2015 bpp f8 passcards
DESCRIPTION
This file helps to summarize the syllabus of ACCA paper F8.TRANSCRIPT
-
ACCA APPROVED CONTENT PROVIDER
ACCA PasscardsPaper F8Audit and Assurance
Passcards for exams up to June 2015
ACF8(INT)PC14.indd 1 30/05/2014 10:46
File Attachment9781472711830.jpg
sonyDraft
-
Fundamentals Paper F8Audit and Assurance
(000)ACF8PC Int_FP_Ricoh.qxp 6/3/2014 3:42 AM Page i
-
First edition 2007, Ninth edition 2014ISBN 9781 4727 1127 4
e-ISBN 9781 4727 1183 0British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from theBritish Library
Your learning materials, published by BPP LearningMedia Ltd, are printed on paper obtained from traceablesustainable sources.
Published byBPP Learning Media Ltd,BPP House, Aldine Place,142-144 Uxbridge Road,London W12 8AAwww.bpp.com/learningmedia
Printed in the United Kingdomby Ricoh UK LimitedUnit 2Wells PlaceMersthamRH1 3LG
All rights reserved. No part of this publication may bereproduced, stored in a retrieval system or transmitted, inany form or by any means, electronic, mechanical,photocopying, recording or otherwise, without the priorwritten permission of BPP Learning Media.
BPP Learning Media Ltd
2014
(000)ACF8PC Int_FP_Ricoh.qxp 6/3/2014 3:42 AM Page ii
-
Page iii
Preface Contents
Welcome to BPP Learning Medias ACCA Passcards for Paper F8 Audit and Assurance. They focus on your exam and save you time. They incorporate diagrams to kick start your memory. They follow the overall structure of the BPP Learning Medias Study Texts, but BPP Learning Medias ACCA
Passcards are not just a condensed book. Each card has been separately designed for clear presentation.Topics are self-contained and can be grasped visually.
ACCA Passcards are still just the right size for pockets, briefcases and bags.Run through the Passcards as often as you can during your final revision period. The day before the exam, tryto go through the Passcards again! You will then be well on your way to passing your exams.
Good luck!
(000)ACF8PC Int_FP_Ricoh.qxp 6/3/2014 3:42 AM Page iii
-
Preface Contents
Page
1 Audit and other assurance engagements 12 Statutory audit and regulation 93 Corporate governance 174 Professional ethics 255 Internal audit 376 Risk assessment 477 Audit planning and documentation 578 Introduction to audit evidence 639 Internal control 67
Page
10 Tests of controls 7711 Audit procedures and sampling 8912 Non-current assets 10113 Inventory 10714 Receivables 11315 Cash and bank 11916 Liabilities, capital and directors
emoluments 12317 Not-for-profit organisations 13118 Audit review and finalisation 13719 Reports 147
(000)ACF8PC Int_FP_Ricoh.qxp 6/3/2014 3:42 AM Page iv
-
1: Audit and other assurance engagements
Topic List
The purpose of assurance servicesExternal auditAssurance and reportsThe chronology of an audit
This chapter provides an introduction into why there is aneed for assurance services, such as external audit andreview. It is important that you have grasped the keyauditing concepts outlined in this chapter because it isthe foundation for the rest of your studies.You may not be examined specifically on these issues,but will need to understand them to answer otherquestions, later on.
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 1
-
The purpose ofassurance services
The chronology of an audit
Assurance and reports
External audit
There are various people interested in the financial statements of a company. They are called stakeholders.
Particularly in largercompanies, the owners of acompany and themanagement of thatcompany are distinct.
Directors are accountableto the shareholders in theirrole as stewards andagents. Accountable meansbeing required to justifyactions and decisions.
STAKEHOLDERSDirectors
CreditorsThe public
ShareholdersEmployees
Taxauthorities
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 2
-
1: Audit and other assurance engagementsPage 3
These issues are often discussed under the umbrellatitle corporate governance.
The UK government has made recommendations asto what constitutes good corporate governance invarious codes. These have been adopted by theListing Authority for the Stock Exchange in the formof the UK Corporate Governance Code. This isdiscussed in more detail in Chapter 3.A key consideration for directors is management ofrisk and internal controls.
Corporate governance is the system by whichcompanies are directed and controlled. Goodcorporate governance ensures that stakeholderswith a relevant interest in the companys businessare fully taken into account.
Audits or reviews can give stakeholders a degree of assurance concerning these issues.
Communication
Profitswarnings
Going concerndisclosure
Financialstatements
Internalcontrols
Risk policies
Directorsaccountability
Investmentprotection
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 3
-
The purpose ofassurance services
The chronology of an audit
Assurance and reports
External audit
An audit is an exercise whose objective is to enable auditors to express an opinionwhether the financial statements (FS) are prepared, in all material respects, inaccordance with an identified financial reporting framework. The phrases used toexpress the auditors opinion are give a true and fair view or present fairly, in allmaterial respects which are equivalent terms.
Auditors do not bear any responsibility for thepreparation and presentation of the financialstatements, which is the responsibility of thedirectors.
Fair presentation requires the faithfulrepresentation of the effect of the transactions,other events and conditions in accordance with thedefinitions and recognition criteria for assets,liabilities, income and expenses set out in theapplicable Framework.
Exam focusThere are many misconceptions about the role of theauditors, which are referred to as the expectationsgap (the gap between what auditors do and whatpeople think they (should) do).
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 4
-
1: Audit and other assurance engagementsPage 5
Statutory audits are required bylaw for most companies (smalland dormant companies may beexempt). Various other bodiesrequire an audit under law,including: building societies, tradeunions, some charities.
The objective of a review engagement is toenable an auditor to give an opinion onwhether anything has come to his attentionthat would mean the FS were not properlyprepared/true and fair, on the basis ofprocedures which would not constitute anaudit.
Non-statutory audits areperformed on various clubs,sole traders and partnershipsbecause the owners wantthem, not because it is legallyneeded.
External v internal auditLarger entities often haveinternal audit. Internal auditorsact as a control. Their workcan benefit the externalauditors.
Means of settling accounts Accounts may be more acceptable to taxation
authority May facilitate the sale of the business, or
negotiation of a loan Useful for a sleeping partner
Advantages of the non-statutoryaudit
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 5
-
Assurance and reports
The purpose ofassurance services
The chronology of an audit
External audit
The external audit can be distinguished from review engagements by the level of assurance provided.Engagement Type of assurance provided Examples
External audit Reasonable Statutory external auditReview Limited Review of interim financial statements
Criteria Report Evidence Subject matter Three party relationship
Elements of an assurance engagement
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 6
-
1: Audit and other assurance engagementsPage 7
Not purely objective Not all items in FS checked Limitations of systems
Chance of collusion in fraud Time lag (period reporting) Limitations of the auditors
report
Limitations of an audit
Reasonable assuranceis not a guarantee ofcorrectness, but anassurance of truth andfairness within areasonable margin oferror.
Materiality is the expression of the relativesignificance or importance of a particularmatter in the context of the FS as a whole. Amatter is material if its omission ormisstatement would reasonably influencethe decisions of the addressee of theauditors report. It has both qualitative andquantitative aspects.
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 7
-
The chronology of an audit
The purpose ofassurance services
Assurance and reports
External audit
Report tomembers
Report tomanagement
Fullsubstantiveprocedures
Restrictedsubstantiveprocedures
Tests ofcontrols
Overallreview of
FS
Plan theaudit
Understandthe
entity
Assess risk/select procedures
Report tomanagement
Controls Deficiencies
UnsatisfactorySatisfactory
Chronology of an audit
(001)ACF8PC Int_CH01.qxp 6/3/2014 3:44 AM Page 8
-
2: Statutory audit and regulation
Topic List
Statutory requirementsAudit regulationRights and dutiesInternational Standards on Auditing
This chapter contains essential background knowledgeabout the regulation of auditing. Auditing is self-regulatingin the UK, the government having devolved this duty tothe RSBs (of which ACCA is one). This may notnecessarily be the case in other countries. It also looksat the authority of ISAs.The details in this chapter could be examined either inisolation or in conjunction with the topics contained inChapter 4 on professional ethics and appointment.
