Acca F8 lectures

ACCA Paper F 8

AUDIT AND INTERNAL REVIEW INTERNATIONAL STREAM

Lecture 1

DATE:

Autumn 2008

TUTOR:

Learning Objectives

At the end of this session students should be able to:-• Appreciate the purpose of assurance services

• Have an understanding of the nature of assurance services

• Distinguish between an audit, a review and agreed upon procedures.

•

Understand the concept of Corporate Governance including the FIRC’s

Combined Code on corporate governance and the regulatory environment in which auditing takes place.

•

Have knowledge and understanding of the statutory requirements of an audit, the rights and duties of auditors and the regulatory framework which applies to auditors.

• Distinguish between the role of the internal and external auditors.

Introduction to Paper F 8 Examination

The aim of Paper F8, Audit and Assurance is to develop knowledge and understanding of the process of carrying out the assurance engagement and its application in the context of the professional regulatory framework.

It will be assumed that candidates have knowledge of Paper F3, Financial Accounting and Paper F4, Corporate and Business Law. The accounting standards examined in Paper F3 could form the basis of questions on how to apply auditing procedures in respect of those standards. Going forward, candidates will take knowledge of Paper F8 into Paper P1, Professional Accountant, and Paper P7, Advanced Audit and Assurance. It will be assumed that candidates understand why an audit is required (for Paper P1), and already know the basics of audit procedures (for Paper P7).

Examination Structure

All 5 Questions must be answered

1.

Audit procedures, and the application of these procedures to a specific scenario ( 30 marks)

This question will always be based on a scenario, and will be broken down into a series of sub-questions, which will examine a range of audit procedures. Candidates will need to analyse the scenario to identify the appropriate points to make in their answers.

The use of computers will be present and questions on this area will be based on computerised systems. Detailed knowledge of how to use computer-assisted audit techniques (CAATs) will not be expected. Questions will focus on specific income statement and balance sheet entries. Possible questions will cover audit procedures, identification of system weaknesses, writing of management letters, and whether systems meet their objectives (internal audit focus).

2. Short factual questions based on International Standards on Auditing (ISAs) and other key areas (10 marks)

Do not rote learn ISAs, but understand the key principles underlying auditing.

3.

Risk and audit approach (20 marks) 4. More specialised audit areas (20 marks)

5. Collection of audit evidence, closedown, reporting (20 marks)

Examination answer style required:

A structured answer with clearly identifiable and separable points is preferable to a continuous flow of text. However, answers in note form are not acceptable.

Use columnar format where appropriate and break down answers into manageable sections.

If the question requirement specifically requested a memo format please do so.

The volume of writing does not necessarily mean a pass standard. Candidates presenting two or three supplementary answer books do not achieve a pass standard, but candidates presenting just over half a main answer book can achieve a pass.

If asked to specify audit tests, candidates must also provide an explanation and reason for these tests, and state for example, ‘checking from the invoice back to the order to ensure completeness of invoicing’.

The purpose of assurance for financial and non-financial information.

An assurance engagement as opposed to an audit is one in which the professional accountant evaluates or measures a subject matter that is the responsibility of another party, against suitable criteria and expresses an opinion that provides the intended user with a level of assurance about the subject matter.

Subject matter could include data, systems, processes or behavior. The subject matter must be identifiable, capable of measurement and of being subject to procedures.

Levels of assurance

1. Reasonable Assurance: The subject matter materially conforms to the criteria.

“. Limited Assurance: There is no reason to believe that the subject matter does not conform with the criteria. (Negative assurance).

What is an audit?

An exercise whose objective is to enable auditors to express an opinion whether the financial statements are prepared in all material respects, in accordance with an identified financial reporting framework. The auditor has to an express an opinion, whether or not the financial statements ‘give a true and fair view or present fairly, in all material respects.

True = information is

1. Factual and conforms with reality, is not false. 2. Conforms with required standards and laws.

3. The accounts have been correctly extracted from accounting records. Fair = Information is

1. Free from discrimination and bias.

2.

Is in compliance with expected standards and rules. 3. The accounts reflect commercial substance.

It is not the auditor’s responsibility to prepare and present the financial statements. This is the responsibility of the directors. There are certain misconceptions about the role of the auditor and this gap between what the auditors actually do and what people think they do is known as the expectations gap.

The opinion is expressed to the shareholders. An audit provides a high but not absolute level of assurance, expressed in the audit report as reasonable assurance. Reasonable assurance is not a guarantee of correctness but an assurance of truth and fairness within a reasonable margin of error.

Materiality:

An item is said to be material if its omission or misstatement would reasonably influence the economic decisions of the individuals to whom the audit report is addressed. The item can be qualitative or quantitative.

Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement.

It is important that the auditors ensure that the financial statements are free from material error for the following reasons:

– There is a legal requirement to audit financial statements and present an opinion on those financial statements. If the auditors do not detect a material error then their opinion on the financial statements could be incorrect

– The auditor has a responsibility to the members to ensure that the financial statements are materially correct.

– There are also other users of the financial statements who will include the taxation authorities and the bank that may have may have made a loan to the company. They will want to see ‘true and fair’ accounts. The auditors must therefore ensure that the financial statements are free from material misstatement to avoid any legal liability to third parties if they audit the financial statements negligently.

The limitations of an audit are:-1. Not objective

2. Items checked on a sample basis.

3. Provides opportunity for collusion or fraud.

4. There is a time lag between preparation of financial statements and the audit report.

Types of Audits

1. External audit:

Gives confidence in the integrity of corporate reporting for the benefit of stakeholders and society as a whole by providing an external and objective view on the reports given by management. The auditor’s report is usually addressed to the shareholders as the principal stakeholders.

Purpose of external audit

(i) The external audit derives from the separation of the ownership and management of

assets. Those who own assets wish to ensure that those to whom they have entrusted control are using those assets efficiently. This is known as the ‘stewardship’ function.

