Parts: When will be tested? No. of lecture class MU week Total split of points: part 1 Corp gov-ce - preparerers of fin statements scope midterm test lecture 1 wk1 Task Points Comments: structure midterm test lecture 1 wk1 presentation of 1 case 20 schedule with cases and dates will be confirmed. Complex case can be presented by two persons and simple case should be presented by one person. IC midterm test lecture 2 wk2 midterm test 20 "will be on Nov 4, 2020. Duration ot test will be confirmed later" part 2 Assurance - assurares of fin statements final exam 60 will be in January 2021. Date and duration will be confirmed later. general midterm test "lecture 2, lecture 3" "wk2, wk3" total 100 Stages of audit part 3 Acceptance of client midterm test lecture 4 wk4 part 4 Planning of audit final exam "lecture 5, lecture 6" "wk5,wk7" part 5 Audit tests final exam "lecture 7, lecture 8" "wk8, wk9" part 6 Audit report final exam "lecture 9, lecture 10" "wk10, wk11" max grade 100 points (A) Note: topics for midterm test will be also included into final exam ##### Sheet/List 2 ##### Part I. Corp gov-ce (CG) - is about how company is managed on day-to-day basis 1 purpose of CG - to direct and control resources owned by investors and intrasted to those charged with gov-ce so that to contribute to creating long-term shareholder value. 2 "why CG is needed? - management, shareholders and government (as major shareholders) have different objectives. Corporate governance is a glue that keeps objectives of these thre parts together. " "objectives of management - to sustain listing on the exchange, to implement best practices in managing of entrasted resources, to attract investments" objectives of shareholders - to have environment within which they can invest with min risk 1 purpose of CG "objectives of government - to create conditions for growth and employment, to attract global invetsments" 2 need for CG 3 scope of CG (see see principles of corporate gove-ce as per Code of corp gov-ce from OECD) 3 scope of CG board of directors aka those charged with governance 4 CG and IC responsibilities of effective board: lead the company strategy set company's values meet regularly issue annual report to uphold the law to safeguard the assets of the organization should ensure that chairman and non-executive directors (NED) meet without executives to consider their performance should ensure that non-executive directors (NED) meet without chairman to consider the perfoamnce of chairman no one person or group should be able to dominate the board "should be of appropriate size, right balance of skills and experience. This includes diversity, including gender." at least of half of the board should be made up of NEDs NED should not be an employee within the last 5 years not have business relationships within the last 3 years be only remunerated with a fee for director duties - no profit share or share options no lcose family ties to the company no cross-directorship any NED who has been on the board for longer than 9 years is assumed to no longer be independent and should be re-appointed annually after this not be a major shareholder advantages and disadvantages of having NEDs in the board advantages provide expertise provide monitoring to curb excessive behavior of executives demonstrate that decisions are made in shareholder's best interests facilitate shareholder representation on the board facilitate compromise and creaet balance on the board disadvantages this will create costs and may slow down decision-making NEDs do not work full time for the company. It is debatable how much they actually know about the company and how much they can add value some NEDs are too willing to accept what executives tell them. types of companies depending on role of board: unitary board - board represents superviosry and management level two-tier board - shareholders and stakeholders who have an active interest in running the company represent superviosory tier and board represensts the management tier committees - report to the board they allow the board to offload responsibility for a particular activity they provide a forum to focus on a limited and distinct tasks they should prvide an epretise in the given area of operation they should provide disclosure to shareholders they prvide assurance to shareholders types of committees: audit committee organization: should consist of at least 3 NEDs (for smaller companies - 2) at least 1 member should have recent and relevant financial experience responsibilities "make recommendations to the board in relation to apointment, re-appointment and removal of external auditor" review and monitor external auditor;s independence and objectivity and effectiveness of audit process review and monitor how external audior recommendations are followed up once statutory audit is over review of company's internal controls review and monitor effectiveness of company's internal audit function "provide advice on whether the annual report and accounts taken as a whole is fair, balanced and undertsndable and prvides the information necessary for shareholders to assess the company’s performance and strategy" to review cases of whistleblowing benefits of audit committee it assists to external auditors => better communication between external auditor and the board it increases confidence in the company's fin controls and reporting mechanisms. it follows up external auditor's recommendations with regard to internal control weaknesses limitations of audit committee it imposes additional costs difficulty in finding members with the right experience at the market audit committee and internal audit department AC should ensure that IAD has direct access to the chairman and that it is accountable to IA review and assess IAD workplan receive periodic reports on the results of IAD work review and monitor management responsiveness to IAD's findings and recommendations meet with head of IAD at least once a year without presence of management risk management committee responsibilities advice the board on an approprate risk strategy for the company monitor company to ensure the risk strategy is embedded and strategy notbeing ignored by certain departments/staf "help to identify major risks, suggest solutions" receive reports from heads of toher departments on their specific risk issues receive report from IAD and assess their recommendations ensure all risk-related disclosures are in Annual report benefits of risk committee independence in decision-making support for board of directors and for AC "if committee works effectively, then:" more predictable cash flows are produced impact of distater is limited "greater confidence among investors, employees, customers, suppliers and partners" phases of risk management identify risks. risks may arie from many sources: impact of new technology or changing competition fraud regulations estimate impact and priority in their tackling develop solutions implement risk strategy "review, adapt and disclose" nomination committee remuneration committee all directors should get induction and training "board, its committies and individual directors should have performance appraisal at least annually" directors should be elected at least every 3 years (for FTSE-350 companies re-election should be every year. significant proportion of remuneration of directors should be