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 9
-
Statutoryrequirements
Rightsand duties
Audit regulation
InternationalStandards on Auditing
Most limited companies are required to have a statutory audit.There are some exemptions, one ofwhich is small entities.
A small entity is any enterprise in which:(a) There is concentration of ownership/management in a small number of people, and(b) One or more of the following are also found:
(i) Few sources of income and uncomplicated activities(ii) Unsophisticated record-keeping(iii) Limited internal controls and potential for management override of internal controls(iv) Few personnel, many having a wide range of duties
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 10
-
The statutory opinion UK example
2: Statutory audit and regulationPage 11
Adequate accounting records have been kept andreturns adequate for the audit have been receivedfrom branches not visited.
The accounts are in agreement with the accountingrecords and returns.
All information and explanations have beenreceived that the auditors think necessary.
Details of directors emoluments and other benefitshave been correctly disclosed in the FS.
Particulars of loans and other transactions in favourof directors and others have been correctly disclosedin the FS.
Implicit opinions
The auditors give an opinion as to whether theFS are true and fair, or present fairly.This is generally taken to mean that accounts: Are factual Are free from bias Reflect the commercial substance of the
businesss transactionsThey also report on the consistency of thedirectors report.
Explicit opinions
Note: In the UK there are extra reporting requirements for auditors of companies appying the UK CorporateGovernance Code.
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 11
-
Statutoryrequirements
Rightsand duties
Audit regulation
InternationalStandards on Auditing
UKVarious associations exist, such as ACCA/ICAEW. Stringent entry requirements/codes of ethics.
EligibilityThis is likely to be directed by national law. It should ensure that audits are only done by people with suitablequalifications and experience.
There should also be supervision and monitoring of auditors by the national regulatory body. Inspection woulddepend on various factors, such as the size of firm and the number of audits carried out.The regulatory body should expect to see commitment to technical excellence and ethics.
In the EU, people carrying out audits must have the permission of the relevant authorities. In the UK, therelevant authorities are the RSBs (associations such as ACCA).
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 12
-
Statutoryrequirements
Rightsand duties
Audit regulation
InternationalStandards on Auditing
2: Statutory audit and regulationPage 13
In the UK, the Companies Act 2006 provides the auditors with statutory rights, as well:
The overriding duty of the auditors is to report on the truth and fairness of the FS. This is a dutyowed to shareholders.
A right of access at all times to the books, accounts and vouchers of the company. A right to require from the companys officers such information and explanations as they think
necessary for the performance of their duties as auditors. A right to attend any general meetings of the company and to receive all notices of and
communications relating to such meetings which any member of the company is entitled to receive. A right to be heard at general meetings which they attend on any part of the business that concerns
them as auditors. A right to receive a copy of any written resolution proposed.
Statutory rights
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 13
-
Statutoryrequirements
Rightsand duties
Audit regulation
InternationalStandards on Auditing
IFAC is the International Federation of Accountants, based in New York. IFAC co-operates with member bodiesfrom around the world to initiate, co-ordinate and guide efforts to achieve international technical, ethical andeducational pronouncements for the accountancy profession.
The International Auditing and AssuranceStandards Board (elected from members ofthe IFAC) issues International Standards onAuditing (ISAs). ISAs are specially written totry to incorporate the differences which willexist between accounting under variousnational laws.They do not override national law, but ifnational law conflicts with the best practice inan ISA, member bodies of IFAC from thatcountry are required to encourage a changein the law to conform to the ISA.
International Standards on Auditing (ISAs) International Standards on Review Engagements
(ISREs) International Standards on Assurance Engagements
(ISAEs) International Standards on Related Services (ISRSs) International Standards on Quality Control (ISQCs) International Auditing Practice Notes (IAPNs)
IAASB Pronouncements
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 14
-
2: Statutory audit and regulationPage 15
Authority of IASSB pronouncements ISAs are applied in the audit of financial
information. ISREs are applied in the review of historical
financial information. ISAEs are applied in assurance engagements
other than the audit and review of historicalfinancial information.
IAPNs provide practical assistance to auditors.
Exam focusChapter 2 of your Study Text includes a list of ISAsexaminable in F8, as well as other examinabledocuments.
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 15
-
Notes
(002)ACF8PC Int_CH02.qxp 6/3/2014 3:45 AM Page 16
-
3: Corporate governance
This chapter discusses the importance of good corporategovernance within a company and the aims andobjectives of audit committees.The topic of corporate governance could be examined inconjunction with internal audit (Chapter 5) in a scenarioquestion.
Topic List
Corporate governanceCodes of best practiceAudit committeesInternal control effectivenessCommunication with those chargedwith governance
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 17
-
Communication with thosecharged with governance
Internal controleffectiveness
Codes of bestpractice
Auditcommittees
Corporategovernance
The problem of corporate governanceThe problem of corporate governance arises because often incompanies (particularly larger ones) management and owners arenot the same people. The managers (stewards) of the companyreport to the owners. Other people use that report to drawconclusions about the company.This report (the financial statements) is audited by auditors, whoreport on its truth and fairness.
Corporate governance is the system by which companies are directed and controlled.
Directors Owners
Auditors
Other users
Employees Creditors
Financial statements
Exam focusAn audit committee is one corporate governance tool.You could beasked to discuss the benefits of having an audit committee
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 18
-
Communication with thosecharged with governance
Internal controleffectiveness
Auditcommittees
Corporategovernance
Codes of bestpractice
3: Corporate governancePage 19
Codes of Best Practice for corporate governance are increasingly common worldwide. One example is the UKguidance, the UK Corporate Governance Code. This looks at the following:
Leadership and effectivenessof the Board Audit Role of audit committees
AdvantagesCan be applied flexiblySmaller entities can pick and chooseDoes not create burden of requirement
DisadvantagesInsufficient protectionChoice of non-compliance
Voluntary codes
The UK Corporate Governance Code is primarilyrelevant to listed companies although consideredbest practice for all companies. It is voluntaryalthough listed and public interest entities mustreport on non-compliance and explain why the codehas not been followed.
Shareholder relations Remuneration
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 19
-
Communication with thosecharged with governance
Internal controleffectiveness
Codes of bestpractice
Auditcommittees
Corporategovernance
The Board Meet regularly Balance of execs/non-execs Some non-execs to be independent Rigorous/transparent nomination process Directors to submit for re-electionChairman Roles of Chairman/Chief Exec to be distinct.Internal controls and risk management Board should maintain sound risk management
and internal control systems.Audit committee Should be established.
Internal audit Consider the need for the internal audit function
annually.Remuneration Formal transparent process for setting
reasonable remuneration.Relations with shareholders Ensure satisfactory dialogue with shareholders.Auditors FTSE 350 companies should put the external
audit contract out to tender at least every 10 years.
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 20
-
3: Corporate governancePage 21
Promote transparent and efficient markets, andconsistent with law.
Protect shareholders rights. Equitable treatment of all shareholders. Encourage co-operation between corporations
and stakeholders. Timely and accurate disclosure on all material
matters.
Accountability to company and shareholders.
OECD Principles of Corporate Governance
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 21
-
Communication with thosecharged with governance
Internal controleffectiveness
Codes of bestpractice
Auditcommittees
Corporategovernance
Duties
Review of internal audit
Review of internal controls
Special investigations
Liaison with external auditors Determine scope of external
audit Forum to link directors/auditors Deal with auditors reservations Obtain information for auditors
AdvantagesIncreased confidence in credibility of reportingFrees executive directors to manageReporting lines for internal audit/impartial link forexternal auditCreates culture opposed to fraud
DisadvantagesSelecting suitable independent non-executivedirectors can be difficultFormality may dissuade reporting onjudgemental issuesCost of audit committee
Audit committees
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 22
-
3: Corporate governancePage 23
Communication with thosecharged with governance
Internal controleffectiveness
Codes of bestpractice
Auditcommittees
Corporategovernance
DirectorsInternal controls and risk management are very importantin fulfiling directors duties to the shareholders, which are:
AuditorsAs part of their audit: Ascertain controls Review controls Evaluate controls Determine audit approach based on
controlsCan also offer services: To review controls Report to shareholdersas a function separate from audit
Therefore they: Set up a system of internal control Review its effectiveness Consider the need for internal audit
To safeguard the assets To prevent and detect fraud
Protect the investment ofthe shareholder
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 23
-
Communication with thosecharged with governance
Internal controleffectiveness
Codes of bestpractice
Auditcommittees
Corporategovernance
The auditors responsibilities in relation to theaudit.
