Pdf link: http://www.freeaccountingbooks.com/bpp-acca-p7-advance-audit-and-assurance-2017/
Free Accounting books provides unlimited PDF books, notes & guides of #Financial, #cost and #management #accounting, #ACCA, #CFA, #CIMA, #CPA, #CMA, #FRM and many more .......
#freeaccountingbooks.com
International regulatory
environments for audit
and assurance services
Introduction
This chapter covers a wide range of regulations that affect the work of audit
and assurance professionals. You need to be aware of the international nature
of the audit and assurance market and the main issues driving the development
of regulatory frameworks.
The detailed requirements relating to money laundering are then discussed.
You should be prepared to explain the responsibilities of professional
accountants in this area and to outline the procedures that audit firms should
implement.
The final section looks at the auditor's responsibilities in respect of laws and
regulations that apply to an audit client. This is a topic that could be built in to a
practical case study question.
http://accountingpdf.com/
4 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Study guide
Intellectual level
A Regulatory environment
A1 International regulatory frameworks for audit and assurance services
(a) Explain the need for laws, regulations, standards and other guidance relating
to audit, assurance and related services.
2
(b) Outline and explain the legal and professional framework including:
(i) Public oversight to an audit and assurance practice
(ii) The role of audit committees and impact on audit and assurance
practice
2
A2 Money laundering
(a) Define 'money laundering'. 1
(b) Explain how international efforts seek to combat money laundering. 2
(c) Explain the scope of criminal offences of money laundering and how
professional accountants may be protected from criminal and civil liability.
2
(d) Explain the need for ethical guidance in this area. 2
(e) Describe how accountants meet their obligations to help prevent and detect
money laundering including record keeping and reporting of suspicion to
the appropriate regulatory body.
2
(f) Explain the importance of customer due diligence (CDD). 2
(g) Recognise potentially suspicious transactions and assess their impact on
reporting duties.
2
(h) Describe, with reasons, the basic elements of an anti money laundering
programme.
2
A3 Laws and regulations
(a) Compare and contrast the respective responsibilities of management and
auditors concerning compliance with laws and regulations in an audit of
financial statements.
2
(b) Describe the auditor's considerations of compliance with laws and
regulations and plan audit procedures when possible non-compliance is
discovered.
2
(c) Discuss how and to whom non-compliance should be reported. 2
(d) Recognise when withdrawal from an engagement is necessary. 2
Exam guide
The technical content of this part of the syllabus is mainly drawn from your earlier studies. Questions in
this paper are unlikely to ask for simple repetition of this knowledge, but are more likely to require
explanation or discussion of the reasons behind the regulations.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 5
1 International regulatory frameworks for audit and
assurance services
Major developments in international regulation of audit and assurance have recently concluded, with farreaching
effects on ISAs.
1.1 The need for laws, regulations, standards and other guidance
Corporate scandals, such as Enron and Worldcom in the US, Olympus in Japan and Autonomy in the UK,
have brought the audit profession under close scrutiny from investors, businesses, regulators and others.
There is a trend towards businesses becoming more complex and global, and firms of accountants have
expanded their range of services well beyond traditional assurance and tax advice. This has led to a great
deal of re-examination of regulatory and standard-setting structures both nationally and internationally in
recent years.
Laws are in many respects a last resort in the task of ensuring that audits are conducted properly and are
of a high quality. As a generalisation, laws tend to be prescriptive and dissuasive. They are external to the
auditor, requiring them to act within the letter (although not necessarily the spirit) of the law in order to
avoid punishment. Law is a relatively blunt instrument for regulation.
At the other extreme would be a moral code that is purely internal to the auditor's self, which the individual
would adhere to irrespective of external consequences. The audit profession does not attempt to set out
such a code, this being the more proper area for broader social, moral or religious authority.
Audit regulations do take the presence of external laws and internal morality as their starting points, but sit
somewhere in between these two extremes. International standards are principles-based, representing a
common set of principles and practices which are more flexible than statutory laws, allowing for an
element of ambiguity and judgement on the part of the auditor. At the same time, however, auditing
standards are not simply general statements of morality: they contain specific suggestions for the auditor
to consider in specific circumstances, which are not legally binding but which provide a starting point for
the auditor in a given situation.
1.2 The legal and professional framework
One of the competencies you require to fulfil Performance Objective 18 of the PER is the ability to apply up
to date auditing standards and applicable frameworks. You can apply the knowledge you obtain from this
section of the Study Text to help you demonstrate this competency.
You have studied the regulatory framework in earlier papers. The following summaries will provide a quick
reminder. Note that the UK regulatory framework is given in this International-stream Study Text as an
example only.
1.2.1 Overview of the UK regulatory framework
The EU Eighth Directive on company law requires that persons carrying out statutory audits must be
approved by the authorities of EU member states. The authority to give this approval in the UK is delegated
to Recognised Supervisory Bodies (RSBs). An auditor must be a member of an RSB and be eligible under
its own rules. The ACCA is an RSB.
The RSBs are required by the Companies Act to have rules to ensure that persons eligible for appointment
as a company auditor are either:
Individuals holding an appropriate qualification
Firms controlled by qualified persons
FAST FORWARD
http://accountingpdf.com/
6 1: International regulatory environments for audit and assurance services Part A Regulatory environment
The Financial Reporting Council
The Financial Reporting Council (FRC) is the UK's independent regulator for corporate reporting and
governance. It has the following core structure and responsibilities under the overarching FRC Board.
Codes and Standards Committee – responsible for actuarial policy, audit and assurance, corporate
governance, and accounting and reporting policy
Conduct Committee – responsible for audit quality review, corporate reporting review, professional
discipline, professional oversight, and supervisory inquiries
Executive Committee – providing day to day oversight of the work of the FRC
The main changes that concern P7 students are:
Auditing standards (ISAs) are the direct responsibility of the FRC Board – but the Board is advised
by the new 'Codes and Standards Committee', which is in turn advised by the new 'Audit and
Assurance Council'. Auditing standards were formerly the responsibility of the APB.
Accounting standards are the responsibility of the FRC Board, which is advised by the 'Codes and
Standards Committee' and the 'Accounting Council' in turn. Accounting standards were formerly
the responsibility of the ASB.
The revised role of the FRC Board is:
To set high standards of corporate governance through the UK Corporate Governance Code
To set standards for corporate reporting and actuarial practice
To monitor and enforce accounting and auditing standards
To oversee regulatory activities of the actuarial profession and professional accountancy bodies
To operate independent disciplinary arrangements for public interest cases
The revised structure is shown by the following diagram.
FRC Board
Conduct
Committee
Conduct
Committee
Actuarial
Council
Accounting
Council
Audit & Assurance
Council
Financial
Reporting Review
Panel
Case
Mangement
Committee
Monitoring
Committee
Tribunal
Codes & Standards
Committee
Although this restructure took place some time ago, the FRC is still in the process of 'rebranding'
documents and other publications issued by the former APB and other bodies under the old structure. You
will therefore see references in the Text to APB pronouncements where these still exist and are in force.
Point to note
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 7
1.2.2 International standard setting
International Standards on Auditing (ISAs) are produced by the International Auditing and Assurance
Standards Board (IAASB), a technical standing committee of the International Federation of Accountants
(IFAC). You should also be familiar with the International Ethics Standards Board for Accountants (IESBA),
another body of IFAC and the producer of the Code of Ethics (see Chapter 2).
The IAASB's Preface to International Standards on Quality Control, Auditing, Assurance and Related
Services Pronouncements states that all the IAASB's 'engagement standards' above are 'authoritative
material', which means that they must be followed in an audit that is conducted in accordance with ISAs.
The IAASB also publishes four kinds of 'non-authoritative material'.
International Auditing Practice Notes (IAPNs). These do not impose additional requirements on
auditors, but provide them with practical assistance.
Practice Notes Relating to Other International Standards, eg in relation to ISREs, ISAEs or ISRSs
Staff Publications, which are used to help raise awareness of new or emerging issues, and to direct
attention to the relevant parts of IAASB pronouncements
Consultation Papers, which seek to generate discussion with stakeholders
Within each country, local regulations govern, to a greater or lesser degree, the practices followed in the
auditing of financial or other information. Such regulations may be either of a statutory nature, or in the
form of statements issued by the regulatory or professional bodies in the countries concerned.
National standards on auditing and related services published in many countries differ in form and
content. The IAASB takes account of such documents and differences and, in the light of such knowledge,
issues ISAs which are intended for international acceptance.
The European Union, for example, has since 2014 required ISAs (as issued by the IAASB) to be adopted at
EU level. Member states may impose additional requirements on auditors (such as the FRC, whose ISAs
(UK and Ireland) are in some places more stringent than the IAASB's ISAs) but these must not contradict
EU ISAs.
IFAC
(International Federation of
Accountants)
IAASB
(International Auditing and
Assurance Standards Board)
ISAs (International
Standards on Auditing)
ISQCs (International
Standards on Quality
Control)
ISREs (International
Standards on Review
Engagements)
ISAEs (International
Standards on Assurance
Engagements)
ISRSs (International
Standards on Related
Services)
IESBA
(International Ethics Standards
Board for Accountants) Board
for countants)
Code of Ethics for
Professional Accountants
http://accountingpdf.com/
8 1: International regulatory environments for audit and assurance services Part A Regulatory environment
The IAASB issued A Framework for Audit Quality in this area, which is covered in Chapter 18.
1.2.3 Current ISAs and other examinable documents
Title F8 P7
International Standards on Auditing (ISAs)
Glossary of Terms
International Framework for Assurance Assignments
Preface to the International Standards on Quality Control, Auditing,
Review, Other Assurance and Related Services
ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit
in Accordance with ISAs
ISA 210 Agreeing the Terms of Audit Engagements
ISA 220 Quality Control for an Audit of Financial Statements
ISA 230 Audit Documentation
ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
Statements
ISA 250 Consideration of Laws and Regulations in an Audit of Financial
Statements
ISA 260 Communication with Those Charged with Governance
ISA 265 Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management
ISA 300 Planning an Audit of Financial Statements
ISA 315 Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment
ISA 320 Materiality in Planning and Performing an Audit
ISA 330 The Auditor's Responses to Assessed Risks
ISA 402 Audit Considerations Relating to an Entity Using a Service Organisation
ISA 450 Evaluation of Misstatements Identified During the Audit
ISA 500 Audit Evidence
ISA 501 Audit Evidence – Specific Considerations for Selected Items
ISA 505 External Confirmations
ISA 510 Initial Audit Engagements – Opening Balances
ISA 520 Analytical Procedures
ISA 530 Audit Sampling
ISA 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates
and Related Disclosures
ISA 550 Related Parties
ISA 560 Subsequent Events
International Standards on Auditing (ISAs)
ISA 570 Going Concern
ISA 580 Written Representations
Point to note
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 9
Title F8 P7
ISA 600 Special Considerations - Audits of Group Financial Statements (Including
the Work of Component Auditors)
ISA 610 Using the Work of Internal Auditors
ISA 620 Using the Work of an Auditor's Expert
ISA 700 Forming an Opinion and Reporting on Financial Statements
ISA 701 Communicating Key Audit Matters in the Independent Auditor's Report
ISA 705 Modifications to the Opinion in the Independent Auditor's Report
ISA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the
Independent Auditor's Report
ISA 710 Comparative Information – Corresponding Figures and Comparative
Financial Statements
ISA 720 The Auditor's Responsibilities Relating to Other Information in
Documents Containing Audited Financial Statements
Amendments Conforming amendments to other ISAs
Amendments Addressing Disclosures in the Audit of Financial Statements – Revised
ISAs and Related Conforming Amendments
International Standards on Assurance Engagements (ISAEs)
ISAE 3000 Assurance Engagements other than Audits or Reviews of Historical
Financial Information
ISAE 3400 The Examination of Prospective Financial Information
ISAE 3402 Assurance Reports on Controls at a Service Organisation
ISAE 3420 Assurance Engagements to Report on the Compilation of Pro Forma
Financial Information Included in a Prospectus
International Auditing Practice Notes (IAPNs)
IAPN 1000 Special considerations in auditing financial instruments
International Standards on Quality Control (ISQCs)
ISQC 1 Quality Controls for Firms that Perform Audits and Reviews of Financial
Statements, and Other Assurance and Related Services Engagements
International Standards on Related Services (ISRSs)
ISRS 4400 Engagements to Perform Agreed-Upon Procedures Regarding Financial
Information
ISRS 4410 Compilation Engagements
International Standards on Review Engagements (ISREs)
ISRE 2400 Engagements to Review Financial Statements
ISRE 2410 Review of Interim Financial Information Performed by the Independent
Auditor of the Entity
http://accountingpdf.com/
10 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Title F8 P7
Exposure Drafts (EDs)
IAASB Responding to Non-Compliance or Suspected Non-Compliance
with Laws and Regulations
IESBA Responding to Non-Compliance with Laws and Regulations
IESBA Responding to a Suspected Illegal Act
Other Documents
ACCA Code of Ethics and Conduct
IESBA Code of Ethics for Professional Accountants (Revised May 2015)
ACCA Technical Factsheet 145 – Anti Money-Laundering Guidance for the
Accountancy Sector
The UK Corporate Governance Code as an example of a code of best
practice (Revised September 2014)
FRC Guidance on Audit Committees (Revised September 2012) as an
example of guidance on best practice in relation to audit committees
IAASB Practice Alert Challenges in Auditing Fair Value Accounting
Estimates in the Current Market Environment (October 2008)
IAASB Practice Alert Audit Considerations in Respect of Going Concern in
the Current Economic Environment (January 2009)
IAASB Applying ISAs Proportionately with the Size and Complexity of an
Entity (August 2009)
IAASB XBRL : The Emerging Landscape (January 2010)
IAASB Auditor Considerations Regarding Significant Unusual or Highly
Complex Transactions (September 2010)
IAASB Questions and Answers Professional Scepticism in an Audit of
Financial Statements (February 2012)
IESBA Staff Questions and Answers on Implementing the Code of Ethics
IAASB Staff Questions & Answers - Applying ISQC1 Proportionately with
the Nature and Size of a Firm (October 2012)
IAASB A Framework for Audit Quality: Key Elements that Create an
Environment for Audit Quality (February 2014)
Note. Topics of exposure drafts are examinable to the extent that relevant articles about them are
published in Student Accountant.
International standards are quoted throughout this Text and you must understand how they are applied in
practice. Make sure you refer to auditing standards when answering questions.
1.3 Public oversight
Public oversight of the audit profession and of standard setting has been a trend in recent regulatory
developments internationally.
1.3.1 Public oversight internationally
The Public Interest Oversight Board (PIOB) exists to exercise oversight for all of IFAC's 'public interest
activities' including its standard-setting bodies such as the IAASB. Its work involves:
Monitoring the standard-setting boards
Exam focus
point
FAST FORWARD
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 11
Overseeing the nomination process for membership of these boards
Co-operation with national oversight authorities
The objective of the international PIOB is to increase the confidence of investors and others that the public
interest activities of IFAC are properly responsive to the public interest. The PIOB is based in Madrid,
Spain, where it operates as a non-profit Spanish foundation.
1.3.2 Other examples of public oversight
An example of public oversight is the Professional Oversight team of the UK's FRC (formerly the
Professional Oversight Board, or POB), which has a number of statutory responsibilities. These include:
Independent oversight of the regulation of statutory auditors by the RSBs (eg ACCA)
Independent supervision of Auditors General in respect of the exercise of their function as
statutory auditors
The receipt of statutory change of auditor notifications from companies and statutory auditors in
respect of 'major audits'
Case Study
Among other significant scandals in America in recent history was the Enron scandal, when one of the
country's biggest companies filed for bankruptcy. The scandal also resulted in the disappearance of Arthur
Andersen, one of the then-Big Five accountancy firms who had audited Enron's financial statements. The
main reasons why Enron collapsed were over-expansion in energy markets, too much reliance on
derivatives trading which eventually went wrong, breaches of federal law, and misleading and dishonest
behaviour. However, enquiries into the scandal exposed a number of deficiencies in the company's
governance:
(a) A lack of transparency in the financial statements, especially in relation to certain investment
vehicles that were kept off balance sheet.
(b) The non-executive directors were weak, and there were conflicts of interest.
(c) Inadequate scrutiny by the external auditors. Arthur Andersen failed to spot or failed to question
dubious accounting treatments. Since Andersen's consultancy arm did a lot of work for Enron,
there were allegations of conflicts of interest.
(d) Information asymmetry where the directors and managers knew more than the investors.
(e) Executive compensation methods were meant to align the interests of shareholders and directors,
but seemed to encourage the overstatement of short-term profits. Particularly in the USA, where
the tenure of Chief Executive Officers is fairly short, the temptation is strong to inflate profits in the
hope that share options will have been cashed in by the time the problems are discovered.
In the US, the response to the breakdown of stock market trust caused by perceived inadequacies in
corporate governance arrangements and the Enron scandal was the Sarbanes-Oxley Act 2002. The Act
applies to all companies that are required to file periodic reports with the Securities and Exchange
Commission (SEC).