performance-based remuneration should consider industry level. "board should insure sound system of controls, the effectiveness of which should be reviewed evety year as part of annual report." "if the board has the audit committee, it should be made up of at least 3 NEDs. Main role of such committee is to liason with internal (i.e. internal audit department) and external auditors on all matters" board should have regular dialogue with shareholders and encourage debate through AGM (annual general meetings) chairman and COE should not be the same person "chairman leads the board, sets agenda for board's meetings ensuring there is enough time forimportant matters" CEO runs the company chairman is key contact for shareholders 4 CG and internal controls "IC - is system of values, rules, procedures and systems (IS) implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud." Controls are designed by risk management committee as response to identified internal and external risks and volnurabilities and which are reviewed regularly by internal audit department and which are tested by external auditors during statutory audit. => Impact of quality of IC on scope of statutory audit if IC are strong (there is low control risk) the auditors can rely on these controls and reduce the amount of detailed (substantive) testing that they do "if IC are weak (there is high control risk), the auditors cannot rely on these controls and they must increase the amount of detailed (substantive) testing that they do. Audit statistics indicate that sample sizes needed should be tripled to compensate for poor internal control" purpose of IC to prevent and detect errors (unintentional or ontentional) to help safeguard the assets (against theft) to ensure the business runs cost efficiently components of IC control environment management attitudes and values staff attitudes and values control procedures application controls general controls comparison authorization reconciliation computer control arithmetical control physical control segregaition of duties risk assessment information systems monitoring of existing controls limitations of IC human error collusion to commit fraud the cost/time to implement the controls may outweight the benefit of following them so the controls are ignored it may be impossible to design a control for one-off transactions e.g. determining a provision for a court case. Controls work best in systems where there is a high volume of routine transactions. IC are designed and implemented within each accounting cycle. For example: "sales cycle - stages, risks emerging at each stage and control procedures to minimize the exisitng and potencila risks " Tests used by auditors during planning stage to assess effectiveness of system of IC of the client purchases cycle payroll cycle ##### Sheet/List 3 ##### Part II. Assurance engagement 1 need for extrenal assurance 1 need for external assurance stewardship and agency theory 2 purpose of external assurance "directors are stewars of shareholders, to whom shareholders entrust their capital for management" 3 levels of external assurance auditors are agents of shareholders who give assurance to shareholders over fin statements prepared by directors 4 external auditor 2 purpose of assurance service 5 internal auditor to increase confidence 6 professional ethics to reduce risk of users of services 3 levels of assurance and types of assurance services "reasonable (aka positive) - e.g. external audit which confirms that financial statements are true and fair. To be able to provide reasonable assurance, assurer needs to perform first a lot of work on subject matter, partiuclarly substatntive tests." Note! Reasonable assurance is not = to 100% guarantee that fin statements are true and fair. This is known as 'expectation gap'. The reasons for this are the followig: "use of testing - because it is impracticable to test all transactions, tests should be done one samples. Problems can be as follows: tests can be designed incorrectly, can use not representative samples, can be done by not qualified enough employees, tests can have bad timing" inherent limitations of IC audit just like fin statements under audit is based on many judgements and estimates of auditors many audit conclusions are based on judgements and estimates done by directors and built into fin statements possibility of fraud "Also many users of audit report often assume that auditors are required to detect fraud. BUT: auditors are required to do testing, gather evidence and issue an opinion and it is responsibility of directors to prevent fraud in their fin statements." "limited (aka negative) - e.g. review which states that nothing what could suggest that statements are not true and unfair has come to attention of assurers . If assurer has performed only limited amount of work over subject matter, for example, only analytical procedures without substantive testing, then assurer is bale to confirm that nothing has come to light to suggest that errors or problems exist." 4 external audit objectives to obtain reasonable assurance about whether the fin statements as a whole are free from material misstatement i.e. are true and fair to report on fin statements elements of audit engagement "3 parties - assurer (i.e. auditor), intended users (of fin statements i.e. shareholders), responsible party (for issued fin statements i.e. board)" subject matter - fin statements suitable criteria - reporting framework (e.g. IFRS) plus laws and regulations plus assurance framework (IAAS) plus materiality threshold sufficient appropriate evidence written report (i.e. audit report) 5 external auditor who can be external auditor pass an approved set of qualifications set by Recognized Qualifying Body become a member of Recognized Qualifying Body must not be either director or employee of the lient or its associated company must not be a business partner of director or employee of the client or its associated company ethical requirements professional scepticism - auditor should have open and questioning mind professional judgement - auditor should exercise professional judgement in planning and perfoming audit audir risk - auditor should evaluate audit risk throughout all stages of audit appointment of external auditor candidate is proposed by board and approved by shareholders at AGM by ordinary resolution (i.e. >50% of shareholders are required and shareholders must be given 21 days' notice prior voting) removal of external auditor resignation before resignation in this case auditors need to write a written explanation to shareholders about reasons of their resignation to speak at the GM to shareholders and explain them theit reasons of resignation after resignation auditors need to issue a statment of circumstances. forced removal this should be agrred on GM by shareholders (voiting) quality control quality control procedures are internal controls implemented by auditors to ensure that they produce high quality work characteristics (components) of strong quality control environment in audit firm appointment of quality control partner have documented processes for staff to follow ensure all staff are trained in these processes have strcit recruitment policies ensure appraisal porcess to recognize high quality of work "ensure careful selection of assignment teams based on skills, experience, overall workload" have