(ii) The requirement for an independent audit helps to ensure that financial statements are free of bias and manipulation for the benefit of users of financial information.

(iii) Companies are owned by shareholders but they are managed by directors (in very small companies, owners and managers are the same, but many such companies are not subject to statutory audit requirements.)

(iv) The requirement for a statutory audit is a public interest issue: the public is invited to invest in enterprises, it is in the interests of the capital markets (and society as a whole) that those investing do so in the knowledge that they will be provided with ‘true and fair’ information about the enterprise. 7

This should result in the efficient allocation of capital as investors are able to make rational decisions on the basis of transparent financial information.

(v) The requirement for an audit can help prevent investors from being defrauded, although there is no guarantee of this because the external audit has inherent limitations. Reducing the possibility of false information being provided by managers to owners is achieved by the requirement for external auditors to be independent of the managers upon whose financial statements they are reporting.

(vi) The purpose of the external audit under International Standards on Auditing is for the auditor to obtain sufficient appropriate audit evidence on which to base the audit opinion. This opinion is to the effect that the financial statements give a ‘true and fair view’ (or ‘present fairly in all material respects’) of the position, performance (and cash flows) of the entity. This opinion is prepared for the benefit of shareholders.

2. Internal audit:

An independent, objective assurance and consulting activity designed to add value and improve and organisation’s operation. Objective is to assist

management and staff in the effective discharge of their duties. 3. Value for money audit:

An investigation into whether or not the use of resources is economic, efficient and effective. To identify and recommend ways in which the return for resources employed may be maximised.

An audit is distinguished from the following

engagements:-1.

Review engagement. Provides moderate level of assurance, expressed as negative assurance. Negative assurance is a statement of what the auditor does not know as opposed to what he believes (positive assurance.) The objective of a review is to enable the auditor to give an opinion whether the anything has come to his attention that would mean that the financial statements are not properly prepared (do not give a true and fair view) on the basis of the procedures which do

not constitute an audit.

2.

Agreed upon procedures or compilations. No assurance is provided. It is only a report on factual findings. A compilation presents in the form of financial statements information that is the representation of management without expressing assurance. Compilation of a financial projection involves assembling prospective statements based on assumptions of a responsible party, considering appropriateness of presentation, and issuing a compilation report. No assurance is provided on the statements or underlying assumptions.

1 2

3

Stages of an audit process:

1

1. Agree the terms of engagement.

2 2. Understand the entity being audited. 3 3. Assess risk.

4

4. Plan the audit and make assessments of materiality.

5

5. Gather Audit evidence.

6

6. Make judgements and express opinion.

Audit Committee

-

The board should establish an audit committee of at least three members, who should all be independent non-executive directors. The board should satisfy itself that at least one member of the audit committee has recent and relevant financial experience.

The main roles and responsibilities of the audit committee include

•

Monitoring the integrity of the financial statements of the company.

•

Review the company’s internal financial controls and the company’s

internal control and risk management systems.

•

Monitoring and reviewing the effectiveness of the company’s internal audit function.

•

Making recommendations to the board.

•

Reviewing and monitoring the external auditor’s independence and objectivity and the effectiveness of the audit process.

• The audit committee should have primary responsibility for making a recommendation on the appointment, reappointment and removal of the external auditors.

The advantages of an audit committee:

1.

Provide increasing public confidence in the creditability and objectivity of published financial information. This will be particularly important if listing arrangements are planned.

2.

Assistance in Financial reporting. Supports the directors in fulfilling their financial reporting obligations. The directors have to prepare financial statements and the committee can assist by checking the financial statements to ensure that they comply with appropriate reporting requirements. This is especially important where the board do not have detailed knowledge of accounting requirements.

3.

Use of the audit committee will enable the external auditor to discuss issues with the financial statements with the internal auditor, prior to providing a final summary of key points to the board.

4.

The audit committee will monitor the work of the board and provide helpful guidance, where corporate governance requirements do not appear to be being met. The audit committee should have detailed knowledge of corporate governance as part of its monitoring function of the company and can share this with the board who may not have the time to obtain detailed information.

The disadvantages of an audit committee:

1.

As the audit committee will be made up mainly from non-executive directors, the board may see this as a means of decreasing their power and possibly letting other people run the company. Or the audit committee must be seen as fulfilling a supporting role for the main board.

2.

Cost. The audit committee will increase the expenditure of the company as the non-executive directors will require some remuneration due to their additional responsibilities.

STATUTORY AUDIT REGULATION

1. Appointment of auditors

- The directors may appoint the first auditor until the next AGM.

- The directors have a power to fill any casual vacancy before the next AGM as a result of death, removal or resignation of the auditors.

- The shareholders are ultimately responsible for appointing auditors at each AGM.

- The director’s of the company on behalf of the shareholders fixes the auditor’s remuneration.

2. Removal of auditors:

- Only the shareholders can legally remove the auditors. - The directors cannot remove the auditors from the office. - The procedure to follow to remove auditors is as follows:

1

(i) Those shareholders wishing to remove the auditors must give special notice of an ordinary resolution.

2

3

(ii) The auditor has the right to speak at the meeting. 1

2

(iii) On removal, the auditors have a duty to make a written statement of the circumstances connected with the removal which they think should be brought to the attention of the shareholders’ and creditors’.

3

4

(iv) The directors must circularise this to all shareholders and file a copy with the regulatory authority.

5

(v) The ex-auditor has the right to attend the AGM at which their office would normally have ended.

3. Resignation and retirement of auditors:

1 - The auditor may resign or retire for office at anytime by sending a notice to the company’s registered office. This is not effective unless accompanied by a statement of circumstances.

2 - The company must file a copy of the notice of resignation to the registrar of companies.

3 - On ceasing to act, the auditors have a duty to make a written statement.

