Answer 1 INTERNATIONAL AUDITING (a) Definition of an audit
The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework. The phrases used to express the auditor’s opinion are “give a true and fair view” or “present fairly, in all material respects,” which are equivalent terms. A similar objective applies to the audit of financial or other information prepared in accordance with appropriate criteria.
(b) General principles of an audit
The auditor should comply with the “Code of Ethics for Professional Accountants” issued by the International Federation of Accountants (IFAC). Ethical principles governing the auditor’s professional responsibilities are
−professional competence and due care
The auditor should conduct an audit in accordance with International Standards on Auditing (ISAs). These contain basic principles and essential procedures together with related guidance in the form of explanatory and other material.
The auditor should plan and perform the audit with an attitude of “professional scepticism” recognising that circumstances may exist which cause the financial statements to be materially misstated. (For example, the auditor would ordinarily expect to find evidence to support management representations and not assume that they are necessarily correct.)
(c) Authority of ISAs
ISAs are to be applied in the audit of financial statement. (ISAs are also applied, adapted as necessary, to the audit of other information and related services.)
ISAs contain basic principles and essential procedures together with related guidance in the form of explanatory and other material.
In exceptional circumstances, departure from an ISA may be judged necessary in order to more effectively achieve the objective of an audit. However, the auditor should be prepared to justify the departure.
ISAs need only be applied to material matters.
Answer 2 AUDIT COMMITTEE
(a) Improving the effectiveness of the external audit
Audit committees afford a means of strengthening the external auditor’s independence.
An audit committee is a committee of the governing body of a corporate entity which has delegated responsibility for the external financial reporting process and the internal controls.
Over the last few years the value of audit committees has been recognised and these committees have been established in many countries. Their development has varied from country to country and has often been stimulated by corporate failure.
Thus it is perceived that the audit process will be helped by audit committees as they will perhaps pre-empt unexpected corporate failure and undetected misconduct by senior officials. The establishment of audit committees has been foremost in North America and the UK but they are rapidly becoming adopted in Australia, New Zealand, South Africa, Malaysia and Singapore.
An audit committee can improve the effectiveness of the external auditor’s work by increasing the assurance that the external auditors can derive from systems of corporate governance and internal financial controls.
The committee will be involved in ensuring that the external auditor is independent and will participate in the selection of the auditor by recommending certain firms who have a knowledge of their industry and reviewing the source and rationale for selecting certain firms of auditors.
Additionally the terms and scope of the external audit and corporate governance engagement will be discussed as will the management letter and its effect on the current years audit.
The committee will encourage discussions with the external auditor as to how internal controls might be improved, and the rationale as to the use of specialist departments of the audit firm and specialist advisors.
A meeting of internal auditors, external auditors and the audit committee will review the audit plan with a view to minimising duplication of work, the impact of new auditing standards and providing value for money for the company. The timing and nature of reports from the external auditors will be reviewed as to their effectiveness and any contentious accounting issues discussed.
Additionally the following duties of the audit committee may assist in the external audit process.
dealing with difficulties in the performance of the audit such as non availability of client personnel;
reviewing the findings of the internal and external auditors;
reviewing the company’s financial statements and annual report prior to the submission to the board;
reviewing public announcements that have a financial impact;
reviewing and monitoring compliance with the corporate code of conduct, and legal and statutory requirements.
Audit committees are seen as valuable not only for overseeing the external reporting process and external audit but as a means of ensuring responsible corporate governance. They are an aid in ensuring the professional independence of auditors and the efficiency and effectiveness of the audit and the system of corporate governance.
(b) Independence of audit committee members where only a voluntary code is in place
(Tutorial note: the question refers to a voluntary code. Marks would not be awarded for discussing codes that are in place because of legal or regulatory requirements)
The members of the audit committee generally comprise independent non-executive directors (NED) – the members of the New York Stock Exchange audit committees and of the London Stock Exchange must comprise all independent NEDs. However the NYSE is governed by law and the LSE by regulation – both cannot be considered to act on a voluntary basis.
Where the audit committee is voluntary, the general absence of regulations in this area (eg only guidelines are followed) means that independence is often hard to achieve. For example, what if NEDs sit on committees of several companies, there may well be conflicts of interest. What if executive directors from one company act as NEDs for another and vice-versa? Again, can they be considered as independent? Additionally the company pays the NEDs salaries and this fact ensures that independence is difficult to achieve under a voluntary code.
The NEDs often sit not only on the audit committee but also on several other board committees making strategic contributions to the running of the business. They have to balance their role as audit committee member and the monitoring of executive directors and management with their role as corporate strategist.
In this situation, they are acting in several capacities and therefore their source of influence is somewhat diffuse and because of the complexity of the NEDs role it is difficult to imagine that they can act independently when it comes to exercising their corporate governance role.
Some members of the audit committee may have previous executive involvement with the company and have participation in share option schemes which is inconsistent with the exercise of independent judgement.
It is extremely difficult for an NED to exercise independent judgement when they have any interest in the company, are appointed by the company and are remunerated by the company.
(c) Regulation of audit committees
If the audit committee is not governed by statute or the rules of the stock exchange, then several issues arise. One of the problems of allowing self regulation in the area of corporate governance and audit committees is that if prescriptive approaches are advocated, they may not receive the support of key industry groups and in the absence of major corporate failure or fraud, governments may be reluctant to impose regulations on industry as it may be seen to be a further burden to management.
Without statutory regulation, there will be inconsistency of practice and standards between audit committees. Members of audit committees may find it difficult to criticise management. The form of the annual report of the audit committee may not be consistent without some form of strong regulation. Shareholders are poorly informed about the working of the audit committee and there would seem to be substantial benefits from making publication of the report of the audit committee a statutory requirement. Greater transparency and disclosure can be uncomfortable for companies but the current reliance on voluntary practices creates a market risk which can be alienated through changes in statute and disclosure practices.
