isa summary.docx

8/10/2019 ISA Summary.docx

1/23

ISA 200 Summaries: Overall Objectives of the Independent Auditor and theConduct of an Audit in Accordance with International Standards on Auditing

ISA 200 ScopePara 1-09

ISA 200 deals with the independent auditors overall responsibilities when conducting anaudit of financial statements in accordance with ISAs.

Explains the scope, authority and structure of the ISAs. ISAs are written in the context of an audit of financial statements. An audit in accordance with ISAs is conducted on the premise that management and,

where appropriate, those charged with governance have acknowledged certainresponsibilities that are fundamental to the conduct of the audit.

The audit of the financial statements does not relieve management or those chargedwith governance of their responsibilities

Effective Date of ISA 200: for periods beginning on or after 15 December 2009

ISA 200 Objectives:

To obtain reasonable assurance about whether the financial statements as a whole arefree from material misstatement, whether due to fraud or error, thereby enabling theauditor to express an opinion on whether the financial statements are prepared, in allmaterial respects, in accordance with an applicable financial reporting framework; and

To report on the financial statements, and communicate as required by the ISAs, inaccordance with the auditors findings.

Definitions

For definitions refer definition page

ISA 200 Requirements

Compliance with ethical requirement relating to audit of financial statement. Auditor shall exercise professional judgment in planning and performing audit of financial

statement. Auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an

acceptably low level for expression of opinion Auditor shall comply with all ISAs relevant to the audit. Auditor shall comply with each requirement of an ISA unless, entire ISA is irrelevant or

requirement is conditional and condition doesnt exist In case of departure from ISA auditor shall perform alternative audit procedures to

achieve the aim of that requirement. If objective of ISA cannot be achieved auditor shall evaluate whether this prevents the

auditor from achieving the overall objectives of the auditor and thereby requires theauditor, in accordance with the ISAs, to modify the auditors opinion or withdraw from theengagement. Document the same in accordance withISA 230.
http://leaccountant.com/isa-230-summary/http://leaccountant.com/isa-230-summary/


2/23

ISA 210 Summary: Agreeing the Terms of Audit Engagements

ISA 210 Scope

This ISA deals with the auditors responsibilities in agreeing the terms of the audit engagementwith management and, where appropriate, those charged with governance.

Establishing certain preconditions for an audit. Establishing responsibility which rests with management and, where appropriate, those

charged with governance.

Effective Date of ISA 210 for periods beginning on or after December 15, 2009.

ISA 210 Objectives:

To accept or continue an audit engagement only when the basis upon which it is to beperformed has been agreed.

Establishing whether the preconditions for an audit are present; and Confirming that there is a common understanding between auditor and management

and where appropriate those charged with governance.

Definitions; See definition page

ISA 210 Requirements:

Financial reporting framework to be applied in the preparation of the financial statementsshall be acceptable.

Management acknowledges and understands its responsibility;o For the preparation of the financial statements in accordance with the applicable

financial reporting framework, including where relevant their fair presentation;o For such internal control as management determines is necessary to enable the

preparation of financial statements that are free from material misstatement,whether due to fraud or error; and

o To provide auditor with access of all information, additional information andunrestricted access to person in company for audit.

If limitation on the scope of audit prior to acceptance of audit that will result indisclaiming opinion dont accept engagement unless required by law.

Agree the terms of audit engagement with management or those charges withgovernance an Engagement letter shall at least include;

o The objective and scope of the audit of the financial statements;o The responsibilities of the auditor;o The responsibilities of management;o Identification of the applicable financial reporting framework for the preparation of

the financial statements; ando Reference to the expected form and content of any reports to be issued by the

auditor and a statement that there may be circumstances in which a report maydiffer from its expected form and content.


3/23

If above components of engagement letter is in law and regulation, engagementletter not necessary.

On recurring audit assess the change in circumstances and need to reviseengagement letter.

There must be reasonable justification for change in engagement letter, after it has beenagreed.

If change not agreeable with management, Withdraw and consider the legal orcontractual obligation.

Financial Reporting Standards Supplemented by Law or Regulation

Auditor consider the conflict between law and standards;o Additional disclosure oro change description of applicable financial reporting framework

Financial Reporting Framework Prescribed by Law or RegulationOther MattersAffecting Acceptance

Financial reporting frame unacceptable but required by law accept engagement if;o Management agree to provide additional disclosureso Add emphasis of matter paragraph in audit report.o Dont add true and fair like statement unless required and allowed by law.

If above conditions are not meet and audit required by law, evaluate effect of misleadinginformation and include reference to that in the engagement letter.

