (e.g. research expenditure capitalised as development
expenditure);
• Useful economic life may be overestimated;
• Carrying amount may exceed the expected discounted future benefits (i.e. the
asset is “impaired”);
• Completeness (e.g. of capitalised development expenses).

2.2 Assertions

2.2.1 Completeness

• Development expenditure that meets the asset recognition criteria of IAS 38

must be capitalised.
• Assets disposed of may not be recorded (as there is no physical asset to
monitor).

2.2.2 Accuracy, Allocation and Valuation

• The accounting system must distinguish between research and development

expenditure.
• Appropriate valuation model should be used (e.g. discounted future cash
flows).
• Appropriate amortisation charges must be calculated, accumulated and
expensed to profit or loss.
• An intangible asset can only be revalued if fair value can be determined by
reference to an active market.
• Indication of non-use, such as licence rights, would suggest that the value of
the intangible asset should be written down.

2.2.3 Rights (Control)

• The right to use an intangible asset owned by another (e.g. software) is

usually evidenced by an end-user licence agreement.
 • Related income (e.g. from copyright, patents) provides evidence of ownership.

2.2.4 Existence

• As physical inspection is not possible, existence needs to be tested through,

for example, an inspection of supporting documentation, legal licences and
legal rights.

2.3 Substantive Procedures

See also Chapter 20 for written representations concerning non-current assets.

2.3.1 Additions

• Obtain a list of additions from the client (or extract a list from the asset
register).
• For appropriate sample (e.g. all material items):
• Agree value, treatment of sales tax, description and account allocation to
purchase invoice, ensuring the invoice is addressed to the entity and that
invoice correctly casts (accuracy, classification).
• Agree supporting documentation (e.g. certificate of registration of
patent/trademark) (occurrence).
• If self-developed, obtain cost analysis for materials, labour and appropriate
overheads. Agree material to purchase invoices, agree labour to time records
(ensure labour is relevant and not capitalised production labour), evaluate
overheads absorbed as reasonable and agree to supporting documents
(completeness, occurrence, classification).
• Agree correctly posted to asset register (completeness).

2.3.2 Revaluations

• For most intangible assets, it is unlikely that a fair value could be determined
(e.g. an appropriate market does not exist).
• Agree that the carrying amount has not been impaired (valuation).

2.3.3 Rights
 • Inspect evidence of control or ownership for material assets (e.g. registration
certificate).
• Income streams from the use of rights provide corroborative evidence.

2.3.4 Existence

• For appropriate sample (e.g. material items), agree use of asset within the
business or relevant income stream from use of the asset by an external
entity.

2.3.5 Disposals

• Disposal testing relates to the existence of intangible assets and the

completeness of the recording of disposals.
• Obtain a list of disposals or identify from the general ledger, asset register and
discussions with management.
• Agree proceeds to bank ledger account and bank statement.
• Confirm extraction from records of cost and accumulated amortisation and
recalculate profit or loss on disposal (existence, completeness, accuracy).

2.3.6 Amortisation

• Confirm that amortisation has been systematically applied to reflect the

consumption of economic benefits and that no assets have a negative
carrying amount (completeness, valuation). Amortisation should be on a
straight-line basis if the pattern of consumption cannot be determined reliably
(IAS 38 Intangible Assets).
• For assets revalued, confirm the correct treatment of accumulated
amortisation and that the charge for the year reflects the revalued amount
(accuracy, valuation, allocation).
• Test check calculations on material assets and that entries have been made
appropriately in the records (accuracy).
• Review rates applied against asset lives, replacement policy (if any) and
experience of gains/losses on disposal (valuation).

2.4 Research and Development Costs

2.4.1 Accounting Treatment

To comply with IAS 38 Intangible Assets:

• Research expenditures should be recognised in profit or loss in the period
they were incurred (not as an asset in a later period). If the research phase is
indistinguishable from the development phase, expenditure is accounted for
as research.
• Development expenditures should be recognised as intangible assets if, and
only if, the asset recognition criteria are met and written off (i.e. derecognised)
if recognition criteria cease to be met.
• Amount recognised as an asset should not exceed the probable amount of
recovery from related future economic benefits after deducting further costs.
Any excess must therefore be expensed to profit of loss.
• Intangible assets are carried at cost less accumulated amortisation (unless
revalued, which is rare).
• Intangible assets should be amortised on a systematic basis over the best
estimate of useful life (to reflect the pattern of consumption of future economic
benefits), generally over a period not exceeding five years (rarely to exceed
20 years).

2.4.2 Key Disclosures

• Useful lives or amortisation rates used.

• Amortisation methods used.
• Gross carrying amount and accumulated amortisation at the beginning and
end of the period.
• Line item(s) of the statement of profit or loss in which amortisation is included.
• Aggregate amount of research and development recognised as an expense.
• A reconciliation of the balance of unamortised development costs at the
beginning and end of the period.

Activity 3 Development Expenditure

State the criteria which must be demonstrated for expenditure on development (e.g.
of a new product) to be recognised as an intangible asset (i.e. "capitalised"). Suggest
the evidence you would seek to verify that these criteria are met.
*Please use the notes feature in the toolbar to help formulate your answer.
Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

1. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
• Tangible and intangible non-current assets:
• evidence in relation to non-current assets
• depreciation
• profit/loss on disposal

Summary and Quiz

• The main assertions for tangible and intangible non-current assets include
completeness, accuracy, valuation and allocation, existence, and rights and
obligations.
• Substantive Audit procedures for tangible non-current assets include:
• Testing additions (occurrence, accuracy, classification).
• Reviewing repairs and maintenance expenses (completeness, classification).
• Confirming revaluations (may include reliance on management's expert).
• Examining documents for evidence of the right of control or ownership.
• Physical inspection of assets (existence).
• Testing disposals (occurrence, completeness).
• Testing depreciation (accuracy, valuation, allocation, completeness).
• Confirming disclosure complies with IAS 16 (completeness).
• Substantive Audit procedures of intangible non-current assets are similar.
Specifics include:
• Testing existence other than by physical inspection (e.g. income stream).
• Testing amortisation (usually on a straight-line basis) (valuation).
• Obtaining evidence that capitalisation criteria are met for internally generated
research and development costs.
• Confirming disclosure complies with IAS 38.
Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Classification of Expenditure

• Any expenditure on an item of property, plant and equipment that meets the
definition of an asset (i.e. can generate future economic benefit or reduce
future costs related to that asset) should be classified as asset expenditure
and added to the carrying amount of the item.
• Examples would include expenditure that extends the useful life of the item
and expenditure that enables the item to be used more effectively and
generate additional revenue or reduce maintenance and production costs.
• When asset expenditure is added to the carrying amount of an item, the new
carrying amount cannot exceed the economic value/recoverable amount. Any
excess must be expensed to profit or loss.
• Other expenditure (e.g. maintenance and repairs) to ensure that the item can
generate its expected future economic benefit (e.g. to complete its expected
useful life) must be expensed to profit or loss as incurred.

Activity 2 Non-current Asset Register

• Identification number (e.g. registration/serial number).

• Description and manufacturer's name.
• Gross cost or valuation.
• Estimated useful life.
• Depreciation method/annual charge.
• Depreciation provision.
• Carrying amount.
• Location of the asset.
Activity 3 Development Expenditure

Criteria Evidence Sought

• Technical feasibility (of completion) • "Blueprint"

• Discussion with client's technicians
(e.g. engineer)
• Working prototype
• Beta test feedback from users and
action taken

• Intention to complete and use (e.g. • Planning permission sought for

in the manufacture of new products new/expanding factory
or processes) or sell the intangible • Authorisation of necessary capital
asset expenditure
• Action on testing feedback
• Advertisements (e.g. to recruit staff,
promote the product)

• Ability to use or sell the intangible • Applications made for copyright,

asset trademarks, licences, etc
• Dedicated sales manager,
establishing of sales network
• Advanced orders
• Auditor tests/uses item

• How probable future economic • Results of market research (by

benefits are to be generated client or consultant)
(including the existence of a market • Expected selling price per market
or internal use) research
• Selling prices of comparable
products (if any)
• Client's profit forecasts
• Analysis of potential competitor
products

• Adequate technical, financial and • Business plan

other resources exist/are available • Cash flow forecasts
to complete the project and use or • Negotiations with the bank for
sell the intangible asset new/increased loan/overdraft
facilities

• Attributable expenditure can be • Clearly defined product/process

measured reliably evidenced by the documented
project specification
• Separate ledger accounts (e.g. for
materials, wages and salaries,
depreciation, allocated overheads)
• Costs traced to/from materials
requirements, purchase invoices,
timesheets, etc.
Chapter 23: Inventory

Visual Overview

Objective: To identify and explain the risk areas in inventory and describe audit
procedures to obtain sufficient appropriate audit evidence.

1.1 Types of Inventory

Depending on the business, inventory may take one or more forms:

• Raw materials and consumables for the production or service process;
• Work-in-progress to produce goods for sale
• Goods held for sale in the ordinary course of business (finished and retail
goods).
1.2 Materiality

For most entities that produce or sell goods (consumer goods, beverages, industrial
machinery, transportation, shops, chemicals, pharmaceuticals, farms) inventory is
usually the second most material asset (after non-current assets) and may be very
complex to audit.
Because it affects both the statement of financial position (as an asset) and the
statement of profit or loss (opening and closing inventory in cost of sales determine
gross profit) and is relatively easy to manipulate (e.g. count quantities, valuation and
impairment), inventory is a high-risk audit area.
This is particularly the case in businesses where inventory is counted and valued for
the financial statements at the year end. However, by using integrated inventory
control systems with perpetual (continuous) counting and reconciliations, the risks of
incorrect valuation and non-existence can be managed and reduced.

Key point

Generally, the audit approach to inventory covers three specific areas:

1. Understanding the business and specific risks relating to inventory.
2. Quantities of inventory held.
3. Valuation of the quantities held.

2.1 Audit Risks

Typical audit risks include:

• Susceptibility to "shrinkage" (e.g. theft by employees or customers).
• Management manipulation of quantities and value.
• Lack of control over quantities: poor recording on receipt, processing and
storage.
 • Valuation may not be consistent or comply with IAS 2 Inventories.
• Obsolescence (e.g. damage, shelf life, best-before date, change in customer
demand).
• Cut-off for inventory movements may be inaccurate.
• Third-party inventory may be included as the entity’s inventory
• Inventory under the custody and control of third parties (e.g. a third-party
storage or distribution facility) may be omitted or not exist.

2.2 Assertions

Audit considerations for the assertions that are specific to inventory include the
following (“CARE”):

2.2.1 Completeness

• Physical inventory count must be correctly analysed and quantities transferred

to the final valuation.
• All inventory movements must be accurately recorded in inventory control
systems for perpetual inventory.
• Completeness (and accuracy) of recorded inventory is affected by the cut-off
of sales and purchases transactions (see s.4).

2.2.2 Accuracy, Allocation and Valuation

• Cost method must comply with IAS 2 (e.g. inclusion of applicable overheads
and only first-in, first-out (FIFO) or weighted average cost (AVCO) formulae
permitted).
• Determining the lower of cost and net realisable value (NRV) requires
identifying inventory that may be damaged or obsolete (e.g. inspection during
physical count, review of expected sales, understanding of the current
business environment).

2.2.3 Rights (Control)

• Inventory owned by a third party but held by the client must be separately
identified and not included in the year-end valuation.
 • Client inventory held by third parties (including that on a “sale or return” basis)
must be verified (e.g. by inspection of external confirmation) and included in
the year-end valuation.

2.2.4 Existence

• The physical inventory count is the primary source of audit evidence to

confirm the existence of inventory (s.3). If material, inventory held by a third
party may also be inspected.

Key point

Where a third party holds a material volume of inventory on behalf of the entity
(e.g. provision of warehousing facilities), audit considerations relating to a service
organisation will apply (see s.3.5).

2.3 Sources of Evidence

Activity 1 Sources "Ideas List"

Complete the following "ideas list" for inventory.

• Accounting systems
• Documentation
• Tangible assets
• Management and employees
• Customers and suppliers
• Other third parties
• Analytical procedures
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Existence and Condition

The relevant standard is ISA 501 Audit Evidence – Specific Considerations for
Selected Items.
 Key Point

If inventory is material to the financial statements, the auditor must obtain

sufficient appropriate audit evidence regarding the existence and condition of
inventory by:
• Attendance at physical inventory counting, unless impracticable.
• Performing audit procedures over the entity's final inventory records to
determine whether they accurately reflect actual inventory count results.

“Impracticable” does not arise through lack of time, cost or general inconvenience. It
means "near impossible" (e.g. inventory is held in a location that may pose threats to
the auditor’s safety). Alternative procedures (e.g. inspection of purchase and sale
documentation and direct confirmation of suppliers and customers) may provide
sufficient appropriate audit evidence. In most cases, however, it is unlikely sufficient
evidence will be obtained, in which case the auditor must modify the audit opinion.

3.2 Objectives

The objectives of attending a physical count are to:

• Observe and evaluate compliance with management's instructions in the
performance of the count;
• Inspect the inventory to ascertain its existence and evaluate its condition; and
• Obtain audit evidence (e.g. perform test counts) regarding the reliability of
management's count procedures.

3.3 Types of Inventory Counting

Activity 2 Full Physical Count

Suggest advantages and disadvantages of a full physical count at the end of the
reporting period.
*Please use the notes feature in the toolbar to help formulate your answer.

Activity 3 Interim Stocktaking

Suggest advantages and disadvantages of a full physical count shortly before the
end of the reporting period.
*Please use the notes feature in the toolbar to help formulate your answer.

3.4 Perpetual (Continuous Count) Inventory System

In a perpetual inventory system, inventory is counted regularly and not just once (at
the end of the reporting period). This system checks the accuracy of the book
records (usually computerised including purchases, sales and movements from raw
materials to work-in-progress and finished goods). High-risk (e.g. valuable)
items/product lines are usually counted and reconciled to records more often (e.g.
every month or in some cases, for example, jewellery, every day).
• Counts should be programmed so that all inventory (e.g. each product line) is
counted at least once a year (i.e. "continuous stocktaking").
• All material differences between book inventory and physical counts must be
investigated and corrected at the time of each count.
Additional audit procedures should be performed where a perpetual inventory
system is used to derive inventory for the financial statements:
• Auditors should attend at least one of the physical counts (preferably more
than one if inventory is homogeneous and each product line is counted only
once).
• Movements throughout the year into book records (e.g. from goods received
records) and out (e.g. transfers to the subsequent production stage/goods out
as sales) must be audited to establish occurrence and measurement
assertions.

Key Point

When auditing a perpetual inventory system, the auditor must be satisfied that the
effectiveness of the design, implementation and maintenance of controls over
inventory enables the records to form a reliable basis (existence and
completeness) for quantifying year-end value (raw materials, work-in-progress,
finished goods and net realisable value (NRV)) for inclusion in the financial
statements.

Activity 4 Perpetual Inventory System

Suggest advantages and disadvantages of a perpetual inventory system.

*Please use the notes feature in the toolbar to help formulate your answer.

3.5 Procedures

Procedures which apply equally to end of the reporting period counts and perpetual
inventory counts are:
3.5.1 Planning

Planning procedures aim to identify the risks of material misstatement and the nature
of internal control related to inventory. The auditor should:
• Review prior-year inventory count working papers to identify potential
problems.
• Contact the client to receive a copy of the count instructions and agree the
date, time and location.
• Discuss any changes that could affect the audit approach (e.g. changes in
controls, expected volumes, changes in mix (more or less material items),
locations, timing, systems).
• Review the adequacy of the client's instructions.
• Consider the role of and reliance on internal audit, if appropriate (see Chapter
14).
• Consider arrangements for the client's expert and/or auditor's expert if
necessary (see Chapter 18).
• Arrange appropriate staff and plan the sampling approach and work
programme.

Activity 5 Inventory Count Instructions

Outline the expected content of the client's inventory count instructions.

*Please use the notes feature in the toolbar to help formulate your answer.

3.5.2 Attendance

Attendance on the day of the count will generally involve the auditor in the following:
• Attend briefing meeting(s).
• "Walk-about" before the start of count to observe preparations for identifying
material inventory and minimising inventory movement.
• During the count, observe that instructions for count sheets, work-in-progress,
counting and completion are followed.
• Carry out test counts, for example:
• from counts already made to the inventory (existence);
• from inventory to a count sheet (completeness);
• from inventory ahead of count team for agreement to count sheet (accuracy)
towards the end of the count (to be effective, the count team should not be
made aware of the items that have been pre-counted by the auditor);
• inspect box/container contents, weigh and calculate volumes (existence).
•
 Key point

The direction of testing ("sheet to floor" or "floor to sheet") tests different

assertions.
• Discuss with management any discrepancies found in the counts and the
action to be taken (e.g. correction by management).
• Collect cut-off information, including receipts and despatches (see s.4 for
details of cut-off testing) and stage of completion of work-in-progress.
• At the end of the count, agree all count sheets are accounted for and copy
them for the final audit visit to check that no alterations were made after count
(accuracy, existence, completeness).
• "Walkabout" to ensure that all items that should have been counted are
tagged as having been counted (completeness).

3.5.3 Follow-up (Final Audit)

The physical count procedures will be followed up during the final audit as follows:
• Obtain client's final valuation, summaries and sub-schedules from count
sheets.
• Follow through any outstanding matters from physical count observation,
including reviewing photocopy of count sheets to client's final sheets to
identify any changes made after the count.
• If the client has made changes to the count sheets, their materiality should be
assessed and reasons for the changes ascertained from management and
audited.
• If unsatisfactory (and material), the effect on the auditor's report must be
considered.
• Sample calculations (quantity x price) and the summation of count sheet
quantities, including carrying forward to summary schedules and the final
summary (Checking to and the final summary is a test for understatement;
from the final summary back to the count sheets tests for overstatement:
completeness and accuracy.)
• Sample raw materials, work-in-progress and finished goods for valuation in
accordance with IAS 2 (see s.5.1).
• Check cut-off (see s.4).
• Carry out NRV review (see s.5.3).
• Obtain written representations (see Chapter 20) concerning the completeness
and accuracy of the physical count and valuation (e.g. NRV).
3.6 Inventory Held by Third Parties

Where a third party holds inventory, apply ISA 402 procedures (see Chapter 14) to
confirm the inventory’s existence, including:
• assessment of controls;
• observation of physical counting by the third party (if material); and
• confirmation (if immaterial).
If inventory held by third parties is material and physical inspection is not possible,
alternative procedures must be applied to confirm existence, such as:
• independent third-party confirmation;
• inspection of insurance certificates;
• inspection after the year end;
• analytical procedures; and
• "roll-back" of production and sales transactions after the year end.
Physical inspection may not be possible when inventory is in sealed containers on
board a boat or held by customs.

4.1 Importance

Cut-off is the assertion that transactions and events have been recorded in the
correct accounting period:
• All transactions and events up to and including the reporting date should be
included in the current accounting period; and
• Those after the reporting date are included in the next accounting period.
Incorrect cut-off will result in the misstatement of profit or loss and asset or liability
positions. For example:

Cut-off error Misstatement

A sale is correctly recognised before Understatement of cost of sales (i.e.

the year end but the goods are also profit is overstated) and overstatement
included in the inventory valuation of inventory

A sale is made before the year end and Understatement of revenue and trade
the goods are not included in the receivables
inventory but the revenue and trade
receivable are recorded after the year
end
Goods are received before the year end Understatement of purchases and
and included in the inventory count but payables
the purchase and trade payable are
recorded after the year end

A purchase invoice and liability are Understatement of inventory (asset)

recorded before the year end but the and overstatement of cost of sales (i.e.
goods are not received until after the profit is understated)
year and so are not included in
inventory

Key Point

Cut-off tests ensure that all related elements of a transaction, such as a purchase
or a sale, are recorded in the accounting period to which the transaction relates.
Cut-off testing can also check the completeness and existence of balances such
as inventory, receivables, payables and cash.

Example 1 Effect of Inappropriate Cut-off

ABC made a sale of 5,000 tons of metal (cost $700,000 and selling price
$1,000,000) on 2 January 20X9, but recorded the revenue, trade receivable and
cost of sale as at 31 December 20X8. If the company's year end is 31 December,
profit for the year ended 31 December 20X8 will be overstated by $300,000, trade
receivables will be overstated by $1,000,000 and inventory will be understated by
$700,000.

4.2 Relationships

4.2.1 Purchases and Payables

• Goods received before year end must be recorded as purchases and

payables before the year end and recorded in the inventory count at the year
end (unless sold before the year end).
• Purchases recorded before the year end must relate to goods received and
included in closing inventory (unless already sold) before the year end with a
corresponding recording in payables.
• Payables recorded before the year end must relate to purchases and
inventory recorded before the year end.
 • Cash paid to settle amounts due to suppliers before the year end must be
recorded in the bank ledger account and trade payables account before the
year end.
• Payments recorded in trade payables before the year end must be recorded
in the bank ledger account before the year end.

4.2.2 Sales and Receivables

Post-year-end cut-off would be the opposite of the above description (e.g. post year-
end despatches should be recorded as sales and receivables after the year end and
the inventory included at the year end).
• Goods despatched before the year end must be recorded as sales and
receivables before the year end and excluded from the closing inventory.
• Sales recorded before the year end must relate to goods despatched and
excluded from the closing inventory before the year end with a corresponding
recording in receivables.
• Receivables recorded before the year end must relate to a sale before the
year end with a corresponding reduction in inventory.
• Cash received from credit customers before the year end must be recorded in
the bank ledger account and trade receivables account before the year end.
• Receipts recorded in trade receivables before the year end must be recorded
in the bank ledger account before the year end.
Post-year-end cut-off would be the opposite of the above description (e.g. post year-
end despatches should be recorded as sales and receivables after the year end and
the inventory included at the year end).

4.3 Audit Procedures

To test that an accurate cut-off is established at the physical count date:

• Observe the control over the movement of goods between areas while
counting is in progress. For example, goods delivered by a supplier during the
count should be held in a separate area.
• Select goods received notes (GRNs) for a few days before the count date and
confirm recorded as "goods in" in inventory records before the count date.
The corresponding goods should be included in the physical count (and the
purchase in trade payables).
• Select GRNs for a few days after the count date and confirm recorded in
inventory records after the count date.
• Similarly select goods despatch notes (GDNs) for a few days on either side of
the count date and compare them with the relevant inventory records (and
vice versa) to ensure goods out have been recorded in the correct accounting
period.
 • Goods out before the count date should have been moved from the premises
and not included in the physical quantities counted (and the sale in trade
receivables).
• Goods out after the count date should be included in the count.

Key Point

All cut-off tests for inventory, sales, receivables, purchases, payables and cash
should be coordinated.

Example 2 Importance of Cut-off Tests

During the audit of a new client, after carrying out cut-off tests, pre-year-end sales
invoices to the value of $245,000 (material) were found to have been recorded in
the sales (Cr) and receivables (Dr) ledger for which neither despatch notes nor
entry of inventory movement could be found.
A review for large and unusual items over the reporting period also revealed
material credit notes issued after the previous audit had been completed related to
sales recorded before the previous year end. Again, no evidence was available to
support those sales.
On discussing the issue with management, the finance director admitted that he
had been producing sales invoices to inflate profits and issuing credit notes after
the auditors had finished their work.
This example of a common revenue fraud raises several interesting points:
• Audit tests need to be linked to reach an overall conclusion.
• The receivables confirmation may also have raised this issue if the
customer (to whom false invoices had been posted) had not agreed his
balances or had not replied and appropriate alternative procedures had
been followed (see Chapter 24).
• The reliability of the audit procedures performed by a previous auditor
(Chapter 5).
• The overall effect of the fraud on accumulated profits and the auditor's
report.

5.1 IAS 2 Inventories

Key Point

Inventory is valued at the lower of cost and net realisable value.

 Definitions

Cost – includes:
•
Purchase price, non-recoverable taxes (e.g. import duties), transport,
handling and other costs directly attributable to the acquisition of finished
goods, materials and services.
• Direct production costs (including production overheads) for work-in-
progress.
• Other costs only to the extent incurred in bringing the inventories to their
present location and condition (e.g. maturing costs for brandy, cheese,
seasoned wood).
Net realisable value – the estimated selling price in the ordinary course of
business, less the estimated costs of completion and the estimated costs
necessary to make the sale.

Examples of costs excluded from the cost of inventories and recognised as

expenses in the period in which they are incurred are:
• abnormal amounts of wasted materials, labour or other production costs;
• storage costs (unless necessary to the production process);
• administrative overheads that do not contribute to bringing inventories to their
present location and condition; and
• selling and distribution costs.

Exam advice

You should be familiar with this and the concept of standard costing from earlier
management accounting studies.

5.2 Cost Measurement Methods and Formula

Measurement methods include:

• standard cost;
• retail method; and
• actual cost.