However the prescriptive approach to the formation of an audit committee may result in disproportionate significance being given to its role and may impact on corporate performance and long-term potential. Problems would also arise if a single model audit committee were imposed on a wide range of companies of different sizes and financial profiles, and different internal structures.
Many smaller companies would not see the benefits of appointing an audit committee and they may feel that statutory regulation is counter productive, with the costs outweighing any benefits. However it is important that some form of monitoring report is made to shareholders even in the case of small publicly quoted companies.
If audit committees are unregulated then there is little formal requirement for adherence to professional values of competence, independence or effective reporting to shareholders. The identity and experience of the audit committees’ members becomes an important issue in these circumstances.
There is, however, a legal requirement that a statement is made by UK listed companies of their compliance, or otherwise, with the Code. This statement is reviewed by the company’s auditors (the review is separate and not part of the auditor’s statutory duty of auditing the financial statements).
Thus, whilst the audit committee requirements are strictly ‘voluntary’, the public disclosure requirement means that UK listed companies do have fully operational audit committees following the Code – they do not wish to have to justify why they do not have such committees. And once established, they must follow the spirit, as well as the letter, of the Code.
The impact of this is that UK companies have the flexibility of applying the Code to their circumstances and then justifying any departures – the “comply or explain” principle – rather than a prescriptive “one size fits all” approach.
Answer 3 FRAUD AND ERROR
(a) Internal audit function: risk of fraud and error
The internal audit function in any entity is part of the overall corporate governance function of an entity. Corporate governance objectives include the management of the risks to which the entity is subject that would prevent it achieving its overall objectives such as profitability. Corporate governance objectives also include the overarching need for the management of an entity to exercise a stewardship function over the entity’s assets.
A large part of the management of risks, and the proper exercise of stewardship, involves the maintenance of proper controls over the business. Controls over the business as a whole, and in relation to specific areas, include the effective operation of an internal audit function.
Internal audit can help management manage risks in relation to fraud and error, and exercise proper stewardship by:
(1) commenting on the process used by management to identify and classify the specific fraud and error risks to which the entity is subject (and in some cases helping management develop and implement that process); (2) commenting on the appropriateness and effectiveness of actions taken by
management to manage the risks identified (and in some cases helping management develop appropriate actions by making recommendations); (3) periodically auditing or reviewing systems or operations to determine
whether the risks of fraud and error are being effectively managed;
(4) monitoring the incidence of fraud and error, investigating serious cases and making recommendations for appropriate management responses. In practice, the work of internal audit often focuses on the adequacy and
It should be recognised however that many significant frauds bypass normal internal control systems and that in the case of management fraud in particular, much higher level controls (those relating to the high level governance of the entity) need to be reviewed by internal audit in order to establish the nature of the risks, and to manage them effectively.
(b) External auditors: fraud and error in an audit of financial statements
External auditors are required by ISA 240 The Auditor’s Responsibility to Consider Fraud in an Audit of Financial Statements to consider the risks of material
misstatements in the financial statements due to fraud. Their audit procedures will then be based on a risk assessment. Regardless of the risk assessment, auditors are required to be alert to the possibility of fraud throughout the audit and maintain an attitude of professional skepticism, notwithstanding the auditors’ past experience of the honesty and integrity of management and those charged with governance. Members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements due to fraud.
Auditors should make enquiries of management regarding management’s
assessment of fraud risk, its process for dealing with risk, and its communications with those charged with governance and employees. They should enquire of those charged with governance about the oversight process.
Auditors should also enquire of management and those charged with governance about any suspected or actual instance of fraud.
Auditors should consider fraud risk factors, unusual or unexpected relationships, and assess the risk of misstatements due to fraud, identifying any significant risks. Auditors should evaluate the design of relevant internal controls, and determine whether they have been implemented.
Auditors should determine an overall response to the assessed risk of material misstatements due to fraud and develop appropriate audit procedures, including testing certain journal entries, reviewing estimates for bias, and obtaining an understanding of the business rationale of significant transactions outside the normal course of business. Appropriate management representations should be obtained.
Auditors are only concerned with risks that might cause material error in the financial statements. External auditors might therefore pay less attention than internal auditors to small frauds (and errors), although they must always consider whether evidence of single instances of fraud (or error) are indicative of more systematic problems.
It is accepted that because of the hidden nature of fraud, an audit properly
Where serious frauds (or errors) are encountered, auditors need also to consider the effect on the going concern status of the entity, and the possible need to report externally to third parties, either in the public interest, for national security reasons, or for regulatory reasons. Many entities in the financial services sector are subject to this type of regulatory reporting and many countries have legislation relating to the reporting of money laundering activities, for example.
(c) Nature of risks arising from fraud and error: Stone Holidays
Stone Holidays is subject to all of the risks of error arising from the use of computer systems. If programmed controls do not operate properly, for example, the
information produced may be incomplete or incorrect. Inadequate controls also give rise to the risk of fraud by those who understand the system and are able to
manipulate it in order to hide the misappropriation of assets such as receipts from customers.
All networked systems are also subject to the risk of error because of the possibility of the loss or corruption of data in transit. They are also subject to the risk of fraud where the transmission of data is not securely encrypted.
All entities that employ staff who handle company assets (such as receipts from customers) are subject to the risk that staff may make mistakes (error) or that they may misappropriate those assets (fraud) and then seek to hide the error or fraud by falsifying the records.
Stone Holidays is subject to problems arising from the risk of fraud perpetrated by customers using stolen credit or debit cards or even cash. Whilst credit card companies may be liable for such frauds, attempts to use stolen cards can cause considerable inconvenience.
There is a risk of fraud perpetrated by senior management who might seek to lower the amount of money payable to the central fund (and the company’s tax liability) by falsifying the company’s sales figures, particularly if a large proportion of holidays are paid for in cash.
There is a risk that staff may seek to maximise the commission they are paid by entering false transactions into the computer system that are then reversed after the commission has been paid.