a cold review process where a selection of completed assignments are checked to help future workbe performed better quality control during audit engagement pre-appointment checks should be carried out on all clients all work of audit team should be directed supervised by senior memebrs of the team recorded in woking papers reviewed by senior there should be appropriate consultations with others where matters are nclear a hot review should be done before audit is finished for those audits where audit risk is high there should be careful procedures on acceptance/continuance of lcient relationhsips 6 internal auditor role of internal auditor role of IA department is to provide a feedback on effectiveness of systems and procedures (including control procedures) in place having of IA deprtment is best practice rather than required by law for IA department to be effective the following should be fulfilled: "appropriate resourcing: money, tim, training, quality of staff and leadership" good organization (incl. audit documentation) regular reviews of work performed indepencence - reporting to audit committee greatly strengthens internal auditors' independence. "Note! If it is impossible to insure independency of IA department, then it is better to outsource it" advantages of outsourcing: it can be cheaper it gives an access to experts it gives higher flexibility it gives max independence it ensures that auditors have up-to-ate techniques and methodlogies it reduces management time it reduces training costs disadvantages of outsourcing: less depth of knowledge about client can be expoused to self-review threat manament has less direction and control over the audit limitations of IA department independence - reporting to fin director instead of AC decreases IA's independence to minimum scope - scope of EA's work is defined by statute and cannot be limited y company's management while IA's work is defined by company's management familiarity - IA can become friendly with their collegues fom other departments. "appointment - IA are appointed by management, while EA are appointed by shareholders" quality - EA keep theit knoewledge up-to-date and undergo regular trainings while IA might not (e.g. due to limited resources available for their department in the company) length - IA employed for a long period of time may be expoused to familirity threat. assignments VFM (value-for-money) checks (also known as operational audits) - what should be achived by particular department/activity of the company? (effectiveness) effectiveness check - what should be achived by particular department/activity of the company? (effectiveness) efficiency - if such department's objectives are achieved with min resources? economy - to purchase stock/services needed at economic cost customer experience IT - IA (and EA as well) check the security of company’s IT/IS "financial - fraud investigations, management accounts, tenders for contracts, VAT returns" legal - regulatory compliance assistence of IA to EA: assignments for IA testing of accuracy of management accounts durint the year IC testings during the year attendence at the inventory count pre-requisites of assistence of IA to EA experience and qualification of IA whether or not the recommendations of IA are taken serioously by the company and implemented quality and organization of work of IA department 7 Professional ethics Role of auditor (external) is to increase confidence of end users of fin statements by reducing the level of risk of misstatement hidden in fin statements. Thus the auditor needs to be trusted by end users. This can be achived only by independence of auditor from preparer of fin statements. independence in mind - decision making of auditor is not influenced by client independence in appearance - audit needs to be seen to behave in professional manner Ethical principles of audit professions professional behavior integrity (=straigthforwardness and honesty) professional competence and due care confidentiality objectivity (without bias) "Ethical threats - exposure to all all the threats below needs to be regularly assessed during whole course of the audit and other assurance arrangements. If there is any threat, appropriate safeguard needs to be taken. If safeguard cannot be take or if It is not effective, then auditor needs to resign (as ultimate measure)." self-interest threat self-revie threat familiarity threat advocacy threat intimidation threat Confidentiality - auditors should never share client information with 3d parties. Exceptios are: mandatory disclosure client is suspected of money laundering client is suspected of terrorism qualifying body is investigating auditor's work court order is obtained requiring the auditor to disclose volunary disclosure client gives permission auditor feeels it is in public interest to do so auditor has to defend himself in the court or at disciplinary hearing Conflict of interest - auditors must be seen to act in the bestinterest of their lcients at all times.. Before accepting any new appointment auditors must be aware of any potencila conflicts of interest: "if such situation arises, all clients involved must be informed and give their consent to auditors to continue to act" "if consent is received, auditors need" to assign different audit teams headed by different partners so the team are kept physically separated "procedures to monitor confidentiality should be put in place (e,g, assign independent partner to oversee if it is fulfilled)" "if consent is not received, auditors should decline an appointment" ##### Sheet/List 4 ##### Part III. Client assessment 1 actions of auditor before accepting the client 1 before accepting the client auditor should 2 actions of auditor after accepting the client check available resources and integrity of client agree on fee and deadlines determine the level of audit risk check professional clearance ask client permission to contact predecessor if there any reasons why new auditor needs to decline acception of this client if client refuses to give permission - test is failed "if client gives its permission but predecessor confirms that there are such reasons - discuss this with client and if not fully agreed on all potencial issues, decline accepting this client" check formal preconditions for accepting the client what is the reporting framework used by client if management of client agrees to provide to auditor access to all information relevant for the audit 2 after accepting the client prepare engagement letter with description of all conditions of the upcoming audit. It should contain info about: objective and scope of audit management's responsibilities auditor's responsibilities form and content of any reports to be issued description of audit procedures arrangements regarding planning and performance of audit risk assessment matters auditor's use of external specialists and internal auditors access to information communication between auditor and client basis of fees and billing arrangements agreement of management to inform the auditor of facts that may affect fin statements agreement of management to make available to auditor all supporting evidence related to prepared fin statements ##### Sheet/List 5 ##### Part III. Planning of audit 1 Planning - it is not a descrete phase of audit but it is a continual process that starts at the end of previous