4 - The auditors have a right to require an Extraordinary General Meeting (EGM) at which they may speak and explain the circumstances of their resignation.

4. Auditor’s duties:

- Give a true and fair view of the company’s financial statements and also the going concern of the company.

- The auditor should consider whether the director’s report is consistent with the information in the financial statements.

- The financial statements are properly prepared in accordance company legislation and relevant accounting standard.

- The auditor must form an opinion on whether:

1. The company maintains proper accounting records.

2. The auditor has access to all relevant information and explanation.

3. The auditor has adequate information of the other branches of the company (if any) not visited.

4. The auditor has ensured that the financial statement agree with the underlying records.

5. Directors’ transactions have been completely and accurately disclosed.

5. The auditor’s rights:

- Access to all relevant records of the company at anytime

-

To request of any information/explanations considered necessary.

-

Rights to receive notice attend and speak at the company’s general meeting.

- To make a written representation on removal. - On resignation, to require an EGM.

6. Qualifications of auditors:

The auditor must be members of one of the members of International Federation of Accountants (IFAC) include:

1 1. Association of Chartered Certified Accountants (ACCA)

1 2. Institute of Chartered Accountants of England and Wales, Scotland and Ireland (ICA )

2 3

4

- Individual should hold appropriate qualification.

5

- The audit practice should be controlled by qualified accountants who are the members of ACCA or ICA.

6

- Must be registered as an auditor with the ACCA or ICA.

7

- The auditor should be a fit and proper person and comply with professional rules of conduct.

Fundamental Ethical Principles -

THE ACCA RULES OF PROFESSIONAL CONDUCT

In order to achieve the objectives of the accountancy profession, professional accountants has to observe a number of prerequisites or fundamental principles.

The fundamental principles are: 1. Integrity

A professional accountant should be straightforward and honest in performing professional services. Members should behave with integrity in all professional, business and personal financial relationships.

2. Objectivity

A professional accountant should be fair and should not allow prejudice or bias, conflict of interest or influence of others to override objectivity. Objectivity principle requires that member’s objectivity must be beyond question and this can only be assured if the member is and is seen to be independent.

To be and be seen as independent and objective, the auditor or his family must not have:

•

Financial interest in clients such as shareholdings either beneficial or non beneficial, not trade with clients, must not make loans to or take loans from the client. Note that overdue fees are equivalent to loans. Family include spouse, minor children, brothers and sisters and their spouses, adult children and their spouse, relatives to whom regular financial assistance is given and ex-employees.

The objectivity of the external auditor may be threatened or appear to be threatened where:

1 1. There is undue dependence on any audit client or group of clients; 1 2. The firm, its partners or staff have any financial interest in an audit client;

1 3. There are family or other close personal or business relationships between the firm, its partners or staff and the audit client;

1 4. The firm provides other services to audit clients. 2

3 5. There is undue dependence on any one audit client. Total recurring fees as a % of gross practice income should be less than 15% for client/group and less than 10% for public interest companies.

4 6. There are overdue fees.

5 7. There is actual or threatened litigation.

6 8. Goods, services and hospitality accepted from the client.

ACCA’s requirements that reduce the threats to auditor objectivity include clients to have

1. Quality control procedures 2. Audit committees.

3. Rotate auditors every 5 years.

The client will thereby ensure increased confidence in the transparency of reporting.

3. Professional Competence and Due Care.

A professional accountant should perform professional services with due care, competence and diligence and has a continuing duty to maintain professional knowledge and skill at a level required to ensure that a client or employer receives the advantage of competent professional service based on up-to-date developments in practice, legislation and techniques.

Members should carry out their professional work with due skill, care, diligence and expedition and with proper regard for the technical and professional standards expected of them.

4. Confidentiality of client information.

A professional accountant should respect the confidentiality of information acquired during the course of performing professional services and should 17

not use or disclose any such information without proper and specific authority or unless there is a legal or professional right or duty to disclose.

ACCA’s Code of ethics – Obligatory disclosure

• If the member auditor knows or suspects that client is involved in treason, drug trafficking or terrorist offences.

• Under IAS250, when non-compliance with laws and regulations will cause material mis-statements in the financial statements.

The actual disclosure will depend on the laws of the jurisdiction where the auditor is located.

The auditor may also be obliged to provide information where a court demands disclosure. Refusal to provide information is likely to be considered contempt of court with the auditor being liable for this offence.

ACCA Code of ethics – voluntary disclosure

A member may also disclose client confidential information voluntarily, that is without client permission

– To protect a member’s interest e.g. to allow a member to sue a client for unpaid fees or defend an action for negligence.

– Where there is a public duty to disclose e.g. the client has committed an action against the public interest such as unauthorised release of toxic chemicals.

5. Adopt Professional Behaviour

1 - A professional accountant should act in a manner consistent with the good reputation of the profession and refrain from any conduct which might bring discredit to the profession.

2 - The obligation to refrain from any conduct which might bring discredit to the profession requires IFAC member bodies to consider, when developing ethical requirements, the responsibilities of a professional accountant to clients, third parties, other members of the accountancy profession, staff, employers, and the general public.

3

4 Technical Standards professional accountant should carry out professional services in accordance with the relevant technical and professional standards.

6. Conflicts of interest

ACCA’s Rules of Professional Conduct state that auditors should avoid conflicts of interest (both conflicts between the firm and clients, and conflicts between clients) wherever possible.

If such conflicts are

unavoidable:-(i)

Full disclosure is important – both client companies should be fully aware that the firm is acting for the other party.

(ii)

One or both companies may object to the firm acting for the other company and the auditor may be forced to make a decision as to which company to resign from. However, this is not an attractive course of action because the audits may already have commenced

and it may be difficult for one of the companies to find a new auditor, quickly.

(iii)

The auditor should not resign unless forced to do so – this might be prejudicial to the interests of one of the clients.