Answer 4 ISA 200
(a) Management’s and auditors’ responsibilities The management of an entity is responsible for:
the preparation and presentation of financial statements which give a true and fair view (or are presented fairly) in accordance with the financial reporting framework and statutory requirements. This responsibility includes:
The auditors are responsible for forming an independent opinion (eg in “true and fair” terms in accordance with an identified financial reporting framework) based on their audit and for reporting that opinion to the addressees of the auditors’ report.
(b) Inherent limitations facing an auditor
The inability to examine each transaction and each item making up an account balance within normal time and cost constraints. This results in the necessity to rely on evidence from samples and the consequent risk of sample error.
The inherent limitations of control systems such that any reduction in substantive procedures based on the assessed level of risk is dependent on inherent limitations of control not exceeding reasonable levels.
Even given reasonable professional scepticism the inability of the auditor to detect fraudulent misstatements carefully concealed by collusion or deliberate
misstatement by senior management.
The fact that audit evidence, mostly relating to past events, is rarely wholly conclusive and the necessity for reliance on judgement as to the persuasiveness of evidence.
(c) Significant types of judgements made by auditors
(i) In gathering evidence
Assessing risk and determining the appropriate audit strategy to be adopted. This includes assessing:
the nature and degree of risk of misstatement at both the financial statement level and the level of the account balance or class of transactions;
the design of internal controls and the effectiveness of the control environment in determining the nature and extent of possible misstatements.
Planning tests of controls and evaluating the results of tests as to whether they confirm the preliminary assessment of control risk.
Given the assessed levels of inherent and control risk, planning substantive procedures as to their nature, timing and extent.
Planning substantive procedures such that sufficient appropriate evidence is obtained. In turn this requires judgements as to:
(ii) In arriving at an opinion
In drawing conclusions and forming an opinion auditors need to consider whether: they have sufficient appropriate evidence to express an opinion on the financial
statements taken as a whole and, if not, whether to report: “limitation on scope – qualified opinion”; or “limitation on scope – disclaimer of opinion”;
having sufficient appropriate evidence to form an opinion, the financial statements as a whole show a true and fair view and, if not, whether to report:
“disagreement – qualified opinion”; or “disagreement – adverse opinion”. Answer 5 PROFESSIONAL ETHICS
It is important for external auditors to be independent of their audit clients because external auditors act on behalf of the owners of the business (normally the
shareholders) and report on the financial statements prepared by management for the benefit of shareholders.
If external auditors are not independent of their clients, for example if they hold shares in the companies that they audit, their ability to form an objective opinion on the financial statements is impaired.
External auditors must also be seen to be independent because if they are not, the owners of the business will not have confidence in the audit reports that the auditors issue.
The ACCA’s Rules of Professional Conduct require that auditors are independent, and that they are seen to be independent. The Rules cover a number of areas in which the auditors’ independence may be, or be seen to be, impaired.
National legislation also normally requires external auditors to be independent. (b) Billington Travel
(i) The statutory audit
The Rules of Professional Conduct state that it is important that the firm is
competent to undertake the audit; it must have adequate resources in terms of staff with sufficient experience in this sector. The fact that the services to be provided would constitute a substantial amount of fee income indicates that the firm might not, at present, have those resources
It may be appropriate to consider whether experience in this sector can be bought in, by the recruitment of additional staff
The Rules of Professional Conduct also state that the firm must be independent of its clients; in particular, this means that it must not take too much of its fee income from one client (or group of clients).
Generally, for non-public interest clients, the fee income (including income from additional services) should not exceed 15% of the gross practice income. If that figure is exceeded, is may be possible to consider providing some, but not all, of the services requested.
(ii) The provision of other services
Preparation of financial statements: it is generally acceptable under the Rules of Professional Conduct for auditors to provide assistance with the preparation of financial statements for private company clients, provided that the client takes full responsibility for the accounting records and financial statements
It is important to know why the company needs assistance in this area and it would be preferable in the long run for the company to be able to prepare its own financial statements
It is important that those preparing the financial statements are independent of those performing the audit as far as possible, in order that the firm is seen to remain independent
Systems review: the external auditor is often well placed to provide assistance with such reviews as the firm obtains a working knowledge of systems during the course of the audit
However, there is always the danger that the firm finds itself in the position of having to report on a system that it has helped to improve, and it may be difficult in such circumstances to be critical of the system. This detracts from the firm’s ability to remain independent, and in this case, given that it is the first year of audit and that assistance is also needed with the preparation of financial statements, it seems preferable not to tender for the systems review, this year.
(c) Actions to be taken
It may be appropriate to discuss the matter, discreetly, with other staff members to establish whether or not it is of concern to them, as well as to you. It would be preferable to discuss the matter with persons who are known to be reliable. If the concerns are shared, or if the other staff have no knowledge of the matter, or
If you are still not satisfied, and you consider that the matter is sufficiently serious, it may be appropriate to approach a more senior member of management to voice your concerns. You may wish to avoid this situation but it may be necessary in order to protect yourself.
On the assumption that the matter is one of internal concern to the company and there is no question of illegality, the question of reporting the matters to third parties outside the organisation does not arise.
(d) Doing nothing
The principle danger in doing nothing lies in the possibility that you may be accused of not bringing attention to the matter or even of being actively involved in a “cover-up”.
Professional ethics do not permit Chartered Certified accountants to take no action at all where serious matters are concerned and to do nothing might, in extreme circumstances, involve you in disciplinary proceedings by the ACCA, even as a student.
To do nothing might also mean that the business of the company you work for is damaged, and therefore your own employment prospects.
Answer 6 EASTFIELD DISTIBUTORS
(a) Matters to consider and action to be taken
As Eastfield Distributors is a listed company; fees from the external audit, the internal audit and other work performed for Eastfield Distributors should not exceed 10% of the practice income.
As Eastfield Distributors is a listed company, the audit firm should not prepare the annual financial statements (except in emergency situations). This requirement will apply to the firm’s work as internal auditors.
