Audit and Assurance Notes - F8

Audit and Assurance Revision Notes – F8 1.

The concept of audit and other assurance engagements

1.1. Identify and describe the objective and general principles of external audit engagements −

−

−

−

ISA 200 Definition: Obtains reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, in order to enable them to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.’ Definition: The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared in accordance with an applicable financial reporting framework in all material aspects. An audit of financial statements is an example of an assurance engagement. Statutory Audit: Audits are required under national statute (Companies Act). Most incorporated entities are legally required to have the financial statements audited, although many smaller companies are exempt. The key benefit to shareholders is the impartial view produced by the auditors. Non Statutory Audit: Performed by independent auditors because interested parties want them rather than law. Advantages include settling accounts between partners, taxation authority agreement and sale of a business.

1.2. Discuss the concepts of accountability, stewardship and agency − −

− − −

− −

Recap: An audit provides assurance to shareholders and other stakeholders of a company on the financial statements because it is independent and impartial. Overview: The accounting and auditing professions have been under scrutiny due to a number of corporate scandals. E.g. Enron (US energy company had been deceiving investors by overstating profitability, Arthur Andersen lacked objectivity in evaluating accounting methods), Xerox, WorldCom, Lehman Brothers etc. This resulted in the Sarbanes Oxley Act 2002 (regulation). Accountability Definition: Required / expected to justify actions and decisions – suggests an obligation. Stewardship Definition: Duties and obligations of a person who manages another person’s property. Agency Problem: In a company the management acts as agents for the shareholders (principals). Management are accountable to the shareholders for the stewardship of the entity’s assets which are placed under their control. This brings a conflict of interest inherent to the relationship i.e. between management and shareholders. The manager, acting for shareholders, is supposed to make decisions to maximise shareholder wealth (return on investment) even though it is in his best interest to maximise his own wealth. Agents are in a position to affect that return. Solution: Assurance! An audit provides a) a knowledgeable review of the company’s business and accounts, an impartial view which is presented to shareholders. Interested Parties: Shareholders, creditors, tax authorities, employees, investors, and directors.

1.3. Explain the five elements of an assurance engagement −

−

−

Recap: Auditors must be independent of the organisation and provide an opinion to the shareholders as to whether the financial statements are presented fairly / give a true and fair view (factual, free from bias). This opinion enhances the credibility of FS by providing reasonable assurance the FS are free from material misstatement (high level of assurance). Assurance Definition: An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria (International Framework for Assurance Engagements). Elements of an assurance engagement: o Criteria: The subject matter is evaluated or measured against criteria in order to reach an opinion. o Report: A written report with the opinion for the intended user, the appropriate form to provide reasonable assurance / limited assurance. o Evidence: Sufficient and appropriate evidence needs to be gathered to support the required level of assurance. o Subject Matter: Data evaluated by the responsible party e.g. financial information, processes, internal control. o Three Party Relationship: Intended users (e.g. shareholders), responsible party (directors), practitioner (auditor firm).

1.4. Define and provide the objectives of an assurance engagement − −

−

Depends on the level of assurance provided. Reasonable Assurance: Provides a high level of assurance e.g. statutory audit. The objective is a reduction in assurance engagement risk to form a positive expression e.g. ‘In our opinion internal control is effective, in all material aspects, based on XYZ criteria’. To give reasonable assurance, a significant amount of testing is conducted. Limited Assurance: Provides a lower level of assurance e.g. review of cash flows. The objective is to obtain a level of meaningful assurance to form a negative expression e.g. ‘Based on our work described, nothing has come to our attention that causes us to

Audit and Assurance Revision Notes – F8 believe the internal control is ineffective’. To give limited assurance this involves limited evidence gathering and techniques such as enquiry and analytical procedures.

1.5. Describe the types of assurance engagement − −

− −

There are two types of assurance engagements, attestations and direct engagements. The main difference is who is measuring or evaluating the subject matter against the criteria. Attestation Engagement: The underlying subject matter is NOT measured or evaluated by the practitioner and the practitioner concludes whether or not the subject matter is free from material misstatement. E.g. a review of a sustainability report prepared by management. Direct Engagement: The underlying subject matter IS measured or evaluated by the practitioner and the practitioner concludes whether or not the subject matter is free from material misstatement. Internal Audit: Employed by the business, performing assurance and consulting activities to improve the effectiveness of the entity’s governance, risk management and internal control processes.

1.6. Explain the level of assurance provided by an external audit and other review engagements and the concept of true and fair presentation (Audit Reports). Describe limitations of statutory audits. − −

−

− −

Recap: Audit reports must present and fair view. This means they are factual, free from bias and reflect the commercial substance of the business’s transactions. What is Included in an Audit Report? o Opinion i.e. true / fair o Basis of Opinion i.e. standards prepared o Key Audit Matters i.e. matters of most significance o Responsibilities of Management i.e. reducing the expectations gap o Auditors Responsibilities Limitations of Audit and Materiality: o Audits are not objective, judgements have to be made e.g. how much to test, what to test o Not all items in the FS are testing – sampling o Limitations in account and control systems e.g. human error, non-routine transactions o Audit report has inherent limitations – standard format, audit jargon o Audit report is issued a long time after the balance sheet date o Audit evidence sometime indicates what is possible not certain – estimates, judgements, intentions Materiality Definition: Expression of the relative significant or importance of a particular matter in the context of FS. A matter is material if its omission or misstatement would influence economic decisions of its users. Assurance Process: Assess the risk, agree the scope of work to be performed, formalise the terms of the engagement in a contract (engagement letter), plan audit procedures based on the risk and level of assurance, perform overall review (obtain sufficient evidence), form opinion and issue report.