5.2.1 Standard Cost

Standard cost is widely used in manufacturing for cost measurement, valuation and
control. It is an acceptable measurement basis for financial reporting purposes,
provided that it gives an approximation to actual cost.
Additional audit considerations include:
• Controls over establishing, maintaining and updating standards should be
understood and assessed.
• Postings to variance accounts should be included in the systems audit.
• Basis of the standard must be audited to supporting documents (e.g. raw
materials invoices, payroll, overhead purchase invoices, production records
showing quantities and time).
• Analyse balance on variance accounts to establish ageing and need to adjust
standard cost to bring to actual cost.

5.2.2 Retail Method

The retail method is suitable for valuing a large number/wide range of high-turnover
items with similar margins. It is a practical expedient where other costing methods
are impractical.
• The inventory count valuation is based on displayed/recorded selling price.
Cost is then selling price less a standard gross profit percentage, which may
be an entity-wide percentage or by selling department.
• When the retail method is used the auditor should determine (estimate) the
appropriate percentage from client records and then compare it to the
percentage used. This may also involve checking values to cost invoices.

5.2.3 Actual Cost

When possible, the actual individual cost of inventories of items that are not
ordinarily interchangeable (i.e. unique) and goods or services produced and
segregated for specific projects should be used.
• Otherwise, the FIFO or AVCO formula will be used. (A cost calculated using a
formula will need to be verified against purchase invoices.)
• The same cost formula should be used for all inventories of a similar nature
and use. Different cost formulas may be justified for different inventories.
The auditor will need to confirm the following:
• material costs to suppliers' invoices;
• labour to payroll and time summaries;
• the basis of unit cost calculations for allocating overheads (which should be
based on normal capacity).
The auditor should also review the suitability of costing and stage of completion for
work-in-progress.
5.3 Net Realisable Value (NRV)

Net realisable value (NRV) is affected by:

• obsolescence (may be technical);
• condition/damage, etc (e.g. "shop soiled" or returned goods); or
• market price fluctuations (e.g. prices falling due to cheaper technology).

5.3.1 Indicators

Indicators of the potential need for an allowance to write down inventory include:
• Obsolescence, damage, slow-moving inventory, production errors (e.g. over-
production), goods being out of fashion (e.g. out of season).
• New competitor products and changes in market conditions resulting in a
decrease in selling price or demand.
• Decline in the economy.
• Rising costs that cannot be passed on to customers.
• Rising costs after the year end to complete work-in-progress (e.g. labour and
materials).

5.3.2 Audit Procedures

The auditor should:

• Understand the nature of the business and activity during the year to assess
any increase in NRV risks. Seasonal fashion and electronic consumer goods
are good examples of the need for continuous NRV assessment.
• Review inventory observation working papers for NRV indicators (e.g.
damaged inventory).
• Discuss with management procedures undertaken to assess NRV.
• Review management reports, sales reports and board minutes for evidence of
NRV risks.
• Review after-date sales and current selling prices of at-risk items.
• Apply suitable analytical procedures (e.g. review inventory turnover to identify
at-risk items).
• In computerised inventory systems, review aged-inventory reports or
exception reports that identify items that have not moved in a specified period.
 • Review prior-year NRV inventory movements to compare with likely final
selling prices.
Where the inventory system is computerised, automated tools and techniques will be
an effective and efficient tool for analysing inventory:
• agreeing inventory counts transfers;
• application of costs;
• calculation of values;
• ageing of inventory;
• analysing after-date sales;
• predicting NRV.

5.4 Allowances

An allowance made to reduce the cost of inventory to net realisable value is an

example of an accounting estimate (see Chapter 17). It is not a provision (i.e. a
liability) as defined by IAS 37 Provisions, Contingent Liabilities and Contingent
Assets (see Chapter 27).
Determination of an allowance may be:
• simple (e.g. a percentage of inventory value); or
• complex (e.g. by analysing current data and sales forecasts to estimate slow-
moving or surplus inventory).
Any formulae used (e.g. different percentages applied to inventory ageing) need to
be reviewed regularly by management to assess their appropriateness.
As an accounting estimate the auditor should use one or more of the following
approaches:
• Review and test management's process used to develop the estimate;
• Use an independent estimate for comparison with management's; and
• Review after-date sales to confirm the estimate made.

5.5 Related Disclosures

• Accounting policies adopted in measuring inventories, including the cost

formula used.
• Total carrying amount of inventories and the carrying amount in classifications
appropriate to the entity.
• Carrying amount of inventories carried at fair value less costs to sell.
• Amount of inventories recognised as cost of sales during the period.
 • Amount of any write-down of inventories to NRV, the amount of any reversal
of any write-down that is recognised in the period and the circumstances of
the reversal.
• Carrying amount of inventories pledged as security for liabilities.
Pledged inventory includes that which is subject to a “reservation of title” clause in
the purchase contract. This means that legally the goods belong to the supplier until
paid for. If enforced, the supplier could recover his debt from any part of the
manufacturing process that uses the goods (e.g. a claim on finished goods that
contain the raw material subject to reservation of title). In reality, this will never be a
problem unless the entity has going concern difficulties. Therefore, the purchase and
inventory are treated as any other purchase; recognised as an expense and asset.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

4. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
• Inventory:
• inventory counting procedures in relation to year-end and continuous
inventory systems
• cut-off testing
• auditor's attendance at inventory counting
• direct confirmation of inventory held by third parties
• valuation
• other evidence in relation to inventory

Summary and Quiz

• Inventory is usually material to the financial statements and directly affects the
statement of financial position (inventory asset) and profit or loss (cost of
sales).
• Key assertions for inventory include existence, valuation, rights, completeness
and presentation.
 • The auditor obtains evidence of the existence and condition of inventory by
attending the physical inventory count (unless impracticable).
• A perpetual inventory system facilitates continuous stock-checking as an
alternative to a full physical count.
• When the auditor cannot attend the inventory count, alternative procedures
must be performed (e.g. direct confirmation of inventory held by a third party).
• Cut-off testing verifies that inventory, purchases and sales are recorded in the
correct accounting period. For example:
• Purchases recorded before the year end should be included in inventory
(unless sold).
• Sales recorded before the year end should be excluded from inventory.
• Inventory must be measured at the lower of cost and net realisable value (IAS
2).
• For manufactured goods, cost includes production overhead (i.e. absorption
cost).
• Standard cost and the retail method may provide acceptable approximations
to actual cost.
• Audit procedures to verify net realisable value include a review of post year-
end sales and goods returns.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Sources "Ideas List"

• Accounting systems Perpetual inventory records

• Documentation Inventory cards, purchase invoices (cost)

(also payroll for manufactured products),
sales invoices (NRV)

• Tangible assets Raw materials, WIP, finished goods

• Management and employees Buyer, storekeeper

 • Customers and suppliers Major (raw material) suppliers, customer
complaints (NRV < cost?)

• Other third parties Bank (floating charge?), warehousing

agents

• Analytical procedures Inventory turnover by product category, GP

margin review

Activity 2 Full Physical Count

Advantages Disadvantages

• Confirms 100% inventory valuation • Potential disruption and cost of full

for inclusion in the statement of count (e.g. if production halted or
financial position. outlets closed).

• "Cut-off" ascertained at just one • The number of locations to be

date (end of the reporting period). attended at one time (by client and
Movements to be confirmed are audit staff).
minimised.

• Complete inventory records for the • Heavy demand on the audit staff at
year are not required. popular end-of-reporting periods
(e.g. 31 December).

Activity 3 Interim Stocktaking

Advantages Disadvantages

• Timing may be more convenient • Movements need to be

(e.g. holiday closure). substantiated. This requires records
and good internal controls (to
confirm roll forward).

• There will be time to do a full count • "Cut-off" needs to be examined both

at the end of the reporting period if at the count date and the end of the
significant problems found at the reporting period.
interim date.
 • Facilitates a tighter audit reporting • Reliable inventory records are
deadline (value can be ascertained required.
and rolled forward).

Activity 4 Perpetual Inventory System

Advantages Disadvantages

• A method of internal control: • Requires detailed inventory records

operates throughout the year. to be kept up to date, therefore
• Greater control over material and higher clerical cost.
high-risk items as quantities can be • As part of the internal control
confirmed at any time. system, the auditor will need to test
• Auditor can attend when and as effectiveness throughout the year
many counts as necessary. (e.g. tracing inventory to and from
• The end of the reporting period records, reviewing all counts and
count of certain (e.g. high-value) following through material
items is not precluded. differences).
• Slow-moving and obsolete items • No full counts.
can be easily identified and • Cut-off at the reporting date must be
accounted for. tested separately.

Activity 5 Inventory Count Instructions

• Date, time, locations.

• Preparation for the count:
• Tidying and grouping of inventory to facilitate count.
• Ensuring inventory can be easily identified.
• Identification of obsolete and damaged inventory.
• Segregation of third-party inventory (to be counted and reconciled separately).
• Minimising and segregation of receipts/despatches during the count.
• Calibration of weighing scales.
• Organising experts as necessary.
• Time and place of pre-count briefings.
• Control of count sheets:
• Pre-numbered.
• Allocation to count teams and inventory areas.
• Pre-printed showing inventory details (or blank) but not quantity.
• Issue and return procedures to ensure all are accounted for.
• Make-up of count teams:
• Minimum use of personnel who have inventory control responsibilities.
• Two personnel per team, at least one to be independent of inventory custody.
• Allocated specific area to count to avoid overlap.
• Counting procedures (“by hand” or using hand-held barcode readers and
electronic identification tags):
• Systematic to ensure no double counting or missed items.
• Tagging inventory when counted to ensure all items are counted.
• Random selection of boxed items to agree contents to box description.
• Use of scales, measuring equipment, volume gauges etc.
• Procedures to estimate physical quantities not easily counted/measured (e.g.
coal, gravel piles).
• Management control and check:
• Spot checks and test counts to ensure teams operate effectively.
• Any discrepancies to be checked and cleared.
• Obtain cut-off details (last goods received, last goods despatched, last WIP
transfers)
• Agree that all items have been counted.
Chapter 24: External Confirmations,
Receivables and Sales

Visual Overview

Objective: To describe the procedure of confirmation by direct communication and

determine areas of risk and procedures in the audit of trade receivables and sales
revenue.

1.1 Direct Written Response

The relevant standard is ISA 505 External Confirmations.

 Key Point

The objective of the auditor, when using external confirmation procedures, is to

design and perform such procedures to obtain relevant and reliable audit
evidence.

Definitions

External confirmation – audit evidence obtained as a direct written response to

the auditor from a third party in paper form, or by electronic or other medium.

Activity 1 Direct Confirmation

Suggest matters other than trade receivables balances on which it may be

appropriate to seek direct confirmation.
*Please use the notes feature in the toolbar to help formulate your answer.

1.2 Considerations

1.2.1 Need For

Factors to be considered when deciding on the need for external confirmation

include:
• Materiality of items to be confirmed;
• Assessed risk of material misstatement;
• Effectiveness of controls; and
• Availability of other evidence to reduce audit risk to an acceptable level.
ISA 330 The Auditor's Responses to Assessed Risks explicitly requires auditors to
consider the use of external confirmations as substantive evidence. The auditor is
expected to make extensive use of external confirmations even where reliance is
placed on the effectiveness of controls.

1.2.2 Reliability

External confirmations are considered one of the most reliable sources of evidence
because they are:
• Obtained from external sources;
 • Initiated and obtained directly by the auditor; and
• In documentary form (written or electronic).
When received electronically, the auditor must be able to confirm the sender (e.g.
with an electronic signature) and that the content is secure (e.g. encrypted).

Key Point

A high level of reliability provides more persuasive evidence in response to

significant risks of material misstatement.

1.2.3 Confirming Party

The confirming party needs:

• to know the subject matter; and
• be able and willing to reply (e.g. if concerned about legal consequences).

1.3 Design of Request

The design of a confirmation request may directly affect the confirmation response
rate and the reliability and the nature of the audit evidence obtained from the
responses. Factors to be considered include:.
Factors to be considered include:
• The assertions to be addressed.
• Identified risks of misstatement, including fraud risks.
• Prior experience in the audit or similar engagements.
• Method of communication (paper, electronic).
• Management's authorisation for confirming parties to respond to the auditor.
• The information that respondents will readily confirm, such as single
transactions (e.g. invoices) rather than the overall account balance.
• Respondent's knowledge of the matter and their competence, independence,
motivation, authority or willingness to provide information.
Consider, for example, a company selling machinery for farming. Customers who are
individual rural farmers may be less likely to respond to a confirmation request than a
corporate customer.
The request may be “positive” or “negative”, “open” or “closed”.

1.3.1 Positive
A request to confirm agreement with a given balance or otherwise express
disagreement is described as a “positive” request. It is preferred when there is a high
assessed risk, for example, when:
• internal controls are weak;
• there is suspicion of fraud or amounts are in dispute; or
• there are numerous bookkeeping errors.

1.3.2 Negative

A request to reply only in the case of disagreement with a given balance is

described as a “negative” request. It is appropriate when:
• internal controls operate effectively (i.e. control risk assessed as low);
• the population is made up of a large number of small accounts;
• errors not expected; and
• it is expected that respondents will not ignore the request.

1.3.3 Open

• An “open” request requires the respondent to enter a balance (i.e. cannot

simply "tick off" agreement).
• It is used most widely when testing balances for understatement. For
example, a request to suppliers to show the amounts they believe they are
owed.

1.3.4 Closed

• A request is described as closed when the balance is given.

• It is mainly used to confirm the possible overstatement of a balance.

1.4 Confirmation Procedures

The auditor must maintain complete control over:

• determining the information to be confirmed or requested;
• the selection process and who should confirm;
• designing the confirmation requests;
• sending confirmation requests (including second requests);
• receiving responses.
This control is essential to minimise the risks of sample bias, potential interception of
requests and alteration of responses.

Activity 2 Management's Refusal

Suggest procedures to be carried out by the auditor where management refuses to

allow a confirmation to be sent.
*Please use the notes feature in the toolbar to help formulate your answer.

1.5 Responses

1.5.1 Information Given

When information is received, the auditor should:

• Consider if the response has been given by the expected individual and by
expected means (e.g. written and not oral). If not, determine why and the
reliability of the response (e.g. contact by phone the individual from whom a
response was expected).
• Assess its consistency and reliability against other audit evidence. If in doubt,
consider other audit procedures including calling the respondent to confirm
particular matters.

1.5.2 Agreement

When confirmations are in agreement, the auditor should consider the possibility of a
"tick box" approach having been taken by respondents.

1.5.3 Disagreement

When respondents express disagreement, the auditor should:

• Identify why and carry out further audit procedures as necessary (e.g.
reconciling goods/cash in transit).
• Consider if the risk of material misstatement has increased.
• Assess the need for further audit procedures to ensure sufficient reliable audit
evidence obtained.
1.5.4 No Response

When there is no response, action depends on how the nature and extent of
alternative audit procedures are affected by the assertion(s) assessed by the
confirmation.
• Alternative procedures may provide sufficient evidence.
• If no alternative procedures would provide the assurance required, the effect
on the auditor's report must be assessed.

2.1 Audit Risks

2.1.1 Trade Receivables

Trade receivables are amounts owed by customers for goods/services that have
been supplied to them on credit terms.
Trade receivable balances may not be recoverable (and therefore overstated) if:
• they are overdue;
• the customer is in liquidation/receivership or bankrupt;
• amounts are disputed (e.g. overpricing/goods supplied).
An analysis of trade receivables balances may not accurately reflect the age of debts
(e.g. if items are not matched in an "open-item" system).
Trade receivables will be overstated if:
• sales are inflated or otherwise overstated (e.g. due to cut–off errors);
• fictitious balances are reported;
• the estimate of the allowance for irrecoverable and doubtful debts is
inadequate.
"Teeming and lading" (also called “lapping”) is a bookkeeping fraud that will also
overstate trade receivables balances. Receipts from customers are stolen and their
recording delayed until another receipt makes up the shortfall. The theft is disguised
by incorrectly allocating subsequent cash receipts (“Robbing Peter to pay Paul”) or
posting fictitious credit notes or journal entries to write off debts. Entries in the
customers’ accounts to conceal the thefts must match amounts of receipts;
otherwise, customers that have made payments would be "put upon enquiry" that
something was amiss.

2.1.2 Prepayments
A prepayment is a prepaid expense (i.e. an amount paid on or before the reporting
date for goods/services received/consumed after the reporting date).
The omission of prepayments results in:
• an overstatement of expenses recognised in profit and loss; and
• an understatement of prepayments (an asset) in the statement of financial
position.
For most entities, individual prepayments will not be material, but the cumulative
effect of the inappropriate accounting treatment of all prepayments must be
considered a risk.

2.1.3 Other Receivables

Other receivables are amount owed by parties other than customers at the reporting
date. For example:
• An insurance claim receivable;
• Dividend receivable;
• Tax receivable.
Particularly where these are of a “one-off” nature, there is a risk of omission (i.e.
understatement).

2.1.4 Revenue Recognition

The auditor should be aware of and respond to the risk of material misstatement due
to revenue recognition fraud.
Common revenue frauds include:
• early revenue recognition;
• holding the books open past the close of the accounting period;
• fictitious sales; and
• failure to record sales returns.
Revenue may be misstated if the five steps of the revenue recognition process have
not been appropriately applied.

2.2 Audit Procedures

2.2.1 Receivables
• Obtain the list of accounts receivable and agree the total to the general ledger
(completeness).
 • Review bank confirmations (see Chapter 26) and loan agreements for
evidence that receivables have been used to secure indebtedness (rights).
• Directly confirm a sample of accounts receivable and perform any necessary
alternative procedures (existence). See s.3.
• Test the adequacy of the allowance for irrecoverable receivables (valuation).
2.2.2 Prepayments
As an asset balance, the most relevant assertions for prepayments are again
completeness, accuracy, valuation and allocation, and existence (“CAVE”). The
auditor should:
• Understand the nature of the business and expected prepayments.
• Obtain a list of prepayments from the client, cast and agree to the general
ledger (accuracy, valuation and allocation).
• Compare current prepayments with previous years and, for material items,
inspect supporting evidence such as paid invoices (completeness, existence).
• Identify any unrecorded prepayments by reviewing the bank ledger account
before the reporting date for large and unusual items and inspecting
supporting documents such as suppliers’ invoices (completeness, cut-off).
2.2.3 Other Receivables
• Obtain a list of other receivables as at the reporting date and cast it.
• Agree the amounts on the list to the relevant accounts in the general ledger
(completeness).
• Select items from the list and agree to supporting documentation (e.g.
correspondence from an insurer agreeing an insurance claim) (existence,
valuation).
• Confirm recoverability by agreeing to after-date cash receipts (valuation).
• Review receipts in the bank ledger account after the reporting date for
amounts that were receivable at the reporting date (e.g. dividend income)
(completeness).
Key Point

A prepayment arises from the payment of cash before the year end for next
year’s expense.
Other receivables arise from items of this year’s income that should be a receipt
of cash after the year end.

2.2.4 Revenue
Substantive procedures for revenue will generally start with obtaining a schedule
broken down or analysed into the main product categories or sources of revenue,
where relevant. This should be compared with the prior year schedule and any
unusual movements discussed with management.
For the sale of goods, tests of details typically include the following:
 • Match a sample of GDNs to the corresponding sales invoices and recording in
the detailed sales listing (completeness).
• Match a sample of sales transactions from the detailed sales listing to sales
invoices, customer orders and GDNs (occurrence).
• Examine a sample of sales invoices for proper classification into revenue
accounts.
• Select a sample of sales invoices from shortly before and after the year end
and compare the shipment dates with the dates the sales were recorded (cut-
off).
• For a sample of despatch notes shortly before and after the year end, trace to
sales invoices in the correct accounting period (cut-off).
• For a sample of sales invoices, compare prices and terms with the authorised
price list and terms of trade (accuracy).
• For a sample of invoices, recalculate amounts including discounts allowed
and sales tax (accuracy).
• Select a sample of credit notes raised, trace to the original invoice and ensure
the invoice has been correctly removed from sales (occurrence).
• For a sample of material contracts with customers, examine the supporting
documentation to determine whether the five steps of the revenue recognition
process were applied correctly (see s.4.2 in Chapter 12).
The auditor may also perform the following substantive analytical procedures:
• “Proof in total” (reasonableness test) calculation of expected revenue,
compared with recorded revenue, and investigation of any significant
differences. For example:
• For rental income: Average monthly rent × 12 × number of properties;
• For ticket sales (e.g. for a festival): Average ticket price × number of tickets
sold.
• Making comparisons and investigating differences between, for example:
• gross profit percentage by product line with prior years and industry data;
• reported monthly revenue to budgeted monthly revenue.
• Analyse the ratio of sales in the last month or week to total revenue for the
year.
• Compare detail of units shipped with revenue and production records and
consider whether revenues are reasonable compared to production levels and
average selling price.

2.3 Sources of Evidence

Activity 3 Sources "Ideas List"

Complete an "ideas list" for sources of evidence in the audit of receivables and
revenue
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 Existence Assertion

Key points

• Direct confirmation of receivables provides evidence for the existence of

accounts receivable.
• Confirmation is generally done on a sample basis (see s.3.2).
• Confirmation requests are usually sent at the year end (rather than at the
start of the final audit) and include the client's statements of customer
balances.
• If there is a tight reporting deadline, requests may be sent at the month-end
before the reporting date and the last month's movements audited.
Therefore, cut–off procedures would need be carried out twice – at the
confirmation date and the year end (see s.4).

An old term for the external confirmation of accounts receivable is “debtors’

circularisation”.

3.2 Confirmation Sample Selection

• Obtain a list of balances from client as at the year end, check extraction, cast,
agree total to general ledger/trial balance/ financial statements.
• Identify all credit balances and, if material, ask management why; credit
balances may indicate a breakdown in controls.
• "Gross up" the total for credit balances (i.e. add back to show gross balance,
not net balance) and similarly for debit balances on payables, if material.
• Select a sample (e.g. using monetary unit sampling).
• In a computerised system, audit software is a very effective and efficient
means of selecting a sample for confirmation. CAATs may also be used to
analyse inventory, revenue, cash receipts and journals to recalculate
receivable balances.
• Balances selected using professional judgement will, for example, include:
• balances greater than the performance materiality level;
• old outstanding balances;
• credit balances;
• nil balances; and
 • accounts that show unusual activity (e.g. many credit notes or irrecoverable
debt write-offs).
• Confirm with the client the sample selected. Discuss with management if any
customers are requested to be removed from the sample. Ensure that all
evidence is recorded, including alternative procedures (as the client is
effectively imposing a limitation on scope). Such exclusions must be
considered suspicious unless proved otherwise.

3.3 Confirmation Requests

Confirmation requests should be prepared on client-headed documentation and

signed by the client to authorise the disclosure of confidential information.
The auditor should independently post/send requests (not through the client’s office).

Example 1 Sample Confirmation Letter

XyZ Industrial Holdings

Address
To: {[mail merge]} Audit confirmation
XyZ Industrial Holdings Address
As part of their standard audit procedures, we have been requested by our
auditors, Brannigan & Co, to ask you to confirm the balance on your account with
us as at 30 June 20X1.
Will you please return the enclosed slip to our auditors, Brannigan & Co, of
131/133 Dutchman Avenue, indicating whether or not you agree the enclosed
account by deleting the line that does not apply. We are grateful for you to do this,
even if you have since settled the account. In the event of disagreement, please
give details on the reverse of the slip
A stamped addressed envelope is enclosed for your reply
Please note that this request is made for audit purposes only and has no further
significance. Remittances should be sent to us in the normal way.
Your kind co-operation in this matter is greatly appreciated.
Yours faithfully,
-------------------------------------------------------------------------------------------------------------
-------------------------------
To: Brannigan & Co
 131/133 Dutchman Avenue, Dukeland, DY9 6DA
Audit confirmation of balance due to:
XyZ Industrial Holdings at 30 June 20X1
Please delete as necessary:

We confirm that the balance due from According to our records the amount
us to the above company at the above due from us to the above company
date was $.... was $.... A reconciliation of these
amounts is shown below.
Yours faithfully,
Signature, name, position and company stamp/seal

3.4 Confirmation Returns

On receipt of responses, the auditor should check that confirmations appear to have
come from those to whom the requests were sent (e.g. review postmarks).
Returns will be analysed as in complete agreement, partial agreement or
disagreement.

Key Point

For disagreement, differences must be reconciled.

Differences due to posting errors, incorrect goods or quantities delivered (or similar
complaints), may indicate a breakdown in controls. Any interim control work carried
out should then be reviewed and the risk of material misstatement reassessed.
If no return is received, the auditor should consider sending a second request or
carrying out alternative procedures.