With providing internal audit services, a self-review threat may arise. Whilst the ACCA’s Rules of Professional Conduct do not specifically cover the provision of internal auditing services by the external auditor (“there is no objection in principle to a practice providing to a client services additional to an audit” – the exception being preparation of annual financial statements for listed companies as noted above), the IFAC’s Code of Ethics for Professional Accountants does mention this as an example of a self-review threat.
This is thus a typical example of the use of the conceptual framework. There should therefore be some independence between the internal and external audit functions within the audit firm. It is desirable that different audit staff should carry out internal audit work from those who undertake the statutory external audit. Eastfield Distributors must acknowledge their responsibility for internal audit
activities and for establishing, maintaining and monitoring the system of internal controls. This would be included within the engagement letter.
As the company is a listed company, it is likely that there will be an audit committee. If so, the scope, function and reporting requirements of the internal audit function should be set by this committee.
Internal audit staff should report to a different partner from the engagement partner for the external audit. If the internal audit and external audit staff report to the same engagement partner the audit firm may be criticised for a lack of independence. The internal audit staff should be careful not to assume the role of management when carrying out their work. This may create problems, as the internal auditors may be asked to design the company’s accounting systems in order to provide adequate controls. The company’s management must evaluate the adequacy of the internal audit procedures and the findings resulting from the work of the internal auditors.
For the internal auditors to be truly independent of the external auditors, they should not report to partners in the audit firm. However this is impractical and unrealistic. It is impractical, as the internal auditors will be employees of the audit
firm and their promotion will be determined by the audit firm. Thus, the audit firm will have to be able to assess the quality of each employee’s work.
It is unrealistic, as external auditors use the work of internal auditors in coming to their audit opinion. Thus, the external audit staff will have to review the work of the internal auditors, and the internal auditors may be asked to carry out certain work to assist the external audit staff.
There will need to be some agreement with the client about the extent to which the company and the external audit firm control the internal auditors’ work. This should be included in the engagement letter.
There will have to be a decision about which members of the audit staff should perform this internal audit service. The staff should have a range of skills and range from junior to qualified staff. Also, whether the staff should always work for the audit client, or whether different staff should be employed at different times. More staff may be provided for the internal audit service when the external audit
workload is low, and fewer staff when the external audit department is busy. It is important that internal audit staff are competent, as otherwise this could adversely affect Eastfield Distributors’ opinion of the audit firm. This will create the risk that Eastfield Distributors will want to change the external auditor with the consequent risk to the external auditor’s independence
There should be an agreement over payment of charges for the internal audit work. If Eastfield Distributors is slow at paying these charges, it could adversely affect the independence of the audit firm.
The internal audit staff will have to be careful in accepting goods, services and hospitality from Eastfield Distributors. Any benefit from these items should be modest. For instance, staff purchasing goods from the client should receive them at no more favourable rates than employees of Eastfield Distributors, and they should be only for personal use. Internal audit staff should not accept loans from Eastfield Distributors.
An engagement letter should be agreed with Eastfield Distributors for the internal audit work, which includes most of the matters listed above. It may be appropriate to have a trial period after which Eastfield Distributors will decide whether the service should continue. Following this, both parties should agree a new
engagement letter which seeks to overcome any problems and includes important matters which were omitted from the original engagement letter.
Whilst such work is permitted with safeguards under the ACCA/IFAC regulations, it is of interest to note that it would not be allowed under the Sarbanne-Oxley Act of the USA. So if Eastfield Distributors was also listed in the USA, or was a
subsidiary of a holding company that was listed in the USA, acting as internal auditors for that Eastfield would be specifically barred.
(b) Advantages to Eastfield Distributors
The new internal auditors should be skilled in carrying out audit work, so the learning time for the staff should be short compared with setting up an internal audit department within the company.
The audit procedures and standard should be consistent with those of the external audit. Thus, the external audit staff should be able to use more of the internal auditor’s work in coming to their audit opinion. This should reduce the cost of the external audit.
The audit firm may be able to provide staff with a wider range of skills than Eastfield Distributors may be able to recruit as employees. For instance, the audit firm may be able to provide specialists in computer auditing, where it would not be economical to have a computer audit specialist as an employee.
Disadvantages to Eastfield
There may be problems with who is in charge of the internal audit staff. .The internal audit staff will be employees of the external audit firm. The client company will probably have less control over the internal audit staff, and this may create problems over the work they do and the reports they make.
The internal audit staff will be skilled at performing work similar to the external auditors, but they may have limited skills and experience of other work carried out by internal auditors (eg advising on the purchase of a business).
Using the external audit firm to perform internal audit work is likely to be more expensive than the company employing its own internal audit staff, as the external audit firm will want to cover its costs and make a profit on the work.
There may be problems with the internal audit staff changing from time to time. The external audit firm will probably want to provide the maximum staff to Eastfield Distributors when the audit firm are less busy and fewer staff when they are busy.
Having different staff at different times will require the new staff to learn about Eastfield Distributors’ business. This learning time is likely to be greater than if Eastfield Distributors employed its own staff.
The requirement of the external audit firm to have to perform external audits (when it is busy) may mean that Eastfield Distributors does not have sufficient internal audit staff during periods when it wants them (eg at the end of the reporting period for inventory counts and to help in preparation of the annual financial statements). (c) Advantages to the audit firm
By having the internal auditors as part of the audit firm’s staff, their audit procedures should be the same and the confidence of the audit firm in their work will probably be greater than if the internal auditors were employees of the client company. Thus, the external auditor will probably be able to achieve a greater reduction in the external audit work compared with if the internal audit work is being carried out by employees of the client company.
The service will provide additional income and profits to the audit firm: It may provide a wider experience to the audit staff, but there may be problems with obtaining the appropriate work experience for staff to become members of the ACCA.
It may be possible to use the internal audit work to fill in periods when there is little external audit work. For instance, in jurisdictions dominated by December 31 year ends, there is little audit work from July to early September so more staff could be employed in internal audit work during this period.