Audit and Assurance Revision Notes – F8 2.

Statutory audit and regulation

2.1 Describe the regulatory environment within which external audits take place −

Recap: Most companies are required to have an external audit by law, but some small companies are exempt. The outcome of the audit is the auditor’s report, which sets out the auditor’s opinion on the financial statements. Requirements for the eligibility, registration and training of auditors are designed to maintain standards in the auditing profession. The profession is subject to regulation from a range of sources including: o National Legislation (to establish rights and duties of auditors, eligibility of auditors) o National Regulation and Standard Setting o International Standard Setting o Professional Bodies

2.2 Discuss the reasons and mechanisms of the regulation of auditors −

−

−

−

Why? o Check adequate accounting records have been kept o Returns are adequate for the audit o Accounts agree with records and returns o All information and explanations have been received o Details of benefits are appropriately disclosed Value? o Enhance credibility o Highlight deficiencies in the internal control system Small Entity Exemption: A smaller entity possesses the following characteristics: o Concentration of ownership and management (often a single person) o One or more of the following; straight forward transactions, simple record keeping, few lines of business, few internal controls, few levels of management, few personnel. Low risk of agency problem.

2.3 Explain the statutory regulations governing the appointment, rights, removal and resignation of auditors. − −

−

−

−

−

Recap: The law gives auditors rights and duties to allow auditors to have sufficient power to carry out an independent and effective audit. Duties: Report on every statement i.e. BS, P&L, Y. The auditors must consider; compliance with regulation (local / international law), truth and fairness of accounts, adequate accounting records and returns, agreement of accounts to records, consistency of other information, directors benefits (Companies Act 2006). Rights: The auditors have certain rights to enable them to carry out their duties effectively. This includes; access to records, information and explanations, attendance at notices of general meetings, right to be heard at general meetings, rights in relation to receive written resolutions. Appointment: Auditors should be appointed and therefore are answerable to the shareholders. They are normally appointed annually and can be appointed by directors, members, secretary of state. This is normally done by shareholders resolution. In particular circumstances such as first audit, directors can appoint. The remuneration of auditors will be fixed by whoever made the appointment. Resignation: Auditors may resign at any time. This will be done by giving a written notice with a statement of circumstances to relevant members / creditors. The notice of resignation is sent by company to the regulatory authority, the circumstances are sent by auditors to the regulatory authority and the company to everyone entitled. Auditors can require directors to call a general meeting within 21 days to discuss the circumstances and have the right to speak on matter that concern them. Removal: Auditors may be removed by resolution of shareholders. A notice of removal is sent either by special notice (28 days) or by notice of resolution. Auditors can make written representation on why they ought to stay in office. If resolution is passed company must notify regulatory authority and auditors must deposit statement of circumstances within 14 days. Auditor can receive notice of and right to speak at general meeting.

2.4 Explain the regulations governing the rights and duties of auditors. −

Recap: The law gives auditors rights and duties to allow auditors to have sufficient power to carry out an independent and effective audit.

Audit and Assurance Revision Notes – F8 −

− −

− −

National Legislation, Regulatory and Standard Setting: Varies in structure from country to country. In the UK there are a number of relevant professional bodies e.g. ACCA, ICAEW, ICAS. All of these vary however they have the same characteristics – stringent entrance requirements, strict code of practice, and technical updates of members. In the UK, we are governed by the Companies Act 2006 under EU law. Legislation establishes: o Rights and duties of auditors o Eligibility to act as an auditor (membership of reg body, qualifications etc.) The Companies act define recognised supervisory bodies (RSB’s) to supervise and monitor auditors (e.g. ACCA). International Level: Set a minimum standard and requirements, provide guidance without a well-developed national framework and aids intra-country recognition. International Federation of Accountants (IFAC) – ACCA is a member. As a member, ACCA must comply with guidelines on pre-qualification education and training and continued training. o Education: Theoretical knowledge e.g. audit, general accounting o Examinations: Demonstrate passed professional competence. Assess theory and practical application. o Experience: Consistent application in the work place. Supervision and Monitoring: Properly structured audit approach, carefully instituted quality control procedures, commitment to ethical guidelines, technical excellence, fit and proper adherence, peer reviews, appropriate audit fee. International Standards: ISA’s set by the International Auditing and Assurance Standards Board (IAASB).

2.5 Explain the development and status of ISAs − − − − −

IFAC: 157 members (accountancy bodies of good standing e.g. ACCA) – not for profit organisation (1977) Council: 1 rep from each member – elects members of Board, determines financial contributions IASB: President and reps from each country (elected every 3 years) - supervises IFAC’s work programme Committees: E.g. Compliance, Ethics etc. – carries out IFAC’s work programme IAASB: 18 members nominated by IFAC Board – sets out ISAs, facilitates convergence with international and national standards, and strengthens public confidence. The IAASB achieves its objectives by: o Establishing high quality standards which are generally accepted and recognised worldwide o Establishes standards and guidance for other types of assurance (financial and non-financial) o Establishes standards and guidance for other related services o Establishes standards for quality control covering the scope of services addressed by IAASB o Publishes other pronouncements on auditing and assurance matters, advancing public understanding of roles and responsibilities of assurance providers. Pronouncements include International Standards on Auditing (ISA’s) and International Standards on Assurance Engagements (ISAE’s).