The Public Company Accounting Oversight Board (PCAOB) is a private sector body in the USA created by
Sarbanes-Oxley. Its aim is to oversee the auditors of public companies. Its stated purpose is to 'protect
the interests of investors and further the public interest in the preparation of informative, fair and
independent audit reports'. Its powers include setting auditing, quality control, ethics, independence and
other standards relating to the preparation of audit reports by issuers. It also has the authority to regulate
the non-audit services that audit firms can offer.
Sarbanes-Oxley has been criticised in some quarters for not being strong enough on certain issues, for
example the selection of external auditors by the audit committee, and at the same time being over-rigid
on others. Directors may be less likely to consult lawyers in the first place if they believe that legislation
could override lawyer-client privilege.
http://accountingpdf.com/
12 1: International regulatory environments for audit and assurance services Part A Regulatory environment
In addition, it has been alleged that a Sarbanes-Oxley compliance industry has sprung up focusing
companies' attention on complying with all aspects of the legislation, irrespective of how significant they
may be. This has distracted companies from improving information flows to the market and then allowing
the market to make well-informed decisions. The Act has also done little to address the temptation
provided by generous stock options to inflate profits, other than requiring possible forfeiture if financial
statements are subsequently restated.
Most significantly, perhaps, there is recent evidence of companies turning away from the US stock
markets and towards other markets, such as London. An article in the Financial Times suggested that this
was partly due to companies tiring of the increased compliance costs associated with Sarbanes-Oxley
implementation. In addition, the nature of the regulatory regime may be an increasingly significant factor
in listing decisions.
2 Corporate governance and audit committees
Audit committees are made up of non-executive directors and are perceived to increase confidence in
financial reports.
The detail on corporate governance issues in this chapter is based on UK law and regulations. It is
included as an example of how law and regulations affect the auditor in this area.
2.1 General requirements of codes of corporate governance
Corporate governance was a part of Paper F8, and your knowledge of it continues to be relevant to Paper
P7. What follows in this section (2.1) is a summary of that material, but if you are unsure of your
knowledge then you should go back to your F8 notes to refresh your memory.
Knowledge brought forward from Paper F8
Corporate governance is the system by which companies are directed and controlled. Good corporate
governance is important because the owners of a company and the people who manage the company are not
always the same.
The OECD Principles of Corporate Governance set out the rights of shareholders, the importance of disclosure
and transparency and the responsibilities of the board of directors.
2.1.1 UK Corporate Governance Code
The FRC's UK Corporate Governance Code sets out standards of good practice regarding board leadership
and effectiveness, accountability (including audit), remuneration and relations with shareholders.
All companies with a Premium Listing of equity shares in the UK are required under the Listing Rules to
report on how they have applied the Code in their annual report and accounts (regardless of whether the
company is incorporated in the UK or elsewhere).
The Code contains broad principles and more specific provisions. Listed companies have to report how
they have applied the principles, and either confirm that they have applied the provisions or provide an
explanation if they have not. There is a separate section of the Code devoted to the application of this
'comply or explain' concept. It sets out that choosing not to follow a provision may be justified by the
board if good governance is achieved by other means. However, the reasons for not complying should be
clearly and fully explained to the shareholders. Any explanation must include details as to how actual
practices are consistent with the overall principle to which a provision relates.
The broad principles of the Code are as follows.
FAST FORWARD
Point to note
Point to note
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 13
Principles of the UK Corporate Governance Code (for listed UK companies)
Leadership
Every company should be headed by an effective board, which is collectively responsible for the longterm
success of the company.
There should be a clear division of responsibilities at the head of the company between the running of
the board and the executive responsibility for the running of the company's business. No one
individual should have unfettered powers of decision.
The chairman is responsible for leadership of the board and ensuring its effectiveness on all aspects of
its role.
As part of their role as members of a unitary board, non-executive directors should constructively
challenge and help develop proposals on strategy.
Effectiveness
The board and its committees should have the appropriate balance of skills, experience, independence
and knowledge of the company to enable them to discharge their respective duties and responsibilities
effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new directors to
the board.
All directors should be able to allocate sufficient time to the company to discharge their responsibilities
effectively.
All directors should receive induction on joining the board and should regularly update and refresh
their skills and knowledge.
The board should be supplied in a timely manner with information in a form and of a quality
appropriate to enable it to discharge its duties.
The board should undertake a formal and rigorous annual evaluation of its own performance and that
of its committees and individual directors.
All directors should be submitted for re-election at regular intervals, subject to continued satisfactory
performance.
Accountability
The board should present a balanced and understandable assessment of the company's position and
prospects.
The board is responsible for determining the nature and extent of the principal risks it is willing to take
in achieving its strategic objectives. The board should maintain sound risk management and internal
control systems.
The board should establish formal and transparent arrangements for considering how it should apply
the corporate reporting and risk management and internal control principles and for maintaining an
appropriate relationship with the company's auditor.
Remuneration
Executive directors' remuneration should be designed to promote the long-term success of the
company. Performance-related elements should be transparent, stretching and rigorously applied.
There should be a formal and transparent procedure for developing policy on executive remuneration
and for fixing the remuneration packages of individual directors. No director should be involved in
deciding their own remuneration.
Relations with shareholders
There should be a dialogue with shareholders based on the mutual understanding of objectives. The
board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes
place.
The board should use the AGM to communicate with investors and to encourage their participation.
http://accountingpdf.com/
14 1: International regulatory environments for audit and assurance services Part A Regulatory environment
The UK Corporate Governance Code was revised in September 2012. The revisions stated that FTSE 350
companies must put the external audit out to tender at least every ten years. The change was designed to
improve both competition in the audit market and the public perception of auditors' independence. In a market
where, as a committee of the UK Parliament has pointed out, there is a 'dearth of competition', this was an
important shift.
In September 2012, the FRC revised the UK Corporate Governance Code, Stewardship Code and Guidance
on Audit Committees to introduce further guidance aimed at ensuring management, audit committees and
auditors report material issues to investors completely and fairly.
Following a consultation in late 2013, the FRC published a revised UK Corporate Governance Code again in
September 2014, this time targeting the going concern, executive remuneration, and risk management
reporting. The changes, made in response to the Sharman Inquiry in 2012, are controversial with
companies and investors. The changes around the assessment of going concern by companies, in
particular, have been criticised for failing to address the investors' concerns, and placing a heavy risk
management and reporting burden on the boards.
2.2 UK Corporate Governance Code provisions
The key requirement of the UK Corporate Governance Code is that the board must establish an audit committee
of at least three or, in the case of smaller companies, two independent non-executive directors. The main
role and responsibilities of the audit committee are listed below.
To monitor the integrity of the financial statements of a company, and any formal announcements
relating to the company's performance, reviewing significant financial reporting judgements
contained in them
To review the company's internal financial controls and, unless expressly addressed by a separate
board risk committee composed of independent directors or by the board itself, to review the
company's internal control and risk management systems
To monitor and review the effectiveness of the company's internal audit function
To make recommendations to the board, for it to put to shareholders for their approval in general
meeting, in relation to the appointment, re-appointment and removal of the external auditor and to
approve the remuneration and terms of engagement of the external auditor
To review and monitor the external auditor's independence and objectivity and the effectiveness of
the audit process, taking into consideration relevant UK professional and regulatory requirements
To develop and implement policy on the engagement of the external auditor to supply non-audit
services, taking into account relevant ethical guidance regarding the provision of non-audit services
by the external audit firm, and to report to the board, identifying any matters in respect of which it
considers that action and improvement is needed and making recommendations as to the steps to
be taken
To report to the Board how it has discharged its responsibilities, including:
– How it has addressed significant issues arising in the financial statements
– How it has assessed the effectiveness of the audit process
– How auditor objectivity and independence is safeguarded, where the auditor provides nonaudit
services.
The Code also requires the Annual Report to contain a separate section describing the work of the committee.
This deliberately puts the spotlight on the audit committee and gives it an authority that it might otherwise lack.
2.3 FRC Guidance on Audit Committees
The FRC issued its Guidance on Audit Committees in September 2012, which aims to help companies to
implement the requirements of the UK Corporate Governance Code.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 15
The particular arrangements for an audit committee should be tailored to the circumstances of the
company. Audit committees need to be proportionate to the size, complexity and risk profile of the
company.
The Guidance should not be taken as a simple list of rules. Rather, it notes that, in respect of the
relationship between the audit committee and the board, 'the most important features of this relationship
cannot be drafted as guidance or put into a code of practice'. The relationship should be frank and open,
and it should be possible for disagreement between the audit committee and the board to be robust and
based on information made freely available to the audit committee.
2.3.1 Establishment of the audit committee
As noted above, there should be three independent non-executive directors on the committee, two in the case of
smaller companies. At least one member should have recent and relevant financial experience (and a
professional accountancy qualification).
Appointments are recommended by the nomination committee, and are for a maximum of three years, but
this may be extended by a further two three-year periods (nine years in total).
There should be a minimum of three meetings per year, but the precise number depends on the
circumstances. No one who is not on the committee has a right to attend meetings (but they may be there if
invited). The committee should meet external auditors at least annually.
The committee should have sufficient resources to undertake its duties, including remuneration for its
members.
2.3.2 Relationship with the Board
The Board decides the role of the audit committee, and it is to the board that the audit committee reports. The
audit committee should report to the board on how it has discharged its responsibilities.
The committee's terms of reference should be tailored to the circumstances, and should be reviewed at least
annually.
If the committee disagrees with the Board then it should be able to report its point of view to shareholders.
2.3.3 Role and responsibilities
Financial reporting. The audit committee reviews significant issues and judgements. Management is
responsible for preparing the financial statements – the audit committee then reviews them, taking into account
the external auditor's point of view.
Narrative reporting. If the board requests it to, the audit committee will review the annual report and advise on
whether it is fair, balanced and understandable.
Whistleblowing. The committee reviews arrangements by which staff can raise concerns about improper
financial reporting.
Internal controls and risk management systems. These systems are management's responsibility, but the
audit committee reviews them and approves statements made about them in the annual report.
Internal audit. The audit committee reviews the effectiveness of the internal audit function, including
assessing whether one is needed (if it is not already present).
In its review of the work of the internal audit function, the audit committee should:
Ensure that the internal auditor has direct access to the board chairman and to the audit
committee, and is accountable to the audit committee
Review and assess the annual internal audit work plan
Receive a report on the results of the internal auditors' work on a periodic basis
Review and monitor management's responsiveness to the internal auditor's findings and
recommendations
http://accountingpdf.com/
16 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Meet with the head of internal audit at least once a year without the presence of management
Monitor and assess the role and effectiveness of the internal audit function in the overall context of
the company's risk management system
2.3.4 Role and responsibilities in relation to external auditor
The audit committee is the body responsible for overseeing the company's relations with the external auditor.
Role and responsibilities of audit committee towards external auditor
The audit committee makes a recommendation on the appointment,
reappointment and removal of the external auditors.
If this is not accepted then the annual report must contain a statement
explaining the differing opinions of the audit committee and the board.
The committee assesses the auditor's qualifications, expertise, resources,
and independence annually.
Appointment and tendering
FTSE 350 companies put the audit out to tender at least every ten years.
The audit committee approves the terms of engagement and the
remuneration of the external auditor.
Terms and remuneration
The audit committee reviews:
The engagement letter (each year)
The scope of the audit
At the start of each annual audit cycle, the audit committee ensures
appropriate plans exist for the audit.
Considers whether the auditor's overall work plan, including planned
levels of materiality, and proposed resources are appropriate.
Discuss with auditor:
Major issues found
Key judgements
Levels of errors, including uncorrected misstatements
Review:
Written representations from management
Auditor's management letter
Annual audit cycle
Review the effectiveness of the audit process annually, and report to the
board on its findings.
Independence Annually assess auditor's independence
Recommend and develop company's policy on the provision of non-audit
services by the auditor.
2.3.5 Communication with shareholders
The audit committee section of annual report should include the following.
A summary of the role of the audit committee
The names and qualifications of all members of the audit committee during the period
The number of audit committee meetings
The significant issues considered in relation to the financial statements and how these issues
were addressed
An explanation of how it has assessed the effectiveness of the external audit process and the
approach taken to the appointment or reappointment of the external auditor, and information on the
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 17
length of tenure of the current audit firm, when a tender was last conducted, and any contractual
obligations that acted to restrict the audit committee's choice of external auditors
If the external auditor provides non-audit services, how auditor objectivity and independence is
safeguarded
2.4 Advantages and disadvantages of audit committees
The key advantage to an external auditor of having an audit committee is that such a committee of
independent non-executive directors provides the auditor with an independent point of reference other
than the executive directors of the company, in the event of disagreement arising.
Other advantages that are claimed to arise from the existence of an audit committee include:
(a) It will lead to increased confidence in the credibility and objectivity of financial reports.
(b) By specialising in the problems of financial reporting and thus, to some extent, fulfilling the
directors' responsibility in this area, it will allow the executive directors to devote their attention
to management.
(c) In cases where the interests of the company, the executive directors and the employees conflict,
the audit committee might provide an impartial body for the auditors to consult.
(d) The internal auditors will be able to report to the audit committee.
Opponents of audit committees argue that the disadvantages are:
(a) There may be difficulty selecting sufficient non-executive directors with the necessary competence
in auditing matters for the committee to be really effective.
(b) The establishment of such a formalised reporting procedure may dissuade the auditors from
raising matters of judgement and limit them to reporting only on matters of fact.
(c) Costs may be increased.
Question Audit committees
Since 1978 all public companies in the US have been required to have an audit committee as a condition
of listing on the New York Stock Exchange.
(a) Explain what you understand by the term audit committee.
(b) List and briefly describe the duties and responsibilities of audit committees.
(c) Discuss the advantages and disadvantages of audit committees.
Answer
(a) An audit committee reviews financial information and liaises between the auditors and the
company. It normally consists of the non-executive directors of the company.
(b) (i) To monitor the integrity of the financial statements of the company, reviewing significant
financial reporting issues and judgements contained in them
(ii) To review the company's internal financial control system and, unless expressly addressed
by a separate risk committee or by the board itself, risk management systems
(iii) To monitor and review the effectiveness of the company's internal audit function
(iv) To make recommendations to the board in relation to the appointment of the external
auditor and to approve the remuneration and terms of engagement of the external auditors
(v) To monitor and review the external auditor's independence, objectivity and effectiveness,
taking into consideration relevant professional and regulatory requirements
http://accountingpdf.com/
18 1: International regulatory environments for audit and assurance services Part A Regulatory environment
(vi) To develop and implement policy on the engagement of the external auditor to supply nonaudit
services, taking into account relevant ethical guidance regarding the provisions of
non-audit services by the external audit firm
In addition to these responsibilities, any responsible audit committee is likely to want:
(i) To ensure that the review procedures for interim statements, rights documents and similar
information are adequate
(ii) To review both the management accounts used internally and the statutory financial
statements issued to shareholders for reasonableness
(iii) To make appropriate recommendations for improvements in management control
(c) There are a number of advantages and disadvantages.
Disadvantages
(i) It is possible that the audit committee's approach may prove somewhat pedestrian,
resolving little of consequence but acting as a drag on the drive and entrepreneurial flair of
the company's senior executives.
(ii) Unless the requirement for such a body were made compulsory, as in the US, it is likely that
those firms most in need of an audit committee would nevertheless choose not to have
one. (Note. The UK Corporate Governance Code requires listed companies to have an audit
committee.)
Advantages
(i) By its very existence, the audit committee should make the executive directors more aware
of their duties and responsibilities.
(ii) It could act as a deterrent to the committing of illegal acts by the executive directors and
may discourage them from behaving in ways which could be prejudicial to the interests of
the shareholders.
(iii) Where illegal or prejudicial acts have been carried out by the executive directors, the audit
committee provides an independent body to which the auditor can turn. In this way, the
problem may be resolved without the auditor having to reveal the matter to the
shareholders, either in their report or at a general meeting of shareholders.
3 Internal control effectiveness
Internal control is a key part of good corporate governance. Directors are responsible for maintaining a
system of control that will safeguard the company's assets.
3.1 Importance of internal control and risk management
The UK Corporate Governance Code states that directors 'should maintain sound risk management and
internal control systems' (Section C2). Internal control systems help a company to manage the risks that it
takes in trying to achieve its strategic objectives. Internal control also helps to prevent and detect fraud,
and to safeguard the company's assets for the shareholders.
3.2 Directors' responsibilities
The ultimate responsibility for a company's system of internal controls lies with the board of directors.
The UK Corporate Governance Code requires directors to review the effectiveness of internal controls
at least annually.
FAST FORWARD
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 19
Part of setting up an internal control system will involve assessing the risks facing the business, so that
the system can be designed to ensure those risks are avoided. As you know from your earlier studies in
auditing the system of internal control in a company will reflect the control environment, which includes
the attitude of the directors towards risk, and their awareness of it.
Internal control systems will always have inherent limitations, the most important being that a system of
internal control cannot eliminate the possibility of human error, or the chance that staff will collude in fraud.
Once the directors have set up a system of internal control, they are responsible for reviewing it regularly,
to ensure that it still meets its objectives.
The board may decide that in order to carry out their review function properly they have to employ an
internal audit function to undertake this task. The role of internal audit is discussed in more detail in
Chapter 16, but this is potentially part of its function.