Disadvantages to the audit firm
Answer 7 ABEL & CO
(a) Shareholding by staff member
While partners are not allowed to hold shares in client companies there is no specific prohibition in the ACCA’s Rules of Professional Conduct on the holding of shares in audit clients by audit staff providing the staff members concerned are not personally involved in the audit of such clients.
However, many audit firms have adopted a prohibition on the holding of shares in audit clients by audit staff as an in-house rule.
The argument that independence is not impaired because the holding is insignificant is incorrect. If the holding is of such a size as is likely to influence the behaviour of the audit staff member, then it is material. If the staff member was allowed to retain the shares then he or she should not have been included in the audit team.
If the partner advised the staff member not to sell the shares until after the audit was completed, then this would have been unethical and possibly illegal in that it constitutes insider dealing – the use of privileged information to secure a personal advantage in the trading of shares.
(b) Management accounting services
Preparation of accounting records on behalf of a listed or public interest company is normally prohibited. An exception to this Rule allows such work to be performed in an emergency situation which does not extend beyond the minimum period necessary and where every care was taken that management accepted full responsibility for the work of the audit firm’s staff member.
It is more reasonable, however, to argue that the assignment of a staff member to the position of management accountant is likely to breach the rules on independence. It amounts to a staff member of the firm being engaged in making management decisions on behalf of the client. The firm will thus be reporting on a statement of financial performance in which one of its own employees had played an active part. A user of the financial statements might conclude that the audit firm might have an incentive to conspire with management in concealing poor performance attributable, in part, to the actions of its own staff member.
(c) Advice on controls
This raises a controversial area in auditor independence. While the reporting of control weaknesses discovered during the audit is a required procedure, advising on the development of new systems to overcome those weaknesses is seen by some critics as a possible threat to independence. There is both a general and a specific issue.
The general issue is that audit firms generate revenues from clients for both audit and non-audit work. However, contracts for non-non-audit work are given by management. In performing the audit, the auditors may be reluctant to disagree with management for fear of losing non-audit contracts.
The specific issue is that known as self-review. Since the firm designed the new internal control system, there is a presumption, when evaluating control effectiveness at the next audit, that there will be no weaknesses in the system.
Rules of Professional Conduct do not prevent auditors from providing non-audit services within the overall fee limit of 15% from any one unlisted client. However, they do stress that, in advising the client, the audit firm must not make executive decisions. The implementation of advice is the responsibility of management over which the auditor has no control. At the next audit the auditor must check that the system has been properly put into operation and that it is being operated effectively.
(d) Advice to non-audit clients
Although Abel and Co are not threatening their own independence their action is in breach of professional rules on second opinions. By offering advice they are prejudicing the independence of the auditors of the company they are advising. This practice is sometimes referred to as “opinion shopping” and is carried out by companies in order to exert pressure on their existing auditors. This casts doubt about the integrity of this client’s management which has implications for the inherent risk assessment of such a client.
Answer 8 VISWA
(a) Internal matters and other procedures before appointment
The firm needs to consider a variety of commercial issues and ethical matters (under ACCA’s
Rules of Professional Conduct).
Before accepting appointment the firm should ensure that:
it has the necessary staff with appropriate competencies to complete the audit (this seems likely given that the firm has other clients in this sector);
the staff are available at what is a busy time of year for the firm (it may be possible that all of the staff with the necessary competencies are otherwise occupied); the firm is independent of Viswa. It is unlikely that there will be any issues
concerning shareholdings in the client (because it is owned and run by two
entrepreneurs), however, there may be staff or partners who are related to the client or are otherwise connected with it;
there are no conflicts of interest that cannot be properly managed. Conflicts of interest may exist because the firm has other clients in this sector.
Other procedures The firm should:
seek the directors’ permission to communicate with the company accountant about the nature of the “disagreement” and the directors should authorise the accountant to co-operate with the firm;
seek the directors’ permission to communicate with the incumbent auditors. If permission is refused, the appointment should not be accepted;
ask the client to write to the incumbent auditors notifying them of the change and giving them permission to communicate with the firm (if Viswa refuses to give permission to the incumbent auditors the appointment should not be accepted); communicate with the incumbent auditors (preferably in writing) requesting all the
information which ought to be made available to enable the firm to decide whether or not to accept the appointment (if there are no such matters, the incumbent auditors should inform the firm of this);
seek appropriate transfer information (such as a copy of the last set of accounts and a detailed trial balance reconciled to the accounts);
indicate a likely fee (or the basis on which fees are calculated) to Viswa, ensure that this is acceptable and that the client is able to pay (by some form of credit check); ensure that the incumbent auditor has properly resigned, been dismissed or has not
(b) Starting the audit
It is inappropriate to start the audit before the procedures referred to above have been completed because:
without the staff with appropriate competencies the firm will be in breach of the Rules (and may be found negligent if things were to go wrong);
without complying with the requirements relating to independence and conflicts of interest, the firm will not only be in breach of the Rules, but will lack objectivity and may find that the client (or other party) objects to the appointment to another client in the same sector;
without performing appropriate procedures the firm will be unable to form an opinion on the integrity of the client – it may find itself associated with an entity engaging in doubtful or even illegal activities (taking account of the disagreement over disclosures);
without agreeing a fee it is almost inevitable that misunderstandings or disagreements will arise;
without communicating with the accountant and the incumbent auditor, it is quite possible that disagreements over disclosures will arise, similar to those that have arisen in the past;
without ensuring that the incumbent auditor is no longer in place, it will be inappropriate for the firm to seek appointment.
(c) Engagement letter
The engagement letter is of benefit to both the client and auditor and helps prevent misunderstandings. It:
confirms the auditor’s acceptance of appointment and constitutes a contract between the auditor and the client;
summarises the respective responsibilities of directors and auditors; contains details on:
the responsibilities of the directors (for accounting records, the financial statements and the accounting policies on which they are based); the responsibilities of auditors and the scope of the audit (their duty to
Answer 9 LALD
To remove the auditor from office before their term of office has expired, the directors of LALD must proceed as follows:
Arrange for a meeting of the shareholders of the company.