audit and continues until the end of the current audit. planning helps the auditor to: devote appropriate attention to important areas of the audit identify audit risks identify and solve potencial problems on a timely basis properly organize and manage the audit engagement so that it is performed in an effective and efficient manner More about audit risk: select engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks and the proper assignment of work to them https://www.accaglobal.com/in/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/audit-risk.html direct and supervise engagement team and to review their work coordinate the work done by external experts 2 Stages of planning setting up of audit strategy parts of strategy scope of audit timing of individual audit procedures direction of procedures it is based on such assertions initial assessment of materiality initial identification of risk areas identification of risk areas is done through obtaining understanding of entity and its environament: "about the nature, timing and resources necessary to perform the engagement" "industry, regulatory and other external factors" 1 planning preparing of detailed audit plan - it is a set of instructions "nature of the entity (products and services, customers and suppliers, location, group structure etc.)" 2 stages of planning parts of plan "its objectives, strategies and risks (e.g. new products and services, expension plans)" srategy detailed description of client internal control (all components) parts description of accountig policies and internal control systems "financial performance (key ratios and statistics, forecasts and budgets, credit rating, trends)" assertions (incl. audit risk and materiality) detailed materiality assessment audit risk - the risk that auditors give the wrong opinion on the fin statements plan results of preliminary analytical procedures on the draft of fin statements it can be uncovered at any stage of the audit fraud and error likely audit approach to each area of fin statetements in the light of the work done the level of risk may be reappraised law and regulations detailed description of high risk areas and how these to be delt with risk assessment procedures materiality specific audit testing issues (e.g. if external experts will be needed) enquires of management and others within the entity analytical procedures (AP) timing of specific procedures observation and inspection internal controls "details of staffing, a budget and a timetable" "analytical procedures (e.g. ratio analysis, comparing actuals and budget)" assistance from internal audit department special areas for planning unusual relations fraud and error unusual trends fraud vs error risk components "fraud - intentional act by one or more individuals among management, those charged with governance, employees or 3d parties to obtain an unjust or illegal advantage. Fraud is criminal activity, however it is not the role of the auditor to determine whether fraud has actually occured. That is responsibility of country's legal system." "inherent risk - a possibility of incorrect or misleding information in fin statements resulting from something other than failure of controls. For example, use of judgments and approximations like in case of complex fin instruments, nonroutine accounts or transactions" "error - unintentioal mistake, can include accidental misapplication of accountng policies, oversights or misinterpretation of facts" "control risk - a risk that company's controls fail to prevent or detect material fraud or errors because they do not exist, or are designed badly or they do not operate properly. Lack of controls may be due to costs of their implementation: installation of new equipment, employment of extra staff, time taken by additional administrative procedures" types of fraud "detection risk - a risk that the auditor's procedures do not detect material misstatements, either individual or in aggregate. It can happen due to choosing an unrepresentative sample to test, human error, lack of training, inexperience, misinterpretation of results of test" misstatement (i.e. fraudulent fin reporting) auditor's responsibility in regard of audit risk - auditors have to misappropriation of assets (i.e. theft) assess the risk responsibilities of management and auditors address the risk "management - has primary responsibility for prevention and detection of fraud. Implementing of an effective system of internal control, the directors should reduce the possibility of undetected fraud to a minimum." design audit procedures (e.g. tests of control and substantive tests) to address the risk areas (cont.) auditors - should consider the risk of material misstatement due to fraud. Auditors should be alert to: assign more experienced staff or those with special skills or using experts Risk areas any audit evidence that contradicts other audit evidence incorporate additional elements of unpredictability lack of physical controls economic downturn putting pressure on results review the results to make sure that audit risk was reduced to acceptable level lack of IT based controls impact of fraud on audit strategy lack of authorisation controls reduction inmateriality level lack of segregation of duties increased level of testing in areas where fraud is suspected account balances e.g. R&D and warranty provisions reduced reliance on evidence generated internally and increased focus on externally generated evidence client operates in high tech or fashion industry reduced reliance on management representations if management if suspected of involvement with fraud client is based in multiple locations reporting of fraud - if fraud is identified the auditor should report it to appropriate level of management bank is relying on fin statements or directors are paid a bonus based on profits audit committee if it exists it is cash-based business highest level of management company trades overseas shareholders if fraud was committed by highest level of management and no audit committee is in place new computer system in the year to 3d parties (official authorities) new audit client Note! Communication should be done asap in order to: tight audit deadline impossed by client keep management and directors informed and to ensure that they understand the position correctly temporary staff usd during the year at the client's side discover what actions they have taken or intend to take to rectify the position a client in specialized industry evaluate the likelihood that the regularity had reccured or will recur discover what if any legal advice is needed law and regulations auditors cannot know and understand every law and regulation that affects every client but they should be aware of those that could materially affect fin statements (particularly money laundering) any breach of the law may need to make provisions for future legal costs and fines audit procedures to get assurance in terms of laws and regulations obtain general understanding of clinet's legal and regulatory environment inspect correspondence with the authorities depending on compny's business obtain written representation that directors have disclosed all instances of known and possible noncompliance to the auditors materiality during audit auditors concentrate on identification of significant risks of material misstatements in fin statements