(iv)

It is important in such cases that different teams of staff, and different engagement partners work on the respective audits.

(v)

Internal procedures within the firm should be set up to prevent confidential information from one client being transferred to the other and the interests of one firm damaging the interests of the other. Such procedures are known as ‘Chinese Walls’.

Six Potential threats to auditor’s independence:

1. Self review threat: occur when results of a previous engagement needs to be re-evaluated in reaching conclusion on the present assurance engagement or when a member of assurance team is previously was an employee of the assurance client(director) in a position to exert influence over current audit matters.

Examples of circumstances that may create this threat include:

1

(1). A member of the assurance team being, or having recently been, a director or officer of the assurance client;

1

(ii). A member of the assurance team being, or having recently been, an employee of the assurance client in a position to exert direct and significant influence over the subject matter of the assurance engagement;

1

(iii). Performing services for an assurance client that directly affect the subject matter of the assurance engagement; and

1

(iv). Preparation of original data used to generate financial statements or preparation of other records that are the subject matter of the assurance engagement.

Example of self review threat: If the auditors are to implement new control systems then they will also be auditing those systems as part of the statutory audit. They must therefore ensure that different staff implement and audit the systems. Preferably different departments in the firm should undertake the work. If insufficient staff are available then the audit firm must refuse the additional systems work.

2

2. Familiarity threat: occurs when, by virtue of a close relationship with an assurance client, its directors, officers or employees, a firm or a member of the assurance team becomes too sympathetic to the client’s interests.

1

Circumstances that may create familiarity threat include:

1

(i) A member of the assurance team having an immediate family member or close family member who is a director or officer of the assurance client. 2

3

(ii) A member of the assurance team having an immediate family member or close family member who, as an employee of the assurance client, is in

a position to exert direct and significant influence over the subject matter of the assurance engagement.

4

(iii) A former partner of the firm being a director, officer of the assurance client or an employee in a position to exert direct and significant influence over the subject matter of the assurance engagement.

5

(iv) Long association of a senior member of the assurance team with the assurance client.

6

(v). Acceptance of gifts or hospitality, unless the value is clearly insignificant, from the assurance client, its directors, officers or employees.

3. Self interest threat: occurs when an auditor could be from financial interest in or other self interest conflict with assurance client.

1

Examples of circumstances that may create self interest threat include:

1

(i). A direct financial interest or material indirect financial interest in an assurance client.

1

(ii). A loan or guarantee to or from an assurance client or any of its directors or officers.

1

(iii). Undue dependence on total fees from an assurance client.

1

(iv) Concern about the possibility of losing the engagement.

1

(v) Having a close business relationship with an assurance client. 2

3

(vi) Potential employment with an assurance client.

1

(vii) Contingent fees relating to assurance engagements.

4.

Intimidation threat: This occurs when a member of audit team may be deterred from carrying audit work or exercising professional scepticism by threat from the directors of the audit client.

1

Examples of circumstances that may create intimidation threat include:

1

(i). Threat of replacement over a disagreement with the application of an accounting principle; and

1

(ii). Pressure to reduce inappropriately the extent of work performed in order to reduce fees.

5.

Advocacy threat: This arises when member of the audit team promotes or seems to promote an audit client opinion or position (for example selling or underwriting in financial matters for audit client or acting as the clients advocate in a legal proceeding).

1 Examples of circumstances that may create this threat include to:

1

(i). Dealing in, or being a promoter of, shares or other securities in an assurance client.

1

(ii). Acting as an advocate on behalf of an assurance client in litigation or in resolving disputes with third parties.

6. Association Threat: This arises when the audit firm is likely to associate itself with a client whose business has yet to be confirmed as being legal or ethical. If the client is extending their product line, the auditors will have to determine the likelihood that the product is legal. The audit firm may not wish to be associated with a company producing illegal products.

Appointment Ethics of External Auditors

Before accepting an appointment, the auditor should ensure that they

•

Are professionally qualified to act – The firm has existing resources that are adequate to meet the needs of the engagement in terms of time, staff and technical expertise. For example if the client is growing quickly and has poor internal controls providing high risk of financial misstatement, the auditors should ensure that they have sufficient staff of appropriate experience available and that enough time is allocated to the audit to complete all audit procedures.

• Obtain references and make independent inquiries if directors are not personally known.

• Communicate with present auditors to find out whether there are any circumstances behind the change that the new auditors need to be aware of.

After accepting the appointment the auditors should ensure that

• Outgoing auditors’ removal or resignation has been properly conducted.

• New auditor’s appointment is valid. • Submit a letter of engagement.

Letter of Engagement

ISA 210 The letter of engagement must define the terms of Audit Engagement

Purpose:

• To define clearly the extent of the auditor’s responsibilities. • Minimise misunderstandings between audit firm and client. • Confirm in writing verbal arrangement.

• Confirm acceptance by the auditor of his engagement. • To inform and educate the client.

When to send a letter:

• To all new clients before commence of audit work.

• To all existing clients who have not previously had such a letter.

• If there are changes in circumstances in the client’s company for example a major change in ownership or management.

• In the case of groups an engagement letter should be sent to each company member of the group that is to be audited by the firm.

Steps:-• On or before acceptance of a new client discuss the precise terms with the management.

• Draft and sign the letter before commencing any part of the assignment.

• Receive the client’s written acceptance.

• Every year review and update the letter and consider if nature of the engagement has changed.

Contents of letter of engagement:

1. Addressed: To the directors of:………. 2. The responsibilities of the directors:

1

(i). Keep proper accounting records

2

(ii). Prepare the financial statements that show true and fair view.

3

(iii). The financial statement should comply with national company’s legislation and the relevant accounting standards.

3. The responsibilities of the auditors:

(i). Report to the members whether the financial statement prepared by the directors is showing true and fair view.

(ii). To check whether the directors keep books and records adequately and that relevant information is received from the director’s with regards to the branches not visited.