Write to the shareholders providing notice of the meeting and the agenda. The notice must also be sent to the auditor.
Attend the meeting and organise a counting of votes at the meeting on the resolution to remove the auditor from office. In most situations, a simple majority of the shareholders is required to confirm the resolution.
Auditors are sometimes given the right to make written representations and to speak at the meeting.
If the auditor is removed, where necessary, obtain a statement of circumstances from the auditor. If there are no circumstances that need to be brought to the attention of the shareholders then a statement of no circumstances is required. Where required by specific country legislation, deposit this statement along with notice of removal of auditor, with the appropriate authorities.
Make arrangements to appoint another auditor as companies are normally required to have auditors.
Answer 10 WORKING PAPERS
(a) (i) Familiarisation with the client company
Tutorial note: Under ISA 315, an understanding of the entity and its environment is vital in order to plan and execute the audit effectively. In order to gain such an understanding, reference should be made to, for example, the following sources of information (a significant proportion of which may be continuous in that it would be available throughout the financial year) .
The entity’s legal structure and constitution (eg memorandum and articles of association). A copy should be kept on the permanent file.
The entity’s strategy, objectives, business risks and approach to selecting and applying accounting and financial reporting policies.
The latest available financial information which may be last year’s published financial statements or this year’s draft financial statements as well as management accounts and budgets for the year to date. This information will help to clarify the current operating results and financial conditions of the client.
An organisation chart setting out the operating structure, geographical spread and management reporting structure. This will give an idea of how the enterprise is run and will help to identify the personnel most likely to be key audit contacts.
Industry data showing an analysis of the key financial and operating ratios typical of this type of business and thereby permitting comparisons to be made. Such data can be obtained from both government and industry sources or may be maintained internally within the auditing firm.
Last year’s current audit file with particular reference to the problems arising during the audit and how they were resolved in reaching the conclusion in the auditor’s report, eg partner review notes, contentious issues, management letter, control weaknesses letter, representation letter, revision of strategy and audit plans.
Press articles, reports, features concerning the client, and the industry that the client operates in, would help to provide an awareness of any current developments affecting the client.
Copy board minutes (including sub-committees of the board, eg audit committee, remuneration committee, risk committee) to determine any current plans, developments or problems affecting the client.
The income tax file and relevant returns together with any correspondence with the taxation authorities.
Copies of brochures and marketing literature will help to give an idea of the product range and customer base for this client.
Communications to management made by external regulators.
Internal audit reports to establish the extent of the work performed by the department and its findings.
Scope of internal audit procedures as instigated by any audit committee.
The correspondence file for details of all issues arising during the year which might impact the audit.
The permanent file will also contain useful background information including details of bankers, solicitors, related parties, major customers, suppliers, standards, reporting and regulatory framework, extracts from statutory books.
A significant proportion of the information required will probable be stored and accessed in electronic format, eg a specific knowledge base for the client.
(ii) Planning the current year’s audit
Audit strategy and audit plan determined at the time of the interim audit visit. Interim audit and year end inventory observation files to update the audit strategy
Interim or management accounts to determine the current trading circumstances together with any significant changes in the business since the interim audit visit. Documented analytical procedures to note any factors likely to have a material
effect on the financial statements and to establish expectations of the results.
Minutes of the final audit planning meeting (assumption that interim and inventory observation meetings already held) with the client and audit committee (if there is one) which would cover, for example, the following issues,:
−updated interim financial results
−inventory observation results
−monthly management reports
−business risk procedures and activities since the interim visit
−major new products or services
−planned acquisitions or disposals
−changes in personnel, management or accounting systems
−material events since the end of the reporting period
−timing of the audit including availability of management information
−new legislation or accounting and auditing requirements which may affect
The audit engagement letter to clarify the scope of our responsibilities and the form of our auditor’s report.
Ethical considerations, eg independence, capabilities, resources. Time control, billing and budget details for the client.
Working papers determining planning materiality and the assessment of risk to consider the maximum amount of error which can be accepted and to focus the audit effort on the high risk areas.
Tutorial note: Audit working papers must provide a documentary record of an audit assignment and support the conclusions reached.
Evidence of procedures followed and the tests performed
Working papers must indicate the client’s name, accounting period, a file reference, the areas of the audit being covered and details of who performed the work and when. As an overall requirement working papers should be neat, clear and concise with sufficient details to enable someone, not involved in the audit, to understand what work has been performed.
Record of information received, problems encountered and conclusions reached
Documenting details of all findings during the audit encourages the auditor to adopt a methodical approach and ensures that problems are not overlooked. The working papers should always summarise any significant matters or problems, and highlight any judgmental aspects together with the auditor’s conclusions thereon.
Where judgmental areas have been reviewed it is important to note all relevant information received from the client together with management’s views, so that these views can be compared with the auditor’s views.
Evidence of review
All working papers prepared by each member of the audit team must be reviewed by a more senior member. Such a review must be evidenced on the working paper, detailing who has performed it and when. This review is important as it ensures that sufficient work has been performed and that the findings and results support the audit conclusions.
Degree of assurance given to the reporting partner
The reporting partner will need to satisfy himself that work delegated by him has been properly performed by his review of the working papers. To achieve this the reporting partner would expect a summary of the significant points affecting the financial statements and the auditor’s report, with details of how each matter has been dealt with.
Sufficient for the preparation of communications to management on internal controls
The working papers must give sufficient background details and examples of any weaknesses to enable the report to management on internal controls to be written. In making such comments, generalities and gratuitous observations should be avoided and all comments should be adequately supported by facts.
Usefulness in future years
The working papers should provide sufficient detail to enable members of the audit team to familiarise themselves with the assignment from year to year and to plan subsequent audits.
Evidence of adherence to standards.