Auditors Report Prescribed by Law or Regulation

In some cases law prescribe wording of audit report, auditor shall consider whether users mightmisunderstand the assurance obtained, if so then Whether additional explanation in the

auditors report can mitigate possible misunderstanding. If cannot be mitigated dont acceptaudit engagement unless required by law.

An audit conducted in accordance with such law or regulation does not comply with ISAs.Accordingly, the auditor shall not include any reference within the auditors report to the audithaving been conducted in accordance with ISAs.

ISA 220 Summaries: Quality Control for an Audit of Financial Statements

ISA 220 Scope

This deals with the specific responsibilities of the auditor regarding quality controlprocedures for an audit of financial statements. It also addresses, where applicable, theresponsibilities of the engagement quality control reviewer. This ISA is to be read inconjunction with relevant ethical requirements.


4/23

System of Quality Control and Role of Engagement Teams

Quality control systems, policies and procedures are the responsibility of the audit firm. UnderISQC 1, the firm has an obligation to establish and maintain a system of quality control to

provide it with reasonable assurance that:

The firm and its personnel comply with professional standards and applicable legal and

regulatory requirements; and

Reports issued by the firm or engagement partners are appropriate in the circumstances.

This ISA is premised on the basis that the firm is subject to ISQC 1 or to national requirementsthat are at least as demanding.

Within the context of the firms system of quality control, engagement teams have a

responsibility to implement quality control procedures that are applicable to the auditengagement and provide the firm with relevant information to enable the functioning of that part

of the firms system of quality control relating to independence.

Engagement teams are entitled to rely on the firms system of quality control, unless information

provided by the firm or other parties suggests otherwise.

Effective Date of ISA 220 15 December 2009

ISA 220 Objectives

The objective of the auditor is to implement quality control procedures at the engagement levelthat provide the auditor with reasonable assurance that:

The audit complies with professional standards and applicable legal and regulatoryrequirements; and

The auditors report issued is appropriate in the circumstances.

Definitions

For definitions refer definitions page

ISA 220 Requirements

Leadership Responsibilities for Quality on Audits

The engagement partner shall take responsibility for the overall quality on each audit

engagement to which that partner is assigned.

Throughout the audit engagement, the engagement partner shall remain alert, through

observation and making inquiries as necessary, for evidence of non-compliance with relevantethical requirements by members of the engagement team.


5/23

If matters come to the engagementpartners attention through the firms system of quality

control or otherwise that indicate that members of the engagement team have not complied with

relevant ethical requirements, theengagement partner, in consultation with others in the firm, shall determine the appropriate

action.

Independence

The engagement partner shall form a conclusion on compliance with independence requirementsthat apply to the audit engagement. In doing so the engagement partner shall:

Obtain relevant information from the firm and, where applicable, network firms, to

identify and evaluate circumstances and relationships that create threats to independence;

Evaluate information on identified breaches, if any, of the firms independence policies

and procedures to determine whether they create a threat to independence for the auditengagement; and

Take appropriate action to eliminate such threats or reduce them to an acceptable level byapplying safeguards, or, if considered appropriate, to withdraw from the audit

engagement, where withdrawal is possibleunder applicable law or regulation. The engagement partner shall promptly report to the

firm any inability to resolve the matter for appropriate action.

Acceptance and Continuance of Client Relationships and Audit Engagements

The engagement partner shall be satisfied that appropriate procedures regarding the acceptance

and continuance of client relationships and audit engagements have been followed, and shall

determine that conclusions reached in this regard are appropriate.

If the engagement partner obtains information that would have caused the firm to decline the

audit engagement had that information been available earlier, the engagement partner shallcommunicate that information promptly to the firm, so that the firm and the engagement partner

can take the necessary action.

Assignment of Engagement Teams

The engagement partner shall be satisfied that the engagement team, and any auditors expertswho are not part of the engagement team, collectively have the appropriate competence and

capabilities to:

Perform the audit engagement in accordance with professional standards and applicable

legal and regulatory requirements; and

Enable an auditors report that is appropriate in the circumstances to be issued.

Engagement Performance Direction, Supervision and Performance

The engagement partner shall take responsibility for:


6/23

The direction, supervision and performance of the audit engagement in compliance with

professional standards and applicable legal and regulatory requirements; and

The auditors report being appropriate in the circumstances.

Reviews

The engagement partner shall take responsibility for reviews being performed in accordance with

the firms review policies and procedures.

On or before the date of the auditors report, the engagement partner shall, through a review of

the audit documentation and discussion with the engagement team, be satisfied that sufficientappropriate audit evidence has been obtained to support the conclusions reached and for the

auditors report to be issued.