(iii). To check whether the financial statements are in agreement with accounting records and returns.

1

(iv) To ensure that they have received all the relevant information and explanation from the directors of the company before an opinion is formed. 2

3

(v) To check the directors report is consistent with the financial statements.

4. The scope of the auditor’s work:

(i). Audit work must comply with auditing standards. (ii). Review the accounting systems.

1

(iii) Collection of audit evidence. 2

3

(iv) Review of internal controls and test. 1

2

(v) Prepare a letter of weakness. 3

4

(vi). It is the director’s primary responsibilities are to safeguard company assets and the prevention of fraud and irregularities.

Notes: 1

• Any agreement with auditors for other services should be stated in a separate engagement letter. When external auditors provide non-audit services to their audit clients, it is essential that the auditors make a clear distinction between their audit and non-audit responsibilities. • The fees and the basis on which they are charged (based on time and

expertise used in client affairs). • State the applicable law.

• Request for written acknowledgement of the letter creates a contractual obligation. In the case of a company the board of directors should sign the letter of engagement.

Internal Audit Function

Internal audit is an appraisal or monitoring activity established within a company or an entity as a service to the entity. Its functions include examining, evaluating and monitoring the adequacy and effectiveness of the internal control. It is a key part of effective corporate governance since corporate governance objectives include the management of the risks to which the entity is subject and that would prevent it achieving its overall objectives such as profitability.

The internal activity is designed to add value to and improve the operations of an organisation. The internal auditor reports to management.

The internal auditor is normally an employee of the organisation but often their work is outsourced.

On the other hand, the external auditor expresses an opinion on the financial statements and reports to the shareholders.

Internal Auditors should be assumed to members of the ACCA and are bound by the rules of professional conduct.

Roles of Internal Audit

1.

Risk Management Role– this involves monitoring the overall process of risk management and in providing assurance that the systems have been designed to meet objectives and that they operate effectively. A large part of the management of risks, and the proper exercise of stewardship, involves the maintenance of proper controls over the business. Controls over the business as a whole, and in relation to specific areas, include the effective operation of an internal audit function.

Fraud is a key business risk and internal auditor can assist in prevention and detection of fraud.

The internal auditor

must:-(a) Determine company policy in respect of the risks identified.

(b)

Implement strategy and ensure that strategies implemented operate effectively and continue to match risk as intended. Internal audit can help management manage risks in relation to fraud and error, and exercise proper stewardship by:

1. Commenting on the process used by management to identify and classify the specific fraud and error risks to which the entity is subject and help management to develop and implement that process.

2. Commenting on the appropriateness and effectiveness of actions taken by management to manage the risks identified and help management to develop appropriate actions by making recommendations.

3. Periodically auditing or reviewing systems or operations to determine whether the risks of fraud and error are being effectively managed.

4. Monitoring the incidence of fraud and error, investigate serious cases and make recommendations for appropriate management responses.

2. Monitoring Role - Value for money audit (VFM): is an assignment that internal audit can undertake on behalf of management as part of the monitoring role. VFM audit can be carried out on any area of the business. Since a VFM audit is concerned with obtaining the best possible combination of products/services for the least resources, it measures three

qualities:-•

Economy - Economy relates to least cost. The organisation should attain the appropriate quantity and quality of physical, human and financial resources at the lowest cost. The systems in an organisation should operate at a minimum cost associated with an acceptable level of risk.

•

Efficiency- This is a measure of the relationship between goods and services produced (outputs) and the resources (inputs) used. Therefore, efficiency relates to the best use of resources. The goals and objectives of an organisation should be accomplished accurately and on a timely basis with the least use of resources.

•

Effectiveness involves determining how well an activity is achieving its objectives and therefore effectiveness provides assurance that organisational objectives will be achieved.

Monitoring role for local

authorities:-Besides VFM, internal audit can also monitor best value to ensure that the authority has systems in place to achieve best value. Best value implements 4 C’s instead of the 3 E’s of a VFM audit.

• Challenge – monitor how well and why a service is provided. • Compare – to other authorities.

• Consult – targets should be set in consultation with tax payers and service users.

•

Compete – involve in fair competition.

3. Role of performing information technology audits by monitoring and testing controls in the areas of database management, system

development process, change management, networks, asset management, capacity management, access control, operational system and E-business.

4. Perform operational audits

Operational audits are audits of the operational process of the organisation. These are also known as management audits or efficiency audits. Their main objective is to monitor management’s performance and ensure that company policy is adhered to.

The two main aspects of an operational assessment is to ensure that the policies are adequate and that they work effectively.

Outsourcing the Internal Audit Function to an outside source. Audit firms offer internal audit services as part of their portfolio.

Advantages of

outsourcing:-1.

Service provider can provide the necessary expertise for internal audit work. They may be able to provide a broader range of expertise and specialist skills and as they serve many different clients therefore staff may be available for specialist work that the company may not be able to afford.

2.

If internal audit is only required for specific functions or particular jobs each year then the expertise can be purchased as required. This will minimise the companies in-house costs.

3. They can direct their own work and educate management as to the service required.

4. Provides an immediate team.

5. Can be appointed for a specific timescale

6.

Outsourcing will remove the need for training internal staff. Effectively training will be provided for ‘free’ as the outsourcing firm will be

responsible for keeping staff up-to-date with new auditing techniques and processes.

7.

An independent view will be provided that may identify control weaknesses that the internal audit department may miss.

Disadvantages of outsourcing

1.

Fee pressure. The relationship needs to be managed carefully to ensure that the service provider does not decrease the quality of their work due to insufficient fees.

2.

The outsourced firm may not have any prior knowledge of the company and will need time to ascertain the accounting systems and controls before commencing work.

3.

Continuity of service of staff at the service provider. Depends on the retention rate. Larger internal auditing firms will be able to offer their staff better career progression which should assist staff retention.