misstatements incl. omissions are considered to be material if they individually or in aggregate can influence economic decisions of users taken on the basis of fin statements auditors must design their audit procedures to reduce the risk of material misstatements to an acceptable level there is no specific methodology for calculating materiality because it is a matetr of professional judgement and this ultimately lies with the audit partner. however some guidance as to when misstatements should be noted and therefore be brought to partner's attention exists: 1/2 - 1% of turnover/revenue => 5-10% of profit before tax 1-2% of gross assets overall vs performance materiality vs tolerable misstatements overall materiality - level of materiality set by auditors for the financial statements as a whole at the planning stage. "performance materiality - amounts set by auditors at below overall materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality. In simple terms, performance materiality is the ‘working materiality’. It sets a numerical level which helps guide auditors to do enough work (but, importantly, not too much) to support their audit opinion. In comparison with overall materiality, performance materiality is a lower figure. " initial assessment of materiality may change when final draft of fin statements becomes available for auditors. Also materiality must be constatntly reviewed as audit progresses and it may change due to misstatements discovered: all misstatements discovered should be categorized into clearly trivial misstatements not trivial misstatements - all are required to be corrected by management material - management cannot refuse to correct such misstatements if they are discovered. Refusal to correct them will lead to qualification of audit report. immaterial - material can refuse to correct such misstatements motivating its rejection by the immateriality of each such misstatement. If management refuses to correct immaterial misstatemens auditors need to check if such accumulated immaterial misstatements remaining as uncorrected do not in aggregate consititute a material amount. analytical procedures (AP) "AP are important tool used by auditors. When performing analytical procedures auditors compare numbers, ratios or even non-fin information in order to identify unexpected trends or unexpectedrelationships which may indicate the existence of errors. " AP are used at many different stages throughout the audit. at planning AP are compulsory. They help to identify risk. Large changes are supect and might point to errors unless a good explanaition is received. during testing "AP are optional. They help to substantiate balances. If balances are roughly in line with last year's then that is some evidence supporting the figures. If balances are very different, more evidence is needed." at completition AP are compulsory. Audit partner stands back and looks at the overall fin statements to see if they look sensible and credible. How to use AP AP can be used in the following ways "ratio analysis (profitability, efficiency, liquidity, return etc)" trend analysis proof in total process to be followed auditors create their own expectations of what they think the figure should be compare their expectations to actual figure investigate any significant differences possible reference points for used for comparison vs last year vs budget/forecast vs industry average vs change in gross margin/sales internal controls there are two audit approches based on initial assesment of state of internal controls of the client "when IC are assessed as strong - auditor will approachthe audit by testing the effectiveness and operation of that control system. If controls are ndeed found to be operating well, then the risk of an error in the fin statements is low and the auditor will perfom relatively little substantive testing on the fin statements amounts. This results in an efficent and relatively inexpensive audit becasue the auditors work is reduced." "when IC are assessed as weak - in this case the only way theaudit risk can be kept low is by performing a very high amount of work themselves to achieve a very low detection risk. This means a audit based on full substantive testing rather than relying on internal controls. This will ususally result in an inefficient, expensive audit because of the high amount of audit work needed." Usually IC are tested during interim audit which is done 2-3 months before year-end date of the client. Tests of IC Tests used by auditors during planning stage to assess effectiveness of system of IC of the client assistance from internal audit department internal audit is part of the client's system of internal control. Thus it may well reduce control risk and the need for external auditor to perfrom detailed substantive testing. This will b obviously taken into account during planning phase of the audit. types of work the external auditor may wish to use assistance from internal auditors tests of effectiveness of control (Cont.) fraud investigations Computer controls observation of inventory count general controls compliance with laws and regulations making regular back-ups of data and storing them off-site substantive procedures involving limited judgement having IT help-desk and IT training for staff tracing transactions through the IS relevant to fin reporting access controls such as keeping computers in locked rooms see also: assignments for IA having a disaster recovery plan pre-conditions which should be met if external auditors are going to use help of internal auditors: all computers have log in codes "IA's work is properly supervised, reviewed and documented" anti-virus software and firewalls persons from IA department have relevant experience and training segregation of duties between programmers and users sufficient and appropriate evidence has been obtained application controls conclusions drawn are valid given the results of the work performed control that standing data is correct - examples of application controls: recommendations made have been acted on by management passwords see also: pre-requisites of assistence of IA to EA exception reports Note! External auditor cannot devolve responsibility for the audit opinion onto the internal audit department. batch checking of inputs (e.g. check of IDOCS before posting them to SAP) If external auditors plan to use helpfrom IA department followinghas to be agreed: reasonableness tests (e.g. sales tax to total valu of sales) management must agree in writing that IA department can provide such assistance and that they will not intervene in that work character checks (e.g. no unexpected characters entered) internal auditors must provide written confirmation that they will keep the external auditors information confidential range limits (e.g. no transaction is processed over or under a certain value) "external auditor will provide direct, supervision and review of the internal auditr's work" manual checks to ensure input was authorized print-outs and checks of ammendments to standing data Computer Assisted Audit Techniques (CAATs) test data - data designed by the auditor and which is used to test controls within a client's computer system. Basically it is running of auditor's data through the client's system. It will help the auditor to test client system's limits. Auditors will make their data