Parts: When will be tested? No. of lecture class MU week Total split of points: part 1 Corp gov-ce - preparerers of fin statements scope midterm test lecture 1 wk1 Task Points Comments: structure midterm test lecture 1 wk1 presentation of 1 case 20 schedule with cases and dates will be confirmed. Complex case can be presented by two persons and simple case should be presented by one person. IC midterm test lecture 2 wk2 midterm test 20 "will be on Nov 4, 2020. Duration ot test will be confirmed later" part 2 Assurance - assurares of fin statements final exam 60 will be in January 2021. Date and duration will be confirmed later. general midterm test "lecture 2, lecture 3" "wk2, wk3" total 100 Stages of audit part 3 Acceptance of client midterm test lecture 4 wk4 part 4 Planning of audit final exam "lecture 5, lecture 6" "wk5,wk7" part 5 Audit tests final exam "lecture 7, lecture 8" "wk8, wk9" part 6 Audit report final exam "lecture 9, lecture 10" "wk10, wk11" max grade 100 points (A) Note: topics for midterm test will be also included into final exam ##### Sheet/List 2 ##### Part I. Corp gov-ce (CG) - is about how company is managed on day-to-day basis 1 purpose of CG - to direct and control resources owned by investors and intrasted to those charged with gov-ce so that to contribute to creating long-term shareholder value. 2 "why CG is needed? - management, shareholders and government (as major shareholders) have different objectives. Corporate governance is a glue that keeps objectives of these thre parts together. " "objectives of management - to sustain listing on the exchange, to implement best practices in managing of entrasted resources, to attract investments" objectives of shareholders - to have environment within which they can invest with min risk 1 purpose of CG "objectives of government - to create conditions for growth and employment, to attract global invetsments" 2 need for CG 3 scope of CG (see see principles of corporate gove-ce as per Code of corp gov-ce from OECD) 3 scope of CG board of directors aka those charged with governance 4 CG and IC responsibilities of effective board: lead the company strategy set company's values meet regularly issue annual report to uphold the law to safeguard the assets of the organization should ensure that chairman and non-executive directors (NED) meet without executives to consider their performance should ensure that non-executive directors (NED) meet without chairman to consider the perfoamnce of chairman no one person or group should be able to dominate the board "should be of appropriate size, right balance of skills and experience. This includes diversity, including gender." at least of half of the board should be made up of NEDs NED should not be an employee within the last 5 years not have business relationships within the last 3 years be only remunerated with a fee for director duties - no profit share or share options no lcose family ties to the company no cross-directorship any NED who has been on the board for longer than 9 years is assumed to no longer be independent and should be re-appointed annually after this not be a major shareholder advantages and disadvantages of having NEDs in the board advantages provide expertise provide monitoring to curb excessive behavior of executives demonstrate that decisions are made in shareholder's best interests facilitate shareholder representation on the board facilitate compromise and creaet balance on the board disadvantages this will create costs and may slow down decision-making NEDs do not work full time for the company. It is debatable how much they actually know about the company and how much they can add value some NEDs are too willing to accept what executives tell them. types of companies depending on role of board: unitary board - board represents superviosry and management level two-tier board - shareholders and stakeholders who have an active interest in running the company represent superviosory tier and board represensts the management tier committees - report to the board they allow the board to offload responsibility for a particular activity they provide a forum to focus on a limited and distinct tasks they should prvide an epretise in the given area of operation they should provide disclosure to shareholders they prvide assurance to shareholders types of committees: audit committee organization: should consist of at least 3 NEDs (for smaller companies - 2) at least 1 member should have recent and relevant financial experience responsibilities "make recommendations to the board in relation to apointment, re-appointment and removal of external auditor" review and monitor external auditor;s independence and objectivity and effectiveness of audit process review and monitor how external audior recommendations are followed up once statutory audit is over review of company's internal controls review and monitor effectiveness of company's internal audit function "provide advice on whether the annual report and accounts taken as a whole is fair, balanced and undertsndable and prvides the information necessary for shareholders to assess the company’s performance and strategy" to review cases of whistleblowing benefits of audit committee it assists to external auditors => better communication between external auditor and the board it increases confidence in the company's fin controls and reporting mechanisms. it follows up external auditor's recommendations with regard to internal control