Internal Audit Department and Corporate Governance

Internal audit department can assist the directors with the implementation of good corporate governance in an organisation through:

(i)

Reviewing reports to the board and reports produced by the board to ensure that they do present a balanced assessment of the company’s position and prospects. The internal audit department will have good knowledge of the operations of the company as well as access to accounting information. The department can effectively ‘audit’ board reports to ensure they are accurate and understandable.

(ii)

Internal controls. The board need to maintain a sound system of internal control. The internal audit department will be able to review existing controls and recommend improvements to ensure this objective is met.

(iii)

Application of ISA and IASs. The board need to have a policy for applying appropriate International Statements on Auditing (ISA) and International Accounting Standards (IAS) to the organisation. Internal audit will be aware of new auditing standards and will have the technical expertise to identify changes required by accounting standards.

(iv)

Amendments to control systems for new auditing standards and financial accounting systems for new accounting standards can therefore be recommended.

(v)

Communication with external auditors. The corporate governance code requires communications with external auditors normally be via the audit committee, although the board must maintain an appropriate relationship with the external auditors. However, internal and external auditors can also work together to ensure that the internal control system is sufficient; possibly by external audit delegating work to internal audit, and each auditor reviewing the work of the other auditor. The board will therefore receive reports from both sets of auditors which will be accurate because they have been properly checked.

(vi)

Communication to the board. The internal auditor can also check that appropriate information is provided to the board from the external auditor. ISA 260 Communications of audit matters with those charged with governance provides a list of matters which should be communicated to the board and the internal auditor can work with the external auditor to ensure that this information is provided.

Role of external auditor in respect to evaluating and testing the work of the internal auditor include:

They external auditor

must:-–Check that the work is performed by persons having adequate technical training and proficiency as internal auditors, by ensuring that appropriate training programmes are in place and the auditor has appropriate qualifications.

– Ensure that the work of assistants is properly supervised, reviewed and documented by reviewing the procedure manuals of internal audit and the audit working papers produced.

– Determine that sufficient and appropriate audit evidence is obtained to afford a reasonable basis for the conclusions reached, by reviewing the internal auditor’s working papers.

– Check that the conclusions reached are appropriate in the circumstances and that any reports prepared are consistent with the results of the work performed by reviewing the work performed and the reports produced.

– Ensure that any exceptions or unusual matters disclosed by internal audit are properly resolved by the external auditor and management.

ACCA Paper F8

AUDIT AND INTERNAL REVIEW INTERNATIONAL

STREAM

Lecture 2: Audit Evidence, Sampling and

Documentation

DATE:

Autumn 2008

TUTOR:

Learning Objectives:

At the end of this session, the students should be able

to:-•

Describe and illustrate the contents of work plans, work programs and working papers.

•

Describe the nature of documentation required for different types of assignment.

• Explain the importance of documentation

•

Have an understanding of the design and documentation of the audit program.

ISA 500 AUDIT EVIDENCE

ISA 500.2 “Auditors should obtain sufficient appropriate audit evidence to able them to draw reasonable conclusion on which to base their audit opinion.” Sufficient relates to quantity. Appropriate relates to quality.

Audit evidence is obtained by performing risk assessment procedures, tests of controls and substantive procedures. The type of audit procedure to be performed is important to an understanding of the application of audit sampling in gathering audit evidence.

In obtaining audit evidence from tests of control, auditors should consider the sufficiency and appropriateness of the audit evidence to support the assessed level of control risk. In test of controls the auditor needs evidence about the operating effectiveness of the controls.

In obtaining audit evidence from substantive tests/procedures, auditors should consider the extent of the evidence together with any evidence from tests of control to support the relevant financial statement assertions made by directors.

The directors are responsible for the production of the company’s financial statements and also for making assertion about the items in the financial statements.

The following SIX assertions the director makes:

• Assertions about existence: an asset and liability must exist at balance sheet. (The key objective is that assets are not overstated and liabilities are not understated).

•

Assertions about the rights and obligation: Entities have legal or other rights or obligations relating to the assets and liabilities. The auditor must ensure that it is the business which owns the assets and liabilities at balance sheet date. • Assertions about occurrence: A financial or non financial

transaction occurred during the accounting period (Over and understatement transactions).

•

Assertions about completeness: There are no unrecorded assets or liabilities at balance sheet. The auditor must ensure there is no under/overstatement of transaction in the Balance Sheet.

• Assertions about valuation: The assets and liabilities are recorded at an appropriate value. For all non current assets this would be initial cost plus increases or minus decreased in value.

• Assertions about presentation and disclosures: Must be in accordance with relevant national legislation and accounting standard.

Factors that influence sufficiency

include:-•

Risk assessment procedures. The auditor obtains an understanding of the entity and its environment including internal controls to assess risk. The main purpose of risk assessment procedures is to help the auditor obtain an understanding of the audit client. The procedures will provide audit evidence relating to the auditor’s risk assessment of a material misstatement in the client’s financial statements. The auditor will also obtain initial evidence regarding the classes of transactions at the client and the operating effectiveness of the client’s internal controls.

• Nature of the systems • Materiality of the item

• Experience of the auditor in that area • Source and reliability of the evidence • Results of procedures.

Audit evidence should be reliable, relevant and sufficient. If sufficient, reliable and relevant audit evidence does not exist, an auditor should seek written management representations. This is a letter covering general as well as specific issues. The auditors should not use this as a substitute for other independent evidence that may be available. The auditor should also confirm that representations are consistent with other sources of evidence. Reliability is affected by the following

rules:-•

External evidence obtained from outside the entity/company is more reliable than evidence obtained from within the entity/company.

•

Evidence generated and collected by the auditor is more reliable than evidence obtained from the entity/company. • Written evidence is more reliable than oral.

• Original evidence is more reliable than copies of the original.