2.6 Explain the relationship between ISAs and national standards − − − − −

−

Many national standard setters are moving towards the adoption of ISA’s in place of previous standards. By 2009, over 100 countries adopted / incorporated ISA’s. There is a relationship between national standard setters and the IAASB (two way communication). Liaison group of national standards setters include the UK Auditing Practices Board (APB). The Liaison Group include standard setters who are significantly active in the development of national standards, have / or plan to adopt ISAs, are sufficiently resourced to participate and represent the world’s largest economies. Annual meetings are held to share knowledge, bringing the group together during early stages of development, achieve close cooperation and collaboration to minimise duplication and achieve wider involvement in IAASB task forces / research agendas. The process to develop IAASB standards includes: o Research and Consultation - Taskforce to draft standards o Transparent Debate – Proposed standards is discussed at meeting and open to public o Exposure for Public Comment – Exposure draft to put on website and distribute for comment (min 120 days) o Consideration of Comments – Any comments are considered at an open meeting and revised if necessary o Affirmative Approval – Approval made by a vote of at least 2/3 IAASB members As statutory audit is governed by local legislation, the status of ISAs will vary between countries

Audit and Assurance Revision Notes – F8 3.

Corporate Governance

3.1 Discuss the objectives, relevance and importance of corporate governance −

−

−

Definition: Corporate governance is the system by which companies are directed and controlled. It describes the framework of rules and practices by which a Board of directors ensures accountability, fairness and transparency in a company’s relationship with each of the stakeholders. Importance: There have been several reviews performed to establish a set of principles for corporate governance due to failings. The Cadbury Report commissioned by the UK government identified the following stakeholders: o Directors: Responsible for corporate governance o Shareholder: Linked to directors by financial statements o Other Relevant Parties: Employees, customers and suppliers (stakeholders) In some companies the shareholders are fully informed about the management of the business as they are also directors. However, otherwise shareholders only have the opportunity to find out at the AGM. These are often poorly attended – therefore there is a potential conflict of interest.

3.2 Discuss the provisions of international codes of corporate governance (such as OECD) that are relevant to auditors −

− −

−

OECD (Organisation for Economic Cooperation and Development): Own principles for corporate governance to provide best practice recommendations and are used as a worldwide benchmark. o Consistency with Law – promote transparent and efficient markets and clearly articulate the division of responsibilities among supervisory, regulatory and enforcement bodies o The Rights of Shareholders – protect and facilitate the exercise of shareholders right o The Equitable Treatment of Shareholders – all shareholders should be treated equally including minority and foreign. All should have effective redress for violation of rights o The Role of Stakeholders – recognise the rights of stakeholders and encourage active co-operation between corporations and stakeholders in creating wealth, jobs and the sustainability of financially sound enterprises o Disclosure and Transparency – ensure timely and accurate disclosure is made on all material matters including the financial situation, performance, ownership and governance o The Responsibility of the Board – ensure strategic guidance of the company, effective monitoring of management and the Board accountability to the company and shareholders The UK Corporate Governance Code: Provides detailed guidance to companies how they should be directed and controlled produced by the FRC. The Code is not law, however all listed companies on the LSE must comply or explain. History: As a result of several accounting standards, the Cadbury committee produced a report. Subsequent reports were produced to provide additional guidance including Greenburt, Turnball and Smith. Following these, the UK Corporate Governance Code was published to incorporate the Walker Report. Principles: The Code contains broad principles and more specific provisions. o Leadership: Board, Responsibilities, ED’s vs NEDs (required to challenge), Chairman. o Effectiveness: Skills, experience and knowledge, director appointment procedures, sufficient time, induction and training, timely information, annual evaluation of performance, requirement for regular re-election. o Accountability: Understand the company position, risk management system, formal arrangements for corporate reporting. o Remuneration: Designed to promote long term success (fair), performance related elements should be transparent, formal procedures for executive remuneration (no involvement in their own). o Relations with Shareholders: Dialogue with shareholders, AGM.

3.3 Discuss good corporate governance requirements relating to directors responsibilities and the reporting responsibilities of auditors −

Auditors and the Code: The principles and provisions in the accountability section detail with the Board and its auditors. In the UK, auditors are required to review whether listed companies have complied with specific provisions. The Code suggests the following is good corporate governance: o Is the director’s responsibility for preparing the annual report and accounts explained? o Have the directors reviewed and reported on the effectiveness of the risk management and internal control systems? o Has the board established an AC with at least 3 NEDs or 2 for smaller companies? o Does the AC have written ToR? o Is the AC ToR available in the annual report? o Does the AC arrange methods for staff to report impropriety in financial reporting? o Dos the AC monitor and review the effectiveness of the external auditors?