weaknesses limitations of audit committee it imposes additional costs difficulty in finding members with the right experience at the market audit committee and internal audit department AC should ensure that IAD has direct access to the chairman and that it is accountable to IA review and assess IAD workplan receive periodic reports on the results of IAD work review and monitor management responsiveness to IAD's findings and recommendations meet with head of IAD at least once a year without presence of management risk management committee responsibilities advice the board on an approprate risk strategy for the company monitor company to ensure the risk strategy is embedded and strategy notbeing ignored by certain departments/staf "help to identify major risks, suggest solutions" receive reports from heads of toher departments on their specific risk issues receive report from IAD and assess their recommendations ensure all risk-related disclosures are in Annual report benefits of risk committee independence in decision-making support for board of directors and for AC "if committee works effectively, then:" more predictable cash flows are produced impact of distater is limited "greater confidence among investors, employees, customers, suppliers and partners" phases of risk management identify risks. risks may arie from many sources: impact of new technology or changing competition fraud regulations estimate impact and priority in their tackling develop solutions implement risk strategy "review, adapt and disclose" nomination committee remuneration committee all directors should get induction and training "board, its committies and individual directors should have performance appraisal at least annually" directors should be elected at least every 3 years (for FTSE-350 companies re-election should be every year. significant proportion of remuneration of directors should be performance-based remuneration should consider industry level. "board should insure sound system of controls, the effectiveness of which should be reviewed evety year as part of annual report." "if the board has the audit committee, it should be made up of at least 3 NEDs. Main role of such committee is to liason with internal (i.e. internal audit department) and external auditors on all matters" board should have regular dialogue with shareholders and encourage debate through AGM (annual general meetings) chairman and COE should not be the same person "chairman leads the board, sets agenda for board's meetings ensuring there is enough time forimportant matters" CEO runs the company chairman is key contact for shareholders 4 CG and internal controls "IC - is system of values, rules, procedures and systems (IS) implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud." Controls are designed by risk management committee as response to identified internal and external risks and volnurabilities and which are reviewed regularly by internal audit department and which are tested by external auditors during statutory audit. => Impact of quality of IC on scope of statutory audit if IC are strong (there is low control risk) the auditors can rely on these controls and reduce the amount of detailed (substantive) testing that they do "if IC are weak (there is high control risk), the auditors cannot rely on these controls and they must increase the amount of detailed (substantive) testing that they do. Audit statistics indicate that sample sizes needed should be tripled to compensate for poor internal control" purpose of IC to prevent and detect errors (unintentional or ontentional) to help safeguard the assets (against theft) to ensure the business runs cost efficiently components of IC control environment management attitudes and values staff attitudes and values control procedures application controls general controls comparison authorization reconciliation computer control arithmetical control physical control segregaition of duties risk assessment information systems monitoring of existing controls limitations of IC human error collusion to commit fraud the cost/time to implement the controls may outweight the benefit of following them so the controls are ignored it may be impossible to design a control for one-off transactions e.g. determining a provision for a court case. Controls work best in systems where there is a high volume of routine transactions. IC are designed and implemented within each accounting cycle. For example: "sales cycle - stages, risks emerging at each stage and control procedures to minimize the exisitng and potencila risks " purchases cycle GRNI AP ROTA Bottomline payroll cycle ##### Sheet/List 3 ##### Part II. Assurance engagement 1 need for extrenal assurance 1 need for external assurance stewardship and agency theory 2 purpose of external assurance "directors are stewars of shareholders, to whom shareholders entrust their capital for management" 3 levels of external assurance auditors are agents of shareholders who give assurance to shareholders over fin statements prepared by directors 4 external auditor 2 purpose of assurance service 5 internal auditor to increase confidence 6 professional ethics to reduce risk of users of services 3 levels of assurance and types of assurance services "reasonable (aka positive) - e.g. external audit which confirms that financial statements are true and fair. To be able to provide reasonable assurance, assurer needs to perform first a lot of work on subject matter, partiuclarly