Sufficiency is assessed on the following factors:

•

Nature of the business and industry • Nature and materiality of the items • Auditor experience of the client and staff

•

Financial position of the client.

•

Persuasiveness of the evidence.

• Nature of accounting systems and internal control systems. Relevance of the evidence- the evidence gathered should be relevant for the work carried out by the auditor.

11 Methods of collecting audit evidence:

1.

Observation. This includes physical examination and witnessing the internal control and bookkeeping procedures. In respect of internal control, observation will only inform the auditor that the control was effective at the time of observation.

2.

Inspection of original documents and assets to confirm their existence. However, if internal controls are poor, the reliability of this method is limited.

3.

Inquiry or requesting information. The reliability of this method depends on the integrity of the source from which this inquiry is made.

4.

Confirmation. Bank letters, account receivables (debtors) circularisation, management representations, confirmation of inventory held by third parties. This method has limitations and the auditor must assess the extent to which he can rely on these confirmations. Alternatively, the auditor should test internal controls in this area.

Limitations:-A bank confirmation letter provides good evidence on the existence of the company’s bank accounts as the bank has confirmed this information in writing. A bank letter cannot necessarily be relied on to provide complete or accurate information. Most banks place a disclaimer on the letter of ‘errors and omissions excepted’ indicating that the auditor must review this evidence against other cash and bank evidence obtained.

Accounts receivable letter provides evidence of the existence of the receivable when a reply is returned from that receivable direct to the auditor.

It provides evidence on cut-off because sales or cash receipts recorded in the incorrect accounting period will have to be reconciled to the balance provided by the receivable. However, such a circularisation letter does not provide evidence of completeness of the receivables balance because receivables may not query balances which are understated. The letter does not provide evidence of the valuation of the receivables balance because the receivable cannot be expected to list all outstanding balances and confirmation of the debt does not mean it will be paid.

A letter from the third party holding the inventory will provide evidence of the existence of that inventory because the third party has confirmed this in writing. However, the letter does not provide evidence regarding the valuation of the inventory; confirming something exists does not necessarily mean it is in good condition.

5.

Recalculation and re-performance.

6.

Analytical Procedures. This involves establishing trends in financial and non-financial information such as ratio analysis. This method is used at the audit planning stage to identify areas of risk and also to gather substantive evidence. Usefulness depends on reliability of the underlying information. If there are inherent control weaknesses, the information obtained from analytical procedures will not be reliable.

7. Test of controls

8. Detailed testing of transactions and balances.

9.

Computer assisted audit techniques (CAATs). CAAT’s include audit software, test data and embedded audit facilities such as integrated test facilities (ITF) and systems control and review file (SCARF).

Advantages of using CAAT’s

:-* Use of the CAAT enables the auditor to meet the auditing standard requirement of obtaining appropriate audit evidence and enables the auditor to test the actual accounting records (the electronic version) rather then relying on printouts or other copies of the data.

* It is always appropriate for the auditor to test original documentation

where possible. CAATs enable the auditors to test a large volume of data, or the operation of the controls in a system, accurately and quickly. * They are therefore very-cost efficient

when operated properly. CAATs reduce the level of human error in testing and enable a very high level of audit evidence to be derived.

* Embedded audit facilities allow continuous review of the client’s systems.

Disadvantages of CAAT’s

• CAATs are expensive to set up and require the co-operation of the client. It is usually necessary for a continuing audit relationship to be present before it is worth committing the audit resources.

• Major changes in client systems often require major changes in CAATs, which is expensive.

10.

Management representations. These are a form of audit evidence contained in a letter, written by the company’s directors and sent to the auditor, just prior to the completion of audit work and before the audit report is signed.

Representations are required for two reasons:

(i) So that the directors can acknowledge their collective responsibility for the preparation of the financial statements and to confirm that they have approved those statements.

(ii). To confirm any matters, which are material to the financial statements where representations are crucial to obtaining sufficient and appropriate audit evidence.

Obtaining representations does not mean that other evidence does not have to be obtained. Audit evidence must still be collected and the representation should be used to support that evidence. Any contradiction between sources of evidence should be investigated.

ISA 530 Audit Sampling and other means of testing.

Audit sampling is defined as the application of audit procedures to less than 100% of the population to enable the auditor to evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion concerning the population.

Statistical sampling involves the use of techniques from which mathematically constructed conclusions regarding the population can be drawn.

Non statistical sampling results should not be extrapolated over the population as the sample is unlikely to be representative of the population.

When designing the size and structure of an audit sample, auditors should consider the specific audit objectives, the nature of the population and the sampling and selection methods.

When determining sample size, the auditor should consider the sampling risk, the amount of the error that would be acceptable and the extent to which errors are expected

.

Sampling risk arises from the possibility that the auditor's conclusion may be different from the conclusion that would be reached if the entire population were subjected to the same audit procedure.

Sample size is affected by the level of sampling risk that the auditor is willing to accept.

There are two types of sampling

risks:-•

The risk of incorrect acceptance - the risk that material misstatement is assessed as unlikely, when in fact the population is materially misstated.

•

The risk of incorrect rejection - the risk that material misstatement is assessed as likely, when in fact the population is not materially misstated.

Tolerable error is the maximum error in the population that auditors are willing to accept and still conclude that the audit objective has been achieved. For substantive tests, tolerable error is related to the auditor's judgment about materiality. In compliance tests, it is the maximum rate of deviation from a prescribed control procedure that the auditor is willing to accept. There are four commonly used sample selection methods:

Statistical Sampling Methods

 (i). Random sampling - ensures that all combinations of sampling units in the population have an equal chance of selection.