Audit and Assurance Revision Notes – F8 Are there procedures in place to ensure auditor independence is maintained where the external auditor provides nonaudit services? The directors are also responsible for monitoring the effectiveness of systems and control. Internal auditors have an important role here. The Turnbull report on internal control made the following recommendations: o Have a defined process for the effectiveness of internal control o Review regular reports on internal control o Consider key risks and how they have been managed o Check the adequacy of action taken to remedy weaknesses and incidents o Consider the adequacy of monitoring o Conduct an annual assessment of risks and the effectiveness of internal control o Make a statement on this process in the annual report o

−

3.4 Analyse the structure and roles of audit committees and discuss their benefits and limitations − −

−

−

Audit Committee: An AC can help maintain objectivity with regards to financial reporting and the audit of financial statements. Require a written ToR, sub-committee of Board, 3 NEDs. Role: Internal and External Audit. o External Audit: Monitor financial statements, implement policy on supply of non-audit services, review and monitor independence and objectivity, approve remuneration and engagement terms, recommend, appoint, reappoint and remove external auditor o Internal Audit: Review internal controls and risk management systems, monitor effectiveness of IA, if no IA consider annually if one is required o Other: Monitor arrangements safeguarding the privacy of whistle-blowers Advantages: o Increased confidence in financial reports – improve quality o Allow executive directors to devote attention to management – time o Impartial body for auditors to consult o IA can report to AC o Independent point of reference for external auditors Disadvantages: o Difficulty selecting sufficient NEDs of the necessary competence in auditing matters o Establishment of a formalised reporting procedure may dissuade audits from raising matters of judgement and limit to reporting only matters of fact o Increased costs o Executive directors may not understand the purpose and perceive it as detracting from their authority

3.5 Explain the importance of internal control and risk management − − −

Recap: The directors are responsible for making sure control and risk management are effective. Importance: Safeguarding assets, prevent and detect fraud, safeguarding shareholders’ investment Overview: Ultimate responsibility lies with the directors. This involves assessing risks to ensure the control framework is designed to avoid these risks. Directors are responsible for review the control system regularly to ensure it meets its objectives. The Board may employ an IA function to undertake this task. The system should be reported. The statement should be based on an annual assessment of internal control which should confirm the Board has considered all significant aspects. In particular: o Scope and quality of work o Extent and frequency of reports o Control failings and weaknesses o Effectiveness of public reporting processes o Risk assessment changes

3.6 Discuss the need for auditors to communicate with those charged with governance − −

Recap: Auditors shall communicate specific matters to those charged with governance (ISA 260). Communication will be on a timely basis and through the engagement letter, planning letter, planning meeting and report to management. Importance: o Assists the auditor to understand audit related matters and develop a constructive working relationship o Allows the auditor to obtain relevant information

Audit and Assurance Revision Notes – F8 Assists those charged to fulfil their responsibility to oversee the financial reporting process, thus reducing the risks of material misstatement Matters to be communicated: o Planned scope and timing o Auditor responsibilities in relation to the external audit o Significant findings o Auditor independence o

−

Audit and Assurance Revision Notes – F8 4.

Internal Audit

4.1 Discuss the factors to be taken into account when assessing the need for an Internal Audit function −

The Board should consider: o Trends, or current factors relevant to the company’s activities, markets or other aspects of its external environment that have increased risks o Internal factors, such as organisational restructuring, changes in reporting systems, underlying information systems o Adverse events, from the monitoring of internal control systems o Unexpected occurrences, increased incidence

4.2 Discuss the elements of best practice in the structure and operations of Internal Audit with reference to appropriate international codes of corporate governance −

−

The UK Corporate Governance Code section on accountability introduces the requirement for the Board to maintain ‘sound risk management and internal control systems’. One way to do this IA, whilst guidance doesn’t require listed companies to have IA, many do. Companies which do not have one, must review where they should on an annual basis. The requirement for risk management and internal control is often met by a partnership between the Board, Audit Committee and IA function. o Board: Overall responsibility to ensure company meets corp gov requirements, consists of ED and NEDs. o Audit Committee: Sub-committee of the Board and comprised of at least 3 NEDs (2 for small companies). Responsibilities include reviewing the internal control and risk management systems put in place by the Board, monitor and review the effectiveness of the IA function, approve appointment/termination of head of IA, review and assess annual IA work plan. AC meets with Head of IA at least once a year without management present. o IA function: Internal control available to management. Tasks vary – regular reports of IA work, direct access to Board and AC, accountable to AC.

4.3 Compare and contrast the role of external and internal audit − − − − − −

−

−

−

IA provides independent assurance that a company’s risk management, governance and internal control processes are operating effectively. To do this, IA will examine processes and report directly and independently to senior management. Unlike external auditors, IA looks beyond financial statements and considers wider issues such as the company’s reputation, compliance with laws and regulations, growth, its impact on the environment and employee satisfaction levels. External auditor’s carry out statutory duty to report on FS i.e. ‘present fairly’ the activities of the business. The external audit will be conducted in accordance with law / legislation / ISA’s. External Audit: reports to shareholders, independent and not employed, must have qualifications. Internal Audit: reports to management (AC), independent of activities they audit, can be employed / outsourced. No qualification requirements however need the relevant skills and experience. External audit may leverage IA work if the objectives overlap (ISA 610), the following conditions apply: o Scope of work (is it relevant to EA?) o Organisational status (how well regarded are IA?) o Due skill and care (are they appropriately supervised, directed and reviewed?) o Independence (how are they unbias?) o Technical competence (do they have the appropriate skills?) They may also use IA resource to provide direct assistance (under supervision of EA). The external auditor should consider: o The amount of judgement involved o The assessed risk of material misstatement o Existence and significance of threats to objectivity and level of competence Where they have used direct assistance, they should document: o Evaluation of existence and significance of threats to objectivity and level of competence o Basis for the decision o Who reviewed the work The audit opinion remains the responsibility of the EA.