3.5 Reconciling Confirmation Differences

Accounts receivable confirmation differences occur when there is a disparity

between the amount of the receivable recorded in the client's accounting records and
the amount of the receivable confirmed by the client's customer.
The auditor should reconcile such differences to determine whether they are due to
timing differences or misstatements.

3.5.1 Timing Differences

Timing differences occur when there is a delay in recording a transaction by the

client or the customer. Timing differences should be documented, but they are not
misstatements.
The following timing differences can result in an accounts receivable balance
exceeding the amount confirmed by a customer:
• Goods in transit: The audit client correctly records the receivable when
goods are shipped to a customer before the year end (as evidenced by a
sales invoice and GDN). However, the customer does not record the payable
until the goods are received after the year end.
• Substantive procedure: Confirm that the sales invoice and GDN are dated
before the year end and that the goods are not included in year-end inventory.
• Cash in transit: A customer sends a payment before the year end but the
audit client does not record the receipt until it is received after the year end
(as evidenced by cash received and deposited after the year end).
• Substantive procedure: Agree the after-date cash receipt to the bank ledger
account and bank statement.

3.5.2 Misstatements

A confirmation difference is indicative of misstatement if the difference is due to any

of the following errors or frauds:
• Fictitious sales;
• Theft of cash (see “teeming and lading” in s.2.1);
• Goods or invoices sent to the wrong customer;
• Payment applied to the wrong customer account (in error rather than
deliberately);
• Incorrect price or quantity charged to the customer.
Differences may also be due to disputes with customers. In this case, the auditor
should review the correspondence and establish whether further audit work is
required on:
• irrecoverable debts;
• provisions for claims (e.g. where sold items require repairs or caused damage
or loss); and/or
• the net realisable value of inventory (e.g. if disputes suggest that the client is
holding damaged goods).
3.5 Reconciling Confirmation Differences

Accounts receivable confirmation differences occur when there is a disparity

between the amount of the receivable recorded in the client's accounting records and
the amount of the receivable confirmed by the client's customer.
The auditor should reconcile such differences to determine whether they are due to
timing differences or misstatements.

3.5.1 Timing Differences

Timing differences occur when there is a delay in recording a transaction by the

client or the customer. Timing differences should be documented, but they are not
misstatements.
The following timing differences can result in an accounts receivable balance
exceeding the amount confirmed by a customer:
• Goods in transit: The audit client correctly records the receivable when
goods are shipped to a customer before the year end (as evidenced by a
sales invoice and GDN). However, the customer does not record the payable
until the goods are received after the year end.
• Substantive procedure: Confirm that the sales invoice and GDN are dated
before the year end and that the goods are not included in year-end inventory.
• Cash in transit: A customer sends a payment before the year end but the
audit client does not record the receipt until it is received after the year end
(as evidenced by cash received and deposited after the year end).
• Substantive procedure: Agree the after-date cash receipt to the bank ledger
account and bank statement.

3.5.2 Misstatements

A confirmation difference is indicative of misstatement if the difference is due to any

of the following errors or frauds:
• Fictitious sales;
• Theft of cash (see “teeming and lading” in s.2.1);
• Goods or invoices sent to the wrong customer;
• Payment applied to the wrong customer account (in error rather than
deliberately);
• Incorrect price or quantity charged to the customer.
Differences may also be due to disputes with customers. In this case, the auditor
should review the correspondence and establish whether further audit work is
required on:
• irrecoverable debts;
• provisions for claims (e.g. where sold items require repairs or caused damage
or loss); and/or
• the net realisable value of inventory (e.g. if disputes suggest that the client is
holding damaged goods).

3.6 Alternative Procedures

When an auditor does not receive responses to positive confirmations, alternative

procedures must be performed to determine the existence of accounts receivable.
A second (or even third) confirmation request may be sent before alternative
procedures are performed.
Alternative procedures include:
• Examining subsequent cash receipts to verify settlement of specific invoices
included in the customers' accounts receivable balances that were
outstanding at the year end. This test is also relevant to the assertions of
accuracy, valuation and cut-off (see s.4.2).
• Tracing such subsequent cash receipts through to the bank statement.
• If the customer has not paid, examining the supporting documentation for the
transaction, including the original customer order, duplicate sales invoice,
GDN and shipping documentation or other proof of delivery of goods to the
customer before the year end.
• Reviewing other correspondence between the client and customer to provide
evidence of the existence of the receivable. For example, the audit
implications of a letter to a customer being returned "not known at this
address" would be different from receiving a response from an administrator
or official receiver of the customer.

Activity 4 Confirmation Responses

Western Co is a manufacturing company. Positive confirmation requests were sent

to a sample of customers with balances as at 31 December 20X6. Customers did not
agree with the account balances that they were asked to confirm in the following
responses:
Customer Amount Customer response

Ames $25,000 We ordered $25,000

worth of merchandise
from Western in
November. However, we
mailed a $25,000 cheque
to Western on 22
December 20X6.

Brown $50,000 We received goods with a

cost of $30,000 and a
retail value of $50,000 on
consignment from
Western on 15 December
20X6. These goods have
not been sold yet.

Copper $35,000 We ordered $35,000 of

merchandise on 30
October 20X6 but
Western was out of stock.
They back-ordered the
goods and we received
them on 4 January 20X7.

Devon $60,000 Our records show that a

courier attempted to
deliver the goods from
Western on 31 December
20X6 but our premises
were closed. We
accepted the redelivery
on 3 January.

Epoch $15,000 Western promised these

goods in 15 days on 5
December 20X6. When
we didn’t receive them, I
cancelled the order on 20
December 20X6.

Fynes $40,000 Western sent a duplicate

shipment. We only
ordered $20,000 of
goods. The duplicate
 shipment was returned to
Western on 3 January
20X7.

Required:

For each confirmation response:

i. Explain the audit procedure to be performed to confirm the response;
ii. Conclude what amount should be included in year-end trade receivables
if the audit evidence obtained supports the customer’s response.
*Please use the notes feature in the toolbar to help formulate your answer.

4.1 Sales Cut-off Testing

Cut-off has already been discussed in Chapter 23 in the context of inventory. The
following is a summary of typical procedures for sales and receivables.
• Sales cut-off testing is used to confirm:
• proper cut-off of sales transactions; and
• the completeness and existence of accounts receivable and inventory.
• Select GDNs raised just before the year end and trace them to a sales invoice
ensuring they are included in trade receivables before the year end. Confirm
that the inventory sold is not included in the inventory balance at the year end.
• Alternatively, if the system is appropriate, select goods out from inventory
records just before the year end, and trace to GDNs and sales invoices
agreeing all recorded (as described previously) before the year end.
• Select entries in the trade receivables account just before the year end and
trace “backwards” through the detailed sales listing to a sales invoice, GDN
and inventory records; checking that all entries were made before the year
end.
• From cash received records, trace receipts before the year end to the trade
receivables account and bank statement ensuring entries were made before
the year end.

4.2 Valuation of Accounts Receivable

There is a risk that trade receivables may be overstated if irrecoverable debts have
not been written off or the allowance for trade receivables is insufficient. The auditor
should:
• Understand terms of payment and management's policy on ageing debts.
Compare with previous years and plan analytical review (e.g. receivables
days) to identify anomalies and potential risks.
• Obtain an aged receivables analysis as at the year end and re-perform ageing
by agreeing the make-up of balances (e.g. for same sample as for
confirmation) back to dated sales invoices, GDNs and inventory records.
• For material balances (e.g. same balances as for confirmation), agree after-
date cash receipts to the bank statements.
• Obtain a current aged analysis during the final audit and compare it against
the yearend analysis to identify amounts still outstanding. A balance that is
“current” (i.e. less than 30 days old) at the year end is not necessarily
recoverable. (By the time of the audit, it could have become significantly
overdue.)
• Review irrecoverable debts and cash collection patterns during the year to
identify any changes.
• Review other evidence to support non-collectability (e.g. correspondence from
a receiver).
• Agree accounting treatment of irrecoverable debts is appropriate.
• Form an opinion on the collectability of debts and discuss with management
any divergence from that opinion.

Activity 5 Use of CAATs

Describe how CAATs may be used in the audit of receivables.

*Please use the notes feature in the toolbar to help formulate your answer.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

1. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
 • Receivables:
• direct confirmation of accounts receivable,
• other evidence in relation to receivables and prepayments,
• other evidence in relation to current assets, and
• the completeness and occurrence of revenue.

Summary and Quiz

• An external confirmation is a direct written response from a third party to the

auditor.
• Confirmations can be in paper form or electronic. When receiving
electronically, the auditor should confirm the sender and the security of the
content.
• Positive confirmation (a request to confirm agreement or disagreement with
the balance shown) should be used when controls are weak, there is
suspicion of fraud or there are numerous bookkeeping errors.
• Negative confirmation (a request to reply only in the case of disagreement)
should be used when controls operate effectively, there are many small
accounts, few errors are expected, and recipients are expected to respond to
the request.
• An open confirmation asks the respondent to enter the balance and is used
when testing primarily for possible understatement.
• A closed confirmation shows the balance and is used when testing primarily
for overstatement.
• The auditor should control the confirmation process, including sample
selection, confirmation design and sending/receiving the confirmation.
• When a response indicates disagreement, the auditor should distinguish
errors from reconciling items and perform further audit procedures if there is
an increased risk of material misstatement.
• Assertions for receivable balances include existence, valuation, cut-off and
rights.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.
Activity 1 Direct Confirmation

• Other account balances (receivable and payable) and their components.

• Terms and conditions of agreements.
• Existence of "aside-agreements".
• Transactions with third parties and terms thereof.
• Bank balances and other information from bankers.
• Inventories held by third parties (e.g. in bonded warehouses or on
consignment).
• Loans from lenders.
• Investments purchased from stockbrokers but not delivered by the end of the
reporting period.

Activity 2 Management's Refusal

• Inquire into management's reasons for the refusal. Assess reasonableness

and evidence of request (e.g. customer already subject to legal action for non-
payment) as management may be attempting to deny access to information
that may reveal fraud or error.
• Assess the effect on the risks of material misstatement and modify the audit
plan as necessary (increase professional scepticism, implications on
management's integrity).
• Conduct alternative audit procedures if appropriate (e.g. for receivables, after-
date cash, invoices making up the balance, evidence of the existence of
customer).

Activity 3 Sources "Ideas List"

• Accounting systems Open-item or balance-forward ledger.

• Documentation Sales orders, GDNs, invoices, credit notes,

statements.

• Tangible assets Cash receipts (confirm recoverability).

• Management and employees Sales director, credit controller, cashier.

 • Customers and suppliers Customer remittance advices,
correspondence, direct confirmation.

• Other third parties Solicitor (significant claims),

Liquidator/receiver (irrecoverable debt).

• Analytical procedures Receivables collection period (by month),

percentage write-offs, percentage estimate
for receivables allowance.

Activity 4 Confirmation Responses

Ames
iii. Audit procedure – Verify the date of recording the cash receipt (in the cash
book) and date of bank deposit (paying-in slip and bank statement).
iv. Conclusion – If the cash receipt and deposit occurred before 31 December,
$25,000 is not a receivable at the year end, it should be included in the bank
and cash balance. If the cash receipt and deposit occurred after 31
December, this is a valid receivable at year end.
Brown
v. Audit procedure – Review the terms of the consignment agreement between
Brown and Western and any correspondence between the entities that
substantiates Brown’s claim that the goods have not been sold.
vi. Conclusion – If there is a valid consignment arrangement and the goods have
not been sold, there is no trade receivable at the year end. The cost of the
consigned goods ($35,000) should be included in inventory.
Tutorial note: Under IFRS 15 revenue will not be recognised for the consigned
goods until they are sold by Brown (i.e. when control passes from Western to
Brown).
Copper
vii. Audit procedure – Examine the sales invoice, despatch note and other
shipping documentation to determine when the goods were shipped to the
customer.
viii. Conclusion – If the goods received by the customer on 4 January 20X7 were
despatched before the year end, $35,000 is a receivable at the year end. If
despatched after the year end, there is no receivable; the cost of the goods
should be included in inventory.
Devon
ix. Audit procedure – Verify the date on which Devon signed for the receipt of the
goods to delivery confirmation notices (or similar) which the courier provides
to Western (e.g. in support of invoices).
 x. Conclusion – Since control of the goods did not pass to Devon until the goods
were received there is no trade receivable at the year end.
Epoch
xi. Audit procedure – Inspect the cancelled sales order and examine any
correspondence between Brown and Western that confirms that the order was
cancelled. Inspect any credit note raised after the year end to cancel the sales
invoice.
xii. Conclusion – This is not a trade receivable at the year end. If the goods were
despatched before the year end, they should not have been delivered but
returned to inventory.
Fynes
xiii. Audit procedure – Inspect the goods return (inwards) note to confirm that
Western received back the duplicated shipment. Inspect the credit note raised
after the year to cancel the second invoice.
xiv.Conclusion – $20,000 of the $40,000 is not a receivable at the year end even
though Fynes took control of the duplicate shipment and did not return the
goods until after the year end. Western cannot recognise revenue for goods
sent in error.

Activity 5 Use of CAATs

• Extracting list of receivables, casting, identifying all credit balances.

• Reconstructing any receivable balance from primary data (e.g. sales, cash
receipts, journals).
• Selecting sample for confirmation, carrying out MUS approach, preparing
confirmation letters (mail merge).
• Preparing debt age analysis at the year end and date of audit and comparing
to identify year-end debts not yet collected.
• Analysis of after-date cash receipts and postings.
Chapter 25: Share Capital, Reserves and
Directors' Remuneration

Visual Overview

Objective: To consider areas of audit risk in share capital, reserves and directors'
emoluments and to describe the audit procedures relating to these items.

1.1 General

Risks that should generally be considered in the audit of share capital, reserves and
directors' emoluments (i.e. remuneration) include the following:
• Share transactions (e.g. issue, buy-back) may not comply with statutory
requirements.
• Distributions may not be approved or comply with statutory requirements.
• Statutory documentation and returns not maintained, not made or incorrect.
• Equity reserves are inappropriately used.
• Complicated/sophisticated valuation models used (e.g. share-based
payments, share options and warrants) with significant estimation uncertainty.
 • Directors' remuneration and other transactions with directors may be
suppressed, undervalued or not disclosed.

1.2 Assertions

Audit considerations for the assertions that are specific to share capital, reserves
and directors' emoluments include the following:

1.2.1 Completeness

• All equity transactions must be accounted for and disclosed.

• All directors' remuneration and other transactions with directors should be
recorded and disclosed.

1.2.2 Accuracy, Allocation and Valuation

• Equity transactions must be correctly recognised, movements valued and

allocated to the appropriate accounts.
• Directors' remuneration and other transactions must be recognised/disclosed
at correct amounts.
• The requirements of applicable IFRS Standards must be met (e.g. share-
based payments, share options, revaluations, foreign currency translations,
financial instruments).

1.2.3 Occurrence and Cut-off

• Equity transactions, as recorded or disclosed, occurred and related to the

entity.
• All equity transactions have been recognised in the appropriate period.

Activity 1 "Ideas List"

Complete an "ideas list" for the sources of evidence for capital, reserves and
directors' emoluments.
*Please use the notes feature in the toolbar to help formulate your answer.
2.0 Introduction

In audit planning, the auditor assessed the risk of material misstatement due to error
and fraud. For the audit of equity, if this risk is assessed as high, the auditor must
consider the use of confirmations with shareholders to confirm, for example:
• their shareholdings;
• share issues, equity transactions or equity agreements; and
• dividends paid.
The auditor should also scrutinise all equity transactions and determine whether the
terms and substance of the arrangements indicate that the proceeds should be
recorded as debt, rather than equity. This will usually mean confirmation with the
second party of the terms and conditions of the transaction.

Exam advice

The audit procedures for share capital and reserves discussed here are based on
the IFRS Standards examined in Financial Accounting. The more advanced
elements (e.g. buy-backs, share options, warrants, share-based payments) are
not examinable and are used only for illustrative purposes.

2.1 General

Equity (share capital and reserves) is the residual interest in the entity's assets after
deducting all liabilities (as defined by the IASB’s Conceptual Framework).
The most common classification of equity is ordinary shares (non-redeemable, no
change in nominal or issue value, equitable voting rights, no guaranteed dividends,
last in line on liquidation) are. Other classes of share capital may be treated as debt
(e.g. redeemable preference shares) or equity (e.g. irredeemable preference shares)
or a compound instrument with debt and equity components.

2.2 Ordinary Shares

Audit procedures for ordinary shares include the following:

 • Review permanent file to understand the equity structure, memorandum and
articles of association, and the relevant laws and regulations. For example,
whether the company can buy back its own shares or reduce capital.
• Conduct company search and confirm current information held by authorities
to the company's books and records.
• Review minutes of all board and committee meetings to identify any matters
relating to share capital and reserves (e.g. making a rights issue).
• Discuss with management any changes to the capital structure (e.g. new
share issues, share buy-back) during the year.
• Obtain a schedule of equity categories and movements from management.
• Agree opening balances to prior-year closing balances.
• Agree movements as detailed below.
• Agree closing balances to statutory records, accounting records, trial balance,
and financial statements including disclosures. Effectively, the schedule of
movements on equity will be included in the statement of changes in equity.
• Review statutory records to identify changes made and obtain confirmation
from the company secretary.
For changes in statutory records, the auditor should agree that appropriate actions
were taken, for example:
• Authorised (e.g. by the board) and recorded (e.g. board minutes).
• Where required, approved by shareholders (e.g. share issues).
• Allowed by legislation, memorandum and articles of association.
• Recorded in statutory records (e.g. share register) and legally required returns
made to the appropriate authorities.
• Recalculate share capital where new issues (including rights issues) have
been made. If issued at a premium, agree that the excess over the nominal
value is credited to a share premium reserve.
• Agree proceeds of issues (other than bonus issues) to the bank ledger
account and bank statement.

Key point

A bonus issue is a capitalisation of reserves; it does not raise cash.

2.3 Preference Shares

Preference shares may be redeemable or irredeemable:

• Redeemable shares may or may not have a specific redemption date;
• Irredeemable shares cannot be repurchased.
If new preference shares were issued during the year, the auditor should, as for
ordinary shares:
• Agree authorisation;
• Confirm proceeds received;
• Update the permanent audit file.
If any shares were redeemed during the year, confirm that the terms of redemption
have been complied with and any statutory requirements met. (Statutory
requirements tend to be very strict concerning any reduction in capital.) For example:
• Only fully paid-for shares can be redeemed;
• Any premium on redemption reduced the share premium account (if any) or is
out of retained earnings.
The auditor should also:
• Agree payments to redeem shares to the bank ledger account and bank
statement.
• Agree the calculation of dividends (usually a fixed percentage of the nominal
value of the shares in issue) and dividend payments to the bank ledger
account and bank statement.
If the company has insufficient profit and/or cash to pay preference dividends but the
shares are "cumulative", unpaid dividends will accrue to the preference
shareholders. A liability will be recognised if the company has a legal obligation to
pay them (e.g. if the dividend was "declared" in a general meeting) or otherwise
disclosed in the notes.

2.4 Presentation and Disclosures

• Preference shares to be redeemed in the next 12 months are reclassified as

current liabilities.
• Disclosure requirements will be a mix of legal requirements and GAAP (e.g.
IFRS Standards).

3.1 Types

As well as retained earnings from profit or loss, reserves also include:

• non-current asset revaluation surplus; and
• other statutory reserves (e.g. capital redemption reserve, share premium
reserve).
3.2 Audit Procedures

For each reserve the auditor should:

• Agree that it is allowed under the entity's constitution, legal or GAAP
requirements (e.g. reserves for “repairs and maintenance” are not permitted
under IFRS Standards).
• Agree that it has been correctly used under the constitution, legal or GAAP
requirements. For example, a share premium account has limited uses, such
as for the issue of bonus shares and cannot be distributed as dividends.
• Obtain, or prepare, a reconciliation of the movement agreeing:
• opening balances to the prior-year closing balance;
• closing balance to the accounting records and financial statements;
• movement is suitably broken down into required components as required by
GAAP;
• required components supported by audited evidence.

3.3 Statement of Changes in Equity (SOCIE)

The overall results for the accounting period are recognised in the statement of
comprehensive income and summarised in the statement of changes in equity. For
example:
• profit for the period (after interest and tax) is an increase in retained earnings
(a loss will be a decrease);
• a revaluation gain (in other comprehensive income) is an increase in the
revaluation surplus.

Activity 2 Accounting Entries

Explain the accounting entries for a revaluation of a depreciable asset that arises:
i. at the end of the reporting period;
ii. in the following year; and
iii. in the year of disposal.
*Please use the notes feature in the toolbar to help formulate your answer.
3.4 Dividends

Key Point

Dividends are not an expense but an appropriation of profit.

3.4.1 Audit Procedures

• Agree that dividends have been made from profits available for distribution as
defined by relevant company legislation and the entity's articles of association.
• Confirm that only distributable reserves have been used for distributions.
• Confirm that dividends declared or paid have been correctly authorised,
documented and accounted for. A dividend declared after year end is not a
liability at the reporting date under IFRS (IAS 10).
• Recalculate dividends based on the declared rate and participating shares.
• Agree a sample of dividends paid to the shareholders' register and the bank
ledger account.
• Recalculate the tax effects of distributions and confirm that tax liabilities were
correctly accounted for and subsequently paid (e.g. withholding taxation).
• Agree that the provisions of any double taxation treaties for relevant countries
have been met.

3.4.2 Accounting Entries

• At the end of the reporting period, profit for the period (after interest and tax)
is transferred to retained earnings:
Dr Profit or loss a/c $x

Cr Retained earnings $x
a/c

• When a dividend is declared:

Dr Retained earnings $x
a/c

Cr Dividends payable $x
a/c

• When a dividend is paid:

 Dr Dividends payable $x
a/c

Cr Cash a/c $x

3.5 Disclosures

3.5.1 For Each Reserve

The following disclosures are required for each reserve:

• A reconciliation between opening and closing balances, separately disclosing
changes from:
• profit or loss;
• each item of other comprehensive income; and
• transactions with owners in their capacity as shareholders.
• A description of the reserve's nature and purpose.

3.5.2 For Dividends

The following disclosures are required for dividends:

• The amount of dividends recognised as distributions to equity holders and the
related amount per share.
• The amount of dividends proposed or declared before the financial statements
were approved for issue but not recognised as a dividend during the period
and the related amount per share.
• The amount of any accumulative preference dividends not recognised.

4.1 General

Directors’ emoluments include:

• Fees paid for services rendered as directors;
• Basic salary;
• Bonuses and performance-related payments;
• Expense allowances;
• The estimated monetary value of material benefits received (e.g. company
car);
 • Pension contributions paid; and
• Gains made on the exercise of share options.

4.2 Regulation

The auditor must understand the legal, regulatory and other requirements
concerning directors' emoluments, for example:
• Companies' legislation that may distinguish between disclosure requirements
for large, medium and small companies.
• Listing rules that require a higher level of disclosure for listed companies.
• Corporate governance requirements (e.g. remuneration committee reports).
• Regulatory requirements (e.g. the Companies (Directors’ Remuneration Policy
and Directors’ Remuneration Report) Regulations 2019 in the UK).

4.3 Audit Procedures

Audit procedures for the audit of directors' emoluments:

• Understand the nature of the business and the potential for undisclosed
directors' transactions.
• Discuss with directors and TCWG (e.g. remuneration committee) the controls
to identify, measure and record directors' emoluments and transactions.
• Review directors' employment and service contracts to establish remuneration
components and levels of compensation.
• Obtain a schedule of directors’ remuneration including bonuses and benefits
and cast the schedule to ensure its accuracy. Agree the amount to that
disclosed in the financial statements.
• Review the schedule of current liabilities and confirm that any accruals (e.g.
for bonuses, holiday pay) are included as a year-end liability.
• Recalculate bonus payments and agree the criteria to supporting
documentation and the percentage rates to be paid to the directors’ service
contracts.
• Agree individual bonus payments to the post year-end payroll records.
• Confirm the amount of each bonus paid by agreeing to the post year-end
bank ledger account and bank statements.
• Review the disclosures made regarding the bonus paid to directors and
assess whether these are in compliance with local legislation.
• Agree compensation “in kind” (i.e. non-cash) to appropriate records (e.g.
issue of shares, share options) and recalculate their values (e.g. based on
market value).
 • Review the disclosures made regarding directors’ remuneration and assess
whether these are in compliance with local legislation.
• Obtain a written representation from management confirming the
completeness of directors’ remuneration including bonuses and benefits.

Key Point

For any company, directors' remuneration is material by nature where there is a

requirement to disclose this information in the notes to the financial statements.