In the event of the auditor’s opinion being challenged, the working papers will provide evidence that the auditor followed the basic principles prescribed by International Standards on Auditing, the appropriate application of Practice Statements (IAPS) and any national auditing standards over and above those required by ISAs. They will also illustrate that the auditor has been competent in applying proper standards of skill and care in arriving at the audit opinion.
(i) Familiarisation – legal structure/constitution – financial statements – organisation chart – industry information – prior year current audit file – permanent audit file – brochures
(ii) Planning – prior year current audit file – points forward
– management accounts
– analytical procedures schedules – systems documentation
– minutes of planning meeting – engagement letter
Part (a) 12
For each criterion identified and point contributing to an explanation ½ + 1
Ideas – clarity (of audit evidence)
– completeness and quality (of information) – sufficiency (of audit work ⇒ reports) – degree of assurance provided
– future usefulness
– adherence to ISAs/IAPSs
Part (b) 8
Maximum marks available 20
Answer 11 PLANNING DOCUMENTATION (a) “Overall strategy” v “Audit plan”
These documents are prepared and updated during the planning process, which is an ongoing process throughout the audit.
The audit strategy sets the scope, timing and direction of the audit, and helps guide the development of the more detailed audit plan. For example:
Determining the scope of the audit engagement, covers the financial reporting framework used, industry-specific law and regulation requirements, governance requirements, locations of the components of the entity (may have different requirements), terms of engagement, client assistance.
Establishing the direction of the audit deals with, for example, determination of appropriate materiality levels, preliminary identification of areas where there may be higher risks of material misstatement, preliminary identification of material components and account balances, evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of internal control, identification of recent, industry, financial reporting or other relevant developments impacting upon the entity.
The process of establishing the audit strategy helps the auditor to ascertain the nature, timing and extent of resources necessary to perform the engagement
The detailed approach for the nature, timing and extent of the audit procedures is set out in the audit plan.
The plan is more specific and concerns the principal audit areas, eg tangible assets, inventory, revenue cycle (ie sales, receivables and cash receipts), subsequent events and going concern. An audit program typically contains:
Audit objectives eg “To ensure inventory is materially correctly stated”; Audit procedures eg attendance at physical inventory count;
Timing of tests of control (usually “interim audit” procedures) and substantive procedures (usually at the “final audit”).
The audit program has to be much more detailed than the overall strategy in order to serve as a set of instructions.
(b) Standardized audit programs
Tutorial note: The Q refers only to the use of standardized AUDIT PROGRAMS and not “working papers” in general. Thus references to the use of standard letters and documentation other than programs are not relevant to answering the question set.
Their use can lead to more efficient planning in identifying the audit objectives and adopting an approach based on these objectives. Greater assurance as to the completeness of the audit approach is obtained than if it were started from scratch. Planning can be undertaken by less senior staff.
Standardised programmes facilitate delegation to junior staff and help to instruct in basic audit techniques. They help to ensure that all assignments are planned and conducted to a consistent quality.
No account is taken of the particular circumstances of the individual enterprise. This decrease in the use of professional judgement for a particular assignment might result in over-auditing low risk or immaterial areas.
There is a risk that sufficient, relevant and reliable audit evidence may not be obtained. For example, where alternatives to tests not applicable to a particular client, are not considered.
Standard audit programmes may be useful on certain assignments to improve audit efficiency but they cannot replace the need for professional judgement.
(c) Information in working papers relating to attendance at physical inventory count
Viewco’s physical count arrangements and instructions should be obtained before attending the count:
to assess the adequacy of the client’s planned procedures; and to ascertain whether client’s staff are carrying out their instructions
Pre-selected (eg high value) items chosen to ensure that an adequate proportion of the final inventory value is tested (to conclude satisfactorily on the population). Results of test counts (ie serial/component references and quantities) provide
evidence as to the completeness and accuracy (or otherwise) of the count records (ie rough count sheets). Test counts also enable the auditor to assess whether the client’s count procedures and controls are working properly.
The sequence of rough count sheets issued and used will detect any additional items being included subsequent to attending the count.
Inventories identified as damaged, obsolete or slow-moving must be detailed to assess the adequacy of allowances/provisions for items with net realisable value less than cost.
Items owned by third parties must be recorded to ensure exclusion from the final inventory valuation sheets.
Last goods movement document references for 31 December 2005 (ie goods received note, stores requisition, despatch note/sales invoice) are needed to check the accuracy of the year-end cut-off.
Movements, if any, during physical inventory counting to ensure items are not omitted or double-counted in error.
A floor plan (sketch) of central warehouse should ensure complete coverage (by management and auditor) of the physical inventory count.
The degree of assembly of incomplete TVs and VRs must be noted to assess appropriateness of stage of completion used in valuing WIP.
Instances where the client’s procedures have not been satisfactorily carried out (eg damaged items not set aside) will be required for the report to management with recommendations for improvements (eg in standing instructions for physical counts).
Answer 12 NORBERT
Tutorial note: In contrast to Answer 6, this adopts a columnar approach.
Risk is increased by the specialised nature of the business.
Operations have been extended to two locations.
Some continuity of audit staff is desirable to minimise the time required for familiarisation. At least two people required for year-end visits to attend physical inventory counting, inspect tangible fixed assets and count cash.
There may be scope for analytical procedures to substantiate some of the costs of the yard’s activities.
Expansion when trade is slack may create
going concern problems. The adequacy of working capital available in both the short and medium-term must be assessed. If, for example, a customer becomes
bankrupt there may be no other purchaser interested in the same specification.
Net realisable value (NRV) of yachts built may be less than cost.
Similarly, yachts built without orders may not meet buyers’ requirements when market picks up – requiring significant additional costs.
(a) Matters (b) Explanation
Risk is increased by exposure to Euro
fluctuations. If the Euro weakens after a price has been agreed with a customer, costs may not be recovered in full. Exchange movements after the end of the reporting period must be monitored.
Risk is high due to weak internal controls. Controls at the yard may be particularly poor if management exercises remote supervision.
The going concern assumption may not be appropriate if the bank were to call in its overdraft.