4.4 Discuss the scope of internal audit and the limitations of the internal audit function −

Scope of IA: o Value for money audits o IT audits

Audit and Assurance Revision Notes – F8

− −

o Financial audits o Operational audits o Regulatory compliance audits o Fraud investigations o Customer experience audits The AC reviews IA’s work plan to ensure the work is appropriately focused to the needs of the business. If IA wants to be effective, the work needs to possess the following qualities; independence, objectivity, due skill and card. Limitations of IA: o Independence: IA should be independent of activities they audit e.g. not involved with designing – role is to review effectiveness. IA should have sufficient status and reports should be considered appropriately by directors and recommendations actioned. IA must have an independent reporting line to the highest level of management / AC. o Objectivity: Mental attitude – consider the facts, no pre-conceived ideas. o Due skill and care: Wide ranging skills therefore multi-disciplinary team, training, adherence to IA quality control manual / procedures, work should be planned, documented, supervised and reviewed. o IA is not normally subject to any regulatory authority.

4.5 Explain outsourcing and the associated advantages and disadvantages of outsourcing the internal audit function −

−

−

Advantages: o More specialist skills – SMRs o More likely to be Independent - not working in organisation o Flexibility of resourcing – cheaper o No employee costs e.g. HR Disadvantages: o Less knowledge of the business o Does not build in-house expertise o Expensive o Sensitive data Where the IA function is the external auditor = potential self-review threat (independence).

4.6 Discuss the nature and purpose of internal audit assignments including value for money, IT, financial, regulatory compliance, fraud investigations and customer experience −

Value For Money Audits: may be performed by IA to determine whether the optimum combination of goods / services have been obtained for the lowest level of resource. They focus on the following areas ‘3Es’. Management will need to set objectives for each of the three areas below detailing the goals / aims in terms of the company’s economic purchase of resources, efficient use of resources and the effectiveness of achieving the objectives. Once the objectives have been set, controls will need to be put in place to ensure these are met. o Economy: buying the resources needed at the cheapest cost – audits concerned solely with this objective are often

termed best value audits − −

− − −

o Efficiency: using the resources purchased as wisely as possible o Effectiveness: doing the right things and meeting the organisation’s objectives IT Audits: increasingly important, may be a standalone computer, a database, inventory control system or ecommerce activities. An IT audit will involve testing these internal controls. It is likely a computer specialist is required to test specific controls. Financial Audits: companies required to develop management accounts to assess business performance, these will be relied upon to make decisions therefore need to know the info is reliable. IA will review the financial information produced and gather evidence. E.g. sales revenue – test controls to ensure all orders are processed and despatched to customers and invoiced. Regulatory Compliance Audits: regulatory non-compliance could have a severe impact on business e.g. fines, revoke of licence to trade. Management need to be up to date with regulatory requirements and put controls in place. It is likely there will be an SMR. Fraud Investigations: may be in normal BAU audits or instructed to perform a specific investigation Customer Experience Audits: E.g. collating feedback and making recommendations regarding changes to improve customer experience.

4.7 Discuss the nature and purpose of operational internal audit assignments −

Operational Audits: management / efficiency audits as monitor performance to ensure company policy is adhered to. There are two aspects: o Policies are adequate – read policies, discuss with staff, assess adequacy, recommendations o Policies work effectively – identify controls, observe them / test them

Audit and Assurance Revision Notes – F8

4.8 Discuss the responsibilities of internal and external auditors for the prevention and detection of fraud and error −

−

Responsibilities for fraud and error, External audit: o No responsibility for prevention o Responsibility to consider the risk of material misstatement due to fraud / error o Provides reasonable assurance o Responsibility to detect fraud and error which has a material impact on FS Responsibilities for fraud and error, Internal audit: o Directors are responsible for prevention and detection o IA can assist with the prevention of fraud and error by assessing the effectiveness of internal control systems o Existence of IA may act as a deterrent o Can contribute to detection by reporting suspicions o May be called to investigate

Audit and Assurance Revision Notes – F8 5.

Professional Ethics and Quality Control Procedures

5.1 Define and apply the fundamental principles of professional ethics of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour −

−

ACCA has adopted the Code of Ethics for Professional Accountants (the Code) which is issued by the International Ethics Standards Board for Accountants (IESBA). The Code applies to all members, affiliates and students, these individuals are referred to as “professional accountants”. Children Play In Odd Places 1. Confidentiality: Respect confidentiality of information. They should not disclose this to third parties without authority. 2. Professional Competence and Due Care: Maintain professional knowledge and skill to ensure clients / employees receive competent professional service. They should act diligently in accordance with standards. 3. Integrity: Should be straightforward and honest. Implies fair dealing and truthfulness. 4. Objectivity: Not allow bias, conflicts of interest or undue influence of others to override professional / business judgment. 5. Professional Behaviour: Comply with relevant laws and regulations and avoid any action that discredits the profession.

5.2 Define and apply the conceptual framework including the threats to the fundamental principles of self-interest, self-review, advocacy, familiarity and intimidation − −

There are five categories of threat: ASIFS 1. Advocacy Threat: Promoting clients position to point objectivity is compromised. 2. Self Interest Threat: Risk that a financial or other interest will influence judgement or behaviour i.e. COI – gains for firm / personal gains. 3. Intimidation Threat: Deterred from acting objectively because of actual / perceived pressures. 4. Familiarity Threat: Close relationship with client / long relationship – could lead to be too sympathetic. 5. Self-Review Threat: Review own work – impairing judgement.