Planned scope and timing of the audit. Significant findings from the audit. Auditor independence.
Matters to be communicated
ISA 260 Communication with those charged with governance provides guidance.The objectives of communicating are to:
Assist in understanding audit-relatedmatters and develop a constructive workingrelationship.
Obtain information relevant to the audit.
Assist those charged with governance tofulfill their responsibility to oversee thefinancial reporting process.
1
2
3
(003)ACF8PC Int_CH03.qxp 6/3/2014 3:46 AM Page 24
-
4: Professional ethics
Topic List
Code of Ethics and ConductIntegrity, objectivity and independenceConfidentialityAppointment ethicsEngagement letters
The ACCAs Code of Ethics and Conduct is a key topicarea.When approaching questions on ethics, follow a three-stage strategy: What do the fundamental principles say? What does the detailed guidance say? What does my common sense/practical experience
tell me?Professional ethics is likely to be examined in a scenariosituation so you will have to apply your knowledge to theparticular facts in the question.
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 25
-
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
Code of Ethics and ConductThis lays out ACCAs rules stating the ethics and behaviour required by all members and students of the ACCA.Guidance is in the form of fundamental principles (see below), specific guidance and explanatory notes.Integrity Members shall be straightforward and honest in all business and professional relationships.
Objectivity Members shall not allow bias, conflicts of interest or undue influence of others to override professional orbusiness judgements.
Professionalcompetence anddue care
Members have a continuing duty to maintain professional knowledge and skill at a level required to ensure that aclient or employer receives competent professional service based on current developments in practice, legislationand techniques. Members shall act diligently and in accordance with applicable technical and professionalstandards when providing professional service.
Confidentiality Members shall respect the confidentiality of information acquired as a result of professional and businessrelationships and should not disclose any such information to third parties without proper or specific authority orunless there is a legal or professional right or duty to disclose. Confidential information acquired as a result ofprofessional and business relationships should not be used for the personal advantage of members or third parties.
Professionalbehaviour
Members shall comply with relevant laws and regulations and should avoid any action that discredits theprofession.
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 26
-
4: Professional ethicsPage 27
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
RisksThe ACCA provides specific guidance on:
A members objectivity must be beyond question if he/she is to repor t as an auditor.That can only beassured if the member is, and is seen to be, independent.
Undue dependence on an audit client. If total feesfrom a client that is a public interest entity exceed15% of the firms total fees for two years in a rowthe firm must: Disclose this to those charged with
governance Arrange an independent pre/post-issuance
review Overdue fees
Actual/threatened litigation Associate firms: influences outside the practice Family and other close personal relationships Beneficial interest in shares or other investments Voting on audit appointment Loans to and from clients Goods, services and hospitality
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 27
-
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
ExampleA key risk to independence arises from the provisionof other services to audit clients. An auditor: Must not assume a management responsibility May not prepare accounts for a public interest
entity Must not review his own work Cannot be an employee of an audit client
Safeguards against loss of objectivity Quality control procedures Audit committee Partner rotation
The Code of Ethics and Conduct identifies the following risks to independence and objectivity: Self-interest Advocacy Intimidation Self-review Familiarity
The benefit of partner rotation is that loss ofindependence through familiarity is guarded against.In practice it is not popular because of the loss oftrust and experience built up. If an individual is a keyaudit partner for seven years for a public interestclient, they must be rotated off the audit for two yrs.
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 28
-
4: Professional ethicsPage 29
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
A member should not use (orappear to use) information forhis own or some others benefit.
The professional duty of confidentiality
Obligatory Member knows or
suspects that client isinvolved in treason, drugtrafficking or terroristoffences.
Under ISA 250 whennon-compliance with lawsand regulations causesmaterial misstatements inFS.
Voluntary Disclosure is reasonably
necessary to protect themembers interests.
Disclosure is compelledby process of law (sayin an action wheremember must giveevidence).
It is in the publicinterest to disclose.
Some governmentbodies have statutorypowers to compeldisclosure.
Disclosure
Exceptions to the prohibition on disclosure:
Exam focusInformation gained from professional work shouldnot be disclosed unless: Consent obtained from client It is required by law A professional right/duty to disclose
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 29
-
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
Before acceptanceThe auditors should: Ensure professionally qualified to act. Ensure existing resources adequate. Obtain references. Communicate with present auditors.
Consider whether disqualified on legal or ethicalgrounds
Consider available time, staff and technical expertise Make independent enquiries if directors not
personally known Enquire whether there are reasons/circumstances
behind the change which the new auditors ought toknow, also courtesy
After acceptanceThe auditors should: Ensure outgoing auditors removal/resignation properly conducted. Ensure the new auditors appointment is valid. Set up and submit a letter of engagement.
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 30
-
4: Professional ethicsPage 31
Approach bynew audit client
No need to followprofessional rules - theauditors can make own
decision
Give old auditors duenotice then decide onbasis of knowledgeobtained otherwise
Write for all informationpertinent to the
appointment section
Prospective auditorsshould declineappointment
Accept/rejectappointment
decisionIs this thefirst audit?
Does clientgive old auditors
permission toreply?
Doesclient give
permission tocontact oldauditors?
Doold auditors
provide informationrelevant to newappointment?
Yes
Yes
Yes
Yes
No
No
No
No
Appointment decision tree
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 31
-
Appointmentethics
Engagementletters
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
Advertising, publicity and obtainingprofessional work
Client screeningAs part of the tendering process, audit firms shouldassess the potential client, to see whether they wantto be engaged by them. Some firms will use checklistsof standard questions to come to this conclusion.
Audit feeThe audit fee is a sensitive issue. It is estimatedaccording to charge out rates and work planned.
Lowballing is offering audit services at less thanthe market rate; undercutting others in a tender.
It can be an independence threat as such a fee is lessthan the work is worth. However, audit does have afluctuating market price and firms can reduce fees.
Should not obtain or seek work in anunprofessional manner.
Can advertise, but should have regard torelevant advertising codes/standards.
Should not make disparaging referencesto/comparisons with the work of others.
Should not quote fees without great care not tomislead.
Should not offer fees, commission or reward tothird parties for introducing clients.
Members
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 32
-
4: Professional ethicsPage 33
Sources of information about new clients
Good prospects Well-financed Strong controls Prudent accounting Competent directors No unusual transactions
Low risk
Enquiries of other sources (bankers, solicitors)Review of documents (most recent annual accounts, listing particulars, credit rating)Previous auditors (previous auditors should disclose fully all relevant information)Review of rules/standards (consider specific laws/standards that relate to industry)
Factors for consideration in client screening
Poor performance Lack of finance Odd accounting Lack of FD Significant related party/
unusual transactions
High risk Management integrity Risk Relationships Ability to perform the work Engagement economics
1
2
34
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 33
-
Engagementletters
Appointmentethics
Code of Ethics and Conduct
ConfidentialityIntegrity, objectivityand independence
Guidance on engagement letters is given in ISA 210Agreeing the terms of audit engagements. It applies toaudit assignments ONLY.
ISA 210The auditor must first establish whether thepreconditions for an audit are present.The auditor must also confirm there is a commonunderstanding between the auditor and the client on theterms of the engagement.
Objective and scope of the audit Auditors responsibilities Managements responsibilities Identification of applicable financial
reporting framework Expected form and content of any reports
The audit engagement letter
The audit engagement letter is the written terms of an engagement in the form of a letter.