5.1 Contents

"Statutory books and records" are those books and records which a company is
required, by law, to keep. For example, companies are typically required to keep:
• a register of past and present directors (also company secretaries);
• a register of directors' interests (in the company's shares and debentures);
• a register of members (i.e. shareholders) and their shareholdings;
• a register of debenture holders (if any);
• a register of charges;
• minutes of board meetings;
• minutes of general meetings with shareholders.
There is usually a further requirement to keep other legally important documents
such as:
• the certificate of incorporation;
• articles of association;
• accounting records;
• directors' service contracts; and
• any other important contracts (e.g. partnership agreements).
Generally such books and records must be kept at the company's registered office
and available for inspection by the general public.

5.2 Audit Evidence

Information that is required to be recorded in the statutory books and records and the
documents which support the registers (e.g. returns filed with the register of
companies) provide a source of evidence. For example:
 • the register of members should reflect any increase in issued share capital
(new members and increased holdings of existing members);
• the register of charges must include all claims which have been registered
over the company's assets (e.g. mortgages and floating charges) which will
show the extent to which liabilities are secured;
• directors' service contracts will contain details of their entitlement to
compensation on termination (which could be a liability at the reporting date
where a director has vacated his office during the year);
• minutes of general meetings document matters such as the shareholders'
approval for an issue of new shares, the amount of dividend to be declared
and transactions in which directors have interests (e.g. if a property was to be
sold to another company in which a director holds shares).

5.3 Audit Procedures

• Agree that statutory records have been maintained in accordance with

relevant laws and regulations (e.g. stock exchange requirements).
• Agree that all necessary statutory forms (e.g. annual return, changes in
directors) and returns have been made and contain correct and accurate
information.
• Agree that all stock exchange notifications (e.g. significant holding of share
capital by an individual entity, for example higher than 3%) have been made.
• Agree that all company meetings had been correctly convened, conducted
and minuted.
• Reconcile directors' shareholdings at the beginning and end of the financial
period and that these have been disclosed.
• Agree that proper books and records have been kept (conclusion drawn from
the audit).
• Agree that the accounting records are adequate for taxation purposes (e.g.
sales tax).
• Agree that records are kept, and stored with ease of access, for the
appropriate legislative time limits (e.g. seven years).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

1. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
• Share capital, reserves and directors' emoluments:
• evidence in relation to share capital, reserves and directors' emoluments.

Summary and Quiz

• Assertions for share capital and reserves include:

• Occurrence (e.g. of share issues and dividend payments)
• Valuation (e.g. of a revaluation surplus)
• Classification (e.g. between distributable and non-distributable reserves).
• Audit procedures for ordinary shares include:
• Review of permanent file information and board minutes.
• Inspection of statutory books (e.g. of shareholdings).
• Agree opening balance, closing balances and movements during the period
reported on the statement of changes in equity (e.g. confirm proceeds of
share issues to the bank statement).
• The most common reserves are retained earnings, share premium and
revaluation surplus. Audit procedures include:
• Agree that any use (e.g. to pay dividends) complies with the company's
constitution and legal and accounting requirements.
• Agree opening balance, closing balance and movements shown on the
reconciliation of movement for each reserve (e.g. recalculate transfer of
excess depreciation between revaluation surplus and retained earnings).
• Audit procedures for dividends include confirmation of payments to bank
statements.
• Directors' emoluments are material by nature. Audit procedures include the
completion of a checklist to ensure that regulatory and disclosure
requirements are met.
• statutory books and records are a source of audit evidence. The auditor
should perform procedures to verify that all statutory books and records have
been kept as required by law.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.
Activity 1 "Ideas List"

• Accounting systems Statutory records maintained by the

company secretary.

• Documentation Statutory returns (share issues, changes in

directors, annual returns).
Memorandum and articles of association.
Agreements and contracts (e.g. share
options, pension schemes, directors'
service contracts).

• Tangible assets Usually dealt with in other areas (e.g.

revaluation of non-current assets).

• Management and employees Board minutes (authorising share issues,

share buy-backs, distributions, reserve
transfers, issue of share options).
Remuneration committee (directors'
remuneration report).

• Customers and suppliers Shareholders, debenture holders.

• Other third parties Solicitors, external company secretary.

• Analytical procedures "Proof in total": dividends paid and payable.

Activity 2 Accounting Entries

1. On Revaluation
This activity draws directly on assumed knowledge of accounting for revaluations
from Financial Accounting.
• Accumulated depreciation is either:
• restated proportionately with the change in gross carrying amount so that
carrying amount after revaluation equals its revalued amount (e.g. using an
index to depreciate replacement cost); or
• eliminated against the gross carrying amount and the net amount restated to
the revalued amount (e.g. buildings revalued to market value).
• In either case the gain (i.e. the difference between the revalued amount and
the carrying amount) is not a realised profit and is therefore credited to other
comprehensive income. It is included in the movement on the revaluation
surplus in the statement of changes in equity and presented in the statement
of financial position in the share capital and reserves section.
2. Subsequent Year
• Depreciation expensed for the year will be charged to profit or loss based on
the revalued amount. This will be greater than the depreciation expense on
the same asset in the previous year.
• Under IFRS, it is permissible to transfer within reserves (i.e. Dr Revaluation
a/c, Cr Retained earnings) that portion of the depreciation expense that
relates directly to the revaluation. This will be shown as a movement in the
statement of changes in equity; there is no adjustment for this in the
statement of comprehensive income.
3. On Disposal
• Any profit on disposal (i.e. the excess of proceeds over the asset's carrying
amount at the date of disposal and any procedures) should be credited to
profit or loss. Any loss on disposal will be debited.
• When a revalued asset is sold, the balance on the revaluation surplus relating
to that asset may be transferred directly to retained earnings (i.e. as a reserve
movement in the statement in changes in equity). It cannot be included in the
statement of comprehensive income.
Chapter 26: Bank and Cash

Visual Overview

Objective: To determine areas of audit risk in bank and cash and to obtain
appropriate audit evidence including bank reports.
1.1 Audit Risks

Risks that may be considered in the audit of bank and cash include the following:
• A bank loan may become repayable on demand (e.g. due to a breach of
covenants). Such loans would be required to be reclassified as current
liabilities.
• Secured and unsecured loans may not be separately disclosed.
• Interest payable on loans and overdrafts may not be accrued. Interest
expense will also be understated.
• Interest receivable on bank deposits may not be accrued. Interest income will
also be understated.
• Cash is the most "liquid" of all of a company's assets and the most
susceptible to theft (misappropriation).
• Cheques raised and accounted for at the year end (Dr Payables, Cr Cash)
may be subsequently cancelled after year end or their despatch to suppliers
unacceptably delayed (i.e. a form of "window dressing").
• Cash receipts may be stolen and difficult to trace (e.g. if there is "teeming and
lading" (see Chapter 24) on accounts receivable balances).
• Cheque payments may be misappropriated through forgery.

1.2 Account Balances

Audit considerations for the assertions that are specific to account balances (i.e. in
the statement of financial position) include the following:

1.2.1 Completeness

• A bank letter (s.3) will be required to confirm all balances held (including loans
and overdrafts).

1.2.2 Rights and Obligations

• Bank letters and other direct confirmation letters should confirm ownership of
cash (rights) and obligations for loans and overdraft facilities.

1.2.3 Existence
 • Direct confirmation (bank letter) of balances and other relevant information
from the holding institution (e.g. bank) confirms existence.
• Physical cash in a cash register/till (in retail trade) can be inspected and
counted (and, similarly, petty cash).

1.2.4 Presentation

• Generally, loans and overdrafts should not be offset against bank deposits in
the statement of financial position.
• Offset is appropriate only when the company has a legal right of offset(e.g. as
stated in the bank loan contract).

1.2.5 Classification

• Cash, bank and loans should be appropriately classified in the statement of

financial position as current or non-current.

1.3 Transactions

Considerations of the assertions that are specific to classes of transactions (e.g.

interest receipts/payments) include the following:

1.3.1 Completeness and Occurrence

• A reasonableness test (analytical procedure) may provide sufficient evidence

to confirm interest receivable/payable (i.e. average deposit/overdraft balance
by month × monthly interest rate).
• Balances on significant interest-bearing accounts will need to be compared
with the prior year and differences investigated (e.g. if balances are excluded
from the current year).

1.3.2 Classification

• Most interest payments will be expensed to profit or loss in the period to which
they relate.
• However, some interest expense may be allocated to asset accounts under
IFRS Standards (e.g. interest on a loan obtained to finance the construction of
a building is asset expenditure).
1.3.3 Cut-off

• Interest expenses and bank charges that are reconciling items on the bank
reconciliation statement must be included in accrued expenses.
• An accurate cut-off must be established for cash receipts and payments
shortly before and after the year end. The dates of recording transactions in
the cashbook will be compared with the bank statement and timing
differences shown in the bank reconciliation (s.2.2).

1.3.4 Accuracy

• Interest received (or payable) should be agreed from the bank statement to
the bank ledger account.
• Interest rates (and related expenses such as bank charges) should be
specified in loan/overdraft agreements.

1.4 Sources of Evidence

Activity 1 Sources “Ideas List”

Complete an "ideas list" for the sources of evidence relevant to the audit of bank and
cash balances.
*Please use the notes feature in the toolbar to help formulate your answer.

2.1 Bank Loans

• Obtain schedules of all loans, reconciling opening balances, movements in

the year and closing balances (agreeing to general ledger and financial
statements).
• Examine loan agreements noting:
• term of the loan;
• rate of interest (fixed or variable);
• security given; and
 • repayment terms.
• Confirm repayments during the year by reference to:
• authority (e.g. board minutes);
• paid cheques and entries in the bank ledger account;
• accrued interest paid; and
• deletion in the register of charges (for secured loans).
• Verify new loans issued during the year by reference to:
• authority;
• receipt of monies in the bank ledger account; and
• entries in statutory records (e.g. register of charges).
• Obtain direct confirmation from lenders (see s.3).
• Scrutinise statutory books (if any) and confirm that they are correct regarding
charges over assets.
• Recalculate interest expense and interest accrual.
• Agree disclosure of non-current liabilities complies with the applicable
financial reporting framework. For example:
• secured loans excluding portion repayable within one year;
• unsecured loans excluding portion repayable within one year;
• summary of interest rates, repayment terms, covenants; and
• security given.

2.2 Bank Reconciliation

Exam advice

The concept and construction of a bank reconciliation are assumed knowledge of

Financial Accounting.

2.2.1 Pro Forma Reconciliation

Key point

The statement of financial position will report the agreed balance (i.e. corrected
bank ledger account balance) as at the reporting date.

2.2.2 Audit Procedures

• Review any interim audit work carried out on the cash system to identify
potential problems for the year-end work.
• Confirm balance per the bank statement (e.g. to the bank report for audit
purposes – see s.3) and agree bank ledger account balance to the general
ledger.
• Verify that the reconciliation casts (i.e. adds up) by reperforming the additions.
• Confirm adjustments to the bank ledger account (e.g. interest and bank
charges).
• Agree uncleared ("outstanding") deposits to entries on the bank statement
dated shortly after the end of the reporting period.
• Cheques normally take only a few working days, at most to “clear” the bank. If
a customer’s cheque does not clear (i.e. “bounces”), the auditor should inquire
of management whether the cash balance should be adjusted (Dr Trade
receivable/Cr Cash). (If the customer’s balance has not been subsequently
settled, the adequacy of the allowance for irrecoverable debts would require
further consideration.)
• Agree unpresented cheques to entries on the bank statement dated shortly
after the end of the reporting period.
 • Unpresented cheques will take a little longer to clear because the suppliers
who receive them will have to present them to their bank (though they would
not delay in this unduly). Any significant delays should be investigated in case
the cheques were not actually “in the post” (i.e. despatched to the suppliers).
If cheques were raised but withheld, the auditor should inquire of
management whether the cash balance should be adjusted (Dr Cash/Cr
Trade payables).
• Writing out cheques (Dr Trade payables/Cr Cash) at the year end but
withholding them is a form of “window dressing” (i.e. an action to improve
the appearance of the statement of financial position).
• Reconcile the year-end closing balance from the prior year's audited
reconciliation through each monthly bank reconciliation.
• Review each reconciliation during the year for unusual "balancing" items.

2.3 Petty Cash

Exam advice

The operation of a petty cash system using imprest and non-imprest systems is
assumed knowledge of Financial Accounting.
• Understand the system of control over petty cash.
• Count petty cash (in the presence of a client employee) and agree to the
balance in the petty cash book, general ledger and financial statements.
• If using an imprest system, add up the petty cash vouchers and agree the
total of cash and vouchers to the imprest balance.
• At the end of the count return cash to the cashier and obtain a signed
certificate of monies returned.
• Agree petty cash vouchers for appropriate authorisation and supporting
receipts/documentation.
• Review the petty cash book for unusual items (i.e. items that are not petty
cash (e.g. "weekend" loans to staff) or items that should be paid through the
cashbook system (e.g. repairs to office equipment).
• If counting cash in more than one location (e.g. tills in a department store),
ensure that cash cannot be transferred between locations during the cash
count (e.g. involve more than one auditor).

Key Point

In an imprest system, at any point in time:

Physical cash + petty cash vouchers = Imprest balance
3.1 External Confirmation

External confirmation was described in detail in Chapter 24.

Obtaining a bank report for audit purposes (“bank confirmation letter”) is a standard
external confirmation procedure for all audits unless the auditor determines that the
banking transactions and relationships are clear and sufficient appropriate audit
evidence is available from other sources.

3.2 Format

Many national banking associations and auditing bodies have agreed on the form
and process for auditors to send and banks to complete bank confirmation reports.
Instead of the report containing an exhaustive list of all the possible information that
could be required, a standard approach and form of reports are generally adopted.
Its primary purpose is to confirm available information, but it may also provide
information the auditor was unaware of.
Banks will require specific written authority from their customers to be able to release
information to auditors. Rather than new authorities being issued each year, an
ongoing standing authority will be sufficient. Such authorities will need to be updated
for changes (e.g. new locations). The auditor should confirm each year, by
inspection, that the authority is in place and still appropriate.

3.2.1 Content

• Issued on auditor's letterhead.

• Should be sent at least two weeks before the client's year end.
• Bank's name and address.
• Auditor's name and address.
• Company's name, account sort codes and primary account(s) numbers.
• The financial reporting date.
• Details of confirmation that authority already was issued by the client.
• Request for acknowledgement.
• Additional information required:
• Trade finance (one of the facility account numbers given).
• Derivative and commodity trading (facility account number).
3.2.2 Reply Content

• Disclaimer by the bank – "Our response is given solely for the purposes of the
audit and creates no responsibility to the auditors."
• Balances on all accounts (including loans, joint accounts and accounts in
trade names).
• Details of all accounts closed in the last 12 months.
• Facilities – loans/overdrafts/guarantees, etc (including term, repayment,
review date, limit, etc).
• Securities (including set-off arrangements).
• Additional banking relationships – not covered by above.
• Custodian arrangements – the nature and quantity of any assets held but not
charged (e.g. title deeds held for safe-keeping rather than securing a
mortgage).
• Trade finance – letters of credit, acceptances, bills discounted, bonds,
guarantees, indemnities and other contingent liabilities.
• Derivatives – foreign exchange contracts, forward rate agreements, financial
futures, interest rate swaps, bullion contracts, etc.

3.3 Planning Considerations

At the planning stage of the audit, the auditor should:

• Determine the date by which the confirmation is required.
• Arrange to gather the required information concerning main account numbers
and bank sort codes.
• Agree that the bank authority is still in place and up to date.
• Determine where to send the request – usually a central banking location and
not the client's local branch.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

1. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
 • Bank and cash:
• bank confirmation reports used in obtaining evidence in relation to bank and
cash
• other evidence in relation to bank
• other evidence in relation to cash.

Summary and Quiz

• Assertions for loan, bank and cash balances include existence, cut-off, rights
and obligations, completeness and presentation.
• Audit procedures for loans received include:
• Examining new loan agreements
• Confirming repayments
• Obtaining direct confirmation from lenders
• Re-computing interest expense and interest accrual.
• Audit procedures for cash at bank include examination of the bank
reconciliation and bank confirmation report for all accounts.
• The bank confirmation report also may provide evidence of:
• Loan/overdraft facilities (relevant to going concern)
• Guarantees given (may give rise to contingent liabilities)
• Security held (e.g. property may be mortgaged).

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Sources “Ideas List”

• Accounting systems → Cash system, cashbook(s),

"imprest" for petty cash
• Documentation → Cheque requisitions

• Tangible assets → Physical cash (count it)

• Management and → Board minutes (authorising

employees cheque signatories), cashier

• Customers and → Possibly DD or SO

suppliers mandates for expenses
(e.g. insurance premiums)

• Other third parties → Bank statements, report for

audit purposes (=
"confirmation letter")

• Analytical → "Proof in total" − interest

procedures payable/ receivable
(calculation based on
monthend balances)
Chapter 27: Liabilities, Provisions and
Contingencies

Visual Overview

Objective: To explain audit risks and audit evidence for current liabilities (trade
payables and accrued expenses), non-current liabilities, provisions and contingenci
1.1 Terminology

Accounting for provisions and contingencies is prescribed in IAS 37 Provisions,

Contingent Liabilities and Contingent Assets.

Definitions

Liability – a present obligation arising from past events, the settlement of which is
expected to result in an outflow of resources.
Provision – a liability of uncertain timing or amount.
Obligating event – an event that creates a legal or constructive obligation that the
entity is bound to settle.
Contingent liability –
• a possible obligation that arises from past events and whose existence will
be confirmed only by the occurrence or non-occurrence of one or more
uncertain future events not wholly within management's control; or
• a present obligation that arises from past events which cannot be
recognised because:
1. an outflow of resources is not probable; or
2. the amount cannot be measured with sufficient reliability.
Contingent asset – a possible asset that arises from past events and whose
existence will be confirmed only by the occurrence or non-occurrence of one or
more uncertain future events not wholly within management's control.

Key Point

The first step in determining if an item is a liability, provision, contingent liability or

asset is to confirm that it meets the definition.

1.2 Accounting for Liabilities

Liabilities are classified as "current" or "non-current" (i.e. short or long term).

The chapter focuses on the audit of current liabilities and provisions. The audit of
non-current liabilities, specifically loans, has already been covered in Chapter 26.
1.2.1 Non-current Liabilities

• Entities are frequently financed by credit obtained from sources other than the
owners (e.g. interest-bearing loans).
• For example, a five-year loan received in 20X4, which is due to be repaid in
20X9, will be a non-current liability in the 20X4-20X7 statements of financial
position. It will be reclassified as current in the 20X8 statement of financial
position.

1.2.2 Current Liabilities

• Current liabilities are amounts owed by the business falling due for payment
within one year of the end of the reporting period.
• For example, trades payable are amounts due to suppliers for goods
purchased on credit.

1.2.3 Accrued Expenses

• Accrued expenses are amounts that have not been invoiced to the business
at the end of the reporting period, but are known to be owing.
• For example, loan interest accrued (payable) for the last month of the year
which is not paid until after the year end.

1.2.4 Payroll Accrual

• Payroll is a specific expense; the compensation must be paid to employees

for a set period or on a given date (e.g. weekly wage, monthly salary, annual
bonus).
• Accrued payroll includes all forms of compensation (e.g. wages/salaries,
commissions and bonuses) that have been earned by employees but have
not yet been paid to them. It represents a short-term liability for the employer.
Example 1 Accrued Payrolls

Troy Co employs salaried staff, who are paid on the last Friday of every month
and a factory workforce that works Monday to Friday and is paid for each week on
the following Monday. The company’s year end is Wednesday 30 June 20X1.
• All salaried employees were last paid on Friday 25 June. As their June
salaries have been paid, there is no accrual.
 •
The workforce was last paid on Monday 28 June for the hours/days worked
in the preceding week. Therefore, an accrual for three days is needed as at
30 June 20X1.
Because an accrual is an accounting estimate, it is not required to be exact. If for
example, the workforce is 50 factory employees working 8 hours a day with an
average hourly wage of $20, the year-end adjustment for payroll expense will be
$8,000.

1.2.5 Holiday Accrual

An employee’s entitlement to holiday commences when they start a job. Their
entitlement will be prorated if they start during the company’s “holiday/leave year”
(which may not coincide with its accounting/financial year). At the end of the financial
year, the company must accrue for any entitlement that has been earnt, but not
taken.

Example 2 Holiday Accrual

Bart Co's holiday year and financial year is a calendar year. Staff are encouraged
to take their leave regularly. The company’s holiday leave policy does not permit
the carrying forward of untaken leave to the next year (i.e. a “use-it-of-lose it”
policy).
On 1 November 20X1, Bart Co employed a new credit controller on a salary of
$24,000. The managing director has approved the carry-forward of this
employee’s holiday entitlement.
2
The holiday accrual is therefore 12
× 24000 = 4000 .

1.3 Non-current Liabilities

The audit of bank loans and overdrafts has already been covered in Chapter 26.
Other sources of finance include:
• Issues of debt, loan notes (“bonds”) and debentures;
• Issues of redeemable preference shares (which are accounted for as debt
under IAS 1 Presentation of Financial Statements);
• Lease finance (which is not examinable in AA).

1.4 Provisions and Contingencies

1.4.1 Summary of Accounting Treatments

Exam advice

How to account for provisions and contingent liabilities and contingent assets is
assumed knowledge of Financial Accounting.

Flow of Resources Obligation Asset

Remote No disclosure No disclosure

Probably not/Possible Contingent liability No disclosure

disclosure

Probable Provision (if reliable Disclosure required

estimate) – otherwise a
contingent liability

Expected/virtually certain Provision Asset (not contingent)

Activity 1 Dismissal

A senior employee has been dismissed for breach of contract. She is claiming unfair
dismissal. Briefly describe the audit work that should be conducted to determine
whether a provision or contingent liability is required.
*Please use the notes feature in the toolbar to help formulate your answer.

1.4.2 Disclosures

The following should be disclosed for each class of provision:

• carrying amount at the beginning and end of the period;
• additions and increases;
• amounts used (i.e. incurred and charged);
• unused amounts reversed;
• description of the nature of obligation and expected timing of outflows; and
• description of the uncertainties about amount or timing (and major
assumptions made).
In extremely rare cases, when information may be seriously prejudicial, it need not
be disclosed. In this case, the general nature of the dispute and the reason for not
disclosing information should be given.
For each contingent liability/asset, the notes to the financial statements should
disclose:
• its nature;
• an estimate of its financial effect (where practicable); and
• the uncertain factors that affect its amount or timing.

2.1 Trade Payables and Accrued Expenses

Risks that should generally be considered in the audit of trade payables and accrued
expenses include the following:
• Liabilities incurred may be unrecorded (e.g. purchase invoices not
processed). The corresponding expense is also understated (and hence profit
will be overstated).
• Secured liabilities may not be identified and security may not be disclosed.
• Accrued expenses (e.g. for goods/services received but not invoiced) relating
to current year expenditure may be omitted.
• Liabilities may be recorded/payments to suppliers made for goods not
received (because of error or fraud).
• Accrued holiday entitlements may be omitted from the payroll expense.
• Payroll deductions (e.g. personal tax and social/national insurance) may not
be paid to the tax authorities.

2.2 Provisions

Risks that should generally be considered in the audit of provisions include the
following:
• A liability may be misstated due to estimation uncertainty (see Chapter 17).
• A provision may be overstated to “smooth” profits (i.e. making provisions
when profits are “good”, then reversing them in a “bad” year).
• Classification as current or non-current may be incorrect due to uncertain
timing.
• A provision will be overstated if it is not reversed when it is no longer required
for the purpose for which it was made.
2.3 Assertions

Audit evidence and procedures for the assertions that are specific to trade payables
and accrued expenses include the following:

2.3.1 Completeness and Accuracy

• Payable confirmation and/or supplier statement reconciliations to confirm the

amount owing (see s.3.2).
• Review of after-date invoices; these should be accrued if they relate to
goods/services provided before the year end.
• Review after-date cash payments and confirm that they agree to amounts of
recorded liabilities (e.g. payroll deductions to tax authorities agreed to the
year-end payroll).
• Outstanding holiday entitlements agreed to the calculation of holiday accrual.
• Review of correspondence with suppliers (e.g. about disputed invoices).
• Comparison of amounts of trade payables, accrued expenses and provisions
with the prior year.

2.3.2 Rights and Obligations

• Settlement of an obligation shortly after the year end provides evidence that
the obligation existed at the year end.
• Legal obligations are more easily confirmed (e.g. to a contract) than a
constructive obligation.

2.3.3 Existence

• Payable confirmation and supplier statement reconciliations.

2.4 Sources of Evidence

Activity 2 Sources “Ideas List”

Complete an "ideas list" for the sources of evidence relevant to the audit of trade
payables and accrued expenses.
*Please use the notes feature in the toolbar to help formulate your answer.