5.3 Discuss the safeguards to offset the threats to the fundamental principles 1. 2. 3. 4. 5.

Advocacy Threat: Example – acting on behalf of a client in disputes or promoting shares of a listed audit client. Say no! Self Interest Threat: Example – owning shares, receiving gift from client. Sell shares, do not accept gifts! Intimidation Threat: Example – being pressured to reduce work performed to reduce fees. Say no! Familiarity Threat: Example – Audited same client for years. Change audit partner! Self-Review Threat: Example – preparing FS to be audited by same firm. Use separate teams!

5.4 Describe the auditor’s responsibility with regard to auditor independence, conflicts of interest and confidentiality −

−

Independence: Of mind and appearance. There are some additional requirements for public listed entities, these are defined as “all listed entities / entities that are of a significant public interest because of their business / size / no of employees / no of stakeholders e.g. banks”. o Threats arising from financial matters: Financial interests, loans and guarantees, gifts and hospitality, fees. If audit client is a PIE, there are additional requirements. If total fees > 15% of total fees received by the firm there is likely to be dependence on the client = safeguards required. o Threats arising from employment and other relationships: Business relationships, personal relationships, actual or threatened litigation, long association, employment. If audit client is a PIE, additional requirements. If audit partner had previous employment, should not accept a managerial position unless > 12 months have passed. Additionally a key audit partner (engagement partner / quality partner / key decisions), must rotate after 7 years and not return for 2 years. o Threats arising from provision of non-assurance services: preparing accounting records and financial statements, tax services, internal audit services. If the client is a PIE, additional requirements. No accounting services should be provided unless an emergency. Confidentiality: Members acquiring information in the course of their professional work should not disclose any information to third parties without obtaining permission. However, there are some circumstances where members may disclose information without permission: o Obligatory disclosure: Where required by law e.g. terrorism, money laundering, by process of law e.g. court order, reporting to regulators o Voluntary disclosure: Public interest, protect a members interests e.g. legal action / sue for fees, authorised by statute, to non-governmental bodies

Audit and Assurance Revision Notes – F8

5.5 Discuss the requirements of professional ethics and ISAs in relation to the acceptance / continuance of an audit engagement −

−

−

New auditors should be appointed in a proper and legal manner. Before accepting the auditor must consider the following: o Ensure professionally qualified to act i.e. consider whether disqualified on legal / ethical grounds o Ensure existing resources are adequate i.e. expertise, time etc o Obtain references i.e. enquire if directors are personally known o Communicate with present auditors i.e. understand reasons behind the change, courtesy The auditor must communicate with the present auditor to determine whether there are any professional reasons why they should not accept appointment. If the audit client refuses permission to correspond with the new auditor, the new auditor should not accept appointment. After accepting nomination: o Ensure resignation properly conducted in accordance with national regulation o Ensure new appointment conducted properly o Agree terms of engagement (ISA 2010)

5.6 Explain the preconditions for an audit − −

−

The use by management of an acceptable financial reporting framework in the preparation of financial statements Obtain management’s agreement (written representation) that it acknowledges and understands its responsibilities for: o Preparing financial statements o Establishing the internal controls o Provides the auditor with access to all records and documentation If the above has not been agreed, the auditor cannot start the engagement

5.7 Explain the process by which an audit obtains an audit engagement − −

Subject to rules, members may advertise / promote services and achievements in any way they see fit, ensuring this does not reflect adversely on the firm / ACCA / profession. Promotions should not: o Bring ACCA into disrepute or discredit the firm / ACCA / profession o Discredit the services of others o Be misleading (direct / implied) o Fall short of UK Advertising Standards Authority’s Code (legality, decency, clarity, honesty and truthfulness). o Be clearly distinguishable as an advert o Any reference to fees should not mislead the reader o Promotional activities should not amount to harassment o Commissions, fees or rewards in return for introduction are permitted as long as appropriate safeguards are in place e.g. disclosure

5.8 Discuss the importance of engagement letters and their contents −

Terms are agreed to avoid misunderstanding. It should include the following: o Objective and scope o Auditor responsibilities o Management responsibilities o Identification of financial reporting framework for preparation o Reference to expected form and content of any reports to be issued by the auditor and a statement that there may be circumstances in which a report may differ

5.9 Explain the quality control procedures that should be in place over engagement performance, monitoring quality and compliance with ethical requirements − −

Auditors must implement quality control procedures over each engagement to obtain reasonable assurance the engagement complies with professional standards and the report issued is appropriate. The audit engagement partner has overall responsibility to ensure quality control procedures have been adhered to, should be satisfied the team are competent, responsibility for the direction, supervision and review of the audit and must ensure where contentious matters arise the audit team has taken appropriate consultation.

Audit and Assurance Revision Notes – F8 − − − −

Quality control reviews are required for audits of listed entities and any other engagements where the audit firm has determined a quality control review is required. It should evaluate significant judgments made by the audit team and the conclusions reached. The work will include a discussion of significant matters with the engagement partner, a review of the financial statements for the report, a review of audit documentation relating to significant judgements and an evaluation of the conclusions reached. For listed companies, the reviewer should consider the firms independence, whether appropriate consultation has taken place on difficult matters, whether audit documentation supports the conclusions reached. The quality control should document that quality control procedures have been performed, that the review was completed on or before the date of the report and that they are not aware of any unresolved matters that would render judgements / conclusions inappropriate.