from normal transactions and invalid transactions to test that the system works ok. drawbacks any false transactions must be removed from the systems afterwards. this may cause inconvenience for the client. Therefore test data is often run as dead data. This means that it is run using a copy of client's system so that any false transactions or damage caused by the auditor's data will not matter. "audit software - auditor's software which is used to perform substantive tests on client data. These can be off-the-shelf packages (e.g. IDEA, ACL) or tailor-made systems. Auditors will upload a copy of client's data onto their computers and will run though the audit software. This software asists in performing tasks such as" reorganizing the data into a more useful format e.g. by producing an aged listing for receivables or stock. "performing analytical procedures e.g. inventory holding days by stock line, automatic calculations of ratios for analytical procedures" verifying that arithmetic is correct by adding up ledgers and lists. It is important because every extra USD in stock is an extra USD in profit. reperformance of calculations e.g. for recalculating of depreciation charge for every non-current asset sequence checks andprinting out lists of missing documents such as missing cheques in cashbooks. choosing random samples for example for receivables circularisation. advantages of using audit software easy to use limited IT skills required to use improves efficiency of audit as large volumes of data can be porcessed quickly can be used multiple times i.e. for future audits of the same client and for audits of similar clients disadvantages of using audit software expensive to develop especially when the client is new and it not fully understood by auditor extensive modifications required if lcient changes its systems use of copy files - hen using copies of client's data auditors need to be sure that these copies accurately reflect the original live data. "Bottomline: audit software can simplify the auditor's task by selecting samples for testing, identifying risk areas and by performing certain substantive procedures. The software doesn't however, replace the need for auditor;s own procedures." ##### Sheet/List 6 ##### assertions BS assertions (aka assertions about account balances) at the end of the period under audit PL assertions (aka assertions about clases of transactions and events) for the period under audit Disclosure assertions (aka assertions about presentation and disclosure) for the period under audit as per: https://www.accaglobal.com/in/en/student/exam-support-resources/fundamentals-exams-study-resources/f8/technical-articles/assertions.html PL assertions occurance - means that transactions and events and other matters that have been recorded actually took place – and relate to this organisation Relevant test – select a sample of entries from the sales account in the general ledger and trace to the appropriate sales invoice and supporting goods dispatched notes and customer orders. "completeness - all transactions have been recorded in the financial statements – ie all assets, liabilities, equity interests (capital and reserves) and other disclosures have been included in the financial statements." Relevant test – select a sample of customer orders and check to dispatch notes and sales invoices and the posting to the sales account in the general ledger. accuracy - amounts and other data relating to transactions and events have been recorded at the correct amounts – ie at the amounts appearing in the source documents. "Relevant test – reperformance of calculations on invoices, payroll, etc, and the review of control account reconciliations are designed to provide assurance about accuracy." "cut off - transactions and events have been recorded in the correct accounting period – for example, if goods are delivered prior to year end, they are included in the cost of goods sold, not inventory. " Relevant test – recording last goods received notes and dispatch notes at the inventory count and tracing to purchase and sales invoices to ensure that goods received before the year end are recorded in purchases at the year end and that goods dispatched are recorded in sales. "classification - transactions recorded in the appropriate accounts – for example, the purchase of raw materials has not been posted to repairs and maintenance." Relevant test – check purchase invoices postings to general ledger accounts. "presentation - information about transactions and events is appropriately presented and disclosed, and disclosures are clearly expressed so as to make them understandable to the users. For this, the disclosures should use simple language and state matters clearly and concisely." "Relevant test – confirm that the total employee benefits expense is analysed in the notes to the financial statements under separate headings– ie wages and salaries, pension costs, social security contributions and taxes, etc." BS assertions "existence - assets, liabilities and equity interests (capital and reserves) are physically present/belong to the entity on the reporting date." "Relevant tests – physical verification of non–current assets, circularisation of receivables, payables and the bank letter." completeness Relevant tests – A review of the repairs and expenditure account can sometimes identify items that should have been capitalised and have been omitted from non–current assets. Reconciliation of payables ledger balances to suppliers’ statements is primarily designed to confirm completeness although it also gives assurance about existence. "valuation - all items have been included in the financial statements at appropriate amounts according to company policy and the relevant financial reporting framework. Furthermore, any allocations or valuation adjustments required (like impairment) have been made and financial and other information is disclosed fairly and at appropriate amounts." Relevant tests – Vouching the cost of assets to purchase invoices and checking depreciation rates and calculations. "rights and obligations - the entity has a right to its assets – ie it is free to use or dispose of the assets as it sees fit. Furthermore, the entity is obliged to pay off the liabilities that are shown in the statement of financial position" "Relevant tests – in the case of property, deeds of title can be reviewed. Current assets are often agreed to purchase invoices although these are primarily used to confirm cost. Long term liabilities such as loans can be agreed to the relevant loan agreement." classification Relevant tests – the test for transactions of checking purchase invoice postings to the appropriate accounts in the general ledger will be relevant again. Also that research expenditure is only classified as development expenditure if it meets the criteria specified in IAS® 38 Intangible Assets. "presentation - information about account balances is appropriately presented and disclosed, and disclosures are clearly expressed so as to make them understandable to the users. For this, the disclosures should use simple language and state matters clearly and concisely." "Relevant tests – auditors often use disclosure checklists to ensure that financial statement presentation complies with accounting standards and relevant legislation. These cover all items (transactions, assets, liabilities