If the board does not see the need for an internal audit function, the UK Corporate Governance Code
suggests that it revisits this decision on an annual basis, so that the need for internal audit is regularly
reviewed.
The UK Corporate Governance Code requires the board of directors of listed companies to report on its
review of internal controls as part of the annual report. The statement should be based on an annual
assessment of internal control which should confirm that the board has considered all significant aspects
of internal control. In particular the assessment should cover:
(a) The changes since the last assessment in risks faced, and the company's ability to respond to
changes in its business environment
(b) The scope and quality of management's monitoring of risk and internal control, and of the work of
internal audit, or consideration of the need for an internal audit function if the company does not
have one
(c) The extent and frequency of reports to the board
(d) Significant controls, failings and deficiencies which have or might have material effects on the
financial statements
(e) The effectiveness of the public reporting processes
In addition, in September 2012, the Code was revised to require directors to include a statement in the
annual report that they consider the annual report and accounts as a whole to be fair, balanced and
understandable and provides the information necessary for shareholders to assess the entity's
performance, business model and strategy.
The 2014 revision of the Code adds another specific requirement, this time about going concern. The
directors are required to state in annual and half-yearly financial statements whether they considered it
appropriate to adopt the going concern basis of accounting, and identify any material uncertainties in going
concern over a period of at least twelve months from the date of approval of the financial statements.
3.3 Auditors' responsibilities
In the UK, the FRC's Bulletin 2006/5 The combined code on corporate governance: requirements of
auditors under the listing rules of the financial services authority and the Irish stock exchange considers
what auditors should do in response to a statement on internal controls by directors.
Auditors should concentrate on the review carried out by the board. The objective of the auditors' work
is to assess whether the company's summary of the process that the board has adopted in reviewing the
effectiveness of the system of internal control is supported by the documentation prepared by the
directors and reflects that process.
The auditors should make appropriate enquiries and review the statement made by the board in the
financial statements and the supporting documentation.
Auditors will have gained an understanding of controls as part of their audit (ISA 315). However, the
requirements of ISAs are much narrower than the review performed by the directors. To avoid
http://accountingpdf.com/
20 1: International regulatory environments for audit and assurance services Part A Regulatory environment
misunderstanding of the scope of the auditors' role, the auditors are recommended to use the following
wording in the auditor's report.
'We are not required to consider whether the board's statements on internal control cover all risks
and controls, or form an opinion on the effectiveness of the company's corporate governance
procedures or its risk and control procedures.'
This could be included as part of the 'Scope of the audit of financial statements' section of the report.
It is particularly important for auditors to communicate quickly to the directors any significant deficiencies
they find, because of the requirements for the directors to make a statement on internal control.
The directors are required to consider the material internal control aspects of any significant problems
disclosed in the financial statements. Auditors' work on this is the same as on other aspects of the
statement; the auditors are not required to consider whether the internal control processes will remedy the
problem.
The auditors may report by exception if problems arise, such as:
(a) The board's summary of the process of review of internal control effectiveness does not reflect the
auditors' understanding of that process.
(b) The processes that deal with material internal control aspects of significant problems do not
reflect the auditors' understanding of those processes.
(c) The board has not made an appropriate disclosure if it has failed to conduct an annual review, or the
disclosure made is not consistent with the auditors' understanding.
The report should be included in a separate paragraph below the opinion paragraph. For example:
Other matter
We have reviewed the board's description of its process for reviewing the effectiveness of internal control
set out on page x of the annual report. In our opinion the board's comments concerning ... do not
appropriately reflect our understanding of the process undertaken by the board because ...
3.4 Assurance services
Accountants may also provide assurance services relating to internal control systems. This is discussed in
Chapter 12.
4 Money laundering Pilot paper, 12/07, 12/09, 6/12, 6/14
Money laundering law is an increasingly important issue for auditors to be aware of.
This section is based on UK law and regulation. It is included as an example of how law and regulation
affects the auditor in this area.
'Money laundering is the process by which criminals attempt to conceal the true origin and ownership of
the proceeds of their criminal activity, allowing them to maintain control over the proceeds and, ultimately,
providing a legitimate cover for their sources of income.' (ACCA Code of Ethics and Conduct)
Money laundering is a particularly hot topic internationally. Clearly, auditors should consider it when
assessing compliance risks at a client.
FAST FORWARD
Key term
Point to note
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 21
4.1 What is money laundering?
4.1.1 Background
Once they have gotten hold of money through crime, criminals face a difficulty when it comes to actually
using it. For example, a group of organised criminals might generate huge amounts of money from
dealing illegal drugs, but as soon as they try to spend it they end up drawing attention to the fact that they
obtained the money from drug dealing. Usually the money to be laundered is in the form of cash.
Money laundering is the attempt to conceal the origin of this money by making it look legitimate or 'clean'.
This is a big problem for the world economy: the International Monetary Fund (IMF) has stated that
something like 2-5% of world GDP is likely to be related to money laundering.
4.1.2 How money is laundered
There are essentially three stages in laundering money.
1. Placement. This is the introduction or placement of the illegal funds into the financial system.
Examples include (amongst many possibilities):
Making lots of small cash deposits into numerous bank accounts
Using a cash-intensive business, such as a betting shop or a used car dealership, to
disguise 'dirty' money as legitimate revenue
2. Layering. This is passing the money through a large number of transactions or 'layers', so that it
becomes very difficult to trace back it to its original source. Examples include:
Transferring the money through multiple bank accounts, perhaps across several different
national jurisdictions
Making numerous purchases and sales of investments
Making fake sales between controlled companies (this can often be extremely subtle, eg
through the use of invoices that do involve a transfer of goods, but which exaggerate the
price)
3. Integration. This is the final integration of funds back into the legitimate economy. The criminal
now has 'clean' money which can be spent or invested.
Question Money laundering
Required
(a) Explain the reasons why a criminal may want to launder money, even if this means that they may
have to pay tax on it.
(b) Explain the reasons why it would be difficult for an external auditor to detect money laundering
activity.
Answer
(a) Although money laundering does usually diminish the amount of money possessed by the criminal
in absolute terms, it actually increases the amount of money they can actually use. There is little
point in owning lots of cash if none of it can be spent without arousing suspicion – for instance, a
criminal buying a new Porsche with $100,000 in cash would be at risk of being detected by the
authorities. Money laundering enables criminals to enjoy at least some benefit from their activities.
The aim of money laundering is to 'clean' the 'dirty' money by passing it through an apparently
legitimate business, so that it can then be accessed without fear of the authorities becoming aware
of it.
http://accountingpdf.com/
22 1: International regulatory environments for audit and assurance services Part A Regulatory environment
It may therefore be preferable to have 'clean' money on which tax is paid, since, although the tax
paid would be an expense, the alternative would be to have money that cannot be spent at all.
(b) In common with fraud generally, money laundering is difficult to detect because those perpetrating
it have an obvious incentive to cover their tracks very carefully. The nature of money laundering
means that the owners or senior management of the business would likely be implicated. These
people are likely to be able to manipulate a company's records, so that the auditor will struggle to
detect any problems.
Money laundering would be more difficult to detect than a typical fraud because it involves cash
flowing into the business, whereas fraud more typically involves attempts to conceal an outflow of
assets. It would be difficult to design audit procedures to detect the recording of fictitious revenue
that was backed up by cash in the bank.
As money laundering is associated with criminal activity, it is possible that those involved may be
subject to intimidation to co-operate with the scheme, or to deny knowledge of it. This could even
extend to members of the audit team. This makes it very difficult for auditors to detect money
laundering.
4.2 International recommendations and UK law
An intergovernmental body, the Financial Action Task Force on Money Laundering (FATF) was established
to set standards and develop policies to combat money laundering and terrorist financing. In 1990, FATF
issued 49 recommendations for governments on how to combat these offences and these
recommendations have now been endorsed by more than 130 countries.
Relevant legislation in the UK includes:
The Terrorism Act 2000
The Proceeds of Crime Act 2002
Money Laundering Regulations 2007
This UK legislation applies to any professional work carried out in the UK, even if the accountant is based
outside the UK.
Ireland has legislation which is broadly equivalent to that in the UK.
In Singapore, there are various pieces of legislation:
Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992
United Nations Act 2001
United Nations (Anti-Terrorism Measures) Regulations 2001
Terrorism (Suppression of Financing) Act 2002
In Australia, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 is relevant.
In the United States there is a raft of relevant legislation, including:
The Bank Secrecy Act
The Money Laundering Control Act 1986
The PATRIOT Act of 2001, which requires all financial institutions to establish anti-money
laundering programmes.
US legislation affects entities based outside the US if they use US Dollars ($) or use US banks.
4.3 Ethical guidance
4.3.1 Need for ethical guidance
Ethical guidance on money laundering is needed because applying the law involves making difficult
judgements, particularly if there are confidentiality issues.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 23
The ACCA has issued Technical Factsheet 145 on Anti-money laundering for the accounting sector as
guidance for its members on their responsibilities under this legislation. The ACCA's Code of Ethics and
Conduct also includes detailed guidance for members on money laundering. Its requirements are very
similar to those in the Technical Factsheet, but less detailed. The Technical Factsheet gives guidance in the
context of current UK law, whereas the ethical guidance emphasises the international nature of money
laundering and the need for ACCA members to be aware of local legal frameworks and the basic
procedures to be applied, irrespective of where in the world their work is taking place.
4.3.2 Confidentiality and ethical conflict
'Ethical conflict' means conflict between the auditor's duty to be ethical and the auditor's relationship with
the client. This conflict may be particularly sharp where an auditor suspects the client of money
laundering. In the UK, there is a legal requirement to report even a suspicion of money laundering (see
Section 4.6 below), which would be likely to conflict with the auditor's duty of confidentiality to their
client.
The situation is further complicated by the need to avoid 'tipping off' the client that the auditor suspects
money laundering (see Section 4.6.3 below), which could make it very difficult for an auditor to decide
whether they have a duty to report their suspicions, as it would be hard to gather evidence of money
laundering without tipping the client off.
If such an ethical conflict cannot be resolved then the auditor may consider obtaining professional advice
from the ACCA or from legal advisers. This can generally be done without breaching the fundamental
principle of confidentiality if the matter is discussed anonymously with the ACCA, or under legal privilege
with a legal adviser.
4.4 Accountants' obligations
Many countries have now made money laundering a criminal offence. In some countries, such as the UK,
Australia, Singapore and the USA, the criminal offences include those directed at accountants. It is useful
to look in detail at the obligations of UK accountants in relation to the law regarding money laundering as
an example.
In the UK, the basic requirements are for accountants to keep records of clients' identity and to report
suspicions of money laundering to the National Crime Agency (NCA, formerly SOCA). These obligations
apply both to firms and to individuals. A firm must establish an anti-money laundering programme such
as that set out below, which includes appointing a Money Laundering Reporting Officer (MLRO) who is
responsible for reporting to the NCA. Individuals within the firm are then legally required to report any
offences to the MLRO.
Elements of a money laundering programme:
Procedures Explanations
Appoint a Money Laundering
Reporting Officer (MLRO)
and implement internal
reporting procedures
The MLRO should have a suitable level of seniority and experience.
Individuals should make internal reports of money laundering to
the MLRO.
The MLRO must consider whether to report to the NCA, and
document the process.
Train individuals to ensure
that they are aware of the
relevant legislation, know
how to recognise and deal
with potential money
laundering, how to report
suspicions to the MLRO, and
how to identify clients
Individuals should be trained in the firm's obligations under law,
and their personal obligations.
They must be made aware of the firm's identification, record
keeping and reporting procedures.
They must be aware that 'tipping off' is an offence, to reduce the
risk of this happening inadvertently.
http://accountingpdf.com/
24 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Procedures Explanations
Establish internal procedures
appropriate to forestall and
prevent money laundering,
and make relevant
individuals aware of the
procedures
Procedures should cover:
– Client acceptance
– Gathering 'know your client' (KYC) / 'Customer Due Diligence'
(CDD) information (see Section 4.4.1 below)
– Controls over client money and transactions through the client
account
– Advice and services to clients that could be of use to a money
launderer
– Internal reporting lines
– The role of the MLRO
Verify the identity of new and
existing clients and maintain
evidence of identification (ie
customer due diligence
measures)
The firm must be able to establish that new clients are who they
claim to be.
Typically, this will include taking copies of evidence, such as
passports, driving licences and utility bills.
For a company this will include identities of directors and
certificates of incorporation.
Maintain records of client
identification, and any
transactions undertaken for
or with the client
Special care needs to be taken when handling clients' money to
avoid participation in a transaction involving money laundering.
Report suspicions of money
laundering to the NCA
The NCA has designed standard disclosure forms.
4.4.1 'Customer due diligence' information
The firm must gather 'know your client' information. This includes:
Who the client is
Who controls it
The purpose and intended nature of the business relationship
The nature of the client
The client's source of funds
The client's business and economic purpose
KYC enables the audit firm to understand its client's business well enough to spot any unusual business
activity. This assists the firm in identifying suspicions of money laundering.
In the UK the Money Laundering Regulations 2007 extended the circumstances under which Customer
due diligence (CDD) must be carried out from new to existing clients.
CDD is the term used in the Money Laundering Regulations for the steps that businesses must take to:
(a) Identify the customer and verify their identity using documents, data or information obtained from
a reliable and independent source.
(b) Identify any beneficial owner who is not the customer. This is the individual (or individuals) behind
the customer who ultimately owns or controls the customer or on whose behalf a transaction or
activity is being conducted.
(c) Where a business relationship is established, you will need to understand the purpose and intended
nature of the relationship, for example details of the customer's business or the source of the
funds.
Businesses must also conduct ongoing monitoring to identify large, unusual or suspicious transactions as
part of CDD.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 25
The requirement to confirm the identity of customers and other individuals clearly links to the concept of
KYC described above.
4.5 Risk-based approach
On any assignment, the auditor should assess the risk of money laundering activities. Clearly, every
circumstance is different, but the following diagram illustrates some key risk factors.
Secrecy over
transactions
Excessive use of
wire transfers
Transactions routed
through several
jurisdictions
A pattern that after a deposit,
the same (or nearly the same)
amount is wired to another
financial institution
MONEY LAUNDERING
RISK INDICATIONS
High value deposits or
withdrawals not characteristic
of the type of account
Large currency or bearer
instrument transactions
Repeated deposits or withdrawals
just below the monitoring threshold
on the same day
Question Money laundering II
You are the audit manager of Loft Co, a chain of nightclubs across the North-West of England. During the
course of the audit Mr Roy, an employee of the company, informed you that a substantial cash deposit
was paid into the company's bank account and a month later, the same amount was paid by direct transfer
into a bank account in the name of Evissa, a company based overseas. The employee also informed you
that Mr Fox, the managing director of Loft Co, had instructed him not to record the transaction in the
accounting records as it had nothing to do with Loft Co's business.
Required
Comment on the situation outlined above.
Answer
The transaction described in the scenario raises suspicion of money laundering for several reasons.
(a) It has been alleged by Mr Roy that the purpose of the transaction has nothing to do with the
nightclub business. This could be a sign that Mr Fox is attempting to legitimise the proceeds of a
crime through Loft Co by concealing the illegal source of the cash.
(b) The amount of the transaction is substantial for Loft Co. An unusually large transaction should alert
the auditor to the possibility of money laundering, especially as it does not seem to relate to the
business of Loft Co.
(c) The cash amount paid into Loft Co's bank account is the same as the amount paid to Evissa. This
could be an attempt by Mr Fox to make the cash appear legitimate by moving it through several
companies and jurisdictions.
(d) Mr Roy was instructed not to record the transaction in the accounting records of Loft Co. Increased
secrecy over transactions is another indicator of money laundering.
http://accountingpdf.com/
26 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Loft Co's bank statement should be checked to confirm Mr Roy's assertion. The suspicious transaction
should be reported to the firm's MLRO or the NCA as soon as possible and any 'tipping off' (see Section
4.5.3) must be avoided. It is a criminal offence to not report suspicions of money laundering.
4.6 The scope of criminal offences
The firm requires these procedures to avoid committing any of the wide range of offences under the UK's
Money Laundering Regulations.
4.6.1 Money laundering offences
These include:
Concealing criminal property
'Arranging' – becoming involved in an arrangement which is known or is suspected of facilitating
the acquisition of criminal property
Acquiring, using or possessing criminal property
Tipping off (see below)
Defences against these offences include:
Reporting to the NCA or the MLRO before the act took place
Reporting to the NCA or the MLRO after the act took place if there was good reason for the failure
to report earlier
4.6.2 Failure to report offences under the legislation
Knowledge
Actual knowledge
Shutting one's mind to the obvious
Deliberately deterring a person from making disclosures, the content of which one might not care
to have knowledge of
Knowledge of circumstances which would indicate the facts to an honest and reasonable person
Knowledge of circumstances which would put an honest and reasonable person on inquiry and
failing to make the reasonable inquiries which such a person would have made
Suspicion is not defined in existing legislation. Case law and other sources indicate that suspicion is more
than speculation but it falls short of proof or knowledge. Suspicion is personal and subjective but will
generally be built on some objective foundation and so there should be some degree of consistency in
how a business's MLRO treats possible causes of suspicion.