Consultation

The engagement partner shall:

Take responsibility for the engagement team undertaking appropriate consultation on

difficult or contentious matters;

Be satisfied that members of the engagement team have undertaken appropriate

consultation during the course of the engagement, both within the engagement team and

between the engagement team and others at the appropriate level within or outside thefirm;

Be satisfied that the nature and scope of, and conclusions resulting from, such

consultations are agreed with the party consulted; and

Determine that conclusions resulting from such consultations have been implemented.

Engagement Quality Control Review

For audits of financial statements of listed entities, and those other audit engagements, if any, for

which the firm has determined that an engagement quality control review is required, the

engagement partner shall:

Determine that an engagement quality control reviewer has been appointed;

Discuss significant matters arising during the audit engagement, including those

identified during the engagement quality control review, with the engagement quality

control reviewer; and

Not date the auditors report until the completion of the engagement quality controlreview.

The engagement quality control reviewer shall perform an objective evaluation of the significantjudgments made by the engagement team, and the conclusions reached in formulating the

auditors report. This evaluation shall involve:

Discussion of significant matters with the engagement partner;


7/23

Review of the financial statements and the proposed auditors report;

Review of selected audit documentation relating to the significant judgments the

engagement team made and the conclusions it reached; and

Evaluation of the conclusions reached in formulating the auditors report and

consideration of whether the proposed auditors report is appropriate.

For audits of financial statements of listed entities, the engagement quality control reviewer, on

performing an engagement quality control review, shall also consider the following:

The engagement teams evaluation of the firms independence in relation to the audit

engagement;

Whether appropriate consultation has taken place on matters involving differences ofopinion or other difficult or contentious matters, and the conclusions arising from those

consultations; and

Whether audit documentation selected for review reflects the work performed in relation

to the significant judgments and supports the conclusions reached.

Differences of Opinion

If differences of opinion arise within the engagement team, with those consulted or, where

applicable, between the engagement partner and the engagement quality control reviewer,

the engagement team shall follow the firms policies and procedures for dealing with and

resolving differences of opinion.

Monitoring

An effective system of quality control includes a monitoring process designed to provide the firm

with reasonable assurance that its policies and procedures relating to the system of qualitycontrol are relevant, adequate, and operating effectively. The engagement partner shall consider

the results of the firms monitoring process as evidenced in the latest information circulated bythe firm and, if applicable, other network firms and whether deficiencies noted in that

information may affect the audit engagement.

Documentation

The auditor shall include in the audit documentation:

Issues identified with respect to compliance with relevant ethical requirements and how

they were resolved. Conclusions on compliance with independence requirements that apply to the audit

engagement, and any relevant discussions with the firm that support these conclusions.

Conclusions reached regarding the acceptance and continuance of client relationships andaudit engagements.

The nature and scope of, and conclusions resulting from, consultations undertaken during

the course of the audit engagement.


8/23

The engagement quality control reviewer shall document, for the audit engagement reviewed,

that:

The procedures required by the firms policies on engagement quality control review

have been performed;

The engagement quality control review has been completed on or before the date of theauditors report; and

The reviewer is not aware of any unresolved matters that would cause the reviewer to

believe that the significant judgments the engagement team made and the conclusions itreached were not appropriate.

ISA 230 Audit Documentation

Introduction

International Standard on Auditing 230:Audit Documentation requires auditor to document the

aspects of audit engagement as and when they happen. Each standard has certain requirements what to

document, however, ISA 230 covers the documentation responsibility of auditor in general.

Executive Summary

Auditor is required to maintain an audit file in which he shall document the findings and factsconcerning audit engagement and the procedures applied by the auditor to achieve audit

objectives. Audit documentation serves as an evidence that audit was conducted as per the

requirements of ISAs in addition to other benefits of documentation. Auditor shall document theprocedures, resultant audit evidence obtained and conclusions reached on the basis of evidence.

Auditor must document how he ensures the compliance of ISAs and in case if there is any

departure then how alternate approach achieved audit objectives.

1 Why Document Audit?

Audit documentation is simply the recordof:

audit procedures performed

Relevant audit evidence obtained by the application of audit procedures

And the conclusions and interpretations drawn by the auditor on the basis of audit evidence

obtained

The main purpose of audit documentation is to provide written or documented evidence

regarding different audit related matters and provides evidence of:
http://pakaccountants.com/standards/isa/isa230/http://pakaccountants.com/standards/isa/isa230/http://pakaccountants.com/standards/isa/isa230/http://pakaccountants.com/standards/isa/isa230/


9/23

1. The basis for a conclusion that auditors overall objective has been achieved

2. Audit planning and performance in accordance with the ISAs, applicable laws and regulatory

requirements

Other important purposes audit documentation serves are as follows:

Helping the engagement team in planning and performing audit. For example issues observed in

previous and current audit can help plan further procedures.