substatntive tests." Note! Reasonable assurance is not = to 100% guarantee that fin statements are true and fair. This is known as 'expectation gap'. The reasons for this are the followig: "use of testing - because it is impracticable to test all transactions, tests should be done one samples. Problems can be as follows: tests can be designed incorrectly, can use not representative samples, can be done by not qualified enough employees, tests can have bad timing" inherent limitations of IC audit just like fin statements under audit is based on many judgements and estimates of auditors many audit conclusions are based on judgements and estimates done by directors and built into fin statements possibility of fraud "Also many users of audit report often assume that auditors are required to detect fraud. BUT: auditors are required to do testing, gather evidence and issue an opinion and it is responsibility of directors to prevent fraud in their fin statements." "limited (aka negative) - e.g. review which states that nothing what could suggest that statements are not true and unfair has come to attention of assurers . If assurer has performed only limited amount of work over subject matter, for example, only analytical procedures without substantive testing, then assurer is bale to confirm that nothing has come to light to suggest that errors or problems exist." 4 external audit objectives to obtain reasonable assurance about whether the fin statements as a whole are free from material misstatement i.e. are true and fair to report on fin statements elements of audit engagement "3 parties - assurer (i.e. auditor), intended users (of fin statements i.e. shareholders), responsible party (for issued fin statements i.e. board)" subject matter - fin statements suitable criteria - reporting framework (e.g. IFRS) plus laws and regulations plus assurance framework (IAAS) plus materiality threshold sufficient appropriate evidence written report (i.e. audit report) 5 extrenal auditor who can be external auditor pass an approved set of qualifications set by Recognized Qualifying Body become a member of Recognized Qualifying Body must not be either director or employee of the lient or its associated company must not be a business partner of director or employee of the client or its associated company ethical requirements professional scepticism - auditor should have open and questioning mind professional judgement - auditor should exercise professional judgement in planning and perfoming audit audir risk - auditor should evaluate audit risk throughout all stages of audit appointment of external auditor candidate is proposed by board and approved by shareholders at AGM by ordinary resolution (i.e. >50% of shareholders are required and shareholders must be given 21 days' notice prior voting) removal of external auditor resignation before resignation in this case auditors need to write a written explanation to shareholders about reasons of their resignation to speak at the GM to shareholders and explain them theit reasons of resignation after resignation auditors need to issue a statment of circumstances. forced removal this should be agrred on GM by shareholders (voiting) quality control quality control procedures are internal controls implemented by auditors to ensure that they produce high quality work characteristics (components) of strong quality control environment in audit firm appointment of quality control partner have documented processes for staff to follow ensure all staff are trained in these processes have strcit recruitment policies ensure appraisal porcess to recognize high quality of work "ensure careful selection of assignment teams based on skills, experience, overall workload" have a cold review process where a selection of completed assignments are checked to help future workbe performed better quality control during audit engagement pre-appointment checks should be carried out on all clients all work of audit team should be directed supervised by senior memebrs of the team recorded in woking papers reviewed by senior there should be appropriate consultations with others where matters are nclear a hot review should be done before audit is finished for those audits where audit risk is high there should be careful procedures on acceptance/continuance of lcient relationhsips 6 internal auditor role of internal auditor role of IA department is to provide a feedback on effectiveness of systems and procedures (including control procedures) in place having of IA deprtment is best practice rather than required by law for IA department to be effective the following should be fulfilled: "appropriate resourcing: money, tim, training, quality of staff and leadership" good organization (incl. audit documentation) regular reviews of work performed indepencence - reporting to audit committee greatly strengthens internal auditors' independence. "Note! If it is impossible to insure independency of IA department, then it is better to outsource it" advantages of outsourcing: it can be cheaper it gives an access to experts it gives higher flexibility it gives max independence it ensures that auditors have up-to-ate techniques and methodlogies it reduces management time it reduces training costs disadvantages of outsourcing: less depth of knowledge about client can be expoused to self-review threat manament has less direction and control over the audit limitations of IA department independence - reporting to fin