Failure by an individual in the regulated sector to inform the NCA or the MLRO as soon as
practicable of knowledge or suspicion of money laundering
Failure by the MLRO to pass on a report to the NCA as soon as possible
The defences here for an individual would include that there was a reasonable excuse for not
having made a report, or that the person did not know or suspect money laundering and their
employer has not provided them with appropriate training.
The defence for the MLRO is that there is a reasonable excuse for not having made a report. The
Court would consider whether relevant guidance, such as the ACCA Technical Factsheet, had been
followed.
Key term s
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 27
4.6.3 Tipping off and other offences
Tipping off is when the MLRO or any individual discloses something that might prejudice any
investigation. If the auditor tells a client that they suspect money laundering has taken place, then this is
an offence. It is a defence if the person did not know or suspect that it was likely to prejudice the
investigation.
Other offences include:
Falsifying, concealing, destroying or disposing of documents relevant to the investigation
Consenting to a transaction which they know or suspect is money laundering, where consent has
not been received from the NCA
This is an extremely difficult area for auditors and accountants, as it can be very easy to tip off a client
inadvertently. For example, a client might ask an accountant to perform a transaction which the accountant
suspects might involve criminal property. In this case, even just delay in carrying out the instruction might
alert the criminal client to the fact that the accountant is suspicious: this would be tipping off. The way the
legislation gets around this is by requiring the accountant to report suspicions as quickly as possible
before undertaking such a transaction. Legal advice should also be obtained.
The June 2012 exam featured nine marks on money laundering. In order to get them, however, you first
had to spot that money laundering was happening in the scenario. The question itself did not mention
'money laundering' anywhere, which is like real life: money laundering is something that you need to be
alert for, because criminals who launder money do not tell you that this is what they are doing!
The requirement itself was to discuss the implications of the circumstances in the scenario (six marks),
and to explain the auditor's reporting responsibilities for money laundering.
The June 2014 paper had 11 marks on money laundering, with a requirement first to explain the stages of
money laundering and to comment on why a client in a scenario might be high-risk, and then to
recommend elements of an anti-money laundering programme.
4.6.4 Interaction of reporting duties
Auditors have several reporting duties which can interact with the duty to report under anti-money
laundering legislation. The main problem is how to avoid tipping off. Other reporting duties include:
Auditors' reports under ISAs
Communications to those charged with governance (ISA 260)
Reports to regulators
The 'statement of circumstances' upon resignation as an auditor
In general, one cannot obtain consent to tip off. Instead, the firm which suspects money laundering should
agree the wording of its reports with the relevant authority. If this cannot be done, then legal advice should
be obtained.
If an auditor who suspects a client resigns and receives a professional clearance letter from a prospective
auditor, then they should not respond to questions concerning the identity of the individual, or any
suspicions regarding money laundering.
5 Laws and regulations 6/12, 12/13, 6/15
Auditors must be aware of laws and regulations as part of their planning and must be aware of any
statutory duty to report non-compliance by the company.
In addition to the laws and regulations which bind the audit firm, the audit client is itself subject to laws
and regulations.
FAST FORWARD
Exam focus
point
http://accountingpdf.com/
28 1: International regulatory environments for audit and assurance services Part A Regulatory environment
5.1 Legal requirements relating to the company
Companies are increasingly subject to laws and regulations with which they must comply. Some examples
are given in the following diagram.
Company law
Civil law
Tort
Contract
Employment law
Health and Safety Regulation
Environmental
law and regulation
LAWS AND REGULATIONS
An auditor must be aware of the effect that non-compliance with the laws and regulations would have on
the financial statements.
ISA 250 Consideration of laws and regulations in an audit of financial statements provides guidance on the
auditor's responsibility to consider laws and regulations in an audit of financial statements.
5.2 Responsibility of management for compliance
It is the responsibility of management (with oversight from those charged with governance) to ensure that
a client's operations are conducted in accordance with laws and regulations.
The following policies and procedures, among others, may be implemented to assist management in the
prevention and detection of non-compliance with laws and regulations.
Monitor legal requirements and ensure that operating procedures are designed to meet these
requirements.
Institute and operate appropriate systems of internal control including internal audit and an audit
committee.
Develop, publicise and follow a code of conduct.
Ensure that employees are properly trained and understand the code of conduct.
Monitor compliance with the code of conduct and act appropriately to discipline employees who
fail to comply with it.
Engage legal advisers to assist in monitoring legal requirements.
Maintain a register of significant laws with which the entity has to comply within its particular
industry, and a record of complaints.
'Non-compliance' refers to acts of omission or commission by the entity, either intentional or
unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions
entered into by the entity, or on its behalf by its management or employees. It does not include personal
misconduct.
5.3 Responsibility of the auditor
As with fraud and error, the auditor is not, and cannot be held responsible for preventing non-compliance.
There is an unavoidable risk that some material misstatements in the financial statements go undetected,
even though the audit is properly planned and performed.
Certain factors will increase the risk of material misstatements due to non-compliance with laws and
regulations not being detected by the auditor.
(a) There are many laws and regulations, relating principally to the operating aspects of an entity, that
typically do not affect the financial statements and are not captured by the entity's information
systems relevant to financial reporting.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 29
(b) Non-compliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate
failure to record transactions, management override of controls or intentional misrepresentations
being made to the auditor.
(c) Whether an act constitutes non-compliance is ultimately a matter for legal determination by a court
of law.
Laws and regulations governing a business entity can vary enormously (financial disclosure rules, health
and safety, pollution, employment, etc). Whether an act constitutes non-compliance is a legal matter that
may be beyond the auditor's professional competence, although the auditor may have a fair idea in many
cases through his knowledge and training. Ultimately such matters can only be decided by a court of law.
The further removed non-compliance is from the events and transactions normally reflected in the
financial statements, the less likely the auditor is to become aware of it or recognise non-compliance.
ISA 250.10
The objectives of the auditor are:
(a) To obtain sufficient appropriate audit evidence regarding compliance with the provisions of those
laws and regulations generally recognised to have a direct effect on the determination of material
amounts and disclosures in the financial statements;
(b) To perform specified audit procedures to help identify instances of non-compliance with other
laws and regulations that may have a material effect on the financial statements; and
(c) To respond appropriately to non-compliance or suspected non-compliance with laws and
regulations identified during the audit.
5.4 The auditor's consideration of compliance
ISA 250.12
As part of obtaining an understanding of the entity and its environment in accordance with ISA 315, the
auditor shall obtain a general understanding of:
(a) The legal and regulatory framework applicable to the entity and the industry or sector in which the
entity operates
(b) How the entity is complying with that framework.
The auditor may obtain a general understanding of laws and regulations affecting the entity in the
following ways.
Use the auditor's existing understanding of the entity's industry, regulatory and other external
factors
Update the understanding of those laws and regulations that directly determine the reported
amounts and disclosures in the financial statements
Enquire of management as to other laws or regulations that may be expected to have a
fundamental effect on the operations of the entity
Enquire of management concerning the entity's policies and procedures regarding compliance
with laws and regulations
Discuss with management the policies or procedures adopted for identifying, evaluating and
accounting for litigation claims
The auditor should obtain sufficient appropriate audit evidence of compliance with those laws and
regulations which have a direct effect on the determination of material amounts and disclosures in the
financial statements. These laws and regulations will be well-established, will be known both to the entity
and within the entity's industry, and will be relevant to the entity's financial statements. They could relate
to:
http://accountingpdf.com/
30 1: International regulatory environments for audit and assurance services Part A Regulatory environment
The form and content of financial statements
Industry-specific financial reporting issues
Accounting for transactions under government contracts
The accrual or recognition of expenses for income tax or pension costs
In obtaining this general understanding the auditor should obtain an understanding of the procedures
followed by the entity to ensure compliance. The auditor should recognise that some laws and regulations
may have a fundamental effect on the operations of the entity, ie they may cause the entity to cease
operations or call into question the entity's continuance as a going concern. For example, non-compliance
with the requirements of the entity's licence or other title to perform its operations could have such an
impact (for example, for a bank, non-compliance with capital or investment requirements).
ISA 250.14
The auditor shall perform the following audit procedures to help identify instances of non-compliance with
other laws and regulations that may have a material effect on the financial statements:
(a) Inquiring of management and, where appropriate, those charged with governance, as to whether
the entity is in compliance with such laws and regulations; and
(b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.
ISA 250.15
During the audit, the auditor shall remain alert to the possibility that other audit procedures applied may
bring instances of non-compliance or suspected non-compliance with laws and regulations to the
auditor's attention.
Examples include:
Reading minutes
Enquiring of the entity's management and in-house legal counsel or external legal counsel
concerning litigation, claims and assessments
Performing substantive tests of details of classes of transactions, account balances or disclosures
ISA 250.16
The auditor shall request management and, where appropriate, those charged with governance to provide
written representations that all known instances of non-compliance or suspected non-compliance with
laws and regulations whose effects should be considered when preparing financial statements have been
disclosed to the auditor.
In the absence of identified or suspected non-compliance, the auditor is not required to perform audit
procedures other than those detailed above.
5.4.1 Audit procedures when non-compliance is identified or suspected
ISA 250.18
If the auditor becomes aware of information concerning an instance of non-compliance or suspected noncompliance
with laws and regulations, the auditor shall obtain:
(a) An understanding of the nature of the act and the circumstances in which it has occurred; and
(b) Further information to evaluate the possible effect on the financial statements.
The ISA sets out examples of the type of information that might come to the auditor's attention that may
indicate non-compliance.
Investigation by a regulatory organisation or government department or payment of fines or
penalties
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 31
Payments for unspecified services or loans to consultants, related parties, employees or
government employees
Sales commissions or agents' fees that appear excessive in relation to those normally paid by the
entity or in its industry or to the services actually received
Purchasing at prices significantly above or below market price
Unusual payments in cash, purchases in the form of cashiers' cheques payable to bearer or
transfers to numbered bank accounts
Unusual transactions with companies registered in tax havens
Payments for goods or services made other than to the country from which the goods or services
originated
Payments without proper exchange control documentation
Existence of an information system that fails, whether by design or by accident, to provide an
adequate audit trail or sufficient evidence
Unauthorised transactions or improperly recorded transactions
Adverse media comment
When evaluating the possible effect on the financial statements, the auditor should consider:
The potential financial consequences, such as fines, penalties, damages, threat of expropriation
of assets, enforced discontinuation of operations and litigation
Whether the potential financial consequences require disclosure
Whether the potential financial consequences are so serious as to call into question the fair
presentation given by the financial statements, or otherwise make the financial statements
misleading
ISA 250.19
If the auditor suspects there may be non-compliance, the auditor shall discuss the matter with
management and, where appropriate, those charged with governance.
Such discussions are subject to the laws concerning 'tipping off' (see Section 4.5.3). If information
provided by management is not sufficient, the auditor may find it appropriate to consult the entity's lawyer
and, if necessary, their own lawyer on the application of the laws and regulations to the particular
circumstances.
ISA 250.20/21
If sufficient information about suspected non-compliance cannot be obtained, the auditor shall evaluate
the effect of the lack of sufficient appropriate audit evidence on the auditor's opinion.
The auditor shall evaluate the implications of non-compliance in relation to other aspects of the audit,
including the auditor's risk assessment and the reliability of written representations, and take appropriate
action.
On this last point, as with fraud and error, the auditor must reassess the risk assessment and the validity
of written representations. In exceptional cases, the auditor may consider whether withdrawal from the
engagement is necessary. If withdrawal from the engagement is not possible under applicable law or
regulation, the auditor may consider alternative actions including describing the non-compliance in an
Other Matters paragraph in the auditor's report.
http://accountingpdf.com/
32 1: International regulatory environments for audit and assurance services Part A Regulatory environment
5.5 Reporting of identified or suspected non-compliance
5.5.1 To those charged with governance
ISA 250.22/23/24
[…] the auditor shall communicate with those charged with governance matters involving non-compliance
with laws and regulations that come to the auditor's attention during the course of the audit, other than
when the matters are clearly inconsequential.
If, in the auditor's judgment, the non-compliance… is believed to be intentional and material, the auditor
shall communicate the matter to those charged with governance as soon as practicable.
If the auditor suspects that management or those charged with governance are involved in noncompliance,
the auditor shall communicate the matter to the next higher level of authority at the entity, if it
exists, such as an audit committee or supervisory board.
In relation to the last point, where no higher authority exists, or if the auditor believes that the
communication may not be acted on or is unsure as to the person to whom to report, the auditor shall
consider seeking legal advice.
5.5.2 To the users of the auditor's report
ISA 250.25/26/27
If the auditor concludes that the non-compliance has a material effect on the financial statements, and it
has not been adequately reflected in the financial statements, the auditor shall … express a qualified
opinion or an adverse opinion on the financial statements.
If the auditor is precluded by management or those charged with governance from obtaining sufficient
appropriate audit evidence to evaluate whether non-compliance that may be material to the financial
statements has, or is likely to have, occurred, the auditor shall express a qualified opinion or disclaim an
opinion on the financial statements on the basis of a limitation on the scope of the audit […].
If the auditor is unable to determine whether non-compliance has occurred because of limitations imposed
by the circumstances rather than by management or those charged with governance, the auditor shall
evaluate the effect on the auditor's opinion […].
5.5.3 To regulatory and enforcement authorities
Confidentiality is an issue again here, but it may be overridden by the law, statute or the courts of law. The
auditor should obtain legal advice. If the auditor has a statutory duty to report, a report should be made
without delay.
Alternatively, it may be necessary to make disclosures in the public interest. In practice it will often be
extremely difficult for an auditor to decide whether making a disclosure in the public interest is warranted.
As elsewhere, the auditor should obtain professional advice, either anonymously from the ACCA, or under
legal privilege from a legal adviser.
5.6 Withdrawal from the engagement
As is the case for fraud or error, withdrawal may be the only option if the entity does not take the remedial
action the auditor thinks is necessary, even for non-material matters.
5.7 Documentation
The auditor must document identified or suspected non-compliance with laws and regulations and the
results of discussions with management and, where applicable, those charged with governance and other
parties outside the entity.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 33
5.8 Practical problems with ISA 250
5.8.1 Distinction between types of law
The most difficult distinction in practice is between:
Laws which have a direct effect on the determination of material amounts in the financial
statements; and
Other laws and regulations.
In practice:
(a) For some businesses, certain laws and regulations have a direct effect on material amounts in the
financial statements; for other businesses, the same laws and regulations will not.
(b) For some businesses, laws and regulations which did not have a direct or material effect last year
may have this year (for example, where the maximum penalty for a first offence is a warning, but
subsequent infringements may lead to closure of the business).
5.8.2 Procedures that should be performed
There is a distinction between checking systems of compliance and checking actual compliance. An
example would be emissions from a chemical factory; auditors would review the company's systems for
keeping these under control, and would also review correspondence with the environmental authority.
However, the auditors would not be expected to check the actual emissions.
http://accountingpdf.com/
34 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Chapter Roundup
Major developments in international regulation of audit and assurance have recently concluded, with farreaching
effects on ISAs.
Public oversight of the audit profession and of standard setting has been a trend in recent regulatory
developments internationally.
Audit committees are made up of non-executive directors and are perceived to increase confidence in
financial reports.
Internal control is a key part of good corporate governance. Directors are responsible for maintaining a
system of control that will safeguard the company's assets.
Money laundering law is an increasingly important issue for auditors to be aware of.
Auditors must be aware of laws and regulations as part of their planning and must be aware of any
statutory duty to report non-compliance by the company.
http://accountingpdf.com/
Part A Regulatory environment 1: International regulatory environments for audit and assurance services 35
Quick Quiz
1 Fill in the blanks:
ISAs are set by the ........................................ ........................................ ........................................
........................................ ........................................ ........................................ . This is a technical
standing committee of the ........................................ ........................................ ...................................
........................................ . Oversight for all of IFAC's public interest activities is undertaken by the
........................................ ........................................ ........................................ ........................................
2 List four potential duties of the audit committee.
(1) ……………………….
(2) ……………………….
(3) ……………………….
(4) ……………………….
3 Auditors are responsible for a company's system of internal controls.
True
False
4 List the main elements of an anti money laundering programme that should be followed by a firm of
professional accountants.
(1) ……………………….
(2) ……………………….
(3) ……………………….
(4) ……………………….
(5) ……………………….
(6) ……………………….
5 Name four areas of law which might affect a company.
(1) ……………………….
(2) ……………………….
(3) ……………………….
(4) ……………………….
6 It is the responsibility of the auditor to ensure that a client's operations are conducted in accordance with
laws and regulations.
True
False
http://accountingpdf.com/
36 1: International regulatory environments for audit and assurance services Part A Regulatory environment
Answers to Quick Quiz
1 International Auditing and Assurance Standards Board, International Federation of Accountants, Public
Interest Oversight Board
2 (1) Review of financial statements
(2) Liaison with external auditors
(3) Review of internal audit
(4) Review of internal controls
3 False – this is the directors' duty.
4 (1) Appoint a Money Laundering Reporting Officer (MLRO) and set up internal reporting procedures
(2) Train individuals on the legal requirements and the firm's procedures
(3) Establish appropriate internal procedures
(4) Verify the identity of new clients / existing clients
(5) Maintain records of client identification
(6) Report suspicions of money laundering to the NCA (in the UK)
5 From:
(1) Company law
(2) Contract law
(3) Tort law
(4) Employment law
(5) Environmental law
6 False – it is the responsibility of management (with oversight from those charged with governance).
Now try the question below from the Practice Question Bank.