3.1 External Confirmation

External confirmation of amounts due to suppliers may be a standard procedure

unless the risk of material misstatement is minimal and the reconciliation of supplier
statements received by the client (i.e. written, external but indirect) can provide
sufficient reliable evidence.
Where the auditor requires a supplier statement that is not available from the client
(e.g. because the supplier does not send monthly statements to its customers), the
auditor should request a confirmation.

3.1.1 Procedures

Procedures for sending confirmation letters to suppliers are similar to those for the
receivables confirmation (detailed in Chapter 24). The main differences are as
follows:
• The principal assertion is completeness and the key audit risk is
understatement. To test for understatement, the source of the payable must
be identified (i.e. a purchase on credit results in a payable). The permanent
audit file should have details of the major suppliers. A purchase turnover
analysis will identify the major suppliers expected to have large payable
balances. Compare the year-end payable balances with the prior year and
select the materially lower balances (e.g. due to unrecorded transactions).
• Sample must be selected from a reciprocal population (e.g. purchases or
goods received notes) and not from the list of payable balances.
• Even if the client receives statements from suppliers each month, a
confirmation request may still be sent to a sample of major suppliers.
• The request should be positive and open (i.e. requesting that the supplier
state the balance) and request that the supplier sends a copy statement as at
the client’s reporting date.
Where a reply to a confirmation request is not received, and a supplier statement as
at the year end is not available, alternative procedures should be applied. For
example:
• Contact supplier direct by phone and enquire about the balance.
• Confirm make-up of year-end balance from GRN, inventory and purchase
invoices.
 • Confirm post-year-end payment.

3.1.2 Suppliers' Statement Reconciliations

Key Point

Suppliers' statement reconciliations are the main audit procedure for verifying the
completeness of trade payables and accrued expenses. It is essential that
reconciling items are correctly accounted for.

Balances on returned confirmations should be agreed to the balance on the

corresponding year-end supplier's statement.
Where a statement and/or confirmation balance does not agree to payables balance,
identify and audit the reconciling items. For example:
• Purchase invoices on the supplier's statement are not included in balance per
the list of individual suppliers.
• Cash payments in the trade payables account are not on the supplier's
statement.
Any disputes or errors should be supported by appropriate correspondence. If a
dispute concerns the quality of goods, consider the follow-through effect (if any) on
the net realisable value of inventory or recovery of a trade receivable (if goods sold
on to customers).
Where purchase invoices on the supplier's statement are not included in the balance
per the list of individual suppliers:
• Agree goods received to GRN, purchase invoice received after year end and
correct posting.
• If goods were received before the year end (and ownership accepted), agree
inclusion in year-end inventory and as a year-end accrual (see s.3.4.1).
Services rendered before the year end should similarly be accrued.
• Confirm any other reason for non-inclusion (e.g. if the client was wrongly
invoiced, there should be a supplier's credit note on a statement after the year
end, which cancels the invoice).
Where cash payments are not on the supplier's statement:
• Agree cash in transit to bank ledger account as paid before year end.
• Agree with audit work on cash and bank: the payment should be included in
the unpresented items on the year-end bank reconciliation that subsequently
cleared.
• Confirm payment on next month's supplier's statement.
3.2 Unrecorded Liabilities

Completeness and cut-off are also tested through a search for unrecorded liabilities,
which focuses on the following:

3.2.1 Trade Payables Account

• Agree GRNs before the year end to purchase invoices posted to the trade
payables account (via the detailed purchase listing) before the year end.
• Agree cash payments posted to the trade payables account before the year
end to the bank ledger account and bank statement before the year end (and
check to bank reconciliation as necessary).
• Trace entries for purchases before the year end back to the detailed purchase
listing, purchase invoice, GRN and confirm inclusion in year-end inventory.

3.2.2 Invoices Received after Year End

• Review after-date purchase invoices for evidence of goods/services received

before the year end. If so, agree liability and inventory recognised at the year
end.

3.2.3 Cash Payments after Year End

• Review after-date cash payments to identify payments relating to

goods/services received before the year end. Check to ensure that they are
included as a year-end liability and inventory.

3.2.4 Payroll Starters

• Review HR information relating to starters (“new hires”), agreeing their start

date (from which wage/salary and holiday entitlement will accrue) to
supporting documentation. Confirm their inclusion on the year-end payroll
(and calculation of holiday accrual).

3.3 Accruals
3.3.1 Goods/Services Received but Not Recorded

The liability for goods and services received just before the year end may not be
recorded until the invoice is received and processed.
The client usually will record such items and provide the auditor with a list of accrued
charges.
As this needs to be tested for understatement (completeness), the auditor must
identify such items and then check whether they have been included on the list.
Other audit procedures include:
• Casting the list and agreeing the total posted to the general ledger and
financial statements.
• In combination with searching for unrecorded liabilities, reviewing after-date
invoices and payments. Where these relate to pre-year end expenses, agree
to their inclusion in the year-end balance for payables (or goods/services
received but not yet invoiced accrual). If not included, discuss the reason with
management.

3.3.2 Other Accruals

• Determine expected accruals from understanding the nature of the business.

• Obtain, cast and agree a list of accruals from the client.
• Compare with the prior year for reasonableness (e.g. electricity accrual in line
with inflation and known increase in activity) and any apparent omissions (e.g.
interest and/or bank charges identified by the bank reconciliation).
• Review of post-year-end purchase invoices and cash payments (as described
previously) will identify potential accruals. Where material, calculate accrual
and agree to the year-end schedule.
• Agree current tax liability for corporation/profits tax to tax computations
prepared by the client.
• Agree accruals for payroll taxes to payroll records as part of wages audit (see
Chapter 12).

3.4 Provisions and Contingencies

Many of the audit procedures relevant to the audit of liabilities are relevant to
provisions and contingent liabilities. However, specific procedures might include the
following:
 • Discuss, with management, systems for identifying provisions and contingent
liabilities.
• Review the prior year's financial statement provisions and contingent
liabilities.
• Establish provision outcome; whether estimate was reasonable or need for
provision is ongoing (e.g. warranty provisions).
• Establish the outcome of contingent liabilities (e.g. no longer exist, are
ongoing or need to become provisions).
• Review year-end and after-date correspondence and board minutes for
evidence of new legal claims against the entity.
• Review subsequent events to ensure that all relevant matters are considered
(see Chapter 29).
• Examine legal expense accounts for indications of higher-than-normal costs.
Discuss with management the reasons why.
• Reassess the need for continuing provisions (e.g. estimated warranty
provision).
• Review supporting documentation to assess new provisions/contingent
liabilities and management’s estimate of potential outflows.
• Discuss management's assessment of the outcome, the estimate of financial
implications and costs involved. If the event gives rise to a contingent liability
such as a lawsuit, an accrual or provision should be made for associated legal
expenses.
• Seek confirmation from company lawyers (might be an internal or external
expert).
• Obtain written representations from management regarding legal claims
against the company (see Chapter 20 for other examples).
The auditor must consider a scope limitation on the audit opinion if:
• permission is not given to communicate with lawyers (or the lawyers refuse to
discuss matters with the auditor); or
• management refuses to provide written representations on a particular matter

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

3. The audit of specific items

For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
 • Payables and accruals
• supplier statement reconciliations and direct confirmation of accounts
payable,
• obtain evidence in relation to payables and accruals,
• other evidence in relation to current liabilities, and
• purchases and other expenses, including payroll.
• Non-current liabilities, provisions and contingencies:
• evidence in relation to non-current liabilities
• provisions and contingencies

Summary and Quiz

• Assertions for trade payables, accrued expenses and provisions include

completeness, cut-off, obligations, valuation and existence.
• Obtaining direct confirmation from suppliers is a routine audit procedure
unless the risk of misstatement is low and the reconciliation of supplier
statements from the client provides sufficient reliable evidence.
• To test for completeness (understatement), suppliers should be selected from
purchases (or goods received notes) and not the list of payable balances.
• Purchase invoices on the supplier's statements but not included in the client's
books should be accrued if goods are received before the year end.
• Payments in the client's books but not included in the supplier's year-end
statements should appear in the following month's statement.
• Review of after-date purchase invoices and payments for goods/services
received before the year end is an audit procedure for completeness of
liabilities and cut-off.
• Audit procedures for provisions include:
• Reviewing the outcome of the prior year's provisions and contingent liabilities.
• Reviewing correspondence and board minutes for evidence of unrecorded
liabilities.
• Subsequent events review.
• Reassessing the continuing need for provisions still unused.
• Direct confirmation from lawyers.
• Obtaining written management representations (e.g. concerning
completeness).

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Dismissal

• Review minutes or notes of management's decision to dismiss the employee

to establish the reason for the dismissal.
• Review any press or social network commentary (e.g. Twitter, Facebook).
• Review correspondence from the employee and her solicitor.
• Review the contract of employment to confirm that the contract covers the
reason for the dismissal and what, if any, entitlement the employee is due.
• Review dismissal procedures to ensure that they are within the law – if not,
the dismissal may have been illegal.
• Obtain the view of the company's solicitor as to the likelihood of the action
being successful.
• Discuss with management its expected action (e.g. fight or settle out of court).
• If probable that the employee could win even on a legal technicality (e.g. if the
company did not follow the correct dismissal procedure), calculate the
potential compensation allowed by her contract and possible damages
awarded by the court.
• If it is unlikely she would win, possible costs will still need to be estimated for
disclosure.
• If remote, no disclosure will be necessary.
• In all situations, any legal costs of the company should be provided.

Chapter 27 Quiz
Activity 2 Sources “Ideas List”

Complete an "ideas list" for the sources of evidence relevant to the audit of trade
payables and accrued expenses.
*Please use the notes feature in the toolbar to help formulate your answer.

• Accounting systems → e.g. batch processing of

invoices

• Documentation → Purchase
requisitions/orders/invoices/
GRNs, cheque payments.
• Tangible assets → Inventories (raw materials,
goods for resale).

• Management and → Buyer, purchase

employees department
supervisor/clerks, chief
cashier.

• Customers and → Suppliers (provide monthly

suppliers statements?).

• Other third parties → Intermediaries (e.g.

warehousing agents).

• Analytical → Payable days outstanding,

procedures current ratio, accrued
expenses to trade payables
percentage or ratio.
Chapter 28: Small Business and Not-for-Profit
Organisations

Visual Overview

Objective: To identify the particular considerations in the audit of small businesses

and not-for-profit organisations.

1.1 Smaller Entities

Key Point
 Although the size of an entity may be an indicator of its complexity, some smaller
entities may be complex and some larger entities may be less complex.

The typical qualitative characteristics of a smaller entity are:

• Ownership and management concentrated in a small number of individuals

(e.g. one “owner-manager”);
• One or more of the following:
• Straightforward or uncomplicated transactions;
• Simple record-keeping;
• Few products or business lines;
• Simpler systems of internal control;
• Few levels of management with responsibility for a broad range of controls;
• Few personnel, many having a wide range of duties; or
• A small number of employees involved in financial reporting roles (e.g. only
one person).

Definition

Owner-manager – a proprietor involved in the day-to-day running of a smaller

entity.

Some financial reporting frameworks allow smaller entities to provide fewer and less
detailed disclosures in financial statements. However, if those financial statements
are required to be audited, the auditor must still understand the entity and its
environment and the applicable financial reporting framework as it applies to the
entity.

1.2 Limited Segregation of Duties

Many small entities may lack sufficient resources to achieve ideal segregation of
duties (and the cost of hiring additional staff solely for this purpose is likely to be
prohibitive). Therefore, it may not be possible to rely on the system of internal control
to detect fraud or errors, for example:

• where personnel who are responsible for accounting records also have
access to assets that are easily concealed, moved or sold; and
 • when it may not be possible to set up a system of independent checking. This
increases the risk that management will fail to detect errors.
However, management may be able to institute alternative controls that the auditor
can test and rely on.

Example 1 Alternative to Segregation of Duties

A salesperson is not prevented (by segregation of duties) from being able to

modify product price files or commission rates.
A detective control activity can be implemented to have personnel unrelated to the
sales function periodically review whether and under what circumstances the
salesperson changed prices.

The risks arising from the use of IT in information processing may also be higher due
to limited segregation of duties. For example, in simple computerised accounting
systems, it is common for users to be able to perform two or more of:

• initiating and authorising source documents;

• entering data into the system;
• operating the computer;
• changing programs and data files as well as modifying the operating systems;
and
• using or distributing output.

1.3 Domination by Senior Management or Owner

Key Point

If the role of governance is undertaken directly by the owner-manager, the

independence of TCWG is not relevant.

Active participation in management may dominate the entity's operations (particularly

the system of internal control and preparation of financial statements). When the
owner is not involved, there is greater risk of employee fraud or error that will not be
detected.

1.3.1 Advantages
 • Domination can compensate for otherwise weak internal controls (e.g. where
the owner personally signs all cheques and bank mandates).

1.3.2 Disadvantages

• Ability to override internal controls (e.g. exclude transactions).

• Greater risk of management fraud (e.g. the owner can make disbursements
without supporting documentation).
• Confusion of business and personal interests/property may be reflected in
financial statements. This may give rise to problems with tax authorities and
could result in financial penalties.

2.1 Considerations

If it is not possible to obtain sufficient evidence to form an opinion on the financial

statements because of deficiencies which may arise (e.g. inadequate record
keeping), the auditor may decide:
• not to accept the engagement; or
• after acceptance:
• to withdraw from the engagement; or
• to disclaim an opinion.

2.2 Engagement Letter

The engagement letter must be issued before work commences to help avoid
misunderstanding the nature and scope of services provided.

• Additional accountancy services:

• initial recording of transactions;
• posting to the general ledger;
• extracting trial balance and preparing draft accounts;
• preparing statutory financial statements; and
• providing regular management accounts.
• Additional tax services:
• agreeing tax liabilities with taxation authorities; and
• preparation and submission of returns.
 Key Point

When the auditor also assists in preparing the financial statements, the
engagement letter must clearly state that this remains management's
responsibility.

3.1 Risk Assessment

The risk of material misstatements may increase (↑) or decrease (↓) due to the
following factors:
• owner may exercise effective control (↓);
• owner's close involvement may prevent/detect errors (↓);
• profits may be manipulated (↑).
Audit risks may include, in particular:
• possible misstatement of income (e.g. by non-recording (understatement) or
recording fictitious transactions (overstatement));
• inclusion of personal expenses of an owner-manager.
In assessing risk, the auditor will consider previous knowledge of the
proprietor/business.

3.2 Limited Formal Internal Controls

Although the extent of reliance on internal controls may be restricted, the auditor
may be able to test and rely on controls that are:
• operated by the proprietor;
• established by observation (if not documented).
Deficiencies revealed during the audit should be communicated and
recommendations for improvements made.

3.3 Accountancy Work

3.3.1 Examples

Typical accountancy work for smaller entities includes:

 • Writing up books;
• Drawing up a trial balance; and
• Ascertaining the end of the reporting period adjustments.

3.3.2 Audit Evidence Obtained

Audit evidence is often obtained from accountancy work. For example, from:
• examining original documents;
• calculating balances; and
• posting entries.

Key Point

Evidence obtained from accountancy work alone does not provide sufficient audit
evidence (e.g. on recoverability of accounts receivable).

3.4 Auditing for Completeness

3.4.1 Assertion

Understatement of income (completeness) can be a particular risk for small

businesses and not-for-profit organisations:
• under-declaration of income (and overstatement of expenses) will reduce tax
liabilities;
• owner-managers may treat some business dealings as personal transactions
(and not record them);
• a high proportion of transactions may be cash (which may be misappropriated
before it is recorded);
• there may be no exchange in a transaction (e.g. for donations received) to
evidence its occurrence.

3.4.2 Audit Considerations

• Numerically based system (e.g. to control despatch of goods).

• Independently recorded population.
• Reconciliations of total goods bought/sold.
• Predictive analytical procedures.
• Review of transactions after the end of the reporting period.
 • Representations by proprietor (are not sufficient on their own).

3.5 Choosing Procedures

Generally, the auditor will be unable to use tests of controls to reduce tests of details
if effective internal controls are lacking.
The evidence obtained through accountancy work (s.3.3) gives some assurances
and does not need to be duplicated.
However, writing up books and accounts preparation is no substitute for:

• physical inspection (existence);

• third-party confirmation (existence and ownership);
• work on the recoverability of accounts receivable (valuation);
• searches for unrecorded liabilities (completeness);
• confirmation of terms of material loans; and
• tests to ensure completeness of income.

Writing up books may, however, lead to efficiencies. For example, if analytical

procedures on margins are satisfactory, audit procedures may be restricted to:

• bank confirmations;
• direct confirmations (if efficient) and review of old balances;
• attendance at physical inventory and review of inventory valuation;
• review of subsequent events;
• review of accrued expenses and prepayments;
• review of minutes; and
• obtaining other confirmation letters (e.g. from solicitors).

Key Point

Most audit evidence will be obtained from substantive tests of details.

3.6 Management Representations

Management representations are essential:

 • because the auditor's role and responsibility in relation to the financial
statements may be misunderstood; and
• to remind management of its responsibility to ensure the completeness and
accuracy of accounting records and safeguard the entity's assets.
However, the auditor cannot rely solely on management representations to obtain
assurance on the completeness of the accounting records.

4.0 Introduction

Definition

Not-for-profit organisation (NFP) – an organisation that does not distribute its

surplus funds to owners or shareholders but instead uses them to help pursue its
goals.

Some NFP organisations may make a profit (e.g. many charities have retail
operations); however, they do not consider profit to be their primary objective.
Instead, they aim to satisfy the particular needs of their members or society in
general and usually consider financial objectives as constraints under which they
have to operate.

4.1 Types of NFP Organisation

There are many types of very different NFP organisations, for example:

• government departments, local authorities and agencies – exist to implement

policy;
• educational establishments – note that private education has a profit motive;
• hospitals – note that private hospitals would be classified as profit oriented;
• charities – collect money and effectively distribute it according to a charity's
aims;
• pressure groups – raise money to promote a given agenda (e.g.
Greenpeace); and
• clubs and mutual societies – organisations that raise money directly from
members to provide services to them (e.g. tennis clubs, trade unions).

An NFP organisation may be:

 • incorporated (i.e. companies);
• otherwise required to be audited (e.g. under sector-specific legislation);
• subject to specific accounting requirements;
• regulated (e.g. by a Charities Commission);
• small, local, single-activity operations run by trustees (e.g. clubs, private
schools); or
• large trading concerns with sophisticated accounting systems (e.g.
international charities and aid agencies).

Exam advice

Candidates will not be required to have a detailed knowledge of any type of NFP
organisation to answer an exam question. A scenario is likely to be about a small
cash-based entity (e.g. a sports club or local charity). The audit approach is similar
to that applied to small businesses, but note the differences highlighted in Activity
1 and s.4.2.

Activity 1 Differences Between Charities and Commercial Entities

Suggest FOUR features of a charity which are most likely to differ from a commercial
entity.
*Please use the notes feature in the toolbar to help formulate your answer.

4.2 Audit Techniques

In general, the audit of a not-for-profit organisation follows the same principles

and technique of any other audit, but usually with some specific emphasis, for
example, on sources of funding (e.g. donations).
The following considerations are likely to be relevant when auditing not-for-profit
organisations.

4.2.1 Understanding the Entity

As for any audit client, the auditor must understand the entity and its environment,
the applicable financial reporting framework and the system of internal controls.
Management structure and reporting requirements are potentially less formal than
commercial organisations. The experience of key personnel is unlikely to be
commercial, as most will be part-time volunteers. This may increase the risk of fraud
being perpetrated and hidden by those with financial experience.
Regulatory and reporting requirements may be:
• specific (e.g. Charities Act); or
• general (e.g. licensing, liquor and entertainment laws for clubs).
The auditor should consider potential breaches in the entity’s constitution and rules
of entity in accordance with ISA 250 Consideration of Laws and Regulations in an
Audit of Financial Statements (see Chapter 11).

4.2.2 Applicable Financial Reporting Framework

IFRS uses terminology suitable for profit-oriented entities, including public sector
business entities. International Public Sector Accounting Standards (IPSAS) have
therefore been developed for governmental bodies, acknowledging that the nature of
these entities and the information needs of users (including citizens) are different
from for-profit businesses.
However, there are currently no equivalent standards for other non-profit
organisations (NPOs). Many NPOs have unique transactions and “economic events”
that are quite unlike those seen in the private or public sectors, for example:
• non-exchange transactions (e.g. receiving and giving grants and donations);
• non-money transactions (e.g. gifts and services in kind).
Many NPOs rely heavily on cash transfers (grants and donations) for day-to-day
operational costs and projects or programmes. Gifts-in-kind, services-in-kind,
fundraising and assets held for future service delivery are just a few of the
transactions that are not adequately addressed in existing international standards
and therefore give rise to inherent risk.

4.2.3 System of Internal Control

Sources of income and forms of expenditure are of particular importance where

there are many sources, primarily of cash in nature. For example, a club will have
subscriptions, bar income, gaming machine income, special event income (e.g.
discos, lotto, raffles) etc.
The control environment is unique for not-for-profits. The auditor should consider:
• the roles and qualifications of management and the governing board;
• the frequency of governing board meetings; and
• governing board involvement in operations.
The internal controls of not-for-profit entities should include controls related to:
 • Safeguarding assets;
• Ensuring all transactions are accurately recorded and accounting records
maintained;
• Completeness of income (especially cash) and the authorisation of
expenditures;
• The identification, evaluation and acceptance of donations;
• Valuing and recording promises to give;
• The valuation of donated assets;
• Compliance with donor restrictions on the use of donations;
• Meeting the reporting requirements of donors and regulators.

4.2.4 Risk

Inherent risk may be high because of:

• the nature of management and key workers (see Activity 1);
• susceptibility to fraud (because of an easily manipulated asset such as cash);
• the potential impact of a sluggish economy on income from donations; and
• obligations to comply with regulations when funded by government grants.
The entity also may be considered a public-interest entity (e.g. a national charity,
local golf/tennis club whose membership usually contains local business people and
dignitaries) and, therefore, high risk because of the risk of bad publicity if
inappropriate work is carried out or an inappropriate report is given.
Control risk is unlikely to be assessed (i.e. the auditor does not plan to test the
operating effectiveness of controls). For example, formal controls may be too
expensive for the entity to operate (e.g. employing sufficient people to have effective
segregation of duties) or controls implemented by inexperienced "volunteers". There
also may be overdependence on the honesty of individuals. Therefore, the
assessment of the risk of material misstatement is the same as the assessment of
inherent risk.

To reduce detection risk to an acceptably low level will required a high level of audit
work in appropriate areas (e.g. extensive analytical procedures and/or tests of details
on large samples of transactions, possibly 100%).

4.2.5 Materiality

As not-for-profit entities usually attempt to match their expenditure to their income

(e.g. charities collect money to distribute to worthy causes), materiality based on
surplus (excess of income over expenditure) generally is not a useful materiality
indicator. Income is likely to be the principal measure of materiality.
In addition, materiality ranges may be set lower than for commercial organisations
because of the nature of the entity (e.g. the general public would expect that all
donations to a charity are accounted for and used appropriately – any fraud would be
considered material regardless of its size).

4.2.6 Analytical Procedures

Generally, more audit evidence can be derived from analytical procedures because
of the nature of the income and expenditure of not-for-profit entities.
Care must be taken to ensure that appropriate procedures are used, considering the
nature of the entity. For example:
• Proof in total for subscription income (e.g. number of club members at the
appropriate rate).
• Controlled usage of equipment and facilities (e.g. meters, counters, booking
schedules at the appropriate rate).
• Set percentage mark-up (e.g. bar sales taking into account regular physical
counts and allowances for spillage, set payout on games machines, say, 80%
of takings).
• Pre-numbered ticketing for events (e.g. number/range of tickets printed per
order/invoice from printers minus tickets remaining at their face value with any
complimentary issues formally recorded and authorised).
• Reconciliations (e.g. investment income to the capital value of the investment,
covenants from donors for regular payments to the entity, costs as a set
percentage of income).
• Comparisons of key income and expenses with prior periods (e.g. monthly
expenses, monthly bar sales/gross profit, monthly income/profit from regular
events).

4.2.7 Reliance on Experts

Experts may be used in the entity's procedures (e.g. counting bar inventory in a club
or valuing donated assets). ISA 500 Audit Evidence or ISA 620 Using the Work of an
Auditor's Expert will be relevant (depending on whether the expert is the
management’s or the auditor’s).

4.2.6 Cash

In many not-for-profit organisations, the majority of transactions are for cash and a
high-risk area.
The controls over the receipt, banking, payment and authorisation of cash must be
strong.
A typical cash audit programme will be used but must be tailored to suit the
circumstances of the entity, for example:
• Attend fundraising events, observe procedures in collecting, banking and
recording cash and the segregation of duties between the collection, counting
and recording.
• Perform cash counts at regular, unannounced intervals.
• Ensure the regular rotation of staff who handle cash (e.g. different individuals
at each event).
• Ensure access to cash is controlled (e.g. two keys are required to open
gaming machines, keys are secure (in a safe), opening procedures are
rotated between staff/ members).