Enabling team members in supervision and review responsibilities of audit work performed by

junior team members.

Make engagement team answerable for the work it performed.

Helps in keeping the record of such matters which can aid in future audits.

Making it easy to conduct quality control reviews in accordance with ISAs or other applicable

regulations.

Making it possible to conduct external evaluations and inspections in the light of applicable

frameworks during or after engagement.

2 Objectives

Auditors objective is to prepare documentation in such a waythat it provides:

sufficient appropriate record of the basis on which auditors report is issued.

sufficient evidence that audit was carried out in accordance with applicable ISAs, legal and

regulatory requirements

Achieving objectivesRequirements

In order to achieve the objective, auditor has to take care of number of things related to

documentation which are:

Prepare audit documentation on timely basis

Document the audit procedures performed and evidence obtained

Assemble the audit documentation in a file called audit file

2.1 Timely preparation of audit documentation

The auditor shall assure timely preparation of audit documentation as it:

reinforces audit quality

Aids in review of work performed and evaluation of evidence gathered Enables the assessment of conclusions reached before audit report is finalized

Documentation should be done while performing the audit as documentation prepared after the

work will not be as accurate if it was prepared during the engagement.

2.2 Documentation of procedures performed and evidence obtained


10/23

Auditor shall document in such a way that an experienced auditor even having no connection

with the audit engagement can understand the following:

1. The nature, timing and extent of the audit procedures performed to comply with the ISAs and

applicable legal and regulatory requirements;

2.

The results of the audit procedures performed, and the audit evidence obtained; and

3. Significant matters arising during the audit, the conclusions reached thereon, and significant

professional judgments made in reaching those conclusions.

In documenting the audit procedures performed, the auditor shall also include in the

documentation following items:

Identifying characteristics of items and matters examined

Who conducted the audit work and when such work completed?

Who reviewed the work and when such review took place including the extent of such review?

The way the documentation is prepared and what should be included and what depends on

number of factors such as:

The size and complexity of the entity.

The nature of the audit procedures to be performed.

The identified risks of material misstatement.

The significance of the audit evidence obtained.

The nature and extent of exceptions identified.

The need to document a conclusion or the basis for a conclusion not readily determinable from

the documentation of the work performed or audit evidence obtained.

The audit methodology and tools used.

The audit documentation may be kept in paper form or electronic form or any media deemed fit.

The auditor however needs not to include the following in the documentation:

superseded drafts of working papers and financial statements,

notes that reflect incomplete or preliminary thinking,

previous copies of documents corrected for typographical or other errors,

duplicates of documents.

Oral description i.e. undocumented explanations cannot adequately supplement the work

performed but can be used to clarify the documented information.

2.2.1 Documenting compliance with ISAs

If entity follows the instructions stated in ISA 230 then it will automatically result in sufficient

appropriate documentation. However, other standards may contain additional instructions

regarding documentation which are given NOT to overrule the requirements of this standardrather supplement and clarify the requirements of ISA 230. Further, if no instruction is given


11/23


12/23

later review by other auditors and

subsequent audits

Sometimes a summary named completion memorandum is prepared that summarizes the matters

identified and how it was resolved. It may contain references to other supporting documents.

This helps in conducing quality assurance review being conducted efficiently and effectively.

The auditor should also document the significant matters raised in front of management or thosecharged with governance and the discussions on such matters including the date of discussions.

For this auditor may include minutes of meeting or discussions with third parties who advise

entity on professional matters.

If auditor discovers any inconsistency with his conclusion related to significant matters than

auditor shall document how such inconsistency was resolved. For this auditor does not have toretain superseded and incorrect documents

2.2.3 Departure from ISAs requirement

If auditor concludes that it is necessary to depart from the requirement of the ISA then he shall

document how alternative treatment achieved auditors objective including the reasons fordeparture.

However, documentation is necessary only if auditor departed from relevant requirement.

Requirement is not relevant when:

Whole standard is irrelevant in the circumstances

Requirement of standard is conditional and condition is not present

2.2.4 Matters arising after the date of auditors report

Auditor is not required to carry out any procedures once the auditors report has been issued. But

in some circumstances auditor may perform additional audit procedures or draw new conclusions

even after the date of auditors report e.g. subsequent events. In such circumventers auditor shall:

The circumstances arisen

Additional audit procedures performed, conclusions reached and resultant changes in audit

documentation

Who made and reviewed changes in audit documentation and when such changes were made

and reviewed.