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 34
-
4: Professional ethicsPage 35
Elaboration of scope Form of any other communication Unavoidable risk of not detecting some
material misstatements Planning and performance arrangements Expectation of provision of written
representations Agreement to provide draft financial
statements Agreement to inform auditor of facts that may
affect financial statements
Fees and billing Request to acknowledge receipt of letter and
to agree terms Involvement of other auditors, experts Involvement of internal auditors, other staff Predecessor auditor Restriction of auditors liability Any further agreements Obligations to provide audit working papers to
other parties
Additional matters that can be included
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 35
-
Notes
(004)ACF8PC Int_CH04.qxp 6/3/2014 3:46 AM Page 36
-
5: Internal audit
Topic List
Internal auditInternal audit assignmentsReportingOutsourcing
Internal audit is an important control function in anorganisation and an example of good corporategovernance. This chapter looks at the best practicerecommendations of the UK Corporate GovernanceCode in relation to the internal audit function, as well ascontrasting the rules of internal and external audit.We also look at the types of assignment carried out byinternal audit, reporting and the advantages anddisadvantages of outsourcing the internal audit function.Internal audit is likely to be examined in a scenarioquestion, perhaps in conjunction with corporategovernance.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 37
-
Internal audit ReportingInternal auditassignments
Outsourcing
Internal audit is an appraisal or monitoring activity established by management and directors, for the reviewof internal control as a service to the entity. It examines, evaluates and reports to management and thedirectors on the adequacy and effectiveness of internal control. It is a key element of effective corporategovernance.
Internal audit and the audit committeeThe UK Corporate Governance Code, as an example of an international code on corporate governance,recommends that the audit committee of a company should: Monitor and review effectiveness of internal audit activities. If there is no internal audit function, consider annually whether there is need for one. If there is no internal audit function, explain this absence in the annual report.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 38
-
5: Internal audit Page 39
Distinction between internal and external auditPurpose Scope Relationship to
companyReporting Fraud
Internalaudit
An activitydesigned toadd value andimprove anorganisationsoperations.
Internal auditswork relates tothe operations ofthe organisation.
Internal auditors areoften employees ofthe organisation,although sometimesthe internal auditfunction isoutsourced.
Internal auditreports toseniormanagementand auditcommittee.
Prevention and detection offraud is managementsresponsibility. But internalauditors should be alert torisks and exposures thatcould allow fraud.
Externalaudit
An exercise toenable auditorsto express anopinion on thefinancialstatements.
External auditswork relates tothe financialstatements. Theyare concernedwith the financialrecords thatunderlie these.
External auditors areindependent of thecompany and itsmanagement. Theyare appointed by theshareholders.
Auditorsreportaddressed toshareholders.
Prevention and detection offraud is managementsresponsibility.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 39
-
ReportingInternal auditassignments
Internal audit Outsourcing
Value for money is aperformance measuresummarised in three qualities(which a product or activitypossesses): Economy Efficiency Effectiveness
Management should, as part ofnormal business process, assesseconomy, efficiency andeffectiveness in operations (avalue for money audit).
Value for money audit is an assignment which internal audit can undertake onbehalf of management in its monitoring role.It can be carried out on any area of the business at the request ofmanagement (eg service delivery, management process, environment).
Economy: attaining the appropriate quantity and quality of physical, humanand financial resources (inputs) at the lowest cost.Efficiency: this is a measure of the relationship between goods andservices produced (outputs) and the resources used to produce them(inputs).Effectiveness: how well an activity is achieving its policy objectives or otherintended effects.
Financial audits are more the traditional realm of the internal auditors. These involve reviewing the companyrecords and other available evidence to substantiate information in financial and management reporting.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 40
-
5: Internal audit Page 41
Best value is aperformance frameworkintroduced in local authoritiesby the UK government,whereby they shouldimplement the 4 Cs: Challenge (how and why
is a service provided?) Compare (to other
authorities/private sector) Consult (targets set in
consultation with taxpayers/service users)
Compete (faircompetition)
Internal audit can monitor best value to ensure that the authority has systemsin place to achieve best value. Internal audit will also be involved in setting upbest value because a good understanding of current systems is needed.
Information technology auditsInformation technology is an increasingly important area of business. Internalaudit can monitor and test controls in the following areas:
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 41
-
Operational audits are audits of the operationalprocesses of the organisation. They are also knownas management, or efficiency audits. Their primeobjective is monitoring of managementsperformance, ensuring company policy is adhered to.
Approaching operational audit assignmentsThere are two aspects of an operational assignment: Ensure policies are adequate Ensure policies work effectively
ReportingInternal auditassignments
Internal audit Outsourcing
Focus on systems in the purchases department Objectives and tests as are outlined in Chapter 10
where the purchases system will be discussed
Procurement audits
Testing controls Fraud investigations Customer service reviews Review of compliance with laws
Other assignments
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 42
-
5: Internal audit Page 43
Examine the effectiveness of controls by observing them in operation and testing them (by similarmethods to those considered in Chapters 9 10).Report to management on adequacy and effectiveness, giving suggestions for improvement in bothareas where required.
4
5
Obtain written copies of the policies in the area to be audited.
Read them and assess whether they are adequate to meet objectives.
Discuss the policies with members of the department to ensure understanding is correct.
1
2
3
Procedures
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 43
-
ReportingInternal auditassignments
Internal audit Outsourcing
Internal audit reportsThere are two types of internal audit report: Risk-based Performance enhancement
Most work is likely to be risk-based but either way, aformal report will be the result.There is usually no formal requirement for internal auditreports, however the generally accepted report formatfor business includes the following: Terms of reference Executive summary Body of report Appendices for additional informationDraft report discussed at an exit meeting.
Background to assignment Objectives Major outcomes Key risks identified Key action points Summary of work left to do
Contents of executive summary
Report should describe purpose, scope and resultsof the engagement.Internal audit reports should be dated, marked asdraft or final and include a distribution list.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 44
-
OutsourcingReportingInternal auditassignments
Internal audit
5: Internal audit Page 45
Outsourcing Service provider has good quality staff Ensures team with specialist skill/qualifications Provides immediate team Can be appointed for appropriate timescale Is likely to cost less than setting up a
department
Not outsourcing Cost of recruiting staff (to the service provider) Need for staff of particular skill/qualification Difficulty of managing an IA department for
directors Extended time frame between set up and results Work involved may not justify a full-time team Team might be required due to variety of skills
needed
Outsourcing
Outsourcing is the process of purchasing key functions from an outside source. Audit firms (particularlylarger ones) are increasingly offering internal audit services as part of their portfolio.
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 45
-
ReportingInternal auditassignments
Internal audit Outsourcing
Managing an outsourced departmentThe company will need to establish controls to manage the outsourced internal audit function.
Performance measures for cost and areas reviewed Maintenance of appropriate audit methodology Review of working papers on a sample basis Agreement of work plans in advance If external auditor from same firm, ensure firm has safeguards to keep the
functions separate to maintain independence and objectivity
Controls over outsourced internal audit function
(005)ACF8PC Int_CH05.qxp 6/3/2014 3:47 AM Page 46
-
6: Risk assessment
Topic List
RiskMaterialityUnderstanding the entityAssessing riskFraud, law and regulationsDocumentation of risk assessment
This chapter examines audit risk, materiality and the useof analytical procedures at the audit planning stage.Risk assessment is a key topic area and may come up ina scenario-based question where you are asked toidentify risks from the information provided to you in thequestion and explain why they are risks.
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 47
-
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
Understandingthe entity
MaterialityRisk
Financialrisk: risksarising fromthe financialactivities orfinancialconsequencesof anoperation
Business risk: the risk inherent to the entity in itsoperations (at all levels of the business).
RISK
Operationalrisk: riskarising withregard tooperations
Compliancerisk: risk thatarises fromnon-compliancewith laws andregulations
Audit risk: the risk that the auditors give aninappropriate opinion on the FS.
Audit risk modelAudit risk =
Risk of material misstatement Detection risk
Inherent risk Control risk
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 48
-
6: Risk assessmentPage 49
The components of audit riskInherent risk is the susceptibility of an assertion to a misstatement that could be material, individually orwhen aggregated with other misstatements, assuming there were no related internal controls.
Control risk is the risk that a material misstatement that could occur in an assertion and that could bematerial, individually or when aggregated with other misstatements, will not be prevented or detected andcorrected on a timely basis by the entitys internal control.