Syllabus Coverage

This chapter covers the following Learning Outcomes.

D. Audit Evidence

1. Audit procedures
• Describe why smaller entities may have different control environments and
describe the types of evidence likely to be available in smaller entities.
2. Not-for-profit organisations
• Apply audit techniques to not-for-profit organisations.
Summary and Quiz

• The characteristics of small businesses and not-for-profit organisations

include limited segregation of duties and domination by senior management
or owners.
• The engagement letter should include details of additional accountancy or tax
services.
• Involvement of owners may:
• Decrease risk of material misstatement through effective control and the
prevention/detection of errors.
• Increase risk of profit manipulation.
• Any accountancy work carried out by the auditor may provide audit evidence
but cannot replace the evidence obtained from direct confirmation, physical
inspection, etc.
 • Not-for-profit organisations use surplus funds to pursue goals rather than
make distributions to owners or shareholders.
• When auditing a not-for-profit entity:
• Inherent risk and the risk of material misstatement are likely to be high.
Therefore detection risk should be made low.
• Income is likely to be the principal basis for materiality.
• Generally, more evidence can be derived from analytical procedures.
• Cash transactions are likely to be material and a high-risk audit area.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022)
related to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Differences Between Charities and Commercial Entities

• Sources of income – largely voluntary income (donations), grants, etc. Highly

likely to be in the form of pure cash (e.g. street collections).
• Possible inability to assert completeness of income/revenue arising from
donations (e.g. street collections).
• Branch structure – although this may be used in commercial entities, the
"branch" operating structure with a single, centrally administered head office
is frequently used by charitable organisations.
• Tax status – there may be some reliefs available specifically to charities.
• Restricted funds (capital or revenue) – may be used only for specified
expenditure (e.g. donation or grant for a specific activity or capital item).
• Greater public accountability – is expected because their purpose is to serve
some public good.
• Presence of unpaid workers (volunteers) who may:
• lack sufficient business skills;
• possess great dedication, which may compensate for failings in internal
control.
• Executives may be part-time, retired professionals or complete amateurs.
Risk assessment needs to consider the executives' business and control
awareness. The risk of material misstatement may increase or decrease
depending on their experience, skill and commitment.
Chapter 29: Audit Finalisation

Visual Overview

Objective: To describe overall review procedures and the auditor's responsibilities

for disclosure, including subsequent events and going concern.

1.0 Introduction

Key Point

• The audit completion review helps to ensure that:

• all work was carried out in accordance with the audit plan;
• all material and contentious issues have been appropriately dealt with;
 • the auditor's report is consistent with the work performed;
• audit work supports the audit opinion; and
• ethical matters have been considered for audit reacceptance.
• It provides an opportunity for auditors and firms to stand back and assess
how particular audits, or audits in general, are conducted.

1.1 Overall Review of Financial Statements

The purpose of an overall review of financial statements is to assess whether:

• the evidence obtained provides a reasonable basis for the audit opinion;
• the information presented in the financial statements meets statutory
requirements;
• appropriate accounting policies are properly disclosed and consistently
applied; and
• the financial statements as a whole and the assertions contained therein are
consistent with the auditor's knowledge of the business and the results of
audit procedures.
The principal review techniques include:
• discussion between the reviewers and the other people involved in the audit;
• review of documentation;
• checklists; and
• analytical procedures.
Collectively, these can provide reasonable assurance that audits have been
conducted in accordance with auditing standards, other regulatory requirements and
the firm's standards.

1.2 Types of Review

Reviews conducted before the auditor's report is signed include:

• day-to-day review and discussion of the work done as the audit progresses,
performed by senior audit team members (on the work of their assistants) and
audit managers (on the work of the seniors);
• the audit engagement partner's review before the signing of the auditor's
report; and
• independent second partner review for high-risk clients (e.g. where the audit
opinion may be modified).
1.3 Documentation

All crucial matters, particularly those requiring exercise of judgement, must be

documented, particularly regarding:
• uncorrected misstatements;
• going concern;
• provisions and contingencies;
• subsequent events;
• compliance with reporting framework;
• written representations; and
• communications to TCWG.
Key decisions in these areas are subject to negotiation and discussion with
management, all of which should be documented with the conclusions reached.

1.4 Completion Checklists

All off-the-shelf and most bespoke audit systems include completion checklists to be
used by the audit engagement partner to ensure that all relevant audit procedures
have been completed before the audit opinion is signed. Although useful as an aide-
memoire, they do not avoid time pressure problems. Therefore, it is important that
enough time be allocated for checklists to be used constructively and make a
thorough and honest assessment of the adequacy of the audit work performed and
the evidence gathered.

Activity 1 Partner Completion Checklist

Suggest the typical contents for a partner completion checklist.

*Please use the notes feature in the toolbar to help formulate your answer.

1.5 Analytical Procedures

Key Point

Analytical procedures are required in the review stage of the audit (ISA 520).
Analytical procedures in the review stage are designed to assist in forming an overall
conclusion as to whether the financial statements are consistent with the auditor's
understanding of the entity.
• At this stage, ratio trend analysis is used to assess the reasonableness of the
figures and other data presented.
• Any expectations will be more refined than at the planning stage as more up-
to-date information will be available.
• If analytical procedures at this stage indicate a previously unrecognised risk of
material misstatement, the evidence obtained from audit procedures
performed should be assessed. Significant variations are likely to require
further work on relevant classes of transactions, account balances and
disclosures.

1.6 Other Tools

1.6.1 Points for Partner

A “points for partner” or completion summary records significant points and issues
which have arisen during the audit and how they have been dealt with.
It draws together in one place all matters of which the audit partner needs to be
aware and enables a final decision about:
• the adequacy of action taken; or
• what still needs to be done.

1.6.2 Disclosure Checklists

Disclosure checklists are widely used to review the final accounts for completeness
of disclosure and presentation before they are authorised for issue. As for all
checklists, complacency must be avoided and due professional care exercised.

Activity 2 Review of Financial Statements

Suggest procedures an auditor should perform in conducting an overall review of

financial statements.
*Please use the notes feature in the toolbar to help formulate your answer.
2.1 Misstatements

Definition

Misstatement (ISA 450) – a difference between the amount, classification,

presentation or disclosure of a reported financial statement item and what is
required for that item in accordance with the applicable financial reporting
framework. Misstatements can arise from error or fraud.
Uncorrected misstatements – misstatements that the auditor has accumulated
during the audit and that have not been corrected.

Key Point

The auditor should accumulate all misstatements identified during the audit, other
than those that are clearly trivial.

The auditor must evaluate the effect of adjusted misstatements on the audit and the
effect of uncorrected misstatements on the financial statements. Management's
subsequent adjustment of material errors discovered by the auditor does not bring
the matter to a close. The auditor must consider their effect on audit planning and
the scope, nature, timing and extent of further testing and perform additional
procedures to determine whether misstatements remain.
There are three main categories of misstatement:
1. Factual misstatements about which there are no doubts.
2. Judgemental misstatements – differences arising from the judgements of
management concerning accounting estimates that the auditor considers
unreasonable or the selection or application of accounting policies that the
auditor considers inappropriate.
3. Projected misstatements – the auditor's best estimate of misstatements in
populations based on audit samples (see Chapter 19).

2.2 Essential Procedures

The auditor should determine whether uncorrected misstatements are material,

individually or in aggregate. This assessment should consider the cumulative effect
of misstatements. For example, if useful lives are judged unreasonable, the effect on
current year profit may be immaterial, but accumulated depreciation may be
materially misstated in future.
 Key Points

• The aggregate of uncorrected misstatements must be assessed (as

material or not material) in evaluating the fair presentation of the financial
statements as a whole and each component of the financial statements.
• Appropriate adjustments should be made to ensure that the remaining
aggregate misstatements will not be material.

If the aggregate of misstatements is considered to be material, the auditor must

consider:
• the possibility of further adjustments that management is prepared to make
(management is more likely to adjust for a specific misstatement than a
projected error);
• the effect (if any) on critical points (e.g. profit to loss);
• whether projected errors can be reduced (to bring the aggregate below an
acceptable threshold) by extending audit procedures.
The auditor should discuss with management all misstatements accumulated during
the audit and request appropriate corrections.
Where the misstatements being discussed have been extrapolated, the client may
argue that only the actual errors found should be corrected (which may not be
material). If, after extended audit procedures, the auditor concludes that the
extrapolated aggregate is still material, the effect on the auditor's report must be
considered (see Chapter 30).

2.3 Evaluating Misstatements

Having determined the various materiality levels (see Chapter 10), many auditors
apply the same levels when evaluating misstatements (e.g. if an error is greater than
1% of total assets, it is material).
Another accepted practice is to consider the percentage error of the specific account
balance or transaction (e.g. inventory, depreciation expense). A general rule for this
"evaluation" materiality is:
• less than 5%, unlikely to be material;
• greater than 10%, consider as material; and
• between 5% and 10%, apply judgement and consider the context and nature
of the error before reaching a decision.

Activity 3 Evaluation of Aggregate Misstatement

During an audit, the following errors are discovered:
4. Trade receivables are overstated by $40,000.
5. Inventories are overstated by $58,000.
6. Trade payables are understated by $80,000.
$100,000 is considered to be material.

Required:

Determine the minimum adjustment (if any) that must be made for the
presentation of the financial statement to be evaluated as fair if:
i. all three errors affect profit;
ii. only error (2) affects profit.
*Please use the notes feature in the toolbar to help formulate your answer.
If an individual misstatement is deemed material, it is unlikely that other
misstatements can offset it. For example, if revenue is materially overstated, the
financial statements are materially misstated, even if there is an equivalent
overstatement of expenses.
Some misstatements may be evaluated as material even if they are lower than
materiality for the financial statements as a whole, such as when a misstatement:
• is possibly the result of fraud;
• affects compliance with regulatory requirements, debt covenants, or
contractual requirements;
• relates to the incorrect selection or application of an accounting policy that is
likely to have a material effect on future period financial statements;
• masks a change in earnings or other trends;
• affects ratios used to evaluate the financial position, results of operations or
cash flows;
• increases management compensation.

Key Point

Qualitative aspects of misstatements must also be assessed. For example, for a

classification misstatement, its effect on debt or other contractual covenants, on
individual line items or sub-totals or key ratios.

Material misstatement may also arise in qualitative disclosure (e.g. the omission or
incorrect description of an accounting policy relative to significant items in the
financial statements).
3.0 Introduction

The relevant standard is ISA 720 The Auditor’s Responsibilities Relating to Other
Information.

Definitions

Other information – financial or non-financial information (other than the financial

statements and auditor's report) included in an entity's annual report.
Annual report – a document or combination of documents prepared annually by
management or TCWG to provide owners and stakeholders with information on
the entity's operations, financial results and financial position.

Key Point

The auditor should respond appropriately when the credibility of the financial
statements and the auditor's report could be undermined by other information
included in an annual report.

Examples of other information include:

• report by management or board of directors on operations;
• financial summaries or highlights;
• CSR, environmental and similar reports;
• employment data;
• planned capital expenditures;
• financial ratios;
• names of officers and directors; and
• selected quarterly data.
The auditor does not report on the fair presentation of other information.

3.1 Procedures

• Obtain other information to be issued with the financial statements.

• Read the other information and consider whether:
• there is a material inconsistency between the other information and:
• the financial statements; or
• the auditor's knowledge obtained during the audit; or
• there are material misstatements in other information unrelated to the
financial statements or the auditor's knowledge obtained in the audit.
• Discuss any material inconsistencies (or misstatements) with management to
determine whether:
 • a material misstatement exists in:
• other information; or
• the financial statements; or
• the auditor's understanding of the entity and its environment needs to be
updated (i.e. a material misstatement does not exist).
• If a material misstatement exists, ask management (and, if necessary,
TCWG) to correct it.
• If not corrected before the auditor's report is to be signed (i.e. the other
information is obtained before the date of the auditor's report):
• consider and communicate with TCWG the implications for the auditor's
report; or
• withdraw from the engagement, if possible.
• If the other information was obtained after the date of the auditor's report:
• obtain legal advice; and
• seek to bring the matter to the attention of the users of the auditor's report.

3.2 Reporting

The auditor's report should include a separate section with an appropriate heading
(e.g. "Other Information"), which:
• States that management is responsible for the other information;
• Identifies the other information;
• Describes the auditor's responsibilities for reading and considering the other
information; and
• State that the audit opinion does not cover the other information and that the
auditor does not express an opinion on it.
For the contents of an auditor's report, see Chapter 30.

4.1 Purpose of a Review

Audit evidence includes transactions and events that occur after the reporting date to
address the risks of material misstatement. For example:
• the sale of all inventory of a discontinued product shortly after the reporting
date provides evidence relating to its net realisable value; and
• the receipt of cash from customers after the reporting dates provides evidence
of the recoverability of trade receivables.
However, not all relevant events after the reporting will be identified in the verification
of transactions and balances recognised in the financial statements. Specific
“subsequent events procedures” are therefore required to ensure completeness of
the recognition and disclosure of subsequent events.

4.2 Events after the Reporting Period

Definitions

Events after the reporting period – those events, both favourable and
unfavourable, that occur between the end of the reporting period and the date on
which the financial statements are authorised for issue.
– IAS 10 Events after the Reporting Period
Subsequent events – events occurring between the date of the financial
statements and the date of the auditor's report and facts that become known
after the date of the auditor's report.
– ISA 560 Subsequent Events

4.2.1 Adjusting Events

Examples of adjusting events include:

 • A trade receivable existing at the end of the reporting period that is deemed
irrecoverable after the reporting period.
• Litigation entered into before the end of the reporting period that is settled
after the end of the reporting period.

4.2.2 Non-adjusting Events

Examples of non-adjusting events include the following events occurring after the
end of the reporting period:
• Issue of share capital
• Business combinations (e.g. acquisition of a subsidiary)
• Legal claims
• Changes in the fair value of assets or liabilities (e.g. a fall in the fair value of a
revalued building due to a change in economic conditions).

Activity 4 Adjusting and Non-adjusting Events

You are the trainee accountant of Gabriella Enterprises Co and are preparing the
financial statements for the year ended 30 September 20X1. The financial
statements are expected to be approved in the Annual General Meeting, which is to
be held on Monday, 29 November 20X1. Today’s date is 22 November 20X1. You
have been made aware of the following matters:
7. On 14 October 20X1, a material fraud was discovered by the bookkeeper.
The payables ledger assistant had been diverting funds into a fictitious
supplier bank account set up by the employee, which had been occurring for
the past six months. The employee was immediately dismissed, legal
proceedings against the employee were initiated and the employee’s final
wages were withheld as part‑reimbursement back to the company.
8. On 20 September 20X1, a customer initiated legal proceedings against the
company for a breach of contract. On 29 September 20X1, the company’s
legal advisers informed the directors that it was unlikely the company would
be found liable; therefore, no provision has been made in the financial
statements, but disclosure as a contingent liability has been made. On 29
October 20X1, the court found the company liable on a technicality and is now
required to pay damages amounting to a material sum.
9. On 19 November 20X1, a customer ceased trading due to financial difficulties
owing $2,500. As the financial statements are needed for the board meeting
on 22 November 20X1, you have decided that no adjustment is required
because the amount is immaterial. The auditors have also confirmed that this
amount is immaterial to the draft financial statements.
Required:

For each of the three events above, discuss whether the financial statements
require amendment.
*Please use the notes feature in the toolbar to help formulate your answer.

4.3 Audit Procedures and Impact on Report

The relevant standard is ISA 560 Subsequent Events.

Key Point

The auditor should:

• obtain sufficient, appropriate audit evidence that all events occurring
between the date of the financial statements and the date of the auditor's
report have been appropriately adjusted or disclosed; and
• respond appropriately to facts that become known only after the date of the
auditor's report.

4.3.1 Before Date of Auditor's Report

The auditor has an active responsibility to investigate subsequent events between

the date of the financial statements and the date of the auditor's report.
Review procedures:
• Review and understand management's procedures for identifying
subsequent events.
 • Inquire of management (and TCWG) if they are aware of any subsequent
events that would affect the financial statements.
• Read minutes of meetings of shareholders/board of directors/audit
committees, etc., held after the reporting period end.
• Inquire about matters discussed at meetings for which minutes are not yet
available.
• Read the latest available interim financial statements, budgets, cash flow
forecasts, management reports, etc.
• Review after-date bank ledger accounts and other records for material or
unusual items.
• Inquire of lawyers concerning litigation and claims.
The time between the completion of the final audit stage and the signing of the
auditor's report should be kept to a minimum. If the signing is delayed, further
subsequent review procedures will need to be carried out.
If material events are not reflected in the financial statements and management
refuses to change the statements, the auditor should discuss with TCWG (if not
management) and consider the effect on the audit opinion (e.g. qualified,
disagreement).

Activity 5 Subsequent Events

Following on from Activity 4.

Required:

Describe the audit procedures that should be performed to obtain sufficient

appropriate evidence that the subsequent events have been appropriately
treated in the financial statements.
*Please use the notes feature in the toolbar to help formulate your answer.

4.3.2 After Date of Auditor's Report But Before Financial

Statements Issued
The auditor has no active responsibility to make inquiries or perform further auditing
procedures to discover subsequent events after the original date of the auditor's
report. The auditor's role is passive, only reacting where the auditor becomes aware
of relevant matters.
As agreed in the letter of engagement, management should inform the auditors of
any matters that will affect the financial statements between the date of the auditor's
report and when the financial statements are issued.
Where matters come to the attention of the auditors, the auditors should:
• determine whether the financial statements need amendment;
• discuss with management and TCWG how the matter should be addressed;
and
• take action appropriate in the circumstances.

If financial statements are subsequently released without a new auditor’s report, the
auditor should seek legal advice on the action to be taken to prevent reliance on the
old report. The auditor's work before the issue of the auditor's report is often referred
to as proactive or active work (must be done). Work (if any) which is carried out after
the issue of the report is described as reactive (i.e. only carried out if circumstances
dictate).

4.3.3 After Financial Statements Issued

The auditor has no obligation to make any inquiry. However, if he becomes aware of
a fact that existed at the date of the auditor's report and which, if known at that date,
may have caused the opinion to be modified, the auditor should:
• consider whether the financial statements need revision (revised financial
statements are not examinable);
• discuss the matter with management and TCWG; and
• take appropriate action after seeking legal advice.
Some jurisdictions do not allow the financial statements to be withdrawn after issue.
Others may have specific processes that the auditor must follow.
Syllabus Coverage

This chapter covers the following Learning Outcomes.

E. Review and Reporting

10. Subsequent events

• Explain the purpose of a subsequent events review.
• Explain the responsibilities of auditors regarding subsequent events.
• Discuss the procedures to be undertaken in performing a subsequent events
review
11. Audit finalisation and the final review
• Discuss the importance of the overall review in ensuring that sufficient,
appropriate evidence has been obtained.
• Describe the procedures an auditor should perform in conducting their overall
review of financial statements.
• Explain the significance of uncorrected misstatements.
• Evaluate the effect of dealing with uncorrected misstatements.

Summary and Quiz

• Reviews conducted before signing the auditor's report include day-to-day

reviews, the engagement partner's review and an independent second-partner
review for high-risk clients.
• All critical matters should be documented, especially those involving
judgements and key decisions.
• Analytical procedures are required in the final stage of the audit to assess the
reasonableness of the figures and other data presented.
• The auditor should consider whether any uncorrected misstatements,
individually or in aggregate, are material to the financial statements.
• If the aggregate of uncorrected misstatements is material, further adjustments
will be necessary to ensure that the financial statements are not materially
misstated.
• The auditor should read other information to ensure there are no
inconsistencies or material misstatements of fact. If found, management
should be asked to make corrections.
• Events after the reporting period (IAS 10) occur between the end of the
reporting period and the date the financial statements are authorised for
issue.
 • Adjusting events provide further evidence about conditions existing at the end
of the reporting period.
• Non-adjusting events arise after the end of the reporting period.
• Subsequent events (ISA 560) are events occurring between the date of the
financial statements and the date of the auditor's report and facts which
become known after that date.
• Before the date of the auditor's report, the auditor has an active responsibility
to gather evidence about subsequent events.
• After the date of the auditor's report but before the financial statements are
issued, management is responsible for informing the auditor about
subsequent events.
• After issuing the financial statements, the auditor should consider the
implications for the auditor's report if made aware of subsequent events.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Subsequent events (s.4)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Partner Completion Checklist

• Conclusion:
• Audit has been appropriately controlled, conducted and completed.
• There is sufficient appropriate evidence to support the audit opinion.
• An unmodified opinion can be given, or
• A qualified opinion will be given as detailed on Schedule XX.
• Second partner opinion.
• Confirmation of signing/completion:
• Directors' report and financial statements
• Subsequent events to date of signing
• Auditor's report signed and dated.
• Planning updated and conducted as intended.
• Sufficient appropriate audit evidence to support opinion obtained:
• Audit sections
 • Risk and materiality
• Analytical procedures
• Subsequent events
• Going concern
• Written representations
• Accounting policies and estimates made.
• Compliance
• GAAP checklists
• Law and regulations checklist.
• Partner summary:
• Critical issues
• Errors and deviations
• Analytical procedures
• Draft financial statements
• Report to management
• Second/technical partner review
• Manager:
• Manager review checklist
• Manager review points cleared
• Manager appraisal
• Team appraisals.
• Administration:
• Budget
• Fee note
• Recovery
• Permanent file update
• Points carried forward.

Chapter 29 Quiz
Activity 2 Review of Financial Statements

All of the following points are in addition to the completion of IFRS disclosure
checklists, going concern, subsequent events, other information, etc.
For preprint draft (should be cross-referenced and annotated):
• Agree all current-year balances to trial balance (which should be agreed to
relevant lead schedule).
• Agree all comparatives (including those within notes and disclosures) to prior-
year financial statements.
• Agree all disclosure notes on accounting policies as consistent with the prior
year (unless the policy has changed in which appropriate disclosure should be
made).
• Agree all figures within the notes and disclosures to the audit working papers.
 • Cast all balances.
• Agree all note references within the financial statements to their descriptive
notes within the notes and disclosures.
For the final set of financial statements before the formal approval by directors and
the signing of the auditor's report and the print proof (as produced by the printers):
• Calling over (proofreading) from/to the final draft as sent to the printers.

Activity 3 Evaluation of Aggregate Misstatement

12. All three items affect profit

13. In aggregate, net profit and net current assets are overstated by $178,000 –
which is material. A minimum adjustment of $78,000 is therefore needed. For
example, if the understatement of trade payables is due to liabilities for
purchases having been omitted, and if management are prepared to adjust
the trade payables to correct the $80,000 understatement, the remaining
unadjusted aggregate, $98,000, is less than the materiality limit.
14. Only (2) affects profit
15. The misstatements on receivables and payables must be reflected elsewhere
in the statement of financial position. For example, cash at bank may be
overstated (or bank overdraft understated) if the errors are due to incorrect
cut-off on cash receipts and payments. Therefore, the effect on net assets
and profit is therefore only $58,000 (i.e. not material).
16. However, if the incorrect cut-off (say) was in error, management should be
prepared to adjust for it. (If not, this might raise doubts about whether the
"error" was by accident or design.)
17. Remember that the reasons for the non-adjustment of the uncorrected
misstatements will need to be explained to the audit committee (where such a
committee exists).

Activity 4 Adjusting and Non-adjusting Events

18. Fraud
The fraud committed by the payables ledger clerk has been ongoing during and
beyond the financial year. Fraud and error that occur before the year-end date – but
are only discovered after the year end – are adjusting events. Therefore, the
financial statements would require an amendment to take account of the fraudulent
activity up to the year end.
19. Legal proceedings
At the year end, the company had disclosed a contingent liability. However, after the
year end (29 October 20X1), the court found the company liable for breach of
contract. The legal proceedings were issued on 20 September 20X1 (some 10 days
before the year end). This is, therefore, evidence of a condition that existed at the
year end. IAS 10 requires the result of a court case after the reporting date to be
considered in determining whether a provision should be recognised in accordance
with IAS 37, Provisions, Contingent Liabilities and Contingent Assets at the year end.
In this case, the financial statements will require adjustment because:
• the conditions existed at the year end;
• the recognition criteria for a provision have been met.
20. Loss of customer
A customer ceasing to trade so soon after the reporting period indicates
nonrecoverability of a receivable at the reporting date and is therefore an adjusting
event (IAS 10 Events After the Reporting Period). Assets should not be carried in the
statement of financial position at any more than their recoverable amount and,
therefore, an allowance for receivables should be made.