2.3 Assembly of audit file

All the audit documentation are assembled in a file named as audit file and auditor is required to

complete the work related to assembling the audit file on timely basis. Usually completion of

audit file should not take more than 60 days after the date of auditors report to complete.


13/23

Assembling the audit file involves administrative tasks and does not amount to additional audit

procedures being performed.

Once the assembly of audit file is complete the auditor shall not made any changes to

documentation until the end of retention period which is usually not be shorter than five years

from the date of auditors report, or, if later, from the date of group auditors report.

However, during retention period, auditor may make administrative changes to audit file. For

example;

Sorting, collating and cross-referencing working papers

Deleting or discarding superseded documents

Signing off audit file assembly checklists

Documenting evidence which was obtained, discussed and agreed with members of

engagement team before the date of auditors report

In some circumstances after audit file is complete, auditor may conclude that modification toexisting audit file is necessary then irrespective of nature of modification, auditor shall

document:

The reason for making such change

When and by whom such changes were made and reviewed

International Standard on Auditing 240

Introduction

International Standard on Auditing 240: The Auditors Responsibilities Relating to Fraud

in an Audit of Financial Statements is probably one of those standards that got highlighted andmassively overhauled after the scandals in business cosmos like Enron. This standard clarifies

the responsibilities of management auditors pertaining to fraud and its effects on financial

statements and due to this fact it considered one of the important guidelines in auditingprofession.

Executive Summary

ISA 240 clarifies that it is management who is responsible to manage fraud. Auditor on the otherhand is interested in those fraudulent activities that affect the financial information and

ultimately increase audit risk. Auditor is required to carry out audit engagement with an attitudeof professional skepticism. To make audit engagement effective discussions among team

members, inquiries of personnel involved in the management of the entity and communicating

with those charged with governance is important. If fraud is suspected or identified, auditor shall

determine its effects on audit engagement. Audit is also required to document fraud suspected oridentified and how it was dealt.


14/23

1 Its all about expectations

Fraud is nothing new to business world. We have witnessed enormous scandals but one thing

remained the same and that is auditors are expected to find fraudulent activity.The questionis are they are really responsible as the duty of preparing true and fair financial statements is of

management and thus management is responsible but still as auditor is thought to beinvestigating the matters (which is not really an investigation) users of financial statementsexpects from auditor to unearth it.

ISA 240 lays down the requirements on:

1. fraud in auditing2. the responsibility of auditor towards it and3. dealing with fraudulent activities if found

2 What is Fraud in audit?

Its a generic philosophy and can be defined in many ways. But in concise manner we can define

fraud as:

I ntentional act of misrepresentation

In real world misrepresentation may arise due to number of reasons but auditor is interested in

those fraudulent activities that have the potential of causing material misstatements in the

financial statements. Therefore in case of independent auditors audit engagement the following

two acts are considered:

1. Misstatements in the financial statements arising out of fraudulent reporting2. Misstatements in the financial statements arising out of misappropriate of assets

2.1 Are misstatements always caused by fraud?

Misstatements are caused either by fraud or error. The factor that separates the two from each

other is whether misstatement is a result of intentional or unintentional action. If it isunintentional then most probably its effects are not that deep and might be a one-off event of

misstatement caused by human error, carelessness etc. Although error or errors may cause

material misstatements but it is not always the case.

However, if it is intentional then perpetrator will try to cover it up so that it looks normal and isnot easily discovered. In the process of dressing up misstatement as true and fair representation

will affect many aspects of financial information and that is why fraud will most probably resultsin material misstatement.

That is why if material misstatement is identified by the auditor as a result of audit proceduresauditor considers if it is due to fraud or error and designs the responses accordingly.


15/23

3 Responsibility towards fraud

3.1 Entity

Primarily it is the responsibility of both management and those charged with governance.

Management under the supervision of those charged with governance works to prevent fraud byeradicating possibilities of fraud by creating an entity-wide culture of strong ethics and honesty.

Supervision by management includes keeping close eye on management overriding controls or inany way controlling the financial reporting process for their own personal benefits.

3.2 Auditor

Auditors responsibility is to express an opinion on the financial statements for which he is

required to obtain reasonable assurance. Reasonable assurance means that in order to express anopinion that financial statements are giving true and fair view he must be reasonably sure that

financial statements are free from material misstatements due to fraud or error.

3.2.1 Why reasonable assurance?Revisited

In ISA 200 we understood that auditor cannot provide absolute assurance because of inherentlimitations of audit and thus he is restricted to provide reasonable assurance.

That alternatively means that there might be some material misstatements that go undetected

even if audit is properly planned and executed. And under fraudulent activities the risk of not

detecting misstatement is higher than the risk of not detecting error.