and equity interests) and would include for example confirming that disclosures relating to non–current assets include cost, additions, disposals, depreciation, etc." approach identify the assertion that needs to be tested Identify the audit procedure Choose the assertion that will be tested Identify the risk that will cause a material misstatement in the financial statements – the audit risk is the total value of PPE that may be misstated due to over-valuation/ undervaluation of PPE Think of the audit procedures that should be performed in order to avoid the risk mentioned More: https://www.accaglobal.com/in/en/student/exam-support-resources/fundamentals-exams-study-resources/f8/technical-articles/audit-procedures.html Evidence https://www.accaglobal.com/in/en/student/exam-support-resources/fundamentals-exams-study-resources/f8/technical-articles/ISA330-responses-assessed-risks.html auditors are seeking for two types of evidence evidence that controls are operating effectively. This evidence is collected by performing tests of conrols evidence that amounts presented in fin statements are true and fair. This evidence is collected by performing substantive tests. characteristics of audit evidence - in order to form an opinion on fin statements auditors must obtain sufficient and sufficiency is about quantity "the riskier the item is , the more evidence should be collected" "the more material the item is, more evidence about it is needed" "the less reliable audit evidence is, the more evidence is needed" appropriate audit evidence in form of reliable auditor generated evidence is more reliable than external (3d party) evidence external (3d party) evidence is more reliable than client generated evidence written evidence is more reliable than oral evidence original documents are more reliable than copies and faxes relevant evidence collected by auditors should support the particular assertion which they are testing evidnce gathering techniques analytical procedures external confirmations inspections and observations enquiries recalculation and re-perfromance see also here: risk assessment procedures "auditing accounting estimates - estimates are particularly difficult area for the audit as they involve considerable judgement and are based on future events. Thus estimates are not susceptible to logical, scientific evidence gathering techniques as other amounts such as value of sales and electricity costs in fin statements.. Accounting estimates are threfore easy to manipulate and may be subject to significant management bias." types of estimates provisions doubtful debt provisions legal provision warranty provision accruals values depreciation net realisale value fair value deferred tax deferred income audit approach auditors need to obtain an understanding of "how management identifies those transactions, events and conditions that give rise to the need for estimate" hom management actually makes the estimates including the control porcedures in place to minimize the risk of misstatement procedures the auditors need to do in response to above assessment review the outcome of the estimates made in the prior period discuss with management their process for calculating the estimate and assess whether this appears reasonable develop an independent estimate to use as reference point (i.e. for comparison) - for this it may be needed to obtain an independent expert opinion e.g. correspondence with layers regarding a legal provision o surveyor's report for evidence of an environment provision "review subsequet events - for example if there is a pending legal case with the legal provision in the balance sheet as per the year-end, the case may have been settled by the time of the audit and therfore will provide evidence as to whether the provision was reasonably stated. Also accrual can be compared with actual amount of invoice received after year-end by the client by the time of the audit." sampling audit sample - application ofaudit procedures to less than 100% of items within an account balance or population such that all items have a chance of selection population - a set of data about which an auditor wishes to draw conclusions sampling is used in auditing because it is usually impossible to examine all transactions and ti inspect every asset. risks connected with sampling "sampling risk - risk that selected sample is not representative: if auditor would test the whole population, the result would be different." non-sampling risk - other factors not related to sample itself e.g. human error or inexperience from side of audit team sampling methods statistical samling - when every member of population has an equal chance of selection in the sample methods: random sampling systematic sampling monetary unit sampling non-statistical sampling - when items selected by auditor into sample are based on professional judgement of auditor e.g. haphazard selection of items - non-statistical technique used to approximate random sampling by selecting sample items without any conscious bias and without any specific reason for including or excluding items judgemental sampling - non-statistical technique in which the sample members are chosen only on the basis of the researcher’s knowledge and judgment ##### Sheet/List 7 ##### Final review it is crucial that auditors carry out a final review of the audit work before finalization and forming the audit opinion. This ensures the audit was effective and to a quality standard Engagement Partner Review - It is a review of the audit work - not the evidence - so just ensuring proper standards and procedures followed Quality Control Review - Carried out by a senior NOT involved in the audit Ensure opinion is based on evidence obtained Ensure independence of team Ensure documentation reflects the work performed Documentation Review Evidence that independence issues have been considered Quality Control Review Audit Evidence Review - Ensure there is sufficient and appropriate evidence are fin statements consistent with our knowldege of the business have fin statements been prepared in line with relevant accounting and legal requirements do fin statements give a true and fair view have significant issues such as misstatements been resolved have there been any events occuring after the period end which need to be taken into account evaluation of misstatements all misstatements should be communicated to management on timely basis unless they are clearly trivial management should be asked to correct all misstatements identified during the audit. Auditors shoul try to obtain understanding of management's reasons for refusing to adjust any of the misstatements auditor should determine whether the accumulated misstatements imply that the audit strategy needs tobe modified errors identified though sampling need to be extrapolated so that the potencila error in population as a whole can be estimated. If such errors reveal a potencially material adjustment the audit team should have carried out additional work to determine whether or not the error actually is material before the assignment reaches the final stage. auditor should obtain a written representation from management and those charged with governance that they believ the effect of uncorrected misstatements is immaterial individually and in aggregate and a list of uncorrected misstatements should be a part