Detection risk is the risk that the auditors procedures will not detect a misstatement that exists in anassertion that could be material, individually or when aggregated with other misstatements.
ISA 200 Overall objectives of the independent auditor and the conduct of an audit in accordance withInternational Standards on Auditing states that auditors must plan and perform the audit with an attitude ofprofessional scepticism.
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 49
-
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
Understandingthe entity
MaterialityRisk
To calculate a level of materiality for thefinancial statements as a whole, theauditor will often use the benchmarksbelow, although professional judgementmust be applied:
MaterialityGuidance on materiality for the financial statements as a whole, and onperformance materiality is given in ISA 320 Materiality in planning andperforming an audit.
Profit before tax:5% Gross profit: 0.5 1% Revenue: 0.5 1% Total assets: 1 2% Net assets: 2 5% Profit after tax: 5 10%
Calculating materiality
Performance materiality is the amount(s) set by the auditor at less thanmateriality for the financial statements as a whole, to reduce to anappropriately low level the probability that the aggregate of uncorrected andundetected misstatements exceeds materiality for the financial statements asa whole.Performance materiality also refers to the amount(s) set by the auditor atless than materiality for particular classes of transactions, account balances ordisclosures.
Information is material if its omission or misstatement could influence theeconomic decisions of users taken on the basis of the financial statements.
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 50
-
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
Understandingthe entity
MaterialityRisk
6: Risk assessmentPage 51
Risk assessmentThe auditor shall perform a risk assessment toprovide a basis for the identification andassessment of risks of material misstatement.
The engagement team shall discuss thesusceptibility of the entitys financial statements tomaterial misstatements and the application of theapplicable financial reporting framework to theentitys facts and circumstances.
Risk assessment procedures shall include: Inquiries of management/internal auditors/
others in entity Analytical procedures
Observation and inspectionThe auditor may also perform other procedureswhere circumstances merit it.
ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and itsenvironment provides guidance.
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 51
-
Understandingthe entity
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
MaterialityRisk
Relevant industry, regulatory and other externalfactors including applicable reporting framework
Nature of the entity Selection, application and suitability of accounting
policies Entitys objectives and strategies and related
business risks that could lead to materialmisstatement
Measurement and review of the entitys financialperformance
Internal control relevant to the audit: Control environment Entitys risk assessment process Information system relevant to financial
reporting Entitys communication of financial reporting
matters Control activities relevant to the audit Activities to monitor internal control over
financial reporting
Matters to gain understanding of (from ISA 315)
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 52
-
Assessingrisk
Documentation of risk assessment
Fraud, lawand regulations
Understandingthe entity
MaterialityRisk
6: Risk assessmentPage 53
ISA 330 The auditors responses to assessed risksrequires the auditor to obtain sufficient appropriateaudit evidence regarding assessed risks bydesigning and implementing appropriateresponses.
Financial statement level possible responses
Assertion level possible responses
Emphasise professional scepticism to team Assign more experienced staff Provide more supervision Incorporate more unpredictability into testing Make general changes to nature, timing or extent
of audit procedures
Design and perform audit procedures whose nature,timing and extent are responsive to the assessedrisks of material misstatement, eg tests of controlsonly, substantive procedures only, a combinedapproach.
Assessing risk
Reducing riskTo reduce audit risk to an acceptably low level, theauditor shall determine overall responses to theassessed risks at the financial statement level andshall design and perform further audit proceduresto respond to assessed risks at the assertion level.
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 53
-
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
Understandingthe entity
MaterialityRisk
FraudThis includes: Fraudulent financial reporting Misappropriation of assets
ResponsibilitiesManagement and those charged with governanceare responsible for prevention and detection.Auditors must be aware of the possibility ofmisstatement due to fraud.
Under ISA 240The auditor shall identify and assess the risks ofmaterial misstatements in the financial statementsdue to fraud, both at the financial statement leveland at the assertion level.
Risk assessment procedures Inquiries of management/those charged with
governance Consideration of fraud risk factors (these are
listed in an appendix to ISA 240) Consideration of results of analytical procedures Consideration of other relevant information
Under ISA 250The auditor shall obtain a general understanding ofthe legal and regulatory framework applicable to theentity and how the entity is complying with thatframework.
Law and regulations
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 54
-
6: Risk assessmentPage 55
Auditors should bear in mind their professional duty of confidentiality and seek legal advice, ifrequired.
To the appropriate level of management if auditorhas identified/is suspicious of fraud
To those charged with governance if fraudinvolves management or significant employees
To regulators if there is a statutory duty In auditors report if necessary
Fraud
To those charged with governance or obtainevidence that they are appropriately informed
To audit committee/supervisory board if seniormanagement implicated
To regulators if there is a statutory duty In auditors report: if non-compliance has a
material effect and has not been properlyreflected
Law and regulations
Reporting
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 55
-
Documentation of risk assessment
Fraud, lawand regulations
Assessingrisk
Understandingthe entity
MaterialityRisk
ISAs 315 and 330 require documentation at the risk assessment stage of the audit.
Discussion among audit team Understanding of the entity and its controls Identified and assessed risks of material misstatement Risks identified and related controls evaluated Overall responses Nature, extent and timing of further audit procedures Results of audit procedures If relying on evidence on controls from prior audit, conclusions regarding appropriateness Demonstration that the financial statements agree or reconcile with underlying accounting records
Matters to be documented
(006)ACF8PC Int_CH06.qxp 6/3/2014 3:48 AM Page 56
-
7: Audit planning and documentation
Topic List
Audit planningAudit documentation
Planning is a vital stage of the audit process and islinked to risk assessment which was introduced in theprevious chapter.The importance of maintaining and retaining auditdocumentation is also considered here.This topic could come up in a scenario question askingyou to identify audit risks or in a knowledge-basedquestion on the audit strategy or audit plan.
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 57
-
Auditdocumentation
Auditplanning
ISA 300 Planning an audit of financial statements sets out the objectives of planning.
The audit strategy sets the scope,timing and direction of the audit, andguides the development of the detailedaudit plan.
The audit plan converts the auditstrategy into a more detailed plan andincludes the nature, timing and extentof audit procedures in order to obtainsufficient appropriate audit evidence toreduce audit risk to an acceptably lowlevel.
1
2
3
To help the auditor to devote appropriateattention to important areas.To help identify and resolve potential problemson a timely basis.To perform the audit in an effective manner.
To assist in selecting appropriate teammembers and in assignment of work.To facilitate the direction, supervision and reviewof work.To assist in co-ordination of work done byauditors of components and experts.
4
5
6
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 58
-
7: Audit planning and documentationPage 59
Characteristics of the engagement Reporting objectives, timing of audit and nature
of communications Significant factors, preliminary engagement
activities, and knowledge gained on otherengagements
Nature, timing and extent of resources
Audit strategy: matters to consider The audit plan must include the following:Nature, timing and extent of plannedrisk assessment procedures.Nature, timing and extent of furtheraudit procedures at assertion level.Any other planned audit proceduresrequired to comply with ISAs.
The audit strategy and audit plan shall be updated and changed as necessary during the course of the audit,with any changes, and reasons for them, documented.Auditors may plan to carry out the audit in two sittings an interim audit and a final audit. The interim auditoccurs during the period of review and focuses on risk assessment/internal control evaluation. The final auditfocuses on the financial statements.
1
2
3
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 59
-
Auditdocumentation
Auditplanning
Provides evidence of auditors basis for conclusion Provides evidence that audit was planned and performed in accordance with ISAs Assists engagement team to plan and perform audit Assists in direction, supervision and review of audit work Enables team to be accountable Allows a record of matters of continuing significance to be retained Enables conduct of quality control reviews and inspections
Objectives of audit documentation
Guidance is given in ISA 230 Audit documentation.
Audit documentation is the record of audit procedures performed, relevant audit evidence obtained andconclusions the auditor reached (also called working papers).