Number Level Marks Time
Q1 Introductory 7 14 mins
http://accountingpdf.com/
37
Professional and ethical
considerations
P
A
R
T
B
http://accountingpdf.com/
38
http://accountingpdf.com/
39
Topic list Syllabus reference
1 Fundamental principles and the conceptual framework
approach
B1, G1
2 Specific guidance: independence B1
3 Specific guidance: confidentiality B1
4 Specific guidance: conflicts of interest B1
5 Conflicts in application of the fundamental principles B1
Code of ethics
and conduct
Introduction
You have already learnt about ethical rules for auditors in your earlier studies.
We will examine the issues in more detail and consider some of the complex
ethical issues that auditors may face.
We also refer to the ethical guidance of the International Federation of
Accountants. This is similar to the ACCA's guidance. Both approach issues of
ethics in a conceptual manner.
ISQC 1 Quality control for firms that perform audits and reviews of financial
statements and other assurance and related services engagements is also
relevant in providing the ethical aspects of quality control and review.
Some of this chapter is likely to be revision, but that does not mean you should
ignore it. Ethics is a key syllabus area. Complex ethical issues are introduced in
this chapter. You particularly need to work through the questions given so that
you practise applying ethical guidelines in given scenarios, as this is how this
topic will be tested in the exam.
http://accountingpdf.com/
40 2: Code of ethics and conduct Part B Professional and ethical considerations
Study guide
Intellectual level
B1 Code of ethics for professional accountants
(a) Explain the fundamental principles and the conceptual framework approach. 1
(b) Identify, evaluate and respond to threats to compliance with the
fundamental principles.
3
(c) Discuss and evaluate the effectiveness of available safeguards. 3
(d) Recognise and advise on conflicts in the application of fundamental
principles.
3
(e) Discuss the importance of professional scepticism in planning and
performing an audit.
2
(f) Assess whether an engagement has been planned and performed with an
attitude of professional scepticism, and evaluate the implications.
3
G1 Professional and ethical developments
(a) Discuss the relative advantages of an ethical framework and a rulebook. 2
(b) Identify and assess relevant emerging ethical issues and evaluate the
safeguards available.
3
(c) Discuss IFAC developments. 2
Exam guide
Professional ethics are of vital importance to the audit and assurance profession and a major area of the
syllabus, so this is likely to be a regular feature of the exam.
Questions are likely to be practical, giving scenarios where you are required to assess whether the
situations are acceptable. Some of these can be answered by reference to specific guidance in the ACCA
Code of Ethics and Conduct but others may require you to apply your understanding of the fundamental
principles underlying the Code. Ethics may be examined alongside other areas within scenarios;
commonly, practice management.
You may also have to suggest appropriate safeguards that the audit firm should implement.
1 Fundamental principles and the conceptual framework
approach Pilot paper, 12/07, 6/09
Accountants require an ethical code because they hold positions of trust, and people rely on them.
1.1 The importance of ethics
The IESBA's Code of Ethics for Professional Accountants gives the key reason why accountancy bodies
produce ethical guidance: the public interest.
'A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the
public interest. Therefore, a professional accountant's responsibility is not exclusively to satisfy the needs
of an individual client or employer.'
The public interest is considered to be the collective wellbeing of the community of people and institutions
the professional accountant serves, including clients, lenders, governments, employers, employees,
investors, the business and financial community, and others who rely on the work of professional
accountants.
FAST FORWARD
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 41
The key reason why accountants need to have an ethical code is that people rely on them and their
expertise.
Accountants deal with a range of issues on behalf of clients. They often have access to confidential and
sensitive information. Auditors claim to give an independent view. It is therefore critical that accountants
and particularly auditors are, and are seen to be, independent.
1.2 Sources of ethical guidance
As the auditor is required to be, and seen to be, ethical in their dealings with clients, ACCA publishes
guidance for its members in its Code of Ethics and Conduct. This guidance is given in the form of
fundamental principles, guidance and explanatory notes. (This guidance is contained within the ACCA
Rulebook, which you can find on the ACCA website and which is of crucial importance for ACCA members.)
The IESBA (International Ethics Standards Board for Accountants), a body of IFAC, also lays down
fundamental principles in its Code of Ethics for Professional Accountants. The fundamental principles of
the two associations are extremely similar (much of the ACCA Code is drawn directly from the IESBA).
IFAC also issues quality control standards and auditing standards (ISAs), which work together to promote
auditor independence and audit quality.
One of the competences you require to fulfil Performance Objective 1 of the PER is the ability to act
diligently and honestly, following codes of conduct, giving due regard to, and keeping up to date with,
relevant legislation. You can apply the knowledge you have obtained from this chapter of the Text to help
demonstrate this competence.
1.3 The fundamental principles
The IESBA and ACCA Codes of ethics are principles-based. These fundamental principles underpin the
detailed guidance, which we expound in this chapter, and should be used by members to help interpret
that guidance.
ACCA/IESBA Codes of ethics
Integrity. To be straightforward and honest in all professional and business relationships.
Objectivity. To not allow bias, conflict of interest or undue influence of others to override professional
or business judgements.
Professional competence and due care. To maintain professional knowledge and skill at a level required
to ensure that a client or employer receives competent professional services based on current
developments in practice, legislation and techniques and act diligently and in accordance with applicable
technical and professional standards when providing professional services.
Confidentiality. To respect the confidentiality of information acquired as a result of professional and
business relationships and, therefore, not disclose any such information to third parties without proper
and specific authority, unless there is a legal or professional right or duty to disclose, nor use the
information for the personal advantage of the professional accountant or third parties.
Professional behaviour. To comply with relevant laws and regulations and to avoid any action that
discredits the profession.
1.4 The conceptual framework
The ethical guidance discussed above is in the form of a conceptual framework. It contains some rules, for
example, prohibiting making loans to clients, but in the main it is flexible guidance. It can be seen as a
framework rather than a set of rules. There are a number of advantages of a framework over a system of
ethical rules. These are outlined in the table below.
http://accountingpdf.com/
42 2: Code of ethics and conduct Part B Professional and ethical considerations
Advantages of an ethical framework over a rules-based system
A framework of guidance places the onus on the auditor to actively consider independence for every given
situation, rather than just agreeing a checklist of forbidden items. It also requires them to demonstrate
that a responsible conclusion has been reached about ethical issues.
The framework prevents auditors interpreting rules-based requirements narrowly to get around them.
There is a sense in which lists of prohibitive rules engender deception, whereas principles encourage the
formation of the positive practices which result in compliance.
A framework allows for the variations that are found in every individual situation. Each situation is likely
to be different.
A framework can accommodate a rapidly changing environment, such as the one that auditors are
constantly in.
However, a framework can contain prohibitions (as noted above) where these are necessary as
safeguards are not feasible.
1.5 Threats to compliance with the fundamental principles
There are five general sources of threat.
Self-interest threat (for example, having a financial interest in a client)
Self-review threat (for example, auditing financial statements prepared by the firm)
Advocacy threat (for example, promoting shares in a listed entity when that entity is a financial
statement audit client)
Familiarity threat (for example, an audit team member having family at the client)
Intimidation threat (for example, threats of replacement due to disagreement)
1.6 Available safeguards
In order to counteract these threats to compliance, audits are subject to safeguards. There are two general
categories of safeguard.
Safeguards created by the profession, legislation or regulation, eg training requirements for entry
into the profession, continuing professional development (CPD) requirements, professional
standards, corporate governance regulations
Safeguards in the work environment, which can be either firm-wide or engagement-specific
Examples of firm-wide safeguards in the work environment include:
Examples of firm-wide safeguards
Leadership of the firm that stresses the importance of compliance with the fundamental principles
Policies and procedures that will enable the identification of interests or relationships between the firm
or staff and clients
Policies and procedures to monitor and, if necessary, manage the reliance on revenue received from a
single client (this could create a self-interest and an intimidation threat)
Policies and procedures to encourage and empower staff to communicate any issue relating to
compliance with the fundamental principles that concerns them
Specific threats and safeguards within these general areas will be considered in the next section. However,
you may be able to use the following general list to help generate ideas in the exam.
Examples of engagement-specific safeguards
Having a professional accountant who was not involved with audit review the work performed, or provide
advice
Consulting an independent third party, such as a committee of independent directors, a professional
regulatory body or another professional accountant
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 43
Examples of engagement-specific safeguards
Discussing ethical issues with those charged with governance of the client
Disclosing to those charged with governance of the client the nature of services provided and extent of
fees charged
Involving another firm to perform or reperform part of the engagement
Rotating senior assurance team personnel
1.7 Breach of a provision of the Code of Ethics
The IESBA Code states:
IESBA Code of Ethics, 290.40
When the firm concludes that a breach has occurred, the firm shall terminate, suspend or eliminate the
interest or relationship that caused the breach and address the consequences of the breach.
When a breach occurs, the firm should consider whether any legal or regulatory requirements apply, and
if necessary report the breach to a member body or regulator.
The breach should be communicated to the engagement partner (and other relevant personnel).
Evaluate the significance of the breach, based on:
The nature and duration of the breach
Any previous breaches re. the current audit engagement
Whether a member of the audit team had knowledge of the interest or relationship that caused the
breach
Whether the individual who caused the breach is a member of the audit team
If they were on the audit team, their role
The impact of any relevant services on the accounting records or the amounts recorded in the
financial statements
The extent of any threats created by the breach
Examples of actions that the firm may consider include:
Removing the individual from the audit team
Conducting an additional review of the affected audit work (or reperforming it), using different
personnel
Recommending that the audit client engage another firm to review/reperform the affected audit
work to the extent necessary
Where the breach relates to a non-assurance service that affects the accounting records or an
amount that is recorded in the financial statements, engaging another firm to evaluate the results
of (or reperform) the non-assurance service
If necessary, terminate the audit engagement. If this is not necessary, discuss with those charged with
governance and communicate the matter in writing.
1.8 ACCA Disciplinary procedures
If a member breaches regulations or fails to conduct themselves professionally, then they may be liable to
disciplinary action. Breaches include the following.
Being guilty of misconduct in the course of carrying out professional duties or otherwise
Performing work erroneously, inadequately, inefficiently or incompetently to such an extent, or on
such a number of occasions, as to amount to misconduct
Breaching any ACCA Bye-law or Regulation
http://accountingpdf.com/
44 2: Code of ethics and conduct Part B Professional and ethical considerations
BeIng disciplined by another professional body
Becoming insolvent or entering into a voluntary arrangement or similar
Failing to satisfy a judgment debt without reasonable excuse for two months
Anyone may bring a complaint. Complaints are considered first by an assessor, who decides whether to
pass it onto the Disciplinary Committee. The Committee can impose the following penalties on members
and students.
Members and Firms Registered Students
Member excluded from membership Student removed from student register
Member severely reprimanded, reprimanded or
admonished
A specified period of the student's experience is not
recognised as approved accountancy experience
Member's certificate(s), and/or ability to conduct
specific activities, suspended or made subject to
conditions
Student is declared ineligible to be admitted to
membership for a specified period of time.
Member pays a fine of up to £50,000 Student is ineligible to sit ACCA exams for a period
of time
Member pays compensation of up to £5,000 Student is disqualified from exams
Member waives/reduces fees charged to
complainant
Student is severely reprimanded or admonished
2 Specific guidance: Independence 6/08, 12/08, 6/09, 6/10,
6/12, 12/12, 6/13, 12/13, 6/14, 12/14, 6/15
The ACCA's guidance complies with the requirements of the IESBA Code.
2.1 Objective of the guidance
You should be familiar with the concept of independence from your earlier studies. The IESBA Code
discusses independence requirements for audit and review engagements in Section 290. The guidance
states its purpose in a series of steps, which you should learn and understand. It aims to help firms and
members:
Step 1 Identify threats to independence
Step 2 Evaluate the significance of the threats identified
Step 3 Apply safeguards when necessary to eliminate the threats or reduce them to an acceptable level.
It also recognises that there may be occasions where no safeguard is available. In such a situation, it is
only appropriate to:
Eliminate the interest or activities causing the threat; or
Decline the engagement, or discontinue it.
Where the Code contains a prohibition (eg on providing a non-audit service in a particular situation), then
this means that no safeguards could ever reduce the threat to an acceptable level.
Applying safeguards should not be a mechanical process. Where the Code contains a list of safeguards,
these lists are generally not exhaustive – if you can think of further relevant safeguards, then these may
also be applied. Further, applying the safeguards given by the Code does not automatically mean that the
threat has been reduced to an acceptable level – this depends on your judgement in the situation.
FAST FORWARD
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 45
Applying safeguards should not be a mechanical process. Where the Code contains a list of safeguards,
these lists are generally not exhaustive – if you can think of further relevant safeguards, then these may
also be applied. Further, applying the safeguards given by the Code does not automatically mean that the
threat has been reduced to an acceptable level – this depends on your judgement in the situation. You
should apply the three steps set out above when approaching questions of independence, and show the
marker that you have done so in your answer. It is important for this exam that you do not simply learn
the rules for each situation, but that you can apply the spirit of the guidance to a given situation. Finally,
remember that if there appears to be no safeguard, then you must consider the fallback option of not
continuing with the professional relationship.
2.1.1 Current issues in ethical guidance
This is currently a very topical area within the profession. Auditor independence has been under intense
outside scrutiny since the financial crisis of 2007-8. Recent debate has focused on the provision of nonaudit
services alongside the external audit.
April 2015 saw some revisions to the IESBA Code of Ethics in relation to these non-assurance services.
These are covered at the appropriate points in this chapter, and in Chapter 18.
In June 2014, the European Union brought into force legislation aimed at improving audit quality, which
EU member states have until June 2016 to implement. The legislation introduces mandatory auditor
rotation, prohibits some non-audit services, and introduces a cap on the level of fees received from nonaudit
services at 70% of the audit fee. These are not part of the core material examinable for P7, but you
should be aware of this as an important current issue in the profession.
In March 2013, the Code was revised to address conflicts of interest, breaches of a requirement of the
Code, and to amend the definition of the term 'engagement team' to include any internal auditors who
provide direct assistance on an audit engagement.
In September 2012, the UK Corporate Governance Code was revised to require FTSE 350 companies in the
UK to put the external audit out to tender at least every ten years.
The December 2011 paper contained a topical requirement offering six marks for evaluating the
arguments for and against the outright prohibition on auditors providing any non-audit services at all. This
was a very topical issue at the time, and you should be prepared for something comparably topical in your
exam.
Professional skepticism (see Sections 2.2 and 2.4 below) is another topical area, with several bodies
having issued publications recently. The IAASB itself issued a useful Q&A Paper in this area (see Chapter
18), and the FRC in the UK and the AASB in Canada have also issued their own publications. Professional
skepticism is a crucial component of professional judgement, and therefore of the skillset of an auditor.
2.1.2 Public interest entities
The IESBA Code distinguishes between 'public interest entities' and other entities. The ethical
requirements applicable to public interest entities are frequently stricter than for other entities.
Public interest entity is defined as follows.
Exam focus
point
Exam focus
point
http://accountingpdf.com/
46 2: Code of ethics and conduct Part B Professional and ethical considerations
Public interest entity
(a) Any listed entity; and
(b) Any entity defined by regulation or legislation as a public interest entity; or
(c) Any entity that is required by legislation or regulation to have an audit that is as independent as an
audit of a listed entity would be; and
(d) Any other entity the firm determines to be a public interest entity, because it has a large number
and wide range of stakeholders. Factors to be considered include:
(i) The nature of the business, such as the holding of assets in a fiduciary capacity for a large
number of stakeholders. Examples may include financial institutions, such as banks and
insurance companies, and pension funds
(ii) Size
(iii) Number of employees
At P7 level you must be able to do more than just recite this definition in your exam. You should be able to
recognise a public interest entity in a question, and adapt your answer accordingly.
2.2 What is independence? 6/15
A provider of assurance services must be, and be seen to be, independent. What is required for this to be
the case?
Independence of mind. The state of mind that permits the provision of an opinion without being affected
by influences that compromise professional judgement, allowing an individual to act with integrity, and
exercise objectivity and professional scepticism.
Independence in appearance. The avoidance of facts and circumstances that are so significant that a
reasonable and informed third party, having knowledge of all relevant information, including safeguards
applied, would reasonably conclude that a firm's, or a member of the assurance team's, integrity,
objectivity or professional scepticism had been compromised.
Professional scepticism. An attitude that includes a questioning mind, being alert to conditions which
may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
The degree of independence required is less stringent for a firm providing a low-level assurance
engagement to a non-audit client than for audit. This is summarised in the following table.
Audit Non-audit, general use Non-audit, restricted use
Audit client The assurance team, the
firm and the network
firm* must all be
independent of the client.
The assurance team, the
firm and the network firm
must all be independent of
the client.
The assurance team, the firm
and the network firm must all
be independent of the client.
Non-audit
assurance
client
N/A
The assurance team and the
firm must be independent of
the client.
The assurance team and the
firm must have no material
financial interest in the client.