Audit and Assurance Revision Notes – F8 6.

Risk Assessment

6.1 Identify the overall objectives of the auditor and the need to conduct an audit in accordance with ISAs −

ISA 200: Overall objectives of the independent auditor and the conduct of an audit in accordance with ISA’s state auditors must plan and perform the audit with professional scepticism, exercise professional judgment and undertake a risk based approach.

6.2 Explain the need to plan and perform audits with an attitude of professional scepticism and to exercise professional judgement −

−

−

Professional scepticism: recognise circumstances may exist that cause the financial statements to be materially misstated. This requires: o Critical assessment – question the validity of evidence obtained o Alertness to contradictory evidence o No assumption that management is dishonest / honest Professional judgment: in planning and performing an audit, specifically in the following areas; materiality and audit risk, nature timing and extent of audit procedures, evaluation of whether sufficient appropriate audit evidence has been obtained, evaluate managements judgments in applying the applicable financial reporting framework, drawing conclusions on the audit evidence obtained Risk based approach: this means the auditor must analyse the risk in the client’s business, transactions and systems that could lead to material misstatement, direct testing to risky areas.

6.3 Explain the components of audit risk. Explain the audit risks in the financial statements and explain the auditors response to each risk − −

−

− −

ISA 200 required audit to ‘obtain reasonable assurance, the auditor shall obtain sufficient and appropriate audit evidence to reduce audit risk to an acceptably low level to draw reasonable conclusions on which to base the auditor’s opinion’. Audit Risk: ‘the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated’ o Audit Risk = Inherent Risk * Control Risk * Detection Risk (sampling / non sampling) Inherent Risk: ‘susceptibility of an assertion to a misstatement assuming no related internal control’. This risk is greater for some assertions and transactions that others e.g. complex calculations, accounts derived from accounting estimates etc. External circumstances giving rise to business risks may also influence inherent risk. Control Risk: ‘misstatement could occur in an assertion that could be material that will not be prevented or detected and corrected on a timely basis by the internal controls’. Some control risk will always exist because of the inherent limitations. Detection Risk: ‘Auditor’s procedures will not detect a misstatement exists in an assertion’. Primiarly a consequence that the auditor only tests on a sample basis. Non sampling risks include lack of experience, time pressure, financial constraints, poor planning, lack of industry knowledge.

6.4 Define and explain the concepts of materiality and performance materiality −

−

−

−

ISA 320. The auditor should consider materiality and its relationship with audit risk. Information is material if omission / misstatement could influence economic decisions. o Auditor must be concerned with identifying material errors, omissions and misstatements. Both the amount and nature need to be considered. o The auditor therefore has to set materiality levels (judgment). The higher the audit risk, the lower the value of materiality. The level set has a critical impact on the nature, timing and extent of audit procedures (lower materiality = more work) and evaluating the effect of misstatements i.e. whether to seed adjustments or the degree of any auditor’s report modification. Calculation guidance: o Between 0.5 / 1 % of revenue o Between 1 / 2 % of total assets o Between 5 / 10 % of profit before tax Performance materiality: o Less than materiality calculated during planning to reduce the risk that the aggregate of uncorrected and undetected misstatements exceed materiality for the financial statements as a whole. It also refers to the amounts set by the auditor at a less than materiality level for particular transactions. Determining this involves exercising professional judgment. It is affected by the understanding of the entity and the results of risk assessment procedures. Revising materiality:

Audit and Assurance Revision Notes – F8 May need to be revised due to events, new information or a change in understanding. In evaluating whether FS provide a true and fair view, the auditor should assess the materiality of the aggregate uncorrected misstatements. This is documented on a schedule of unadjusted differences. Documentation: o Materiality for FS as a whole o Materiality for particular classes of transactions, account balances, disclosures etc o Performance materiality o Any revision of the above o

−

6.5 Explain how auditors obtain an initial understanding of the entity and its environment −

−

−

−

Firstly, perform risk assessment procedures to understand the entity and environment, secondly assess the risk of material misstatement at the financial statement and assertion level. Key considerations: o Industry, regulatory and other external factors including the applicable financial reporting framework o Nature of the entity o Objectives and strategies and related business risks o Measurement and review of entity’s financial performance o Selection and application of accounting policies o Internal control Assessing risk: o Identify the entity and environment including internal control o Relating risks to what can go wrong at the assertion level o Considering the significance and likelihood o Establish materiality and assess whether appropriate o Develop expectations for use when performing analytical procedures o Designing and performing further audit procedures to reduce audit risk to an acceptably low level o Evaluate the sufficiency and appropriateness of audit evidence Risk assessment includes both an assessment of audit and business risk o Business risks result from significant conditions, events etc that could adversely affect the entity’s ability to achieve its objectives and execute strategies. It is usually financial, operational and compliance risk. The auditor should understand business risks relating to financial reporting objectives and determine whether it is significant. The following factors may impact this:  Risk of fraud  Its relationship with recent economic, accounting or other developments  Degree of subjectivity in the financial information  It’s an unusual transaction  It’s a significant transaction  Complexity of the transaction ISA 314 requires the following procedures to obtain an understanding of the environment; enquiry of management, analytical procedures, observation and inspection.