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 60
-
7: Audit planning and documentationPage 61
Size and complexity of entity Nature of audit procedures Identified risks Significance of evidence obtained Nature and extent of exceptions Need to document a conclusion Audit methodology and tools used
Factors affecting form and content ofdocumentation Audit documentation will be split between current
audit files and permanent audit files.Current audit files contain information relevant tocurrent year (eg financial statements, reviewnotes, audit plan, management letter).Permanent audit files contain information ofcontinuing importance (eg engagement letter,legal documents, board minutes, prior yearsfinancial statements).
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 61
-
Notes
(007)ACF8PC Int_CH07.qxp 6/3/2014 3:48 AM Page 62
-
8: Introduction to audit evidence
Topic List
Audit evidenceFinancial statement assertionsAudit procedures
The auditor obtains evidence in order to form the auditopinion. It is vital that this evidence is: Sufficient AppropriateThis chapter describes the financial statement assertionsover which audit evidence is required. These are veryimportant as exam questions will tend to focus on auditprocedures required to test particular assertions.
(008)ACF8PC Int_CH08.qxp 6/3/2014 3:49 AM Page 63
-
Auditevidence
Auditprocedures
Financial statementassertions
ISA 500 Audit evidence gives guidance:
Risk assessment Nature of systems Materiality of item Experience Source and reliability Results of procedures
SufficiencyQuantity
Under ISA 500Auditors must design and perform audit procedures to obtain sufficient appropriate audit evidence.
External evidence (more reliable than internal)Auditor evidence (collected from auditors better than obtained from entity)Entity evidence (more reliable when controls effective)Written evidence (more reliable than oral)Original evidence (original better than photocopies)
AppropriatenessQuality
Influenced by:
Audit evidence is all of the information used by the auditor in arriving at the conclusions on which the auditopinion is based.
(008)ACF8PC Int_CH08.qxp 6/3/2014 3:49 AM Page 64
-
8: Introduction to audit evidencePage 65
Auditprocedures
Financial statementassertions
Auditevidence
Assertions About classes of transactions and events
(occurrence, completeness, accuracy, cut-off, classification) About account balances at the period-end
(existence, right and obligations, completeness, valuation and allocation) About presentation and disclosure
(occurrence, rights and obligations, completeness, classification and understandability, accuracy andvaluation)
Financial statement assertions are the representations by management, explicit or otherwise, that areembodied in the financial statements, as used by the auditor to consider the different types of potentialmisstatements that may occur.
(008)ACF8PC Int_CH08.qxp 6/3/2014 3:49 AM Page 65
-
Auditprocedures
Financial statementassertions
Auditevidence
Audit proceduresThese are carried out to: Obtain an understanding of the
entity and its environment to assessrisks (risk assessmentprocedures).
Test operating effectiveness ofcontrols (tests of controls).
Detect misstatements (substantiveprocedures).
Inspection of tangible assets Inspection of documentation or records Observation Inquiry Confirmation Recalculation Reperformance Analytical procedures
Audit procedures
(008)ACF8PC Int_CH08.qxp 6/3/2014 3:49 AM Page 66
-
9: Internal control
Topic List
Internal control systemsAuditors and internal controlEvaluating internal controlInternal controls in a computerisedenvironment
Internal controls are a key topic area and this chapter isessential background to Chapter 10 which looks atpractical aspects of controls testing in the context of thekey transactions cycles.
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 67
-
Control environment Risk assessment process The information system relevant to financial
reporting Control activities Monitoring of controls
Components of internal control
Internal control is the process designed and effected by those charged with governance, management andother personnel, to provide reasonable assurance about the achievement of the entitys objectives with regardto reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicablelaws and regulations.
Internal controlsystems
Auditors andinternal control
Evaluatinginternal control
Internal controls in acomputerised environment
Relevant controlsNot all controls are relevant to the auditors riskassessment. The auditor is primarily concerned withthose which are part of the management of risk thatmay give rise to a material misstatement in the FS.
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 68
-
9: Internal controlPage 69
The attitudes, awareness and actions ofmanagement.
Control environment
Communication and enforcement of integrityand ethical values
Commitment to competence Participation by those charged with
governance Managements philosophy and operating style Organisational structure Assignment of authority and responsibility Human resource policies and practices
+The process of identifying and responding tobusiness risk.Risk can arise due to:
Risk assessmentprocess
Changes in operating environment New personnel New/revamped information systems Rapid growth New technology New business models, products or activities Corporate restructuring Expanded foreign operations New accounting pronouncements
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 69
-
Internal controlsystems
Auditors andinternal control
Evaluatinginternal control
Internal controls in acomputerised environment
+
A process to assess the quality of internal control performance over time Operating as intended/modified as appropriate Internal audit may perform part of this function
Monitoring of controls
This consists of: Infrastructure (physical/hardware) Software People Procedures DataThe IS relevant to FR objectives initiates, records,processes and reports transactions.
Information system
Policies and procedures which ensure thatmanagement directives are carried out. Performance reviews Information processing Physical controls Segregation of duties
Control activities
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 70
-
9: Internal controlPage 71
Costs of control outweigh the benefit Potential for human error Possibility of collusion in fraud
between employees Controls could be bypassed/
overridden by management Controls are designed to cope with
routine transactions not non-routineones
Hence segregation of duties is vital
Exam focusInternal control only provides directors with reasonable assurance that objectives are metbecause internal control has inherent limitations.
Limitations of internal control
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 71
-
Internal controlsystems
Internal controls in acomputerised environment
Auditors andinternal control
Evaluatinginternal control
Advantage: easy to record Disadvantage: difficult to update
(unless computerised)Aim to describe and explain the system.Can support flowcharts.
Narrative notes
Advantages: quick to prepare, easy to follow,complete system, eliminate extensive narrative
Disadvantages: only suitable for standard systems,good for document flow not controls, difficult toamend, can waste time
Flowcharts
Two main types: Internal control questionnaire (ICQ) Internal control evaluation questionnaire (ICEQ)ICQs Try to answer the question are the desirable
controls present?ICEQs Try to establish if specific frauds/errors
are possible.The advantages of questionnaires are that they arethorough and quick.
Questionnaires
Similar to internal control questionnaire.
Checklists
Auditors must record the clients systems. Narrative notes, flowcharts questionnaires or checklists may be used.
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 72
-
Auditors andinternal control
Internal controlsystems
Evaluatinginternal control
Internal controls in acomputerised environment
9: Internal controlPage 73
Assessment of systemsAuditors: Assess the adequacy of the accounting
systems as the basis for the FS Identify the types of potential misstatement
that could occur in the FS Consider factors that affect the risk of
misstatements Design appropriate audit proceduresThe auditors must gain an understanding of theinformation system so that they can understand themajor classes of transaction, how transactions areinitiated, what the significant records are, and whatthe financial reporting process is.
Risk assessment proceduresTo obtain an understanding of the entity and its environment: Inquiries of management and other personnel Analytical procedures Observation and inspectionie assessment of controls is an integral part of riskassessment (see Chapter 6)
Assessment of control riskAuditors shall carry out tests of controls if: Risk assessment indicated that controls are operating
effectively. The auditor has determined it is not possible/
practicable to reduce risk at assertion level toacceptable level by substantive procedures.
Assessing internal controls
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 73
-
Internal controlsystems
Auditors andinternal control
Evaluatinginternal control
Internal controls in acomputerised environment
If risk assessment has shown controls to beineffective testing will not be undertaken. Itmay also be inefficient to test controls if thepopulation consists of a few large items whichcan be tested quickly by substantive tests.
Tests of controls are performed to obtain audit evidenceabout the operating effectiveness of controls in preventing,or detecting and correcting material misstatements.
When controls testing is completed, auditorsmake a final assessment of control risk, andrevise the nature, timing and extent ofsubstantive procedures accordingly.
Inquiries about and observation of controlprocedures
Inspection of documents supporting controls Examination of evidence of management views Reperformance of control procedures to ensure
they were correctly performed Testing on controls operating on specific
computer applications
Tests of controls may include:
Auditors should consider: how controls wereapplied, how consistently they were appliedand by whom. Controls testing is oftencompleted on an interim audit.
Auditors should combine inquiry with anothertype of procedure when testing controls.