*For an explanation of the term 'network firm', see Chapter 3.
2.2.1 When must the assurance provider be independent?
The team and the firm should be independent 'during the period of the engagement'.
The period of the engagement is from the commencement of work until the signing of the final report
being produced. For a recurring audit, independence may only cease on termination of the contract
between the parties.
Key terms
Exam focus
point
Key term
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 47
The ACCA and IESBA Codes give examples of a number of situations where independence might be
threatened and suggest safeguards to independence.
2.3 Management responsibilities
The Code's guidance on non-assurance services is given in the relation to each individual type of service
below, but the Code does also include some general considerations. The main issue is management
responsibilities, with the point being that:
IESBA Code of Ethics, 290.161 (extract)
A firm shall not assume a management responsibility for an audit client. The threats created would be so
significant that no safeguards could reduce the threats to an acceptable level.
Management responsibilities are defined as follows.
Management responsibilities involve controlling, leading and directing an entity, including making
decisions regarding the acquisition, deployment and control of human, financial, technological, physical
and intangible resources. IESBA Code of Ethics, 290.159
Avoiding taking on management responsibilities is one of the key problems for the auditor when providing
many types of non-assurance service. But in general, an important prerequisite is that the firm is 'satisfied'
that the client's management is actually taking on its responsibilities, ie so that none of these are left to the
auditor.
2.4 A dilemma: independence vs effectiveness
Auditor independence is rarely a matter of clear questions with black and white answers. It is not just an
issue of whether the 'rules' say that an audit engagement should be accepted or declined ('yes or no'), but
rather of the auditor exercising proper judgement in the complex circumstances of an actual audit.
The basic dilemma is this. The auditor must be independent of the client in order to express their own
opinion on whether the client's financial statements give a true and fair view. However, the auditor must
also place some trust in the client if the audit is to be conducted effectively, as they will need to rely on
anything from the accounting systems and controls to explanations provided by management.
It is between the two extremes of this dilemma that the concept of 'professional skepticism' attempts to
place itself:
– overly trusting
If the auditor is too skeptical about everything the client does or says, then it will be impossible for them
to conduct the audit effectively. At the extreme, this would mean checking every transaction in the
financial statements, without accepting any internal records or documents at all as genuine. More
practically, a breakdown in trust would mean that the audit would be conducted less efficiently: if the
auditor must assume that management is not at all competent to prepare the financial statements, then
much more audit work will need to be done than if management could be trusted. This would take more
time and would make the audit more costly. Some degree of trust is therefore essential to the effective and
professional running of the audit process.
On the other hand, if the auditor is not skeptical enough then the quality of the audit is likely to suffer. The
auditor may easily be deceived in the case of fraud, or may mistakenly place too much trust in the validity
of evidence and explanations provided by the client. ISA 200 Overall objectives of the independent auditor
and the conduct of an audit in accordance with international standards on auditing lists the following
examples of risks that may arise from a lack of professional scepticism.
FAST FORWARD
Unprofessional skepticism Professional scepticism
– overly suspicious
Professional relationship
– overly trusting
Key term
http://accountingpdf.com/
48 2: Code of ethics and conduct Part B Professional and ethical considerations
ISA 200.A19
Maintaining professional scepticism is necessary to reduce the risks of:
Overlooking unusual circumstances.
Overgeneralising when drawing conclusions from audit observations.
Using inappropriate assumptions in determining the nature, timing and extent of the audit
procedures and evaluating the results thereof.
In the UK, the FRC's Audit Quality Review team (formerly the Audit Inspection Unit) has found a lack of
professional scepticism to be a significant problem in every year since at least 2010-11. The 2014-15
report stated that a common issue was:
'Insufficient scepticism in challenging the appropriateness of assumptions in key areas of
audit judgment such as impairment testing and property valuations..'
(FRC Audit Quality Inspections, Annual Report 2014-15, p6 s2.3)
This links with the question of independence generally, and the risk that the audit is not conducted with
professional competence and due care as a result of a lack of scepticism. In the end, the auditor must balance
being sceptical with being trusting, and the concept of 'professional scepticism' is an attempt to convey this. It
has also been said elsewhere that the auditor should 'trust, but verify' what the client tells them.
2.5 Revision of threats to independence
The area of threats to independence should not be new to you. You should be aware of many of the threats
to independence from your earlier studies in auditing. To refresh your memory about independence
issues, try the following question.
Question Revision of audit independence
From your knowledge brought forward from your previous studies, and any practical experience of
auditing you may have, write down as many potential ethical risk areas as you can in the areas below.
(Some issues may be relevant in more than one column.)
Personal interests Review of your own work Disputes Intimidation
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 49
Answer
Personal interests Review of your own work Disputes Intimidation
Undue dependence on an audit
client due to fee levels
Overdue fees becoming similar
to a loan
An actual loan being made to a
client
Contingency fees being offered
Accepting commissions from
clients
Provision of lucrative other
services to clients
Relationships with persons in
associated practices
Relationships with the client
Long association with clients
Beneficial interest in shares or
other investments
Hospitality
Auditor prepares the
accounts
Auditor participates in
management decisions
Provision of any other
services to the client
Actual litigation
with a client
Threatened
litigation with a
client
Client refuses to
pay fees and they
become long
overdue
Any threat of litigation
by the client
Personal relationships
with the client
Hospitality
Threat of other services
provided to the client
being put out to tender
Threat of any services
being put out to tender
The ACCA and IESBA Codes give extensive lists of examples of threats to independence and applicable
safeguards. In the rest of this section, these threats and some relevant factors and potential safeguards
will be outlined. Definite rules are shown in bold. You should learn these.
2.6 Self-interest threat
The ACCA Code of Ethics and Conduct highlights a great number of areas in which a self-interest threat
might arise.
Financial
interest
Recruitment
Lowballing
High %
of fees
% or contingent
fees
Overdue fees
Loans and guarantees
Gifts and hospitality
Compensation and evaluation policies
Partner on client board
Temporary staff assignments
Close business
relationships
SELF-INTEREST THREAT
2.6.1 Financial interests
A financial interest exists where an audit firm has a financial interest in a client's affairs, for example, the
audit firm owns shares in the client, or is a trustee of a trust that holds shares in the client.
Key term
http://accountingpdf.com/
50 2: Code of ethics and conduct Part B Professional and ethical considerations
A financial interest in a client constitutes a substantial self-interest threat. According to both the ACCA and
the IESBA, the parties listed below are not allowed to own a direct financial interest or an indirect
material financial interest in a client.
The assurance firm
A member of the assurance team
An immediate family member of a member of the assurance team
The following safeguards may therefore be relevant.
Disposing of the interest
Removing the individual from the team if required
Keeping the client's audit committee informed of the situation
Using an independent partner to review work carried out if necessary
Such matters will involve judgement on the part of the partners making decisions about such matters. For
example, what constitutes a material interest? A small percentage stake in a company might be material to
its owner. How does the firm judge the closeness of a relationship between staff and their families, in
other words, what does immediate mean in this context?
Audit firms should have quality control procedures requiring staff to disclose relevant financial interests
for themselves and close family members. They should also foster a culture of voluntary disclosure on an
ongoing basis so that any potential problems are identified on a timely basis.
Question Financial interests
You are the Ethics Partner at Stewart Brice & Co, a firm of Chartered Certified Accountants. The following
situations exist.
Teresa is the audit manager assigned to the audit of Recreate, a large quoted company. The audit has been
ongoing for one week. Yesterday, Teresa's husband inherited 1,000 shares in Recreate. Teresa's husband
wants to hold on to the shares as an investment.
The Stewart Brice & Co pension scheme, which is administered by Friends Benevolent, an unconnected
company, owns shares in Tadpole Group, a listed company with a number of subsidiaries. Stewart Brice &
Co has recently been invited to tender for the audit of one of the subsidiary companies, Kermit Co.
Stewart Brice has been the auditor of Kripps Bros, a limited liability company, for a number of years. It is a
requirement of Kripps Bros' constitution that the auditor owns a token $1 share in the company.
Required
Comment on the ethical and other professional issues raised by the above matters.
Answer
(a) Teresa is at present a member of the assurance team and a member of her immediate family owns
a direct financial interest in the audit client. This is unacceptable.
In order to mitigate the risk to independence that this poses on the audit, Stewart Brice & Co needs
to apply one of two safeguards.
Ensure that the connected person divests the shares
Remove Teresa from the engagement team
Teresa should be appraised that these are the options and removed from the team while a decision
is taken regarding whether to divest the shares. Teresa's husband appears to want to keep the
shares, in which case Teresa should be removed from the team immediately.
The firm should appraise the audit committee of Recreate of what has happened and the actions
they have taken. The partners should consider whether it is necessary to bring in an independent
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 51
partner to review audit work. However, given that Teresa's involvement is subject to the review of
the existing engagement partner and she was not connected with the shares while she was carrying
out the work, a second partner review is likely to be unnecessary in this case.
(b) The audit firm has an indirect interest in the parent company of a company it has been invited to
tender for by virtue of its pension scheme having invested in Tadpole Group.
This is no barrier to the audit firm tendering for the audit of Kermit Co.
Should the audit firm win the tender and become the auditors of Kermit Co it should consider
whether it is necessary to apply safeguards to mitigate against the risk to independence on the
audit as a result of the indirect financial interest.
The factors that the partners will need to consider are the materiality of the interest to either party
and the degree of control that the firm actually has over the financial interest.
In this case, the audit firm has no control over the financial interest. An independent pension
scheme administrator is in control of the financial interest. In addition, the interest is unlikely to be
substantial and is therefore immaterial to both parties. Only if the threat is significant should the
interest be divested.
It is likely that this risk is already sufficiently minimal so as not to require safeguards. However, if
the audit firm felt that it was necessary to apply safeguards, it could consider the following.
Notifying the audit committee of the interest
Requiring Friends Benevolent to dispose of the shares in Tadpole Group.
(c) In this case, Stewart Brice & Co has a direct financial interest in the audit client, which is
technically forbidden by ACCA guidance. However, it is a requirement of any firm auditing the
company that the share be owned by the auditors.
The interest is not material. The audit firm should safeguard against the risk by not voting on its own
re-election as auditor. The firm should also strongly recommend to the company that it removes this
requirement from its constitution, as it is at odds with ethical requirements for auditors.
2.6.2 Close business relationships
Examples of when an audit firm and an audit client have an inappropriately close business relationship
include:
Having a material financial interest in a joint venture with the assurance client
Arrangements to combine one or more services or products of the firm with one or more services
or products of the assurance client and to market the package with reference to both parties
Distribution or marketing arrangements under which the firm acts as distributor or marketer of the
assurance client's products or services or vice versa
Again, it will be necessary for the partners to judge the materiality of the interest and therefore its
significance. However, unless the interest is clearly insignificant, an assurance provider should not
participate in such a venture with an assurance client. Appropriate safeguards are therefore to end the
assurance provision or to terminate the (other) business relationship.
If an individual member of an audit team had such an interest, they should be removed from the audit
team.
However, if the firm or a member (and immediate family of the member) of the audit team has an interest
in an entity when the client or its officers also has an interest in that entity, the threat might not be so
great.
Generally speaking, purchasing goods and services from an assurance client on an arm's length basis
does not constitute a threat to independence. If there are a substantial number of such transactions,
there may be a threat to independence and safeguards may be necessary.
http://accountingpdf.com/
52 2: Code of ethics and conduct Part B Professional and ethical considerations
2.6.3 Temporary staff assignments
Staff may be loaned to an audit client, but only for a short period of time. Staff must not assume
management responsibilities, or undertake any assurance work that is prohibited elsewhere in the Code.
The audit client must be responsible for directing and supervising the activities of the loaned staff.
Possible safeguards include:
Conducting an additional review of the work performed by the loaned staff;
Not giving the loaned staff audit responsibility for any function or activity on the audit, that they
performed during the temporary staff assignment; or
Not including the loaned staff in the audit team.
2.6.4 Partner on client board
A partner or employee of an assurance firm should not serve on the board of an assurance client.
It may be acceptable for a partner or an employee of an assurance firm to perform the role of company
secretary for an assurance client, if the role is essentially administrative and if this practice is specifically
permitted under local law and professional rules.
Although a partner or employee cannot serve on a client's board, it is possible for them to attend board
meetings. This is common practice, and moreover may be necessary if there are issues that need to be
raised with management.
2.6.5 Compensation and evaluation policies
There is a self-interest threat when a member of the audit team is evaluated on selling non-assurance
services to the client. The significance of the threat depends on:
The proportion of the individual's compensation or performance evaluation that is based on the
sale of such services
The role of the individual on the audit team
Whether promotion decisions are influenced by the sale of such services
The firm should either revise the compensation plan or evaluation process, or put in place appropriate
safeguards. Safeguards include:
Removing the member from the audit team; or
Having the team member's work reviewed by a professional accountant.
A key audit partner shall not be evaluated based on their success in selling non-assurance services to
their audit client.
In the UK, the Audit Quality Review Team's annual report for 2010-11 expressed concern over the selling
of non-audit services to audited entities. The report stated that partners and staff were too often
compromised by an inappropriate focus on this area, with the result that firms sometimes failed to identify
the nature and extent of threats, and therefore failed to apply appropriate safeguards.
2.6.6 Gifts and hospitality
Unless the value of the gift/hospitality is clearly trivial and inconsequential, a firm or a member of an
assurance team should not accept.
2.6.7 Loans and guarantees
The advice on loans and guarantees falls into two categories:
The client is a bank or other similar institution
Other situations
Point to note
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 53
If a lending institution client lends an immaterial amount to an audit firm or member of the assurance
team on normal commercial terms, there is no threat to independence. If the loan were material, it would
be necessary to apply safeguards to bring the risk to an acceptable level. A suitable safeguard is likely to
be an independent review (by a partner from another office in the firm).
Loans to members of the assurance team from a bank or other lending institution client are likely to be
material to the individual but, provided that they are on normal commercial terms, these do not constitute
a threat to independence.
An audit firm or individual on the assurance engagement should not enter into any loan or guarantee
arrangement with a client that is not a bank or similar institution.
2.6.8 Overdue fees
In a situation where there are overdue fees, the auditor runs the risk of, in effect, making a loan to a client,
whereupon the guidance above becomes relevant.
Audit firms should guard against fees building up and being significant by discussing the issues with
those charged with governance, and, if necessary, the possibility of resigning if overdue fees are not paid.
2.6.9 Percentage or contingent fees
Contingent fee. A fee calculated on a predetermined basis relating to the outcome of a transaction or the
result of the services performed by the firm. A fee that is established by a court or other public authority is
not a contingent fee.
A firm shall not enter into a contingent fee arrangement in respect of an assurance engagement. For
both audit and assurance engagements, a contingent fee would carry a threat so great that no safeguards
could reduce it to an acceptable level.
For non-assurance engagements (eg tax services), where the client is not also an audit client, the
significance of the threat depends on:
The range of possible fee amounts
Whether an appropriate authority determines the outcome of the matter on which the contingent
fee will be determined
The nature of the service
• The effect of the event or transaction on the subject matter information.
Possible safeguards include:
Having a professional accountant review the relevant assurance work or otherwise advise as
necessary; or
Using professionals who are not members of the assurance team to perform the non-assurance
service.
2.6.10 High percentage of fees
When a firm receives a high proportion of its fee income from just one audit client, there is a self-interest
or intimidation threat, as the firm will be concerned about losing the client. A high percentage fee income
does not by itself create an insurmountable threat. This depends on the following.
The structure of the firm
Whether the firm is established or new
The significance of the client to the firm
These caveats are important for all of the threats to independence in this chapter. You should know most
of the rules from your previous studies, but at P7 level you will need to be able to apply them in detail.
Key term
Exam focus
point
http://accountingpdf.com/
54 2: Code of ethics and conduct Part B Professional and ethical considerations
Possible safeguards include:
Reducing the dependence on the client;
External quality control reviews; or
Consulting a third party, such as a professional regulatory body or a professional accountant, on
key audit judgements.
It is not just a matter of the audit firm actually being independent in terms of fees, but also of it being
seen to be independent by the public. It is as much about public perception as reality.
The Code also states that a threat may be created where an individual partner or office's percentage fees
from one client is high. The safeguards are as above, except that internal quality control reviews are also
relevant.
For audit clients that are public interest entities, the Code states that where total fees from the client (for
the audit and any non-audit services) represent more than 15% of the firm's total fees for two
consecutive years, the firm shall:
Disclose this to those charged with governance
Conduct a review, either by an external professional accountant or by a regulatory body. This
review can be either before the audit opinion on the second year's financial statements is issued (a
'pre-issuance review'), or after it is issued (a 'post-issuance review').
If total fees significantly exceed 15%, then a post-issuance review may not be sufficient, and a preissuance
review will be required.
Be careful when making points about fee dependence in the exam – as a rule, it is best not to make the
point unless there is information in the question that specifically indicates that this is an issue. Your
examination team does not like it when candidates routinely mention fee dependence in ethics questions,
so marking schemes often do not include marks here.