Reason is, as discussed above, activities involving fraud are followed by cover up activities andmisinformation that legitimize the existence of fraud. And thus makes it hard to detect it. This

becomes even more difficult if fraud involves management (management fraud) as opposed toemployee (employee fraud) because they are able to circumvent control activities, design and

change policies and reporting process and collusion. For example, employees are offered to buy

vehicles at book value. To buy vehicles at cheaper rate from organization, directors may increasedepreciation rate to reduce book value.

4 Objectives of ISA 240

Auditor is required to:

Identify and assess the risks of material misstatements due to fraud

Design further audit procedures to obtain sufficient appropriate audit evidence against

assessed risk

Design appropriate responses to detected or suspected fraud

5 Assessing Risk of Fraud


16/23

5.1 Auditor and Professional skepticism

ISA 200 required auditor to conduct audit with an attitude of professional skepticismwhich is involves staying vigilant towards indicators and possibilities that may lead to

fraud or can potentially result in fraud.

Being skeptic does not mean that auditor is required to assess the correctness of each andevery record by management. Auditor will only suspect if there are reasons to suspect in

which case auditor will probe further.

Auditors experience and knowledge regarding managements honesty shall not reduceauditors skeptic approach to ignore the reasons why financial information is misstated

and generalize it as error. If inconsistency is found auditor shall investigate the matter.

5.2 Discussions among team members

Discussions among team members increase effectiveness of audit. Engagement partners shalldecide what matters need to be discussed with team members not present in the discussion. The

purpose of discussions is to reinforce on the areas where fraud is suspected and expectation of itsoccurrence.

5.3 Risk assessment procedures

Inquiries

Inquiring management, employee, internal auditors and others helps auditor identify the

conditions and events that indicate fraud. This also helps auditor in learning if management and

those charged with governance are performing their duties to prevent and detect fraud.

Inquiries of management

Inquire management about:

1. Any assessment of fraud conducted by management2. What system management has in place to prevent, detect and respond to fraud identified

or suspected

3. Communication between management and those charged with governance regardingsystem in place to assess and respond to fraud risks

4. Managements instructions to employees like best practices or code of conduct etc.

Auditor shall also inquire management or relevant individuals if they have any knowledge ofsuspected or identified fraud. Also inquire those responsible to conduct internal audit function if

they know of any fraud actual or suspected and if there are conditions indicative of potential

fraud.

Unless those charged with governance are part of management, auditor shall inquire:


17/23

1. About supervising management and its functions including internal control system toeradicate fraud and associated risks

2. About suspected or actual fraud, if any, in their knowledge. This helps auditor tocorroborate inquiries of management.

Analytical procedures helps auditor in identifying information not consistent with expectations.Auditor can use these procedures as part of assessment of risk of fraud. If such inconsistencies

are found auditor shall evaluate the information.

Any other information in addition to entitys reporting system if auditor obtains information that

is inconsistent with the information auditor already holds then auditor shall investigate the

matter.

While performing risk assessment procedures auditor often obtain information regarding

existence of fraud risk factors. Fraud risk factors are simply the conditions that provideindication of fraud committed under motivation or pressure. Although existence of such factors

does not automatically mean that fraud also exist but most often if such conditions exist it isfound that fraud also exist and thus material misstatements in financial statements.

The auditor shall treat those assessed risk related to fraud as significant risks and auditor is

required to gain understanding of relevant controls expected to control such fraud occurrences.

6 Responses to Assessed Risk

6.1 General responses:

1. Make procedures unpredictable giving less room to those doing fraud or can do fraud to

adjust2. Supervise and assign work to team members depending on their knowledge, skill and

experience and the risk of fraud

3. Evaluate accounting policies selected and applied that are indicative of fraudulentreporting

6.2 Responses to risk of management override

As management has the prime control of business activities they have the authority to make orbreak the control activities. Due to this fact they may override controls to commit fraud and thus

materially misstatement financial statements. In response to assessed risk arising due to

managements ability to override controls auditor shall:

1. Examine books of prime entry for routine and adjusting entries. Examination includesinquiring personnel making entries for unusual entries, testing period end entries etc.

2. Assess possible influence in making accounting estimates and check if they arereasonable.

3. Identify unusual entries and assess their nature and check if they are indicative of anyfraudulent reporting


18/23

Auditor shall decide if additional procedures are needed to be carried out to appropriate respond

risks associated with management override.