6.6 Describe and explain the nature and purpose of analytical procedures in planning −

−

ISA 520. Means the analysis of relationships to identify inconsistencies and unexpected relationships. These should be applied as part of the risk assessment and overall review at the end of the audit. They can be used as substantive audit evidence when more effective / efficient that tests of detail in reducing detection risk for specific assertions. Analytical procedures include: o Prior periods o Budgets and forecasts o Industry information o Predictive estimates i.e. expectations o Relationships between elements of financial information and non financial information

6.7 Compute and interpret key ratios used in analytical procedures −

Profitability o Return on capital employed (ROCE) = PBIT / (share capital + reserves + NC liabilities) o Net profit margin = PBIT / revenue

Audit and Assurance Revision Notes – F8

−

−

o o Liquidity o o o o o Gearing o

Asset turnover = revenue / (share capital + reserves + NC liabilities) Gross margin = gross profit / revenue Current ratio = current assets / current liabilities Quick ratio (Acid Test) = (current assets – inventories) / current liabilities Inventory turnover = (inventories / cost of sales) * 365 or (cos / inventories) = no of times turnover Trade receivable days = (trade receivables / credit sales) * 365 Trade payable days = (trade payables / credit purchases) * 365 Debt / equity = interest bearing debt / share capital and reserves

6.8 Discuss the effect of fraud and misstatements on the audit strategy and extent of audit work −

ISA 240 requires audit to obtain an understanding of how those charged with governance exercise oversight over the identification of the fraud risks and the implementation of the internal control. Where risk assessment suggests material misstatement from fraud, the main effects will relate to: o Assignment and supervision of personnel o Consideration of accounting policies o Unpredictability in nature, timing and extent of audit procedures

Audit and Assurance Revision Notes – F8

7.

Audit Planning and Documentation

7.1 Identify and explain the need for and importance of planning an audit − − −

−

ISA 300 states the auditor should plan the audit work so that it is performed effectively. This involves establishing the overall audit strategy for the engagement and developing an audit plan. The form and nature of planning is affected by the size of the organisation, complexity of the audit, experience, knowledge of the business, commercial environment, reporting requirements etc. Objectives of planning o Ensure appropriate efforts are on the important areas o Ensure potential problems are identified o Ensure work is completed quickly o Resource appropriately Planning decisions may be changed throughout the audit, these must be documented with sufficient rationale.

7.2 Identify and describe the contents of the overall audit strategy and audit plan − −

The audit strategy includes the financial reporting framework, reporting requirements, coverage, knowledge, availability of data and team, materiality, expected control testing, use of CAATs, budgeting etc. The audit strategy guides the development of the audit plan. The audit plan is more detailed and includes the nature, timing and extent of audit procedures – timetable and staff allocation, audit procedures for each material class of transaction etc, planning these procedures takes place over the course of the audit.

7.3 Explain and describe the relationship between the overall audit strategy and the audit plan −

The audit strategy guides the development of the audit plan. The audit plan is more detailed.

7.4 Explain the difference between interim and final audit −

− −

The main audit procedures are carried out in two phases, the interim and final: o Planning visit happens approx. midway through the year o The interim audit follows o The final audit is after the year end The interim audit will include analytical procedures, risk assessments, test of controls, review of relevant reports, substantive testing for the first half of the year The final audit will include finishing the tests from the first half of the year and performing more detailed testing. At this stage, the FS and trial balance will be available.

7.5 Describe the purpose of an interim audit, and the procedures likely to be adopted at this stage in the audit −

−

The interim audit procedures are likely to include: o Analytical procedures o Test of controls o Updating risk assessments o Review of relevant internal audit reports o Substantive testing (transactions in first part of year) The final audit procedures are likely to include: o Completion of tests of controls and substantive tests of transactions started at interim o Analytical procedures on financial statements o Detailed substantive testing of financial statements

7.6 Describe the impact of the work performed during the interim audit on the final audit −

Spread of workload

Audit and Assurance Revision Notes – F8

7.7 Explain the need for and the importance of audit documentation − −

Audit documentation is the record of procedures performed, relevant evidence obtained and conclusions reached (working papers). This should be prepared on a timely basis (ISA 230). Purpose: o Assist in planning and performance of audit o Assist in the supervision and review of audit o Enable the audit team to be accountable for its work o Retain a record of matters of continuing significance to future audits o Enable quality control review to be performed

7.8 Describe the form and contents of working papers and supporting documentation −

−

Contents: o Sufficiently compete and detailed to enable an experienced auditor to be able to understand the work performed and conclusions o Should record information on the planning, nature, timing, extent of audit procedures performed, results and conclusions from the evidence o Auditors reasoning on all significant matters requiring exercise of judgement with auditor conclusions Types: o Permanent File (information of continuing importance) e.g. engagement letters, legal documents, detailed of the history, previous accounts, accounting notes etc o Current File (relevant to current year audit) e.g. FS, audit strategy, audit plan, details of testing, review notes etc

7.9 Explain the procedures to ensure safe custody and retention of working papers and supporting documentation − −

The firm should establish policies and procedures designed to maintain confidentiality, safe custody, integrity, accessibility and retrievability of documentation e.g. password restricted access, back up routines, confidential storage of hard copies. ACCA recommends 7 year retention period.