Activity 5 Subsequent Events

Exam advice

When faced with such an accounting scenario, think about the information that would
prompt an accountant or finance director to return to the year end and retrospectively
amend the financial statements. You could interpret the question as asking, “what
information would I need to justify a provision or disclosure in the financial statements
before making such provision or disclosure?” Your assumed knowledge of IAS 10 should
help you think about the audit evidence you would need to satisfy yourself that the
requirements in IAS 10 have been met and suggest how you would obtain this evidence
for the audit file.
21. Fraud
Fraud risk factors are covered in ISA 240, The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements. The fact that fraud has occurred at
Gabriella Enterprises Co will increase the risk of material misstatement due to fraud.
The audit procedures to be performed to ensure the fraud has been correctly
accounted for in the financial statements may include:
• Recalculation of the amounts involved.
• Discussions with management about how such fraud occurred and why it took
six months to discover it (controls should prevent, detect and correct material
misstatements on a timely basis).
• Establishing how the bookkeeper discovered the fraud and what controls (if
any) contain deficiencies to allow the employee to commit the fraud. Note that
employee fraud usually involves the manipulation of controls, whereas
management fraud often involves the overriding of controls.
• Performing substantive procedures on journal entries (particularly those close
to, or at, the year-end).
• Confirming directly with suppliers the activity on their accounts for the period
under audit.
• Reviewing the purchase invoices and being alert to amended or copy
invoices, and making enquiries about their authenticity.
• A review of human resources files for evidence of disciplinary proceedings
taken against the employee. (This will also confirm compliance with laws and
regulations, particularly in relation to employment legislation and the
withholding of wages.)
• Testing other controls to identify deficiencies that may indicate employee or
management fraud.
• Obtaining written representations from management concerning the fraud.
• Reviewing after-date cash receipts for any reimbursements by the employee.
• Discussions with the entity’s legal advisers about the possibility of
reimbursement of the balance of the misappropriated funds.
22. Legal proceedings
• Obtaining a copy of the court order or other correspondence confirming the
company has been found liable to pay compensation to its customer.
• Reviewing after-date cash payments to confirm payment to the customer.
• Confirming that a provision has been recognised (as opposed to disclosure as
a contingent liability) in accordance with IAS 37, Provisions, Contingent
Liabilities and Contingent Assets.
• Agreeing that the amount of the provision is reasonable in relation to the
outcome of the court case.
• Obtaining written representation from management to confirm the treatment of
the provision.
23. Loss of customer
• Discuss with management the reason for not adjusting the irrecoverable
receivable.
• As the auditor has already agreed that this amount is immaterial to the
financial statements, it should be included on an “audit error schedule”. If this
amount remains immaterial at the completion stage, both individually and
when aggregated with other misstatements, the auditor can still express an
unmodified opinion (see Chapter 30).
Chapter 30: The Independent Auditor's
Report

Visual Overview

Objective: To explain the contents of an independent auditor's report and the

expression of an opinion on financial statements.

1.1 Forming and Expressing an Opinion

Key Point

The auditor's objectives are:

• To form an opinion on the financial statements based on an evaluation of
the conclusions drawn from the audit evidence obtained; and
• To express clearly that opinion through a written report which also
describes the basis for that opinion.
In forming an opinion, the auditor's considerations of the financial statements
include:
• sufficient appropriate evidence obtained;
• uncorrected misstatements are not collectively or individually material;
• prepared in accordance with the financial reporting framework (e.g. IFRS
Standards);
• adequate disclosure of significant accounting policies selected and applied;
• accounting policies are consistent with the financial reporting framework and
statutory requirements;
• accounting estimates are reasonable;
• information presented is relevant, reliable, comparable and understandable;
• adequate disclosures of all material matters have been made;
• terminology used is appropriate;
• overall presentation, structure and content achieve a fair presentation; and
• underlying transactions and events are presented in a manner which achieves
a fair presentation.

1.2 Content Elements (ISA 700)

The content elements in ISA 700 Forming an Opinion and Reporting on Financial
Statements are summarised as follows
Note that the auditor’s responsibilities section, which can be extensive, may be
included:
• in the report or a referenced appendix; or
• by a specific reference to a website of an appropriate authority, if permitted
Title • For example, "Independent
auditor's report …"

Addressee • For example, "...to the

shareholders of..."

Audit Opinion • Identify the entity

• State that the financial
statements have been audited
• Identify each statement
comprising the financial
statements
• Refer to the notes, including
significant accounting policies
 • Specify the date of or period
covered by each financial
statement
• Identify the financial reporting
framework (e.g. IFRS)
• Refer to "present fairly, in all
material respects" (or "true and
fair view") in accordance with ...
[financial reporting framework]

Basis for Opinion • State audit was conducted in

accordance with ISAs/ applicable
laws
• Refer to the section describing
auditor's responsibilities under
ISAs
• State that the auditor is
independent and meets the
requirements of the IESBA Code
• State whether sufficient and
appropriate audit evidence has
been obtained to provide a basis
for the audit opinion

Going Concern • Where applicable, report in

accordance with ISA 570 Going
Concern (see Chapter 31)

Key Audit Matters • Describe each key audit matter

in accordance with ISA 701 (see
s.2)

Other Information • Identify the other information,

describe management's and the
auditor's responsibilities, and
state that the auditor does not
express an opinion on the other
information.

Responsibilities of Management and • Describe management's

Those Charged with Governance for responsibility for:
the Financial Statements • preparing the financial
statements
• internal controls
• matters relating to going concern
 • Identify those responsible for the
oversight of the financial
reporting process

Auditor's Responsibilities for the • State the objectives of the

Audit of the Financial Statements auditor:
• to obtain reasonable assurance
whether the financial statements
as a whole are free from material
misstatement
• to issue a report that includes the
audit opinion
• State meaning of "reasonable
assurance"
• State how misstatements can
arise (fraud or error) and, if
material, influence the economic
decisions of users
• Provide a definition or
description of materiality in
accordance with the applicable
financial reporting framework
• State that the auditor exercises
professional judgement and
maintains professional
scepticism
• Describe the audit:
• identifying and assessing risks of
material misstatement
• designing and performing audit
procedures
• obtaining audit evidence
• evaluating internal controls
• concluding on the use of the
going concern basis
• evaluating "fair presentation"
• State that the auditor
communicates with those
charged with governance
regarding, among other matters,
the planned scope and timing of
the audit and significant audit
findings, including any significant
deficiencies in internal control
 • State the matters communicated
to those charged with
governance

Name of Engagement Partner • Include for the audits of general

Auditor's Address and Signature purpose financial statements of
listed entities (unless there is a
significant personal security
threat)
• Firm's name and/or the personal
name
• Signature of the auditor
• Location in the jurisdiction where
the auditor practices

Date of the Auditor's Report • Not earlier than the date of audit
completion or signing of the
financial statements

1.3 Modified Opinion

Key Point

• The audit opinion will be either unmodified ("clean") or modified.

• The forms of modified opinion are:
• Qualified "except for";
• Adverse opinion; and
• Disclaimer of opinion.
• The inclusion of an additional Emphasis of Matter or Other Matter
paragraph (s.4) or the inclusion of a Material Uncertainty Relating to Going
Concern section (see Chapter 31) in the auditor's report does not modify
the opinion.

2.1 ISA 701

The relevant standard is ISA 701 Communicating Key Audit Matters in the
Independent Auditor's Report.
 Definition

Key audit matters (KAM) – those matters that, in the auditor's professional
judgement, were of most significance in the audit of the financial statements of the
current period. They are selected from matters communicated with TCWG.

Key Point

Inclusion of KAM in the auditor's report is a requirement for listed companies.

2.2 Purpose

Communication of key audit matters (KAM) enhances the auditor's report by

providing greater transparency about the audit performed.
The KAM section is not a separate opinion on individual matters and is not a
substitute for:
• disclosures that are required to achieve fair presentation;
• expressing a modified opinion (ISA 705 applies);
• reporting on going concern (ISA 570 applies); or
• issuing a separate opinion on individual matters.
When the auditor disclaims an opinion, KAM should not be included in the auditor's
report unless required by law or regulation.

2.3 Determining and Communicating

2.3.1 Determining
KAM are generally those that required significant auditor attention in performing the
audit, for example:
• Areas of higher assessed risk of material misstatement or significant risks;
• Significant auditor judgements relating to significant management judgement
(e.g. accounting estimates having high estimation uncertainty); and
• The effect on the audit of significant events or transactions during the period.
2.3.2 Communication to Users
To communicate KAM to users:
• The introduction to the "Key Audit Matters" section should state the matters:
• are those that, in the auditor's professional judgement, were of most
significance in the audit; and
 • were addressed in the context of the audit of the financial statements and the
auditor does not provide a separate opinion on these matters.
• Each KAM is described in a separate section using an appropriate
subheading.
• Each KAM should be referenced to any related disclosures and address:
• why it was considered to be significant; and
• how it was addressed in the audit.
• Details may include:
• aspects of the auditor's response to the assessed risk;
• a brief overview of procedures performed;
• an indication of the outcome of audit procedures; and
• key observations concerning the matter.

Exam advice

If asked to describe the content of a KAM section, your answer should consider:
• what the issue is;
• why it is considered a KAM; and
• how it was addressed during the audit.

Exhibit 1 Inventory Allowances

The following is based on the independent auditor’s report on the financial

statements of Marks and Spencer Group plc2022:
Key Audit Matter Description
As at 2 April 2022, the Group held UK Clothing & Home inventories of £458.6
million (2021:£430.6 million) ….
In 2020 the Group recognised an inventory write-down of £157.0 million (of which
£145.3 million related to UK Clothing & Home inventory) …
In the prior period the Group recorded a net reversal of the inventory impairment of
£90.8 million (£101.6 million relating to UK Clothing & Home inventory).
In this period the Group has reversed or utilised the remaining Covid-19 allowance
of £18.6 million …
As described in the Accounting Policies in note 1 to the financial statements,
inventories are carried at the lower of cost and net realisable value. As a result,
judgement is applied in determining the appropriate allowances required for
obsolete inventory and inventory expected to be sold below cost based upon a
detailed analysis of old season inventory and forecast net realisable value based
upon plans for inventory to go into sale. We consider the assessment of inventory
allowances within UK Clothing & Home to require the most judgement due to
historical trading performance and the quantum of gross inventory
 How the Scope of Our Audit Responded to the Key Audit Matter
In responding to the identified key audit matter, we completed the following audit
procedures:
→ Obtained an understanding of relevant controls relating to inventory
management and the review and approval of the inventory allowance;
→ Assessed the validity, accuracy and completeness of the information used by
management in computing the allowance;
→ Assessed the mechanical accuracy and logic of the models underpinning the
respective allowances;
→ Understood the changes in the methodology and challenged the
appropriateness thereof;
→ Challenged and validated the key assumptions applied by management in
estimating the allowance by performing enquiries of buyers and merchandisers,
considering the current purchasing strategy and ranging plans, assessed the
historical accuracy of forecasting inventory to be subject to a future discount;
→ Tested the accuracy of the process used by management to identify potentially
impaired inventory across a representative sample of individual product lines; and
→ Assessed the completeness and accuracy of disclosures within the financial
statements in accordance with IFRS.

2.3.3 Communication with Those Charged with Governance

ISA 260 (see Chapter 13) requires the auditor to communicate with TCWG on a
timely basis.
• Preliminary views on potential KAM based on the auditor's experience may be
discussed with the planned scope and timing of the audit.
• As the audit progresses, the auditor determines KAM from those matters
already discussed with TCWG and finalises their inclusion in the auditor's
report.

3.1 Circumstance

An unmodified opinion is the expression of the auditor's conclusion that the financial
statements have been prepared, in all material respects, with the applicable financial
reporting framework.
3.2 Sample Auditor’s Report

INDEPENDENT AUDITOR’S REPORT

To the Shareholders of ABC Company [or Other Appropriate Addressee]
Report on the Audit of the Financial Statements
Opinion
We have audited the financial statements of ABC Company (the Company), which
comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement
of cash flows for the year then ended, and notes to the financial statements,
including a summary of significant accounting policies.
In our opinion, the accompanying financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of the Company as at
December 31, 20X1, and (of) its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing
(ISAs). Our responsibilities under those standards are further described in the
Auditor’s Responsibilities for the Audit of the Financial Statements section of our
report. We are independent of the Company in accordance with the International
Ethics Standards Board for Accountants’ Code of Ethics for Professional
Accountants (IESBA Code) together with the ethical requirements that are relevant
to our audit of the financial statements in [jurisdiction], and we have fulfilled our other
ethical responsibilities in accordance with these requirements and the IESBA Code.
We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our opinion.
Key Audit Matters
Key audit matters are those matters that, in our professional judgement, were of
most significance in our audit of the financial statements of the current period. These
matters were addressed in the context of our audit of the financial statements as a
whole, and in forming our opinion thereon, and we do not provide a separate opinion
on these matters
[Description of each key audit matter in accordance with ISA 701]
Other Information [Add detail in accordance with ISA 720]
Responsibilities of Management and Those Charged with Governance for the
Financial Statements
Management is responsible for the preparation and fair presentation of the financial
statements in accordance with IFRSs, and for such internal control as management
determines is necessary to enable the preparation of financial statements that are
free from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters
related to going concern and using the going concern basis of accounting unless
management either intends to liquidate the Company or to cease operations, or has
no realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s
financial reporting process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error, and to issue an auditor’s report that includes our opinion. Reasonable
assurance is a high level of assurance, but is not a guarantee that an audit
conducted in accordance with ISAs will always detect a material misstatement when
it exists. Misstatements can arise from fraud or error and are considered material if,
individually or in the aggregate, they could reasonably be expected to influence the
economic decisions of users taken on the basis of these financial statements.
As part of an audit in accordance with ISAs, we exercise professional judgement and
maintain professional scepticism throughout the audit. We also:
• Identify and assess the risks of material misstatement of the financial
statements, whether due to fraud or error, design and perform audit
procedures responsive to those risks, and obtain audit evidence that is
sufficient and appropriate to provide a basis for our opinion. The risk of not
detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional
omissions, misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to
design audit procedures that are appropriate in the circumstances, but not for
the purpose of expressing an opinion on the effectiveness of the Company’s
internal control.
• Evaluate the appropriateness of accounting policies used and the
reasonableness of accounting estimates and related disclosures made by
management.
• Conclude on the appropriateness of management’s use of the going concern
basis of accounting and, based on the audit evidence obtained, whether a
material uncertainty exists related to events or conditions that may cast
significant doubt on the Company’s ability to continue as a going concern. If
we conclude that a material uncertainty exists, we are required to draw
attention in our auditor’s report to the related disclosures in the financial
statements or, if such disclosures are inadequate, to modify our opinion. Our
conclusions are based on the audit evidence obtained up to the date of our
auditor’s report. However, future events or conditions may cause the
Company to cease to continue as a going concern.
 • Evaluate the overall presentation, structure and content of the financial
statements, including the disclosures, and whether the financial statements
represent the underlying transactions and events in a manner that achieves
fair presentation.
We communicate with those charged with governance regarding, among other
matters, the planned scope and timing of the audit and significant audit findings,
including any significant deficiencies in internal control that we identify during our
audit.
We also provide those charged with governance with a statement that we have
complied with relevant ethical requirements regarding independence, and to
communicate with them all relationships and other matters that may reasonably be
thought to bear on our independence, and where applicable, related safeguards.
From the matters communicated with those charged with governance, we determine
those matters that were of most significance in the audit of the financial statements
of the current period and are therefore the key audit matters. We describe these
matters in our auditor’s report unless law or regulation precludes public disclosure
about the matter or when, in extremely rare circumstances, we determine that a
matter should not be communicated in our report because the adverse
consequences of doing so would reasonably be expected to outweigh the public
interest benefits of such communication.
The engagement partner on the audit resulting in this independent auditor’s report is
[name].
[Signature in the name of the audit firm, the personal name of the auditor, or both, as
appropriate for the particular jurisdiction]
[Auditor Address]
[Date]
The description of the auditor’s responsibilities (as shaded in the example above)
may be included in a referenced appendix to the auditor’s report or by a specific
reference to a website of an appropriate authority, where the auditor is permitted to
do so.

4.1 Distinction

The relevant standard is ISA 706 Emphasis of Matter Paragraphs and Other Matter
Paragraphs in the Independent Auditor's Report.
The difference between the two paragraphs is that the Emphasis of Matter must
refer to a matter presented in the financial statements but the Other Matter
paragraph concerns matters not presented or disclosed in the financial statements.
Neither paragraph affects the audit opinion.
 Key Point

The users' attention is drawn to:

•
a matter, although appropriately presented or disclosed in the financial
statements, that is of such importance that it is fundamental to their
understanding of the financial statements; or
• as appropriate, any other matter relevant to their understanding of the audit,
the auditor's responsibilities or the auditor's report.
Emphasis of Matter and Other Matter paragraphs do not include matters disclosed
as Key Audit Matters.

4.1.1 Emphasis of Matter Paragraph

An Emphasis of Matter paragraph is an additional section in an auditor’s report that:

• Is headed "Emphasis of Matter," or other appropriate heading (e.g. "Emphasis
of Matter Concerning … ").
• Must include a clear reference to the matter being emphasised and where
relevant disclosures that describe the matter in sufficient detail can be found
in the financial statements.
• States that the audit opinion is not modified in respect of the matter
emphasised.

Key Points

Reference to a note is essential. If the auditor had to "make good" a lack of

disclosure in the auditor's report, the omission would be grounds for qualification.
When the opinion is modified, an Emphasis of Matter can be included regarding
an unrelated matter.

4.1.2 Other Matter Paragraph

An Other Matter paragraph is an additional section in an auditor’s report that:

• Is headed "Other Matter," or other appropriate heading (e.g. "Other Matter On
… ")
• Must clarify that the other matter is not required to be presented and disclosed
in the financial statements.
• Should not include:
• matters that the auditor is prohibited from including by law;
• information that is required to be given by management.
4.2 Placement

The placement of an Emphasis of Matter or Other Matter paragraph depends on the

nature of the information to be communicated and the auditor's judgement as to its
relative significance. For example:
• Immediately following the Basis of Opinion paragraph, if the emphasis relates
to the applicable financial reporting framework;
• Before or after Key Audit Matters depending on the relative significance of the
information in the Emphasis of Matter paragraph.

4.3 Circumstances When Used

4.3.1 Emphasis of Matter Paragraph

ISAs containing requirements for an Emphasis of Matter paragraph under certain

circumstances are ISA 210 Agreeing the Terms of Engagement and ISA 560
Subsequent Events.
Examples of use include:
• Significant uncertainty (other than going concern), the resolution of which on
future events that are not under the direct control of entity and may affect the
financial statements (e.g. litigation or regulatory action).
• Early application (where allowed) of a new accounting standard that has a
pervasive effect.
• A major catastrophe that has had, or continues to have, a significant effect on
the entity's financial position.

Key Point

Material uncertainties related to going concern are reported in a separate section

of the auditor's report (see Chapter 31).

4.3.2 Other Matter Paragraph

Some ISAs include requirements for an Other Matter paragraph in very limited
circumstances.
Examples of use include:
 • Material matters that do not affect the financial statements, but to which the
auditor needs to draw the users’ attention to them.
• Where the auditor wishes to withdraw from an engagement (e.g. because of
the limitations placed on them by management) but cannot do so because of
law.
• To describe additional statutory reporting responsibilities.

Example 1 Emphasis of Matter and Other Matter Paragraphs

Opinion
We have audited the financial statements ... (standard wording)
Basis for Opinion
We conducted our audit ... (standard wording)
Emphasis of Matter
We draw attention to Note X of the financial statements, which describes the
effects of a fire in the Company's production facilities. Our opinion is not modified
in respect of this matter.
Key Audit Matters
Key audit matters are those matters ... (standard wording)
Other Matter
The financial statements of ABC Company for the year ended December 31,
20X0, were audited by another auditor who expressed an unmodified opinion on
those statements on March 31, 20X1.
Responsibilities of Management ... (standard wording)

Key Point

A new auditor is not required to refer to the auditor of the prior year's financial
statements but, if allowed by law, may do so in an Other Matter paragraph.

5.0 ISA 705

The relevant standard is ISA 705 Modifications to the Opinion in the Independent
Auditor's Report.
5.1 Circumstances

Key Point

The auditor modifies the audit opinion when:

• he concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or
• he is unable to obtain sufficient appropriate audit evidence to conclude that
the financial statements as a whole are free from material misstatement.

5.2 Basis for Modified Opinion

To explain the basis for the modification, additional information must be given:

Basis for modified opinion • Separate heading and section

after the Opinion section
explains the reasons for the
modification. This will include the
quantitative and qualitative
aspects of the material
misstatements.

Auditor's responsibility • Where there is a material and

pervasive lack of appropriate
audit evidence, the auditor is
unable to conduct an audit in
accordance with ISAs. This must
be made clear in the auditor's
responsibility section.

5.3 Standard Forms

Definition

Pervasive−effects on the financial statements which, in the auditor's judgement:

i. Are not confined to specific elements, accounts or items of the financial
statements;
 ii. If so confined, represent or could represent a substantial proportion of the
financial statements; or
iii. In relation to disclosures, are fundamental to users' understanding of the
financial statements.

Qualified opinion ("except for") • The auditor concluded (i.e.

obtained sufficient appropriate
evidence) that misstatements are
material but not pervasive.
• The auditor was unable to obtain
sufficient appropriate evidence
and possible effects of
undetected misstatements could
be material but not pervasive.
The audit opinion concludes that
“except for”the possible effects of the
specific matter(s), the financial
statements are presented fairly, in all
material respects.

Adverse opinion • Misstatements, individually or in

aggregate, are both material and
pervasive.
The audit opinion conclude that the
financial statements do not give a true
and fair view.

Disclaimer of opinion • The possible effect of lack of

evidence is both material and
pervasive such that sufficient
evidence has not been obtained
as a basis for expressing an
opinion.
• In extremely rare circumstances
involving multiple uncertainties,
the auditor concludes that it is
not possible to form an opinion
on the financial statements due
to their potential interaction and
possible cumulative effects
(despite having sufficient
appropriate audit evidence
regarding each uncertainty).
 The auditor does not express an
opinion on the financial statements in
the auditor’s report.

5.4 Summary

Activity 1 Modified Opinions

Smith & Co encountered the following situations in four audits.

Required:

For each situation:

 a. Indicate the grounds for modification of the audit opinion (i.e. whether
there is a misstatement of the financial statements or a lack of
evidence); and
b. State the type of opinion to be expressed.
1. GoDo's accounting policy is to value tangible assets using the revaluation
model. Smith & Co's audit work revealed that only certain items of equipment
were revalued during the year, while other items were not revalued and
reported at cost less accumulated depreciation. Smith & Co determined that
the revaluation of the other items would result in a material revaluation loss.
GoDo refused to recognise the additional revaluation loss in the financial
statements.
2. Make Stuff Co's inventory is held by third parties. During the audit, Make Stuff
refused to provide Smith & Co with the names and locations of these third
parties. Smith & Co could not apply alternative procedures to verify the
existence of inventory. Make Stuff's inventory balance is material to the
financial statements.
3. Smith & Co was hired to be the auditor of Saltfire well after the entity's
reporting date. As a result, confirmation of Saltfire's accounts receivable was
not feasible in the audit timeframe. Smith & Co attempted to perform
alternative procedures, but these were not effective. Saltfire's accounts
receivable are material.
4. Although Up Co appointed Smith & Co to audit its IFRS financial statements,
Up's management has refused to prepare a statement of cash flows.
Management has also refused to include the required disclosures for revenue,
intangible assets and contingent liabilities in the notes to the financial
statements.

5.5 Sample Standard Opinions

5.5.1 Materially Misstated but Not Pervasive – Qualified Opinion

Qualified Opinion
We have audited ... (standard wording).
In our opinion, except for the effects of the matter described in the Basis for Qualified
Opinion section of our report, the financial statements ... (standard wording).
Basis for Qualified Opinion
The company's inventories are carried in the statement of financial position at $x.
Management has not stated the inventories at the lower of cost and net realisable
value but has stated them solely at cost, which constitutes a departure from IFRSs.
The company's records indicate that had management stated the inventories at the
lower of cost and net realisable value, an amount of $x would have been required to
write the inventories down to their net realisable value. Accordingly, cost of sales
would have been increased by $x, and income tax, net income and shareholders'
equity would have been reduced by $x, $x and $x, respectively.

5.5.2 Materially Misstated and Pervasive – Adverse Opinion

Adverse Opinion
We have audited ... (standard wording).
In our opinion, because of the significance of the matter discussed in the Basis for
Adverse Opinion section of our report, the accompanying consolidated financial
statements do not present fairly ... (standard wording).
Basis for Adverse Opinion
As explained in Note X, the company has not consolidated the financial statements
of subsidiary XYZ Company that it acquired during 20X1 because it has not yet been
able to ascertain the fair values of certain of the subsidiary's material assets and
liabilities at the acquisition date. The investment is accounted for on a cost basis by
the company. Under IFRSs, the subsidiary should have been consolidated because
it is controlled by the company. Had XYZ Company been consolidated, many
elements of the accompanying consolidated financial statements would have been
materially affected. The effects on the consolidated financial statements of the failure
to consolidate have not been determined.