Tests of controls
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 74
-
Evaluatinginternal control
Internal controlsystem
Auditors andinternal control
Internal controls in acomputerised environment
9: Internal controlPage 75
In a computerised environment, there are two important types of control.
It is important that management have an IT security and use policy which should include the following: Procedures including passwords, data protection and information distribution Legal requirements (data protection legislation) and licensing agreements Commitment to information security Overall supervision by senior management Consequence of disobeying the rules
General controls are controls required over development(systems design and testing), changes to programs(passwords/records of changes maintained), testing of programchanges, prevention of incorrect use (operation controls) andcontrols to ensure continuity (back-up and disaster recovery).
Application controls relate to proceduresused to initiate, record, process and reporttransactions.
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 75
-
Notes
(009)ACF8PC Int_CH09.qxp 6/3/2014 3:50 AM Page 76
-
10: Tests of controls
Topic List
Sales systemPurchases systemInventory systemCash systemPayroll systemRevenue and capital expenditure
It is important to be comfortable with: Examples of controls for specific transaction areas What the control is trying to achieve (objective)Some examples of tests of controls have been given inthe shaded boxes in this chapter. However, they are notexhaustive. Remember that the test is seeking toestablish whether the control is effective. If you bear thatin mind you should be able to tailor tests of controls tothe specific scenario in the question.You will also need tobe able to explain why you would carry out a particulartest of controls.
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 77
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
Ordering/granting credit Sale made to good credit
ratings Who are encouraged to pay
promptly Orders are correct Orders are fulfilled
Dispatch/invoicing All despatches are recorded Invoicing is correct and for
goods supplied Credit notes given are for
valid reasons
Accounting/recording/creditcontrol
Transactions are recorded In correct accounts In correct period Irrecoverable debts identified
Aims of control
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 78
-
10: Tests of controlsPage 79
Ordering/granting credit Segregation of duties (credit control/invoice/despatch) Authorisation of credit terms (checks obtained review) Sequential numbering of pre-printed order forms Correct prices quoted to customers Match orders to dispatch notes (o/s orders queried) Dealing with customer queriesDispatch/invoicing Authorisation of dispatch Examination of goods despatched (quality) Recording of goods outward Match dispatch notes to order/invoice (o/s queried) Sequential numbering of pre-printed dispatch notes Signature of customer on delivery notes Authorisation of price on invoice (price list) Arithmetical checks on invoicesAccounting/recording/credit control Segregation of duties (recording sales/statements) Recording of sequence of sales invoices Matching cash receipts with invoices Retention of customer remittance advices
Tests of controlsTest for evidence of: References Authorisation Credit terms/limits Matching ordersVerify matching of sales invoices with dispatch notes.Test numerical sequences of records (enquireabout gaps).Observe quality inspections or inspectdocumentary evidence of inspections.Review invoices for evidence arithmetical checkshave occurred.Review entries in ledger, scrutinise for credit limits,inspect reconciliations.
Controls
Preparation/checking of receivables statements Review/chase overdue accounts/authorised write-
off Reconciliation of receivables ledger control account
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 79
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
Ordering Orders are authorised and
for the company Made from authorised
suppliers At good prices
Receipt/invoice Only accepted if from
authorised order Accurately recorded Liabilities recognised for
goods received Credits are claimed
Accounting Expenditure is only for
received goods Authorised Properly recorded In correct account In correct period
Aims of control
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 80
-
10: Tests of controlsPage 81
Ordering Segregation of duties (requisitioning/ordering) Central policy for choice of supplier Use of pre-numbered purchase requisitions Authorised, pre-numbered (safeguarded) order forms Monitoring of supplier terms for most favourableGoods received Examine goods inwards (quality) and record deliveries Compare goods received notes (GRNs) with orders Reference suppliers invoices Check suppliers invoices (maths, prices, quantities) Record goods returns Have procedures for obtaining credit notesAccounting Segregation of duties (recording/checking) Prompt recording in day books and ledgers Comparison of supplier statements to ledger accounts Authorisation of payments (limits/goods received) Review of allocation of expenditure
Tests of controlsIt is important that auditors test that invoices aresupported by genuine purchase orders, authorisedby correct individual. Inspect invoices to ensurethey are supported by GRNs, authorised, pricedcorrectly, coded correctly, entered in inventory,maths correct, posted to ledger.Review numerical sequences.Observe whether the purchase day book isreferenced to invoices.Review a sample of supplier statementreconciliations.Inspect control account reconciliations.
Controls
Reconciliation of payables ledger with total ofbalances
Procedures for cut-off
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 81
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
Recording All inventory movements recorded/authorised All inventories recorded are owned by company Inventories recorded exist Inventory quantities recorded are correct Cut-off procedures correctly applied
Protection Safeguarded against loss/theft/damage
Valuation Costing system values inventories correctly Allowance made for slow moving/obsolete
inventories
Inventory holding Levels of inventories held are reasonable
Aims of controls
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 82
-
10: Tests of controlsPage 83
Tests of controlsObserve and test check inventory counts, ensurediscrepancies are investigated, authorised andcorrected.Review inventory count instructions and ensure staffhave been provided with a copy.Inventory counting is covered in more detail inChapter 13.Observe goods inwards inspection.Check sequence of inventory records.Observe security arrangements for inventories.Consider the environment in which inventories areheld.
ControlsRecording Segregation of duties (custody/recording) Goods inwards met and checked Inventory issues supported by documentation Inventory records maintainedProtection Precautions against theft (restriction) Precautions against deterioration Security over inventory held by third parties Regular inventory takingValuation Valuation agrees with IAS 2 Inventories Calculations are checked Condition of inventories is reviewed Accounting for waste is provided forInventory holding Provision made for inventory levels Minimum/maximum inventory levels exist
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 83
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
ControlsReceipts Segregation of duties Post stamped with date of receipt Restrictions on receipt of cash (salespeople only) Agreement of cash collections to till rolls Prompt maintenance of records Giving and recording receipts for cash
All monies received are banked, recorded andsafeguarded against loss/theft.
All payments are authorised, made out to the correctpayees, recorded.
Payments are not made twice for the same liability.
Cash system: aims of controls Bank Daily bankings, banking of receipts intact Restrictions on opening new bank accounts Limitations on cash floats Surprise cash counts Custody of cash and cheques Restrictions on issuing blank cheques Bank reconciliationsPayments Cheque requisitions supported by
documentation/authorised Authorised signatories Prompt dispatch of signed cheques Payments recorded promptly Cash payments authorised Limit on disbursements Rules of cash advances to employees
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 84
-
Page 85 10: Tests of controls
Tests of controlsObserve post opening. Trace entries on listing to cash book, paying in book, bank statement.Observe whether cash is banked daily.Review records for evidence that cash receipts are agreed to till rolls (eg signatures, spreadsheet entries).Review documentation for evidence of agreement of cash receipts from cash book to paying-in slips, bank,posting to the sales ledger, posting to the general ledger.For cash payments, check that cheques are signed by authorised signatories (paid cheques can berequested from the bank), check to supplier invoice, verify that supporting documents are stamped paid.Review postings to the ledgers.Review a sample of bank reconciliations to ensure properly carried out.Observe a cash count.
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 85
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
Tests of controlsIt is vital to check that all aspects of the payroll (amounts/ deductions/payments) are authorised.Attend cash payouts to ensure controlled.Test password protection by inputting test data. Reviewreconciliations to ensure properly carried out and thatdiscrepancies are followed up.
Controls Segregation of duties Authorisation of changes and payments Password protection for computerised payroll Custody of cash for cash payouts Maintenance of salary bank account Reconciliation of accounts Reconciliation of wages costs to payroll
records Reconciliations of deductions Surprise cash counts
Employees only paid authorised amounts for work done. Deductions are recorded and pay agrees to bank records. Correct employees are paid. Deductions are correct and paid over to the correct authorities.
Payroll system: aims of controls
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 86
-
Salessystem
Purchasessystem
Inventorysystem
Cashsystem
Payrollsystem
Revenue andcapital expenditure
10: Tests of controlsPage 87
ControlsOrdering Orders for capital items should be authorised
specifically Should be requisitioned on different documentationInvoices Should be approved by authorised person Should be coded correctlyRecording Capital items should be written in the non-current
asset register Non-current asset register reconciled to general
ledger Segregation of duties (requisitioning/ordering) Central policy for choice of supplier
Tests of controlsIt is vital that auditors check that all invoicesare supported by genuine purchase orders,authorised by the correct individual.