7 Evaluation of evidence obtained

The auditor shall consider if analytical procedures performed in finalizing audit engagementindicate fraud and associated risk not recognized in preliminary assessment of risk

On identifying misstatement auditor shall consider whether it is caused by fraud or error. If it isconsidered to be a resultant of fraud then notwithstanding materiality of misstatement, auditor

shall review risk assessment related to fraud and consider if responsive procedures are

appropriate. Auditor shall also revisit the audit evidence already obtained from management as

its reliability may be affected by colluding employees, management and/or third parties.

Auditor shall consider implications on audit and auditors report if:

1. Fraud is confirmed2. Auditor is unable to confirm if material misstatement is by fraud or not

8 Auditors inability to continue engagement

If auditor is unable to continue working on engagement as a result of fraud, actual or suspected,auditor shall:

Determine responsibilities imposed by law and profession including communicating the matter

with those who appointed auditor and regulatory authorities.

If appropriate and permitted by applicable laws, decide whether to withdraw from engagement

If auditor withdraws then discuss withdrawal and reasons of withdrawal with:

1. Management and those charged with governance2. those who appointed auditor after determining professional legal responsibilities for such

9 Written Representation

Auditor shall obtain written representation from management that it is the responsibility of

management to design and implement internal control system capable of preventing and

detecting fraud.

Written representations hall contain a disclosure by management that they have disclosed:

1. Managements assessment that financial statements may be materially misstated due tofraud

2. Any actual or suspected fraud in their knowledge involving employee, management orthird party.


19/23

3. Any actual or suspected fraud or allegations of the same affecting financial statements asbrought to attention by employee, analysts, regulators or others

10 Communication with those charged with governance

Auditor shall communicate to those charged with governance or appropriate level ofmanagement regarding their responsibilities to prevent and detect fraud.

If auditor identifies fraud or suspects it that involves management or employee having significantemployee on internal control system or others that can affect financial reporting then auditor

shall communicate the matter to those charged with governance.

11 Communication to regulatory authorities

As per code of conduct auditor is required to keep clients information confidential but where

legal responsibilities override this duty then auditor shall consider his responsibilities of

disclosing the matters to responsible authorities if fraud is detected or suspected

12 Documenting fraud

The auditor shall document following as part of audit documentation related to fraud:

1. Significant decisions reached during engagement team discussions2. Risk of material misstatement due to fraud at financial statement and assertion level3. Responsive procedures based on assessed risk i.e. their nature, timing and extent4. Evidence obtained as a result of application of responsive procedures5. Communication with those charged with governance, authorities, regulators etc

6. Reasons of auditors conclusion that risk of material misstatement due to fraud in certainaspect of financial information is not related to engagement

ISA 250 Consideration of Laws and Regulations in an Audit of Financial

Statements

Introduction

International Standard on Auditing 250:Consideration of Laws and Regulations in an

Audit of Financial Statementsprovides guidance regarding auditors responsibility ofcompliance with laws and regulations in audit of financial statements.

Executive Summary

ISA 250 requires auditor to identify misstatements that could be material if applicable laws andregulations are violated by the entity. It is the duty of management to ensure that entity has
http://pakaccountants.com/standards/isa/isa250/http://pakaccountants.com/standards/isa/isa250/http://pakaccountants.com/standards/isa/isa250/http://pakaccountants.com/standards/isa/isa250/http://pakaccountants.com/standards/isa/isa250/http://pakaccountants.com/standards/isa/isa250/


20/23

complied with all the requirements of relevant laws. In order to identify non-compliance auditor

must maintain an attitude of professional skepticism. If non-compliance is found then auditor

shall take necessary steps in light of ISA 250 and consider its effects on auditors report.

1 Matter of legal compliance

Auditor has to deal with applicable laws and regulations as well. For the purpose of considering

compliance with laws and regulations assurance engagements can be divided into two classes as

follows:

Other assurance engagements carried out specifically to provide opinion on compliance with

specific laws and regulation

Rest of the assurance engagements e.g. audit, review etc

This standard deals only with the later and not the former type of engagements.

Effect of laws and regulation on the entity can be classified in two ways as follows:

The rules and regulations that affect the measurement, presentation or disclosure of items or

elements of the financial statements and thus affecting the financial reportsdirectly

The rules and regulations regarding the business activities of the entity and not the reporting

responsibilities therefore affecting financial statements indirectly

The level of regulation on the entity under consideration depends on the type of industry it falls

and related legal practices. Some industries are under strict legal framework whereas the othersare not. However, strict or not if the laws and relevant legislations are not followed then entity

may fall to financial and non-financial consequences like fines, restriction to carry activities or

altogether cancellation of its operations.

2 Responsibility of compliance

2.1 Managements responsibility

It is the responsible of management working under the supervision of those charged with

governance that business activities are conducted in accordance with applicable laws and

management ensures that all the requirements have been followed relevant to preparation offinancial statements.