2.6.11 Lowballing
When a firm quotes a significantly lower fee level for an assurance service than would have been charged
by the predecessor firm, there is a significant self-interest threat. If the firm's tender is successful, the firm
must apply safeguards such as:
Maintaining records such that the firm is able to demonstrate that appropriate staff and time are
spent on the engagement
Complying with all applicable assurance standards, guidelines and quality control procedures
2.6.12 Recruitment
Recruiting senior management for an assurance client, particularly those able to affect the subject matter
of an assurance engagement, creates a self-interest threat for the assurance firm.
Assurance providers must not make management decisions for the client. Their involvement could be
limited to reviewing a shortlist of candidates, providing that the client has drawn up the criteria by which
they are to be selected.
Point to note
Exam focus
point
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 55
2.7 Self-review threat
General other
services
Preparing accounting records
and financial statements
Valuation services
Internal audit Tax services
services
Corporate
finance SELF-REVIEW THREAT
The key area in which there is likely to be a self-review threat is where an assurance firm provides services
other than assurance services to an assurance client (providing multiple services). There is a great deal of
guidance in the ACCA and IESBA Codes about various other services that accountancy firms might provide
to their clients, and these are dealt with below.
In exam questions, bear in mind the nature of the entity being audited. Is it a small owner-managed
business where the auditor is in effect an all-round business adviser and accountant, or is it a listed
company where the above rule is relevant?
In the US, rules concerning auditor independence for listed companies state that an accountant is not
independent if they provide certain non-audit services to an audit client. The relevant services are:
Bookkeeping
Financial information systems design and implementation
Appraisal or valuation services or fairness opinions
Actuarial services
Internal audit services
Management functions
Human resources
Broker-dealer services
Legal services
The rules, found in the Sarbanes-Oxley Act, have an international impact because they apply not only to
any company listed on the US Stock Exchange, but also to all subsidiaries of US-listed companies no
matter where they are based. So, for example, a UK-based subsidiary of a multinational group that is
listed in the US must comply with the Sarbanes-Oxley requirements.
2.7.1 General other services
For assurance clients, accountants are not allowed to:
Authorise, execute or consummate a transaction
Determine which recommendation of the company should be implemented
Report in a management capacity to those charged with governance
Having custody of an assurance client's assets, supervising client employees in the performance of their
normal duties, and preparing source documents on behalf of the client also pose significant self-review
threats which should be addressed by safeguards. These could be:
Ensuring non-assurance team staff are used for these roles
Involving an independent professional accountant to advise
Quality control policies on what staff are and are not allowed to do for clients
Making appropriate disclosures to those charged with governance
Resigning from the assurance engagement
Exam focus
point
http://accountingpdf.com/
56 2: Code of ethics and conduct Part B Professional and ethical considerations
2.7.2 Preparing accounting records and financial statements
There is clearly a significant risk of a self-review threat if a firm prepares accounting records and financial
statements and then audits them.
On the other hand, auditors routinely assist management with the preparation of financial statements and
give advice about accounting treatments and journal entries.
Therefore, assurance firms must analyse the risks arising and put safeguards in place to ensure that the
risk is at an acceptable level. If this can be done, then these services may be provided.
Safeguards include:
Using staff members other than assurance team members to carry out the work
Obtaining client approval for work undertaken
The rules are more stringent when the client is listed or public interest. Firms should not prepare
accounts or financial statements for listed or public interest clients. Note that there used to be an
exception here for 'emergency situations', in which the auditor used to be allowed to prepare accounts,
but this was removed in 2015.
For any client, assurance firms are also not allowed to:
Determine or change journal entries without client approval
Authorise or approve transactions
2.7.3 Valuation services
A valuation comprises the making of assumptions with regard to future developments, the application of
certain methodologies and techniques, and the combination of both in order to compute a certain value, or
range of values, for an asset, a liability or a business as a whole.
If an audit firm performs a valuation which will be included in financial statements audited by the firm, a
self-review threat arises.
Audit firms should not carry out valuations on matters which will be material to the financial
statements. If the valuation is for an immaterial matter, the audit firm should apply safeguards to ensure
that the risk is reduced to an acceptable level. Matters to consider when applying safeguards are the extent
of the audit client's knowledge of the relevant matters in making the valuation and the degree of
judgement involved, how much use is made of established methodologies and the degree of uncertainty in
the valuation. Safeguards include:
Second partner review
Confirming that the client understands the valuation and the assumptions used
Ensuring the client acknowledges responsibility for the valuation
Using separate personnel for the valuation and the audit
2.7.4 Taxation services
The Code divides taxation services into four categories.
(a) Tax return preparation
(b) Tax calculations for the purpose of preparing the accounting entries
(c) Tax planning and other tax advisory services
(d) Assistance in the resolution of tax disputes
Key term
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 57
Guidance in respect of each of these categories is:
(a) Tax return preparation does not generally threaten independence, as long as management takes
responsibility for the returns.
(b) Tax calculations for the purpose of preparing the accounting entries may not prepared for public
interest entities. There used to be an exception for 'emergency situations', but changes in 2015
meant that taxation services cannot provided in any circumstances at all.
For non-public interest entities, it is acceptable to do so provided that safeguards are applied.
(c) Tax planning may be acceptable in certain circumstances, eg where the advice is clearly
supported by tax authority or other precedent. However, if the effectiveness of the tax advice
depends on a particular accounting treatment or presentation in the financial statements, the audit
team has reasonable doubt about the accounting treatment, and the consequences of the tax advice
would be material, then the service should not be provided.
(d) Assistance in the resolution of tax disputes may be provided, depending on whether the firm
itself provided the service which is the subject of the dispute, and whether the effect is material to
the financial statements. Safeguards include using professionals who are not members of the audit
team to perform the service, and obtaining advice on the service from an external tax professional.
2.7.5 Internal audit services
A firm may provide internal audit services to an audit client. However, it should ensure that the client
acknowledges its responsibility for establishing, maintaining and monitoring the system of internal
controls. It may be appropriate to use safeguards, such as ensuring that an employee of the client is
designated as responsible for internal audit activities and that the client approves all the work that internal
audit does.
If the client is a public interest entity, then internal audit services must not be provided if they relate to:
(a) A significant part of the internal controls over financial reporting;
(b) Financial accounting systems generating information which is significant to the financial
statements; or
(c) Amounts or disclosures which are material to the financial statements.
2.7.6 Corporate finance
Certain aspects of corporate finance will create self-review threats that cannot be reduced to an acceptable
level by safeguards. Therefore, assurance firms are not allowed to promote, deal in or underwrite an
assurance client's shares. They are also not allowed to commit an assurance client to the terms of a
transaction or consummate a transaction on the client's behalf.
Other corporate finance services, such as assisting a client in defining corporate strategies, assisting in
identifying possible sources of capital and providing structuring advice, may be acceptable, providing that
safeguards are put in place, such as using different teams of staff and ensuring no management decisions
are taken on behalf of the client.
2.7.7 Other services
The audit firm might sell a variety of other services to audit clients, such as:
IT services
Litigation support
Legal services
The assurance firm should consider whether there are any threats to independence, such as if the firm
were asked to design internal control IT systems, which it would then review as part of its audit. The firm
should consider whether the threat to independence could be reduced by appropriate safeguards.
http://accountingpdf.com/
58 2: Code of ethics and conduct Part B Professional and ethical considerations
2.8 Advocacy threat
ADVOCACY THREAT
Legal
services
Corporate
finance
Contingent fees
An advocacy threat arises in certain situations where the assurance firm is in a position of taking the
client's part in a dispute or somehow acting as their advocate. The most obvious instances of this would
be when a firm offered legal services to a client and, say, defended them in a legal case or provided
evidence on their behalf as an expert witness. Advocacy threat might also arise if the firm carried out
corporate finance work for the client, for example, if the audit firm was involved in advice on debt
reconstruction and negotiated with the bank on the client's behalf.
The December 2013 exam featured a scenario in which the auditor was asked to attend a meeting with the
client's bank in relation to a possible new loan. Although most students would have sensed that this was
wrong, many would not have gotten the marks for saying specifically that it was an advocacy threat.
As with the other threats above, the firm has to appraise the risk and apply safeguards as necessary.
Relevant safeguards might be using different departments in the firm to carry out the work and making
disclosures to the audit committee. Remember, the ultimate option is always to withdraw from an
engagement if the risk to independence is too high.
Question Advocacy threat
Explain why contingent fees represent an advocacy threat.
Answer
If an accountant is paid fees on a contingency basis, then their interest becomes too closely aligned to that
of the client. They will both want the same thing to occur (ie the thing the fee is contingent on) and the risk
is that the accountant will act in the interests of the client to ensure it happens.
2.9 Familiarity threat
A familiarity threat arises where independence is jeopardised by the audit firm and its staff becoming over
familiar with the client and its staff. There is a substantial risk of loss of professional scepticism in such
circumstances.
We have already discussed some examples of when this risk arises, because very often a familiarity threat
arises in conjunction with a self-interest threat.
Exam focus
point
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 59
FAMILIARITY THREAT
Where there are family and personal
relationships between client/firm
Employment with
assurance client
Recent service with
assurance client
Long association
with assurance clients
2.9.1 Long association of senior personnel with audit clients
Having an audit client for a long period of time may create a familiarity threat to independence. The
severity of the threat depends on such factors as how long the individual has been on the audit team; how
senior the person is; whether the client's management has changed; and whether the client's accounting
issues have changed in nature or complexity.
Possible safeguards include:
Rotating the senior personnel off the audit team;
Having a professional accountant who was not a member of the audit team review the work of the
senior personnel; or
Regular independent internal or external quality reviews of the engagement.
The rules for public interest entities are stricter. If an individual is a key audit partner for seven years,
they must be rotated off the audit for two years. During this time they cannot be on the audit team, and
cannot consult with the audit team or the client on any issues that may affect the engagement (including
giving just general industry advice).
The Codes do allow some flexibility here: if key partner continuity is particularly beneficial to audit quality,
and there is some unforeseen circumstance (such as the intended engagement partner becoming
seriously ill), then the key audit partner can remain on the audit for an additional year, making eight
years in total.
If a client that was not a public interest entity becomes one, then the seven year limit still applies, starting
from the date when the key audit partner originally became the key partner for that audit client.
Finally, it is possible for an independent regulator to give permission for an audit partner to remain a key
audit partner indefinitely, provided alternative safeguards are applied (eg external review).
The December 2010 exam contained four marks for evaluating the advantages and disadvantages of
compulsory firm rotation. The candidates who score well on questions of this sort are those who don't
just know the rules, but are also able to think through the issues underlying them. They are also those who
have done a bit of reading around the syllabus.
That being said, you don't need to be intimidated by questions like this: they are within reach of virtually
every P7 candidate, provided that you can come up with some sensible points both for and against, and
can then draw a reasonable conclusion from what you have written. These are skills that you have
demonstrated in the earlier P-level papers; they just need to be applied to the subject matter of P7.
2.9.2 Recent service with an audit client
Individuals who have been a director or officer of the client (or an employee in a position to exert direct
and significant influence over the subject matter information of the assurance engagement) in the period
under review should not be assigned to the assurance team.
Exam focus
point
http://accountingpdf.com/
60 2: Code of ethics and conduct Part B Professional and ethical considerations
If an individual had been closely involved with the client prior to the time limits set out above, the
assurance firm should consider the threat to independence arising and apply appropriate safeguards, such
as:
Obtaining a quality control review of the individual's work on the assignment
Discussing the issue with the audit committee
2.9.3 Employment with an audit client
It is possible that staff might transfer between an assurance firm and a client, or that negotiations or
interviews to facilitate such movement might take place. Both situations are a threat to independence:
An audit staff member might be motivated by a desire to impress a future possible employer
(objectivity is therefore affected – self-interest threat).
A former partner turned finance director has too much knowledge of the audit firm's systems and
procedures.
In general there may be familiarity and intimidation threats when a member of the audit team joins an
audit client. If a 'significant connection' still remains between the audit firm and the former
employee/partner, then no safeguards could reduce the threat to an acceptable level. This would be the
case where:
The individual is entitled to benefits from the audit firm (unless fixed and predetermined, and not
material to the firm)
The individual continues to participate in the audit firm's business or professional activities
If there is no significant connection, then the threat depends on:
The position the individual has taken at the client
Any involvement the individual will have with the audit team
The length of time since the individual was a member of the audit team or partner of the firm
The former position of the individual within the audit team or firm; for example, whether the
individual was responsible for maintaining regular contact with the client's management or those
charged with governance
Safeguards could include:
Modifying the audit plan;
Assigning individuals to the audit team who have sufficient experience in relation to the
individual who has joined the client; or
Having an independent professional accountant review the work of the former member of the audit
team.
If the audit client is a public interest entity, 'cooling off' periods are required. Both the ACCA and IESBA
Codes state that when a key audit partner joins such a client, either as a director or as an employee with
significant influence on the financial statements, the client must have issued audited financial statements
covering at least 12 months before the employment can begin. The partner in question must also not have
been a member of the audit team in relation to those audited financial statements.
In the case of a senior or managing partner joining an audit client, 12 months must have passed (ie
there is no requirement for audited financial statements to have been issued).
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 61
The key audit partner is the:
Engagement partner,
Individual responsible for the engagement quality control review,
Other audit partners on the engagement team,
who make key decisions or judgements on significant matters with respect to the audit of the financial
statements on which the firm will express an opinion. Depending upon the circumstances and the role of
the individuals on the audit, 'other audit partners' may include, for example, audit partners responsible for
significant subsidiaries or divisions.
2.9.4 Family and personal relationships
Family or close personal relationships between assurance firm staff and client staff could seriously
threaten independence. Each situation has to be evaluated individually. Factors to consider are:
The individual's responsibilities on the assurance engagement
The closeness of the relationship
The role of the other party at the assurance client
When an immediate family member of a member of the assurance team is a director, an officer or an
employee of the assurance client in a position to exert direct and significant influence over the subject
matter information of the assurance engagement, the individual should be removed from the assurance
team.
The audit firm should also consider whether there is any threat to independence if an employee who is not
a member of the assurance team has a close family or personal relationship with a director, an officer or
an employee of an assurance client.
A firm should have quality control policies and procedures under which staff should disclose if a close
family member employed by the client is promoted within the client.
If a firm inadvertently violates the rules concerning family and personal relationships they should apply
additional safeguards, such as undertaking a quality control review of the audit and discussing the matter
with the audit committee of the client, if there is one.
2.10 Intimidation threat
An intimidation threat arises when members of the assurance team have reason to be intimidated by client
staff.
INTIMIDATION THREAT
Close business
relationships
Family and personal
relationships
Assurance staff members move to
employment with client
Litigation
These are also examples of self-interest threats, largely because intimidation may only arise significantly
when the assurance firm has something to lose.
Key term
http://accountingpdf.com/
62 2: Code of ethics and conduct Part B Professional and ethical considerations
The following examples of intimidation threats are taken from the IESBA Code.
Examples of intimidation threats
A threat of dismissal from a client engagement, if it continues to disagree with the client/plans to modify
the auditor's report
A threat of not giving a firm a contract for non-assurance work
A threat of litigation by the client (see below)
Pressure to reduce the amount of work done in order to reduce fees
Pressure to agree with the client because the client has more experience on the matter
A partner within the firm telling a member of the audit team that they will not be promoted if they
disagree with the client
2.10.1 Actual and threatened litigation
There may be an intimidation threat when the client threatens to sue, or indeed sues, the assurance firm
for work that has been done previously. The firm is then faced with the risk of losing the client, bad
publicity and the possibility that they will be found to have been negligent, which will lead to further
problems. This could lead to the firm being under pressure to produce an unmodified audit report when
they have been modified in the past, for example.
Generally, assurance firms should seek to avoid such situations arising. If they do arise, factors to
consider are:
The materiality of the litigation
The nature of the assurance engagement
Whether the litigation relates to a prior assurance engagement
The following safeguards could be considered.
Disclosing to the audit committee the nature and extent of the litigation
Removing specific affected individuals from the engagement team
Involving an additional professional accountant on the team to review work
However, if the litigation is at all serious, it may be necessary to resign from the engagement, as the threat
to independence is so great.
2.10.2 Second opinions
Another way that auditors can suffer an intimidation threat is when the audit client is unhappy with a
proposed audit opinion, and seeks a second opinion from a different firm of auditors.
In such a circumstance, the second audit firm will not be able to give a formal audit opinion on the financial
statements – only an appointed auditor can do that. However, the problem is that if a different firm of auditors
indicates to someone else's audit client that a different audit opinion might be acceptable, the appointed
auditor may feel under pressure to change the audit opinion. In effect, a self-interest threat arises, as the
existing auditor may feel that they will lose next year's audit if they does not change this year's opinion.
There is nothing to stop a company director talking to a second firm of auditors about treatments of
matters in the financial statements. However, the firm being asked for a second opinion should be very
careful, because it is possible that the opinion they form could be incorrect anyway if the director has not
given them all the relevant information. For that reason, firms giving a second opinion should ensure that
they seek permission to communicate with the existing auditor and they are appraised of all the facts. If
permission is not given, the second auditors should decline to comment on the audit opinion.
Given that second opinions can cause independence issues for the existing auditors, audit firms should
generally take great care if asked to provide one anyway.
Increasingly, new accounting standards do not give a choice of accounting treatments, meaning that
second opinions might be less called for.