AuthorisationAll expenditure is authorised(see purchases above).
RecordingAll expenditure is correctly classified in theFS as capital or revenue expenditure.
Capital and revenue expenditure: aims ofcontrols
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 87
-
Notes
(010)ACF8PC Int_CH10.qxp 6/3/2014 3:51 AM Page 88
-
11: Audit procedures and sampling
Topic List
Substantive proceduresAccounting estimatesSamplingCAATsUsing the work of others
In this chapter, we look at substantive procedures,including analytical procedures.We also look at the audit of accounting estimates, andthe use of sampling and CAATs when carrying out auditprocedures.Auditors can often rely on the work of others such asexperts and internal auditors during the audit and this isalso considered in this chapter.The topics in this chapter are likely to come up in theexam frequently, either in a scenario or a knowledge-based question.
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 89
-
Substantiveprocedures
Using the work of others
CAATsSamplingAccountingestimates
Tests to discover errors start in the accountingrecords.
Tests to discover omissions start outside of theaccounting records.
Model for an audit plan: Agree opening balances to last years working papers Review general ledger for unusual records Check client schedule to/from accounting records/FS Carry out analytical review Test transactions in detail Test balances in detail Review presentation and disclosure in the FS
Auditors need to obtain sufficient appropriate audit evidence to support the financial statement assertions.This is done through substantive testing.
Substantive procedures are tests todetect material misstatements in the FS.They are generally of two types: Analytical procedures Other procedures
Directional testingSubstantive tests fall into two categories(broadly speaking).
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 90
-
11: Audit procedures and samplingPage 91
Test itemTest debit items (expenditure or assets) foroverstatement by selecting debit entriesrecorded in the nominal ledger and checkingvalue, existence and ownership.Test credit items (income or liabilities) forunderstatement by selecting items fromappropriate sources independent of thenominal ledger and ensuring that there is acorrect nominal ledger entry.
ExampleIf a non-current asset entry in the nominal ledger of$1,000 is selected, it would be overstated if it shouldhave been recorded at anything less than $1,000 or ifthe company did not own it, or indeed if it did notexist.Select a goods despatched note and check that theresultant sale has been recorded in the nominalledger sales account. Sales would be understated ifthe nominal ledger did not reflect the transaction at all(completeness) or reflected it at less than full value.
Exam focusA test for the overstatement of an asset simultaneously gives comfort on understatement of other assets,overstatement of liabilities, overstatement of income and understatement of expenses.
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 91
-
Substantiveprocedures
Using the work of others
CAATsSamplingAccountingestimates
Analytical procedures are the evaluations of financial information through analysis of plausiblerelationships among both financial and non-financial data.
ISA 520 Analytical procedures gives guidance on use of analytical procedures as substantive tests andoverall review.
Analytical procedures(a) Comparisons of this years financial information
with:(i) Similar information for prior periods(ii) Anticipated results/budgets(iii) Industry information(iv) Expectations produced by the auditor
(b) Elements of financial information which areexpected to conform to patterns
(c) Links between financial/non-financialinformation
Determine suitability for given assertions Evaluate reliability of data Develop an expectation and evaluate
whether sufficiently precise
Determine amount of acceptable difference
Analytical procedures as substantivetests
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 92
-
11: Audit procedures and samplingPage 93
Auditors will use the primary accounting ratios (youshould be familiar with these). There are also anumber of significant relationships in FS:
Significant relationshipspayables/purchases inventories/cost of sales
non-current assets/depreciation/repairs expenseintangible assets/amortisation
loans/interest expenseinvestments/investment income
receivables/bad debt expense/sales
Significant fluctuations andunexpected relationships
When these are identified, the auditors shall: Make inquiries of directors. Consider management response in light of
knowledge/evidence. Carry out other audit procedures where
necessary.
Ratio analysis Examining related accounts Trend analysis Reasonableness tests
Practical techniques
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 93
-
Substantiveprocedures
Using the work of others
CAATsSamplingAccountingestimates
Guidance is given in ISA 540 Auditing accounting estimates, including fair value accounting estimates, andrelated disclosures.
An accounting estimate is an approximation of a monetary amount in the absence of a precise means ofmeasurement, for example, allowances to reduce inventory/receivables to their estimated realisable value,depreciation, accrued revenue, provision for a lawsuit, construction contracts or warranty claims.
Consider reasonableness of assumptions. Consider if management has considered alternative assumptions. Evaluate whether estimates are reasonable or misstated. Obtain evidence about accuracy of disclosures. Evaluate adequacy of disclosure of estimation uncertainty for estimates that give rise to significant risks. Consider if any management bias. Obtain written representations whether management believes significant assumptions used are
reasonable.
Audit procedures
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 94
-
Substantiveprocedures
Using thework of others
CAATsSamplingAccountingestimates
11: Audit procedures and samplingPage 95
ISA 530 Audit sampling provides guidance.
Designing sample sizeThe auditor must design a sample size sufficient toreduce sampling risk to an acceptably low level.
Audit sampling is the application of audit procedures to less than 100% of items within a population of auditrelevance such that all sampling units have a chance of selection. It uses either statistical sampling or non-statistical sampling methods.
Purpose of audit procedure Characteristics of population
Design of sample-factors to consider
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 95
-
Substantiveprocedures
Using the work of others
CAATsSamplingAccountingestimates
Sampling risk arises from the possibility that theauditors conclusion, based on a sample of a certainsize, may be different from the conclusion that wouldbe reached if the entire population were subjected tothe same audit procedure.
Random (all items have equal chance ofselection)
Systematic (constant interval betweenitems)
Haphazard (chosen at will, but guardingagainst bias in the selection)
Block (check if items have particularcharacteristics)
Monetary unit sampling (value-weightedselection)
Selection
Non-sampling risk arises from factors that cause theauditor to reach an erroneous conclusion for anyreason not related to the size of the population (egusing inappropriate audit procedures).
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 96
-
11: Audit procedures and samplingPage 97
EvaluationAuditors must analyse any deviations or misstatementsin the sample and draw inferences for the population asa whole.Qualitative aspects of the error should be considered(nature of error/balance). Errors may be projectedagainst the whole balance of the population.
Determine objectives and characteristicsof population
Determine sample size Choose method of sample selection Project errors and evaluate results
Summary
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 97
-
Substantiveprocedures
Using the work of others
CAATsSamplingAccountingestimates
IT brings many advantages to audit, particularly in areas such as analytical review.
CAATs are audit procedures performed using computers which can enhance the detail of the test undertakenand the result of the test. They consist of audit software and test data.
Audit softwareThis performs checks that auditors would otherwisehave had to do by hand. Interrogation (data files) Comparison (comparing versions) Interactive (on-line) Resident code (as transactions are processed)
Test dataThis is a way of checking whether systems areoperating properly: feed the system some data tosee how it is processed.The data may be valid or invalid, depending on theobjective of the test.
(011)ACF8PC Int_CH11.qxp 6/3/2014 3:51 AM Page 98
-
Substantiveprocedures
Using thework of others
CAATsSamplingAccountingestimates
11: Audit procedures and samplingPage 99
ISA 610 Using the work of internal auditors provides guidancein this area.The external auditor's objectives are:
If the auditors decide to make use of the work of internal audit,they must evaluate that work.The important criteria when determining whether the work ofthe internal audit function can be used are: Extent to which its objectivity is supported Level of competence Whether approach is systematic and disciplined
An auditors expert is an individual ororganisation possessing expertise in a field otherthan accounting or auditing, whose work in thatfield is used by the auditor to assist the auditor inobtaining sufficient appropriate audit evidence.
ISA 620 Using the work of an auditors expertrequires the auditor to agree the following withthe expert.
Nature, scope and objectives of their workRespective roles and responsibilitiesNature, timing and extent of communication,including form of any reportConfidentiality req