2.2 Auditors responsibility

Auditor is responsible to the extent of identifying material misstatements caused by not

complying with legal requirements. Auditors responsibility does not include prevention againstnon-compliance and is not expected to detect violations of law.

Auditor is responsible to gather sufficient appropriate audit evidence to ensure financialstatements are free from material misstatements however; auditors ability to detect such


21/23

misstatements is affected due to inherent limitations of audit engagement. However inability to

detect material misstatement due to non-compliance can be caused by the following factors and

adds up to inherent limitations:

Laws and requirements so violated do not relate to preparation of financial statements

While disobeying the provisions of laws methods like concealment and intentional misstatementmakes it difficult to trace such non-compliance

Verdict of court of law is awaited to conclude whether violation occurred.

3 Auditors objectives

For laws directly related to preparation of financial statements auditor is required to obtain

sufficient appropriate audit evidence whether requirements of law were followed

For laws that do not relate to financial statements preparation then auditor is required gather

evidence of compliance for only such requirements of law if violated may cause material

misstatements

In identifying such non-compliance auditors attitude of professional skepticism is of importance

that auditor must maintain during audit engagement

4 Auditors consideration

Auditor is required to gain understanding regarding:

Applicable laws and regulations related to entity and the industry of which it is a part

How management (or those charged with governance) ensures compliance of applicable laws

and regulations

4.1 Audit proceduresidentifying non-compliance

Question management (or those charged with governance) regarding how matters of

compliance are dealt

Reading letters, memos, summons and other communication that has taken between entity and

relevant authorities

Obtaining written representation from management that all events of violations or expected

violations that affect the financial statements has been brought to auditors knowledge

Auditor must stay vigilant that procedures applied not mainly to verify compliance can also

reveal events of non-compliance. However if violations are not identified or expected then

auditor is not required to extend audit procedures beyond the procedures mentioned above.

4.2 Audit proceduresnon-compliance identified or suspected

In case violations are identified or expected auditor shall assess its effects on reliability of

representations made by management, assessed risk etc.

If auditor has identified a violation then auditor shall:


22/23

o gain understanding of its nature and the circumstances in which it happened

o assess the effect of such violation on financial statements

o If auditor expects a violation then auditor shall:

Communicate his concerns to management or those charged with governance.

But if auditor is not satisfied with representations made by client concerning

compliance and in the eyes of auditor expected violations may affect materially

then auditor may seek legal advice.

If auditor is unable to gather sufficient evidence regarding expected violations

then auditor shall assess its effect on auditors opinion

5 Communicating non-compliance

Auditor shall communicate non-compliance to those charged with governance regarding

identified or expected non-compliance

Where auditor expects violation is with the intent of management then auditor shall

communicate this to those charged with governance at his earliest

If auditor finds management or those charged with governance are involved in violating the

provisions of law then auditor shall seek the higher authority, if any, and communicate the

matter.

If there is no such higher exists then auditor may seek legal advice in this regard

6 Auditors report

If identified or expected contradictions are not reported appropriately in the financial

statements then auditor shall provide a qualified or adverse opinion

If auditor was unable to obtained sufficient appropriate audit evidence regarding known or

expected violations that may affect financial statements materially then auditor shall see if:

Limitation is clearly imposed by management or those charged with governance then auditor

expresses a qualified or disclaimer of opinion

He is unsure if limitations are a result of conditions restrictions of management then auditor

shall decide in the light of circumstances

7 Disclosure to legal authorities

For identified or suspected contraries auditor shall assess if he is required to disclose such matter

in front of legal authorities


23/23

ISA 260 Summary : Communication with Those Charged with

Governance

ISA 260 definitions

Those charges with governance

The person(s) or organization(s) (for example, a corporate trustee) with responsibility foroverseeing the strategic direction of the entity and obligations related to the accountability of the

entity. This includes overseeing the financial reporting process. For some entities in some

jurisdictions, those charged with governance may include management personnel, for example,

executive members of a governance board of a private or public sector entity, or an owner-manager.

ISA 260 Scope

ISA 260 deals with the auditors responsibility to communicate with those charged withgovernance in an audit of financial statements.

ISA 260 effective date on or after 15 December 2009

ISA 260 Objective

ISA 260 objective are;

To communicate clearly with those charged with governance the responsibilities of the

auditor in relation to the financial statement audit, and an overview of the planned scope

and timing of the audit;

To obtain from those charged with governance information relevant to the audit;

To provide those charged with governance with timely observations arising from the

audit that are significant and relevant to their responsibility to oversee the financialreporting process; and

To promote effective two-way communication between the auditor and those charged

with governance.

isa summary.docx

Documents