5.5.3 Lack of Sufficient Appropriate Evidence – Qualified Opinion

Qualified Opinion
We have audited ... (standard wording).
In our opinion, except for the possible effects of the matter described in the Basis for
Qualified Opinion section of our report, the financial statements ... (standard
wording).
Basis for Qualified Opinion
ABC Company's investment in XYZ Company, a non-listed associate acquired
during the year and accounted for by the equity method, is carried at x on the
statement of financial position as at 31 December 20X1, and ABC's share of XYZ's
net income of x is included in ABC's income for the year then ended.
We were unable to obtain sufficient appropriate audit evidence about the carrying
amount of ABC's investment in XYZ as at 31 December 20X1, and ABC's share of
XYZ's net income for the year because we were denied access to the financial
information, management and the auditors of XYZ. Consequently, we were unable to
determine whether any adjustments to these amounts were necessary.
Another example of lack of evidence arises when the auditor is unable to observe a
physical inventory count at the reporting date and the company's records do not
permit adequate alternative tests of inventory quantities (e.g. using "roll-back" of
sales and purchases after the year end and analytical procedures).

5.5.4 Pervasive Lack of Sufficient Appropriate Evidence –

Disclaimer of Opinion

Disclaimer of Opinion
We were engaged to audit ... (note the change of wording from "We have audited" to
"We were engaged to audit". Remainder of the paragraph is standard wording.)
We do not express an opinion on the accompanying financial statements of ABC
Company.
Because of the significance of the matters described in the Basis for Disclaimer of
Opinion section of our report, we have not been able to obtain sufficient appropriate
audit evidence to provide a basis for an audit opinion on these financial statements.
Basis for Disclaimer of Opinion
We were not appointed as auditors of the company until after 31 December 20X1,
and thus did not observe the counting of physical inventories at the beginning and
the end of the year. We were unable to satisfy ourselves by alternative means
concerning the inventory quantities held at 31 December 20X0 and 20X1, which are
stated in the statement of financial position at x and x, respectively. In addition, the
introduction of a new computerised accounts receivable system in September 20X1
resulted in numerous errors in accounts receivable. As of the date of our auditor's
report, management was still in the process of rectifying the system deficiencies and
correcting the errors. We were unable to confirm or verify by alternative means
accounts receivable included in the statement of financial position at a total amount
of x as at 31 December 20X1. As a result of these matters, we were unable to
determine whether any adjustments might have been found necessary in respect of
recorded or unrecorded inventories and accounts receivable, and the elements
making up the statement of comprehensive income, statement of changes in equity
and cash flow statement.
Responsibilities of Management and Those Charged with Governance for the
Financial Statements
(standard wording)
Auditor's Responsibilities for the Audit of the Financial Statements
Our responsibility is to conduct an audit of the Company's financial statements in
accordance with International Standards on Auditing and to issue an auditor's report.
However, because of the matter described in the Basis for Disclaimer of Opinion
section of our report, we were not able to obtain sufficient appropriate audit evidence
to provide a basis for an audit opinion on these financial statements.
 Key Point

No KAM sections will be included as an audit has not been carried out.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

E. Review and Reporting

5. The Independent Auditor's Report

• Identify and describe the basic elements contained in the independent
auditor's report.
• Explain unmodified audit opinions in the auditor's report.
• Explain the circumstances in which a modified audit opinion may be issued in
the auditor's report.
• Explain the impact on the auditor’s report when a modified opinion is issued.
• Describe the format and content of key audit matters, emphasis of matter and
other matter paragraphs.

Summary and Quiz

• An auditor's report includes:

• Title
• Address
• Audit Opinion
• Basis for Opinion
• Going Concern
• Key Audit Matters
• Responsibilities of Management and Those Charged with Governance
• Auditor's Responsibilities for the Audit of the Financial Statements
• Name of the Engagement Partner
• Auditor's Address and Signature
• Date of the Auditor's Report
• Key Audit Matters are matters that were of the most significance in the current
period audit in the auditor's judgment.
 • A "modified opinion" means that the audit opinion is other than unmodified
(i.e. qualified, adverse or disclaimed).
• "Emphasis of Matter" and "Other Matter" paragraphs do not affect the audit
opinion.
• An "Emphasis of Matter" paragraph draws attention to a matter which is
appropriately presented or disclosed in the financial statements but is
fundamental to the users' understanding of the financial statements.
• An "Other Matter" paragraph draws attention to a matter which is not
presented or disclosed in the financial statements but is relevant to the users'
understanding of the audit, the auditor's responsibilities or the auditor's report.
• If the financial statements are not free of material misstatement due to the use
of an inappropriate accounting method or inadequate disclosure, the auditor
will issue:
• A qualified opinion if the matter is material but not pervasive.
• An adverse opinion if the matter is material and pervasive.
• When the auditor is unable to obtain sufficient appropriate audit evidence to
conclude that the financial statements are free from material misstatement, he
will issue:
• A qualified opinion if the limitation is material but not pervasive
• A disclaimer of opinion if the limitation is material and pervasive.

Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• The auditor's report (s.2 and s.4)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Modified Opinions

6. GoDo
c. Misstatement
d. GoDo has inappropriately applied the revaluation method. IAS 16 Property,
Plant and Equipment requires the revaluation model to be applied to all assets
in the same class.
e. Qualified "Except for" Opinion
f. The misstatement due to the misapplication of the revaluation method is
material, but it is not pervasive.
7. Make Stuff
g. Lack of evidence
h. Smith & Co's inability to count the third-party inventory is a lack of evidence
imposed by the client.
i. Qualified "Except for" Opinion
j. Inventory is a material balance, but it is not pervasive (unless the auditor
believes that the client-imposed scope limitation has implications for the
auditor's ability to gather evidence in other audit areas). Withdrawal from the
engagement may be appropriate for a client-imposed scope limitation.
8. Saltfire
k. Lack of evidence
l. Smith & Co's inability to confirm accounts receivable results in a lack of audit
evidence. This lack of evidence was imposed by the circumstances (i.e. the
late engagement of Smith & Co).
m. Qualified "Except for" Opinion
n. Accounts receivable is a material balance, but it is not pervasive.
9. Up Co
o. Misstatement
p. Management's refusal to prepare a statement of cash flows in accordance
with IAS 7 and various disclosures required by IFRS gives rise to
misstatement due to inadequate disclosure.
q. Adverse
r. Refusal to provide a statement of cash flows and multiple disclosures is
material and pervasive.
Chapter 31: Going Concern

Visual Overview

Objective: To explain the auditor's responsibilities for the going concern assumption
used to prepare financial statements.

1.1 Going Concern Assumption

1.1.1 Significance

Definitions
 Going concern – an entity that will continue to operate for the foreseeable future
and has neither the intention nor the need to liquidate or significantly reduce the
scale of its operations.
Foreseeable future – a period of at least, but not limited to, 12 months from the
end of the reporting period.

Financial statements should be prepared based on the assumption that an entity will
continue to operate as a going concern, unless that basis is inappropriate.

1.1.2 Disclosure Requirements

Going concern is the only assumption that underlies the basis of preparation of all
published financial statements according to the Conceptual Framework for Financial
Reporting.
Material uncertainties that cast significant doubt on going concern should therefore
be disclosed in accordance with IAS 1 Presentation of Financial Statements.

Definition

Material uncertainty – an uncertainty related to events or conditions which may

cast significant doubt on the entity's ability to continue as a going concern.

Key Point

If an entity is not a going concern, the financial statements should be prepared

using a different basis and the entity should disclose:
• that the going concern basis was not used;
 • the basis of preparation (e.g. a "break-up" basis); and
• why the entity is not considered a going concern.

Because of the financial reporting implications:

• management must assess the entity's ability to continue as a going concern;
and
• the auditor must perform specific audit procedures related to management's
assessment and the entity's ability to continue as a going concern.

Key Points

• Management’s assessment must take into account all available information

about the future, which is at least 12 months from the end of the reporting
period.
• Where management is aware that material uncertainties exist, the financial
statements must disclose those uncertainties.

1.2 Management's Responsibility

IAS 1 requires management to assess the entity's ability to continue as a going

concern. Where a financial reporting framework does not explicitly state that
responsibility, it is implied because going concern is a fundamental principle.
When making the going concern assessment, management should consider all
available information about the future, even though there is inherent uncertainty
related to future events or conditions.
When an entity has a history of profitable operations and access to sufficient
financial resources, management may conclude that the going concern basis is
appropriate without detailed analysis.
In some cases, management may need to perform a detailed analysis to make its
going concern assessment. In such cases, management should consider various
factors to determine whether the going concern basis is appropriate. For example:
• current and expected profitability;
• debt repayment requirements; and
• sources of finance.
1.3 Auditor's Responsibilities

The relevant standard is ISA 570 Going Concern.

Key Point

The auditor's objectives are:

• To obtain sufficient appropriate audit evidence that the going concern basis
is appropriate;
• To conclude, based on the audit evidence obtained, whether a "material
uncertainty" exists; and
• To determine the implications for the auditor's report.

Definition

Material uncertainty – an uncertainty related to events or conditions which may

cast significant doubt on the entity's ability to continue as a going concern.

The auditor should consider whether:

• the period used by management to make its assessment is adequate (i.e. at
least 12 months from the date of the financial statements);
• management included in its assessment all relevant information found by the
auditor during the audit.
The auditor's evaluation of management's assessment may include:
• an evaluation of management's assessment process;
• the assumptions used in the assessment;
• management's plan for future action; and
• whether management's plans are feasible in the circumstances.

Key Point

It is not the auditor's responsibility to rectify a lack of analysis by management. If

the auditor concludes that management’s use of the going concern basis is
inappropriate, the auditor must express an adverse opinion.

2.1 Risk Assessment

 Key Point

When performing risk assessment procedures, the auditor must consider whether
events or conditions exist which could cast significant doubt on the entity's ability
to continue as a going concern.

Management may already have made a preliminary assessment of going concern

issues and plans to address them. For example:
• raise capital;
• increase borrowings;
• restructure debt;
• defer capital expenditure or put research and development projects on hold;
or
• liquidate assets.
If so, the auditor should understand and assess the process used by management,
including discussions with TCWG.
If not, the auditor should discuss with management the basis for the intended use of
the going concern assumption and make enquiries to determine it is appropriate.

2.2 Indicators of Significant Doubt

The following are examples of events or conditions (“indicators”) that, individually or

collectively, may cast significant doubt on an entity’s ability to continue as a going
concern.

2.2.1 Financial Indicators

• Net liability/net current liability position.

• Fixed-term borrowings approaching maturity without realistic prospects of
renewal or repayment.
• Withdrawal of financial support (e.g. bank “calls in” a loan or suppliers
withdraw credit terms and demand cash-on-delivery).
• Negative operating cash flows (current or prospective).
• Excessive reliance on short-term borrowings to finance long-term assets.
• Adverse key financial ratios (e.g. liquidity ratio).
• Substantial operating losses.
• Significant deterioration in the value of assets used to generate cash flows.
• Arrears or discontinuance of dividends.
• Inability to pay creditors on due dates.
 • Difficulty in complying with the terms of loan agreements.
• Inability to obtain financing for essential new product development or other
essential investments (e.g. to meet new regulations).

2.2.2 Operational Indicators

• Management intends to cease operations.

• Loss of key management without replacement.
• Loss of a major market, franchise, licence or principal supplier.
• Labour difficulties.
• Shortages of essential supplies.
• Emergence of a highly successful competitor.

2.2.3 Other Indicators

• Non-compliance with capital or other statutory requirements.

• Pending legal proceedings against the entity, which may, if successful, result
in judgments that could not be met.
• Changes in legislation or government policy.
• Uninsured (underinsured) catastrophes.
The smaller the entity, the more critical some of the indicators may be (e.g. a small
company may not be able to recover from or find alternatives to the loss of bank
support, a key supplier, key employee or a major customer). In addition, its existence
may be entirely dependent on one or a group of directors.

2.3 Mitigating Factors

Going concern indicators may be mitigated by other factors. For example:

• Management's plans to maintain adequate cash flows by alternative means;
for instance:
• disposal of assets;
• rescheduling of loan repayments; or
• obtaining additional capital.
• Availability of a suitable alternative source of supply to cover the loss of a
principal supplier.
• Management’s intention to continue to support the business financially
(usually for small companies and would require written representation).
The auditor must assess the feasibility of all plans and alternatives and the likelihood
of improving the situation (e.g. selling assets to improve cash flows may reduce
production capacity, adding to going concern difficulties).

Definition

"Close-call" scenario – identified events or conditions that may cast significant

doubt on an entity's ability to continue as a going concern exist, but on balance,
after much analysis, it is concluded that management’s mitigating plans are just
about sufficient.

3.0 Introduction

Key Point

The auditor should keep alert during the audit for events and conditions which
would affect going concern and, if identified:
• perform additional procedures; and
• reassess components of audit risk, as necessary, (e.g. inherent risk
assessed at 100% cannot be increased).

3.1 Sources of Information

Sources of information relevant to the going concern basis include:

• Client's system for timely identification of warnings of risks/ uncertainties.
• Budgets, forecast information, etc.
• Obligations, undertakings, guarantees with lenders, suppliers, etc.
• Bank borrowing facilities and suppliers' credit.
• Management's plans for future action.

3.2 Review Procedures

In addition to evaluating management's assessment of going concern, specific audit
evidence procedures, where doubt exists about the going concern assumption,
include:
• Analysing and discussing cash flow, profit and other relevant forecasts with
management (s.3.3), including sensitivity analysis on the cash flows to assess
the adequacy of margin of safety (e.g. proximity to overdraft facility).
• Examining the terms of loan agreements and determining whether any have
been breached.
• Reading minutes of the meetings of shareholders, TCWG and relevant
committees for reference to financing difficulties.
• Inquiring of the entity's legal counsel regarding the existence of litigation and
claims and the reasonableness of management's assessments of their
outcome and the estimate of their financial implications.
• Obtaining external confirmation of the existence, terms and adequacy of
borrowing facilities or other financial support with third parties and assessing
the financial ability of such parties to provide additional funds.
• Reviewing order books and evaluating plans to deal with unfilled customer
orders.
• Reviewing subsequent events (see Chapter 29) to identify those that either
mitigate or otherwise affect the entity's ability to continue as a going concern.
• Determining the adequacy of support for any planned disposals of assets.
• Obtaining specific written representations (see Chapter 20) regarding plans
that might significantly affect solvency in the foreseeable future.
• Review the post year-end board minutes to identify other issues that might
indicate financial difficulties.
• Reviewing post-year end accounts to assess the accuracy of cash forecasts.

3.3 Cash Flows

When analysing and discussing cash flow and profit forecasts with management, the
auditor should consider:
• reliability of the entity's system for generating such information (control
systems);
• appropriateness of underlying assumptions;
• whether additional facts or information have become available since the
forecast was prepared; and
• comparison of prospective financial information (budgets, forecasts, cash
flows):
• for recent prior periods with historical results;
• for the current period with results achieved to date.
3.4 Subsequent Events

The subsequent events review should cover events which may affect the going
concern presumption based on management's assessment.

3.5 Beyond the Assessment Period

The auditor should ask management if it knows of indicators of significant doubt

beyond the assessment period (i.e. at least 12 months from the end of the reporting
period). This is the only audit procedure required in respect of this period. It
provides a good example of a "certain instance" in which it is appropriate to obtain
written management representation.

4.1 Basic Principle

Key Point

The auditor should judge whether a material uncertainty exists. A material

uncertainty exists when the magnitude of its potential effect is such that its
disclosure is necessary for the fair presentation of the financial statements.

The auditor's report contains statements regarding management's responsibility and

the auditor's responsibility related to going concern.

4.1.1 Statement of Management's Responsibility

The auditor's report describes management's responsibility for assessing the entity's
ability to continue as a going concern and whether using the going concern basis of
accounting is appropriate.

4.1.2 Statement of Auditor's Responsibility

The auditor's report includes a statement that the auditor's responsibilities are to
conclude on:
 • the appropriateness of management's use of the going concern basis; and
• whether a material uncertainty exists that may cast significant doubt on the
entity's ability to continue as a going concern.
The auditor's conclusions are based on evidence obtained up to the date of the
auditor's report.

4.2 Requirements

4.2.1 Going Concern Basis is Appropriate and No Uncertainty

When the going concern basis is appropriate and no uncertainty exists, the
accounting policy note to the financial statements will state that they have been
prepared on a going concern basis.
In "close-call" situations, the auditor may determine that the events or conditions that
cast doubt on the entity's ability to continue as a going concern are key audit matters
that should be described in the KAM section of the auditor's report.

4.2.2 Going Concern Basis is Appropriate, but a Material

Uncertainty Exists

Where the going concern basis is appropriate, but a material uncertainty exists,
notes to the financial statements must include:
• An adequate description and disclosure of:
• events or conditions giving rise to significant doubt; and
• management's plans to alleviate the uncertainty.
• A statement that there is material uncertainty; therefore, the entity may be
unable to realise assets and discharge liabilities in the normal course of
business.
If there is adequate disclosure, the auditor’s report will:
• Express an unmodified opinion (in respect of this matter);
• Include a section, "Material Uncertainty Related to Going Concern";
• Refer to the note in the financial statements that describes the material
uncertainty;
• Include a statement that a material uncertainty exists and that the audit
opinion is not modified in respect of the matter.
If inadequate disclosure is made, the auditor’s report will:
• Express a qualified or adverse opinion (as appropriate).
 • In the Basis for Qualified (Adverse) Opinion section, state that a material
uncertainty exists and that the financial statements do not adequately disclose
the matter.

4.2.3 Going Concern Basis Is Inappropriate

If the financial statements are prepared on a going concern basis when that basis is
inappropriate, the auditor must express an adverse audit opinion and describe the
circumstance in the Basis for Adverse Opinion section. This is irrespective of any
disclosure made.

4.2.4 Management is Unwilling or Unable to Make or Extend Its

Assessment

If management is unwilling or unable to make or extend the required assessment,

the audit opinion may be qualified or disclaimed (e.g. because sufficient appropriate
audit evidence cannot be obtained).

Key Point

Inappropriate accounting treatments can NEVER be rectified by the disclosure of

accounting policies used or explanatory notes.

Example 1 Material Uncertainty

Material Uncertainty Related to Going Concern

We draw attention to Note X in the financial statements, which indicates that the
Company incurred a net loss of ZZZ during the year ended December 31, 20X1,
and, as of that date, the Company's current liabilities exceeded its total assets by
YYY. As stated in Note X, these events or conditions, along with other matters as
set forth in Note X, indicate that a material uncertainty exists that may cast
significant doubt on the Company's ability to continue as a going concern. Our
opinion is not modified in respect of this matter.

Example 2 Inadequate Disclosure Qualified Opinion

Qualified Opinion
We have audited ... (no changes from standard wording)
In our opinion, except for the incomplete disclosure of the information referred to in
the Basis for Qualified Opinion section of our report, the accompanying financial
statements present fairly, in all material respects (or give a true and fair view), the
financial position of the Company as at December 31, 20X1, and its financial
performance and its cash flows for the year then ended in accordance with
International Financial Reporting Standards (IFRSs).
Basis for Qualified Opinion
As discussed in Note Y, the Company's financing arrangements expire and
amounts outstanding are payable on March 19, 20X2. The Company has been
unable to conclude re-negotiations or obtain replacement financing. This situation
indicates that a material uncertainty exists that may cast significant doubt on the
Company's ability to continue as a going concern. The financial statements do not
adequately disclose the matter.
We conducted our audit in accordance with International Standards on Auditing
(ISAs) … We believe that the audit evidence we have obtained is sufficient and
appropriate to provide a basis for our qualified opinion.

Example 3 Inadequate Disclosure Adverse Opinion

Adverse Opinion
We have audited ... (no changes from standard wording)
In our opinion, because of the omission of the information mentioned in the Basis
for Adverse Opinion section of our report, the accompanying financial statements
do not present fairly (or do not give a true and fair view of), the financial position of
the Company as at December 31, 20X1, and its financial performance and its cash
flows for the year then ended in accordance with International Financial Reporting
Standards (IFRSs).
Basis for Adverse Opinion
The Company's financing arrangements expired and amount outstanding was
payable on December 31, 20X1. The Company has been unable to conclude re-
negotiations or obtain replacement financing and is considering filing for
bankruptcy. This situation indicates that a material uncertainty exists that may cast
significant doubt on the Company's ability to continue as a going concern. The
financial statements do not adequately disclose this fact.
We conducted our audit in accordance with International Standards on Auditing
(ISAs) … We believe that the audit evidence we have obtained is sufficient and
appropriate to provide a basis for our adverse opinion.

Activity 1 Audit Opinion Modifications

For each of the following six scenarios concerning the use of the going concern
basis of accounting:
a. suggest an appropriate audit opinion modification (if any); and
b. state the grounds for such a modification.
Scenarios
1. Based on the audit evidence obtained, no material uncertainty exists related
to events or conditions that may cast significant doubt on the company’s
ability to continue as a going concern.
2. The going concern assumption is appropriate but a material uncertainty exists
that is adequately disclosed.
3. As for (2) but disclosures are inadequate.
4. The going concern assumption is inappropriate but the financial statements
have been prepared on a going concern basis.
5. The going concern assumption is inappropriate and the financial statements
have been prepared on an alternative basis, which is adequately disclosed.
6. Management does not make a going concern assessment for a period
covering at least 12 months from the end of the reporting period when asked
to do so by the auditors.
*Please use the notes feature in the toolbar to help formulate your answer.

4.3 Communication with Those Charged With

Governance

When TCWG are not involved in managing entity, the auditor has a responsibility to
report to them any events or conditions that may cast doubt on the entity's ability to
continue as a going concern.
The communication should include:
• whether the events or conditions constitute a material uncertainty;
• whether the use of the going concern assumption is appropriate;
• the adequacy of the related disclosures in the financial statements; and
• where applicable, the implications for the auditor's report.

Syllabus Coverage

This chapter covers the following Learning Outcomes.

E. Review and Reporting

7. Going concern
• Define and discuss the significance of the concept of going concern.
• Explain the importance of and the need for going concern reviews.
• Explain the respective responsibilities of auditors and management regarding
going concern.
• Identify and explain potential indicators that an entity is not a going concern.
• Discuss the procedures to be applied in performing going concern reviews.
• Discuss the disclosure requirements in relation to going concern issues.
• Discuss the reporting implications of the findings of going concern reviews.

Summary and Quiz

• Under IFRS, going concern is the only assumption which underlies the basis
of the preparation of financial statements. When the going concern basis is
not used, the financial statements should disclose why the entity is not a
going concern and the basis of reporting used.
• Management must assess the entity's ability to continue as a going concern
for at least 12 months from the end of the reporting period.
• When performing risk assessment procedures, the auditor must consider
whether there is significant doubt about the entity's ability to continue as a
going concern, including evaluating management's going concern
assessment.
• Mitigating factors include:
• Management's plans to maintain adequate cash flows.
• Availability of alternative suppliers.
• Management's intention to financially support the business.
• If doubt about the going concern assumption exists, the auditor performs
specific audit procedures to determine whether the going concern basis is
appropriate.
• Audit opinion modifications include:
• Unmodified opinion with material uncertainty related to going concern section
if going concern is appropriate but a material uncertainty exists and is
appropriately disclosed.
• Qualified (or adverse) opinion if going concern is appropriate, but a material
uncertainty exists and is not adequately disclosed.
• Adverse opinion if the going concern assumption is inappropriate.
• Qualified opinion or disclaimer of opinion if management does not make its
going concern assessment.
Technical Articles

ACCA provide technical articles and other resources to guide and help students.
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
• Going concern
• The auditor's report (s.4.2)
For more recent articles and other resources please visit the ACCA global website.

Activity 1 Audit Opinion Modifications

Audit opinion modification Grounds for modification

1. Unmodified. No modification.

2. Unmodified with material uncertainty No grounds for modification. Significant

related to going concern. doubt is conveyed in the material
uncertainty section.

3. Qualified "except for" or Adverse (if the Material misstatement (inadequate

matter is pervasive). disclosure).

4. Adverse Material misstatement (inappropriate basis

of preparation of the financial statements).

5. Unmodified or Unmodified with Emphasis No grounds for modification. But it may be

of matter. appropriate or necessary to include an
Emphasis of Matter paragraph to draw the
user’s attention to the alternative basis of
accounting and the reasons for its use.

6. Qualified "except for" or Disclaimer (if the Inability to collect evidence (unless other
matter is pervasive). evidence dispels significant doubts).
Limitation imposed by management.