of representation letter consideration of errors identified in course of the audit will often proide useful input to the planning process for the following year's audit. Audit report Auditor's opinion about fin stataments under statutoryaudit is expressed in audit report. A true and fair opinion with no other issues will lead to an unmodified report. There are some situations when auditors may have to modify their report or opinion. Audit report Unmodified report Modified report Unmodified opinion Modified opinion Material uncertainty related to going concern Emphasis of matter Other matter Fin statements are materially misstated Auditor is unable to obtain sufficient and appropriate evidence if material but not pervasive if material and pervasive if material but not pervasive if material and pervasive qualified opinion adverse opinion qualified opinion disclaimer of opinion includes*: includes: includes: includes: report will contain modification called 'qualified with except for': e.g. fin statements are true and fair except for receivables report will contain modification called 'adverse' and saying that fin statements are not true and fair report will contain modification called 'qualified with except for': e.g. fin statements are true and fair except for inventories report will contain modification called 'disclaimer' and saying that auditor is not able to provide an opinion. KAM will not be included opinion opinion opinion opinion basis for opinion basis for opinion basis for opinion basis for opinion KAM** KAM KAM KAM material uncertainty about GC emphasis of matter*** other matter**** *regardless of type of audit opinion and apart from above mentioned parts all audit reports contain also the following parts: title addresses responsibilities of management responsibilities of auditors other reporting responsibilities name of the engagement partner signature and adress of the auditors and date that the report was signed "**KAM (Key Audit Matter) - a summary of matters that a auditor considered to be the most significant to the audit. This section should contain explanaition why some matter was considered significant and how it was addressed in the audit. Auditors must determine key matters and communicate those matters in their reports if their client is listed company. For non-listed companies auditors may voluntarily do this or on request from management. If KAM identified are reasons for qualifying an opinion, in such case they shouldn't be presented in this section." risky areas "estimates and judgements (e.g. impairment testing of goodwill, effects of new IFRS, valuation of fin instruments at FV)" significant events and transactions ***emphasis of matter matter is not KAM matter is presented and disclosed in fin statements ****other matter matter is not KAM matter is not presented and disclosed in fin statements Auditors must express an opinion on two matters: if fin statements give true and fair view in all material respects such as: "information presented in fin statements is relevant, relaible, comparable and understandable" fin stataments adequatly disclose accounting policies used and they are applied consistently and appropriately accounting estimates and judgements made are reasonable disclosures to fin stataments enable users to understand the effects of material transactions and events if fin stataments are prepared in accordance with relevant reporting framework Advantages and disadvantages of standardized format of audit report advantages comparability between companies guarantee of a min level of content disadvantages technical language auditors are restricted in terms of what they can actually say Actions when the report is to be modified "modification of report is always final course of the action. As directos have legal responsibility to prepare the fin statements to show true and fair view, the number of modified opinion is in real life very low." if auditor expects to modify the report the following actions will betaken discuss the matter with those charged with governance - this may lead to the matter being resolved as the client may decide to amend the financial statements or the auditor may be provided with further evidence to suggest that a modificatio is not necessary. "consider management integrity - it is generally expected that the client would want to avoid a modified opinion therefore if the issue cannot be resolved satisfactorily it casts doubt over management ntegrity. This will mean that any management representations may not be reliable. If management representations cannot be relied on, this would lead to a disclaimer of opinion." seek external advice - before resigning the auditor may decide to seek legal advice. "resign - where the auditor has reason to doubt management integrity or where the auditor epects in future that there will be a need in an issue a disclaimer, resignation might be considered. " Subsequent events these are those events occuring between the year-emd and the date that fin statements are authorized for issue (i.e. signed by the directors) that may effect the numbers or disclosures in the year-end fin statements. types of events adjusting - events providing additional evidence relating to conditions existing at the end of the reporting period. Thus they require adjustments in fin statements. non-adjusting - events concerning condition which arose after the reoprting period but which may be of suh materiality that their disclosure is required to ensure that the fin statements are notmisleading. Year-end date Audit report signed Fin stataments issued AGM Active duty Passive duty Passive duty to filfill this duty auditors must perform review of all supporting evidence collected during previous stages of audit "when auditor becomes aware of a fact which may materially affect fin statements, the auditor should:" "when auditor becomes aware of a fact which may materially affect fin statements, the auditor should:" discuss the matter with management discuss the matter with management consider whether the fin statements need amendment consider whether the fin statements need revision take an appropriate action take an appropriate action if amendment is needed and: if amendment is needed and: management agrees to amend fin statements before signing management agrees to amend fin statements before signing in this case auditors perform additional procedures in this case auditors perform additional procedures provide management with new report on the modified fin statements and this report should be dated not earlier than the date of approval of amended fin statements provide management with new report which will include an emphasis of a matter paragraph referring to a note that discusses the reason for the revision of previously issued fin statements and audit report management does not amend fin statements before signing and if auditor's original report has already been released to the entity new audit report should be dated not earlier than the date of approval of revised fin statements auditor needs to take actions to prevent reliance on its report by management refuses to revise fin statements before signing speaking at AGM auditor needs to take actions to prevent reliance on its report resigning and circulating a written representation to shareholders seeking legal advice ##### Sheet/List 8 ##### Audit documentation