director instead of AC decreases IA's independence to minimum scope - scope of EA's work is defined by statute and cannot be limited y company's management while IA's work is defined by company's management familiarity - IA can become friendly with their collegues fom other departments. "appointment - IA are appointed by management, while EA are appointed by shareholders" quality - EA keep theit knoewledge up-to-date and undergo regular trainings while IA might not (e.g. due to limited resources available for their department in the company) length - IA employed for a long period of time may be expoused to familirity threat. assignments VFM (value-for-money) checks (also known as operational audits) - what should be achived by particular department/activity of the company? (effectiveness) effectiveness check - what should be achived by particular department/activity of the company? (effectiveness) efficiency - if such department's objectives are achieved with min resources? economy - to purchase stock/services needed at economic cost customer experience IT - IA (and EA as well) check the security of company’s IT/IS "financial - fraud investigations, management accounts, tenders for contracts, VAT returns" legal - regulatory compliance assistence of IA to EA: assignments for IA testing of accuracy of management accounts durint the year IC testings during the year attendence at the inventory count pre-requisites of assistence of IA to EA experience and qualification of IA whether or not the recommendations of IA are taken serioously by the company and implemented quality and organization of work of IA department 7 Professional ethics Role of auditor (external) is to increase confidence of end users of fin statements by reducing the level of risk of misstatement hidden in fin statements. Thus the auditor needs to be trusted by end users. This can be achived only by independence of auditor from preparer of fin statements. independence in mind - decision making of auditor is not influenced by client independence in appearance - audit needs to be seen to behave in professional manner Ethical principles of audit professions professional behavior integrity (=straigthforwardness and honesty) professional competence and due care confidentiality objectivity (without bias) "Ethical threats - exposure to all all the threats below needs to be regularly assessed during whole course of the audit and other assurance arrangements. If there is any threat, appropriate safeguard needs to be taken. If safeguard cannot be take or if It is not effective, then auditor needs to resign (as ultimate measure)." self-interest threat self-revie threat familiarity threat advocacy threat intimidation threat Confidentiality - auditors should never share client information with 3d parties. Exceptios are: mandatory disclosure client is suspected of money laundering client is suspected of terrorism qualifying body is investigating auditor's work court order is obtained requiring the auditor to disclose volunary disclosure client gives permission auditor feeels it is in public interest to do so auditor has to defend himself in the court or at disciplinary hearing Conflict of interest - auditors must be seen to act in the bestinterest of their lcients at all times.. Before accepting any new appointment auditors must be aware of any potencila conflicts of interest: "if such situation arises, all clients involved must be informed and give their consent to auditors to continue to act" "if consent is received, auditors need" to assign different audit teams headed by different partners so the team are kept physically separated "procedures to monitor confidentiality should be put in place (e,g, assign independent partner to oversee if it is fulfilled)" "if consent is not received, auditors should decline an appointment" ##### Sheet/List 4 ##### Part III. Client assessment 1 actions of auditor before accepting the client 1 before accepting the client auditor should 2 actions of auditor after accepting the client check available resources and integrity of client agree on fee and deadlines determine the level of audit risk check professional clearance ask client permission to contact predecessor if there any reasons why new auditor needs to decline acception of this client if client refuses to give permission - test is failed "if client gives its permission but predecessor confirms that there are such reasons - discuss this with client and if not fully agreed on all potencial issues, decline accepting this client" check formal preconditions for accepting the client what is the reporting framework used by client if management of client agrees to provide to auditor access to all information relevant for the audit 2 after accepting the client prepare engagement letter with description of all conditions of the upcoming audit. It should contain info about: objective and scope of audit management's responsibilities auditor's responsibilities form and content of any reports to be issued description of audit procedures arrangements regarding planning and performance of audit risk assessment matters auditor's use of external specialists and internal auditors access to information communication between auditor and client basis of fees and billing arrangements agreement of management to inform the auditor of facts that may affect fin statements agreement of management to make available to auditor all supporting evidence related to prepared fin statements