This would have particular implications for the value of assets (eg NRV of yachts could be substantially reduced and development costs may have minimal, if any, value).
Risk is increased by the bank’s reliance on
the auditor’s report. Particular attention should be given to the accuracy of bank overdraft/payables cutoff and the impact of potential adjustments on key ratios (eg acid test ratio).
The tight reporting deadline potentially
increases audit risk. Errors could arise because of the speed with which the client will need to prepare its year-end accounts. The reduced time scale limits the extent of evidence available after the end of the reporting period (eg concerning NRV of inventory and debtor
recoverability). A year-end circularisation of overseas trade
receivables will not be appropriate. Balances will need to be circularised at least one month, possibly two, before the end of the reporting period.
The time available for review after the end of the reporting period may not be sufficient to establish the completeness of recorded period-end liabilities.
It may be appropriate to circularise suppliers for balances a month before the end of the reporting period and verify the material correctness of the roll-forward (through analytical procedures and the accuracy of cash book payments cutoff). Management is biased to presenting
financial statements which will ensure the bank’s continuing support – thereby increasing risk.
Particular attention should be given to the
appropriateness of accounting treatments in the more subjective areas (inventory valuation, exchange translation, research and development and interest capitalisation).
Substantial interest costs will increase the
company’s financial burden. Any proposed capitalisation into production costs must be substantiated. If margins are small, capitalisation would not be prudent (eg because NRV may be further reduced by exchange rate movements).
(a) Matters (b) Explanation
Trade fair costs may be incurred in the
current year. These may be carried forward if appropriate (eg promotional material likely to generate future revenue).
Detection (residual) risk must be rendered lower than in the previous year because inherent risk is increased (control risk probably unchanged).
Materiality is likely to be a relatively low monetary amount thereby increasing the level of audit testing. Additional staff may be required for this reason, as well as the reduced timescale.
Potential risk areas – nature of business
– business/economic environment – control environment
– accounting policies (R&D) – management bias
– third party reliance – reporting deadline
– availability/sufficiency of evidence – going concern
Part (a) 7 Part (b) 7
Maximum marks available 14
Answer 13 AUDIT RISK (a) Definitions
(i) Audit risk
The risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated.
It comprises two elements – that the financial statements contain material errors before audit (may be considered as inherent risk and control risk) and that the auditor fails to detect those errors (detection risk, sometimes referred to as residual risk).
(ii) Inherent risk
The susceptibility of an assertion to misstatement that could be material (individually or in aggregate) assuming no related internal controls.
An example of inherent risk is that the inventory of a computer manufacturer has a high risk of obsolescence because of rapid technological change. Thus the assertion that inventory is correctly valued may be at risk.
(iii) Control risk
The risk that a misstatement that could occur (at the assertion level) and be material will not be prevented (or detected and corrected on a timely basis) by the internal control system.
(b) Factors affecting inherent risk
Many writers on auditing believe the inherent risk in every audit is 100%, and only the effect of internal controls can reduce the risk before the auditor commences his detailed audit work. However, looking at individual systems, one could argue that in many businesses the inherent risk in petty cash systems is small, because the value of the transactions and the petty cash balance in the accounts are immaterial.
Certain management and business factors do increase the audit risk, and this type of risk may be classified as inherent risk.
Factors to be considered in determining inherent risk
Companies that operate strong governance procedures may be considered as having lower inherent risk.
Companies that operate strong business risk processes and procedures may be considered as having lower inherent risk.
If the management’s competence is poor or there is a dominant chief executive, the inherent risk is higher.
If management follow aggressive earnings policies, inherent risk is higher.
If there have been recent changes in senior management or in the staff who maintain the accounting records, this increases inherent risk, as they are more likely to be inexperienced.
A company which has going concern problems (ie is making losses and/or has liquidity problems) has a higher inherent risk than a company with good profits and no liquidity problems.
Changes in accounting systems and procedures may increase inherent risk. Past audit experience may indicate higher inherent risk, eg errors always found in
year end inventory valuation, estimates of provisions and cut-off procedures. Some types of business are riskier than others. For instance, high technology
industries have a higher inherent risk because the company’s products may become obsolete and the company’s research and development may not be effective at producing replacement products.
Small businesses have a higher risk of failure than large ones. This is because they have less financial resources and concentration on a single market or product increases risk.
Companies which rely on a single customer or a single product have a higher risk. Companies which operate in capital industries (eg building companies and
manufacturers of machine tools) have a higher risk because demand falls more in a recession than with companies which produce or sell products for current
Where the business’s income is in cash, the inherent risk is high. However most of these businesses have strong controls to reduce the risk of misappropriation of the cash.
The inherent risk will be lower where the company has an internal audit department (this could be considered as an element of the control risk).
(c) Quantifying control risk
Ascertaining and recording the system
In order to understand the entity and its internal control, the auditor must ascertain, record, evaluate the internal controls. For the purchase system, this will specifically mean those operating and financial statement controls at the assertion level.
If I wish to place reliance on the control system in obtaining sufficient, appropriate audit evidence, I must then test the effectiveness of those controls I wish to place reliance upon. The purchases system is ascertained by asking the staff how the system operates and obtaining details of the documents used in the system. Normally, a flowchart will be used to record the purchases system.
The flowchart shows how purchases transactions are processed from raising the purchase requisition to paying the supplier, and it is divided vertically into the different people who operate the system (eg the user department, the buying; goods received, and accounting departments and the cashier).
In this way the flowchart shows the division of duties in the accounting system.
Normally, a walk-through test (ie checking a small sample’ of items from the start to end of the process) is used to check that the purchases system operates as recorded in the flowchart. The flowchart will be corrected if the walk-through test shows the system operates in a different manner from that originally recorded.
Alternatively, if the system is computerised, using CAATs would be an effective way of walking through the system.
Internal control questionnaire/evaluation
Either an internal control questionnaire (ICQ) or an internal control evaluation (ICE) is used to evaluate the controls.