 (ii). Systematic sampling - involves selecting sampling units using a fixed interval between selections, the first interval having a random start. Examples include Monetary Unit Sampling where each individual monetary value (e.g., £1) in the population is given an equal chance of selection. As the individual monetary unit cannot ordinarily be examined separately, the item which includes that monetary unit is selected for examination. This method systematically weights the selection in favour of the larger amounts but still gives every monetary value an equal opportunity for selection. Another example includes selecting every 'nth sampling unit.

Non Statistical Sampling Methods

 (iii). Haphazard sampling - in which the auditor selects the sample without following a structured technique, however avoiding any conscious bias or predictability. However, analysis of a haphazard sample should not be relied upon to form a conclusion on the population



 (iv). Judgmental sampling - in which the auditor places a bias on the sample (e.g., all sampling units over a certain value, all for a specific type of exception, all negatives, all new users, etc.). It should be noted that a judgmental sample is not statistically based and results should not be extrapolated over the population as the sample is unlikely to be representative of the population.

ISA 230: DOCUMENTATION (Working paper file)

This ISA states that auditors should document in their working papers matters that are important in supporting the Auditors Report.

- Working papers should provide evidence on how the audit procedures were performed and how it is concluded.

- Auditors should record in their working papers their reasoning on all significant matters that require the exercise of judgement and their conclusions thereon.

- The auditor should maintain confidentiality and custody of the working papers.

The Purpose of documentation:- • To control current year work. • Record the work.

• Evidence of work carried out. • Verification.

• Briefing for next audit.

Two main types of documentation:- 1. The Permanent File

Includes:-• Statutory documents.

• Company rules and regulations. • Letter of Engagement.

• Legal documents (e.g. debenture deeds, leases, loan agreements etc).

2. The Current Audit file:

Includes:-• Copy of last year’s Audited Financial Statements. • Audit Programme & Checklist.

• Accounts schedule (Working Papers). • Minutes.

• Copy of Management letter

• Copy of Letter of Representation.

The auditor should record who performed the work on which date and who reviewed the work on which date.

Documents should be retained for at least 5 years from the date of the audit report.

Types of Documentation:-• Narrative Notes • Flow Charts • Questionnaires • Checklists Created on 6/6/2010 19:27:00 a6/p6 13

ACCA Paper F 8

AUDIT AND ASSURANCE SERVICES (INTERNATIONAL

STREAM)

Lecture 3

Audit Planning and Risk

DATE:

Autumn 2008

TUTOR:

ISA 300 AUDIT PLANNING

Auditors should plan the audit so that the engagement is conducted in an effective manner.

The objectives of planning

include:-•

Directing appropriate attention to the different areas of the audit such as assessing materiality, so that when the detailed audit plan is prepared, audit procedures can be directed towards the material amounts.

•

Identify potential problems or risks so that they can be resolved at an early stage.

•

Facilitate review and control of the audit.

• Assigning and briefing staff with appropriate skills, knowledge, training, proficiency.

•

Coordinating the work of others such as that of experts.

•

Obtaining knowledge and understanding of the client’s business.

•

Providing an economic and effective service within appropriate timescales

Planning an audit will permit development of:- • An audit strategy based on risk analysis

• An audit plan that addressing the risks identified.

Planning procedures:

• Review the previous years working papers • Identify problem areas encountered

• Determine staffing requirements • Obtain an indication of time required

• If the client is new, review the previous auditors’ working papers to obtain closing balances which will affect this year’s financial statements.

• Determine the trading pattern and problems faced by the client company.

• Establish timetable, important dates and deadlines • Assess the effect of changes from previous year: 1 1. Systems

1 2. Law and regulation 1 3. Accounting policies 1 4. Management

1 5. Other relevant matters

•

Perform analytical review or procedures on the latest accounts.

•

Request preparation of cash and profit projections where solvency problems are foreseen.

• Review the work of internal audit.

•

Evaluate whether reliance on other expert is necessary • Allocate and brief audit staff.

ISA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT

.

315.2 The auditor must obtain an understanding of the entity and its environment, including internal controls, so that they can identify and assess the risks of material misstatement on financial statements due to fraud or error and design and perform further audit procedures.

The objective of this standard is to ensure that auditors obtain sufficient knowledge of the business of the entity to enable them to identify and understand the events, transactions or practice that may have a significant effect on the financial statements or the audit. This knowledge of the business helps to assess the levels of control and inherent risk and to determine audit procedures.

Procedures to

follow:-• Enquiry of management • Analytical procedures. • Observation and inspection.

ISA 400 RISK ASSESSMENT

There are 2 main categories of risk

1. Business Risk 2. Audit Risk.

1. Business Risks

Business risk is the risk that the business will fail to meet its objective. Elements of Business Risk include

•

Financial risk which arises from the company activities such as going concern problems, overtrading, credit risk, interest risk, currency risk and breakdown of accounting systems.

•

Operational risk arising from the operation of the business such as lost business opportunities, loss of physical assets and lack of business orders.

•

Compliance risk arising from non-compliances with laws and regulations such as breach of companies acts, and health and safety regulations.

2. Audit risk is the risk that the auditor come to an invalid conclusion in

audit report and come to an incorrect opinion that either:

1 1. The audit report is unqualified but subsequently material error is found in the financial statement.

1 2. The audit report is qualified but subsequently no material error is found in the financial statement.

There are two types of audit

risks:-1. Inherent risk 2. Control risk

Inherent and control risk together form risk of material misstatement. Detection risk mainly a part of sampling risk

1.

Inherent risk is the risk that misstatement will occur due to factors inherent in the company’s business or environment or the nature of individual transaction or balance. It is the risk attached to an assertion that could cause a material misstatement. Certain assertions, related classes of transactions and account balances such as stock are more prone to risk.

Inherent risk depends on the type of business. 1

2 The following have a high inherent risk:

•

Businesses with products subject to changes in fashion and technology business. The risk is that stock could be overstated.

• Companies with a dominant chief executive. • Small and new companies.

• Companies experiencing going concern problems. • Companies facing a highly competitive environment.