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 63
Question Threats to independence
You are a partner in a firm of Chartered Certified Accountants. The following issues have emerged in
relation to three of your clients.
(a) Easter is a major client. It is listed on a major Stock Exchange. The audit team consists of eight
members, of whom Paul is the most junior. Paul has just invested in a personal pension plan that
invests in all the listed companies on the exchange.
(b) You are at the head of a team carrying out due diligence work at Electra, a limited company which
your client, Powerful, is considering taking over. Your second in command on the team, Peter, has
confided in you that in the course of his work he has met the daughter of the managing director of
Electra, and he is keen to invite her on a date.
(c) Your longest standing audit client is Teddies, which you have been involved in for ten years, four as
engagement partner. You recently went on an extended cruise with the managing director on their
yacht.
Required
Comment on the ethical and other professional issues raised by the above matters. Your answer should
outline the threat arising, the significance of the threat, any factors you have taken into account and, if
relevant, any safeguards you could apply to eliminate or mitigate the threat.
Answer
(a) In relation to Easter, there is a threat of self-interest arising, as a member of the audit team has an
indirect financial interest in the client.
The relevant factors are:
(i) The interest is unlikely to be material to the client or Paul, as the investment is recent and
Paul's interest is in a pool of general investments made by the pension scheme on his
behalf.
(ii) Paul is the audit junior and does not have a significant role on the audit in terms of
drawing audit conclusions or identifying audit risk areas.
The risk that arises to the independence of the audit here is not significant. It would be
inappropriate to require Paul to divest his interest in the audit client. If I wanted to eliminate all
elements of risk in this situation, I could simply change the junior assigned to my team, but such a
step is not vital in this situation.
(b) In relation to Powerful, two issues arise. The first is that the firm appears to be providing multiple
services to Powerful, which could raise a self-interest threat. The second is that the manager
assigned to the due diligence assignment wants to engage in a personal relationship with a person
connected to the subject of the assignment, which could create a familiarity or intimidation
threat.
With regard to the issue of multiple services, insufficient information is given to draw a conclusion
as to the significance of the threat. Relevant factors would be matters such as the nature of the
services, the fee income and the team members assigned to each. Safeguards could include using
different staff for the two assignments. The risk is likely to be significant only if one of the services
provided is audit, which is not indicated in the question.
In relation to the second issue, the relevant factors are as follows.
The assurance team member has a significant role on the team as second in command
The other party is closely connected to a key staff member at the company being reviewed
Timing
In this situation, the firm is carrying out a one-off review of the company, and timing is a key
issue. Presently Peter does not have a personal relationship which would significantly threaten the
http://accountingpdf.com/
64 2: Code of ethics and conduct Part B Professional and ethical considerations
independence of the assignment. In this situation, the safeguard is to request that Peter does not
take any action in that direction until the assignment is completed. If he refuses, then I may have to
consider rotating my staff on this assignment, and removing him from the team.
(c) In relation to Teddies, there is a risk that my long association and personal relationship with the
client will result in a familiarity threat. This is compounded by my acceptance of significant
hospitality on a personal level.
The relevant factors are:
I have been involved with the client for ten years and have a personal relationship with client
staff.
The company is not a listed or public interest company.
It is an audit assignment.
The risk arising here is significant but, as the client is not listed, it is not insurmountable. However,
it would be a good idea to implement some safeguards to mitigate against the risk. I could invite a
second partner to provide a hot review of the audit of Teddies, or even consider requesting that I
am rotated off the audit of Teddies for a period, so that the engagement partner is another partner
in my firm. In addition, I must cease accepting hospitality from the directors of Teddies unless it is
clearly insignificant.
When answering exam questions, do not just identify the ethical threats in a given scenario. You must also
be able to explain why the issue is an ethical threat. Ideally you should say what type of threat it is (selfinterest,
self-review, advocacy, familiarity or intimidation), as this will help to show the marker that you
are applying specific knowledge of ethical codes to the scenario.
2.11 Quality control: independence
The quality control standard for firms, ISQC 1 Quality control for firms that perform audits and reviews of
financial statements, and other assurance and related services engagements, which we shall look at in
detail in Chapter 4, contains a section looking at the firm's procedures with regard to ethics and, in
particular, independence.
ISQC 1.20
The firm shall establish policies and procedures designed to provide it with reasonable assurance that the
firm and its personnel comply with relevant ethical requirements.
The policies and procedures should be in line with the fundamental principles, which should be reinforced by:
The leadership of the firm
Education and training
Monitoring
A process for dealing with non-compliance
ISQC 1.22
Such policies and procedures shall require:
(a) Engagement partners to provide the firm with relevant information about client engagements,
including the scope of services, to enable the firm to evaluate the overall impact, if any, on
independence requirements
(b) Personnel to promptly notify the firm of circumstances and relationships that create a threat to
independence so that appropriate action can be taken
Exam focus
point
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 65
(c) The accumulation and communication of relevant information to appropriate personnel so that:
(i) The firm and its personnel can readily determine whether they satisfy independence
requirements
(ii) The firm can maintain and update its records relating to independence
(iii) The firm can take appropriate action regarding identified threats to independence that are
not at an acceptable level
ISQC 1.23
The firm shall establish policies and procedures designed to provide it with reasonable assurance that it is
notified of breaches of independence requirements, and to enable it to take appropriate actions to resolve
such situations. The policies and procedures shall include requirements for:
(a) Personnel to promptly notify the firm of independence breaches of which they become aware
(b) The firm to promptly communicate identified breaches of these policies and procedures to:
(i) The engagement partner who, with the firm, needs to address the breach
(ii) Other relevant personnel in the firm and, where appropriate, the network, and those subject
to the independence requirements who need to take appropriate action
(c) Prompt communication to the firm, if necessary, by the engagement partner and the other
individuals referred to in subparagraph (b)(ii) of the actions taken to resolve the matter, so that the
firm can determine whether it should take further action
ISQC 1.24
At least annually, the firm shall obtain written confirmation of compliance with its policies and procedures
on independence from all firm personnel required to be independent by relevant ethical requirements.
2.11.1 Familiarity threat
Lastly, the ISQC sets out some specific guidance in relation to the threat of overfamiliarity with clients.
ISQC 1.25
The firm shall establish policies and procedures:
(a) Setting out criteria for determining the need for safeguards to reduce the familiarity threat to an
acceptable level when using the same senior personnel on an assurance engagement over a long
period of time; and
(b) Requiring, for audits of financial statements of listed entities, the rotation of the engagement
partner and the individuals responsible for engagement quality control review and, where
applicable, others subject to rotation requirements, after a specified period in compliance with
relevant ethical requirements.
3 Specific guidance: confidentiality 12/13
The ACCA and the IESBA Codes recognise a duty of confidence and several exceptions to it.
3.1 Duty of confidence
Confidentiality is a fundamental principle, defined in Section 1.3 above. Here is the definition again:
Confidentiality. To respect the confidentiality of information acquired as a result of professional and
business relationships and, therefore, not disclose any such information to third parties without proper
and specific authority, unless there is a legal or professional right or duty to disclose, nor use the
information for the personal advantage of the professional accountant or third parties.
(IESBA and ACCA Codes of Ethics)
FAST FORWARD
Key term
http://accountingpdf.com/
66 2: Code of ethics and conduct Part B Professional and ethical considerations
The key parts of this definition are:
Do not disclose information without proper authority.
Do not use information for personal advantage.
Information may be disclosed if there is a right or duty to do so.
In exchange for this duty of confidence owed by the auditor to the client, the client must agree to disclose in
full all information relevant to the engagement. The professional accountant must make the client aware of
the duty of confidentiality, and of the fact that it can be overridden where there is a right or duty to disclose.
Maintaining confidentiality means avoiding inadvertent disclosure as much as intentional disclosure. For
instance, information must not be disclosed unintentionally when socialising. The Codes also note that the
duty of confidentiality continues even after the end of the relationship with the client.
3.2 Exceptions to the rule of confidentiality
Binding though the duty of confidence is, there are nevertheless exceptions to it. The Codes identify three
general circumstances where disclosure may be appropriate.
Disclosure is permitted by law and authorised by the client.
Disclosure is required by law (eg for legal proceedings).
There is a professional duty or right to disclose (eg to comply with a quality review by a
professional body such as ACCA; to respond to an investigation by a regulatory body; to protect the
professional accountant's interests in legal proceedings; to comply with ethics requirements).
Disclosure may be obligatory or merely voluntary, depending on the situation.
ACCA and IESBA Codes of Ethics
Obligatory disclosure. A professional accountant who believes that a client has committed terrorist
offences, or has reasonable cause to believe that a client has committed treason, is bound to disclose that
knowledge to the proper authorities immediately. (Code, B 1.22)
Voluntary disclosure. In certain cases a professional accountant is free to disclose information, whatever
its nature:
When it is in the public interest
In order to protect a professional accountant's interests
Where it is authorised by statute
To non-governmental bodies
(Code, B 1.30)
In deciding whether to disclose, some general factors to consider include:
Whether it would harm the interests of all parties (including third parties)
Whether all relevant information is known and substantiated
The type of communication that is expected
Whether the parties to whom the communication is addressed are appropriate recipients
The following four subsections address the four kinds of voluntary disclosure.
3.2.1 Disclosure in the public interest
The courts have never given a definition of 'the public interest', which makes things difficult for the auditor
as it is not certain exactly when they must disclose. But the Codes state that disclosure is probably only
permitted to 'one who has a proper interest to receive that information', such as:
The police;
The government department for trade and industry; or
A recognised stock exchange.
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 67
Whether disclosure is justified depends on the following factors (Code B1.32).
The size of the amounts involved and the extent of likely financial damage
Whether members of the public are likely to be affected
The possibility or likelihood of repetition
The reasons for the client's unwillingness to make disclosures to the proper authority
The gravity of the matter
Relevant legislation, accounting and auditing standards
Any legal advice obtained
The Codes do state that this is a difficult area to decide on, and that it will often be appropriate to take
legal advice (Code B1.33).
Under ISA 250, if auditors become aware of a suspected or actual instance of non-compliance with law
and regulation which gives rise to a statutory right or duty to report, they should report it to the proper
authority immediately. They should also seek legal advice.
If you are required to make judgements about whether such a disclosure should be made in a given
scenario, you should apply a checklist like the one above to the scenario to ensure you have shown
evidence of your consideration of all the relevant factors.
3.2.2 Disclosure to protect a professional accountant's interests
Disclosure can be made to protect a professional accountant's interests to:
Enable the professional accountant to defend themselves against a criminal charge or suspicion
Resist proceedings in relation to a taxation offence
Resist legal action by a client or a third party
Enable the professional accountant to defend themselves against disciplinary proceedings by the
ACCA or another body
Enable the professional accountant to sue for their fees
3.2.3 Disclosure authorised by statute
There are two areas where legislation may require the auditor to break their duty of confidentiality:
Where required to disclose by anti money laundering legislation (see Chapter 1)
Where required to disclose by any whistleblowing responsibilities, eg for an auditor of certain
financial institutions in the UK
3.2.4 Disclosure to non-governmental bodies
Disclosure must be made to a recognised non-governmental body where the body has statutory powers
requiring disclosure, but where the body does not have these powers then the professional accountant
must obtain the client's consent to disclose.
3.3 Responding to illegal acts/non-compliance with laws and
regulations
3.3.1 2012 ED: Responding to a suspected illegal act
In August 2012 the IESBA issued an Exposure Draft (ED), Responding to a Suspected Illegal Act. The ED
described the circumstances in which a professional accountant is required or expected to override
confidentiality and disclose a suspected illegal act to an appropriate authority.
The ED proposed adding two new sections addressing illegal acts to the Code of Ethics, in order to clearly
delineate the expected course of action for an accountant to take if those charged with governance do not
respond to the issue appropriately.
Exam focus
point
http://accountingpdf.com/
68 2: Code of ethics and conduct Part B Professional and ethical considerations
If they suspect that an illegal act has taken place, accountants must take reasonable steps to confirm this
(or dispel the suspicion). They must discuss it with management, and escalate it to higher levels of
management if the response received is inadequate.
If an appropriate response is still not received, then the accountant's next action depends on whether they
are dealing with an audit client or not:
Audit client: disclose to relevant authority
Non-audit client/'professional accountant in business': disclose to the entity's external auditor
and, if possible, to a relevant authority
It may be necessary to terminate the professional relationship or, if the accountant is an employee,
resign from the organisation.
3.3.2 2015 ED: Responding to Non-Compliance with Laws and Regulations
In May 2015 a further Exposure Draft was issued, Responding to Non-Compliance with Laws and
Regulations, as a result of feedback from the 2012 ED on 'illegal acts'. A new framework was proposed
which focused more on achieving outcomes that were in the public interest, ie trying to discourage
professional accountants from 'turning a blind eye' to non-compliance.
We now have a new acronym: NOCLAR, or Non-Compliance with Laws And Regulations.
The objectives of the framework are:
To comply with the fundamental principles of integrity and professional behaviour
By alerting management, to seek to:
– Enable them to rectify, remediate or mitigate the consequences of the identified or
suspected NOCLAR; or
– Deter the commission of NOCLAR
To take such further action as may be needed in the public interest.
The laws and regulations covered by the framework are those within the scope of the accountant's
expertise, ie which are fundamental to the financial statements or to the client's business. Outside the
scope are: matters which are clearly inconsequential; personal misconduct unrelated to a client's
business, and; NOCLAR acts committed by someone other than the client.
Requirements of Auditors include:
Raise the identified or suspected NOCLAR with management/TCWG.
Fulfill professional responsibilities, eg comply with professional standards.
Determine if further action (eg disclosure to relevant authority) is needed to achieve the objectives,
depending on management's response.
Document how the objectives have been met.
4 Specific guidance: conflicts of interest 6/09, 6/11
Auditors should identify potential conflicts of interest, as they could result in the ethical codes being
breached.
There are two kinds of conflict of interest:
Conflicts between the interests of different clients
Conflicts between members' and clients' interests
Audit firms should take reasonable steps to identify circumstances that could pose a conflict of interest.
FAST FORWARD
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 69
Examples of conflicts of interest
Using confidential information obtained during an audit to help another client to acquire the audit client
Advising two clients at the same time who are competing to acquire the same company
Providing services to both a vendor and a purchaser in relation to the same transaction
Representing two clients who are in a legal dispute with each other (eg during divorce proceedings)
Advising a client to invest in a business in which, for example, the spouse of the professional accountant
in public practice has a financial interest
The test of whether a threat is significant is whether a reasonable and informed third party, weighing all
the specific facts and circumstances available to the professional accountant at the time, would be likely to
conclude that compliance with the fundamental principles is not compromised.
The Code emphasises the importance of considering potential conflicts of interest before accepting a new
client. An issue here is first identifying that there is a conflict – it may be that, for example, the
engagement partner for a new client is not aware that there is a conflict because they do not know all of
the firm's other clients. It is therefore necessary to have an effective conflict identification process.
As with all threats, safeguards should be applied if necessary. If safeguards would not be enough, then
the engagement should be declined or discontinued.
Examples of safeguards
Disclosure of the nature of the conflict of interest (and related safeguards) to clients affected, to obtain
their consent to the professional accountant performing the services
Mechanisms to prevent unauthorised disclosure of confidential information, such as:
Separate engagement teams
Creating separate areas of practice for specialty functions within the firm
Establishing policies and procedures to limit access to client files
Review of safeguards by a senior individual not involved with the engagement(s)
External review by a professional accountant
Consulting with third parties, such as a professional body, legal counsel or another professional
accountant
Disclosure is the key safeguard here. If the client refuses to give consent, then the engagement giving
rise to the conflict should be discontinued.
5 Conflicts in application of the fundamental principles
The Codes give some general guidance to members who encounter a conflict in the application of the
fundamental principles.
5.1 The problem
Both the IESBA and ACCA Codes are principles-based. The application of the principles they contain
requires a degree of judgement (much like the application of an ISA). As a result of this judgemental
aspect, it is possible to have more than one 'right answer' in a given situation – more than one
reasonable judgement of how the fundamental ethical principles should be applied.
Contrast this to the situation with a rules-based code of ethics. There, applying the rules strictly should
result in only one possible outcome. It might not be an outcome that is ethical, eg because it is a result of
a loophole, but it will be the only correct outcome (assuming that the rules themselves are not
ambiguous). By contrast, a principles-based code may allow for several outcomes that are equally
'correct'.
FAST FORWARD
http://accountingpdf.com/
70 2: Code of ethics and conduct Part B Professional and ethical considerations
What is at issue here is that there may be conflict between different ethical principles. The aim here must
be to use judgement to resolve the conflict, or to try to balance the principles involved.
5.2 Matters to consider
The resolution process should include consideration of:
Relevant facts – do I have all the relevant facts? Eg an organisation's policy and procedures
Relevant parties – who is affected by the ethical issue? Eg shareholders, employees, employers,
the public
Ethical issues involved – what kinds of issues are these? Would they affect the profession's
reputation? Eg professional ethical issues, personal ethical issues
Fundamental principles related to the matter in question – what are the threats? Refer to ethical
code
Established internal procedures – are there procedures for dealing with this sort of situation? Eg
discuss with your supervisor, or firm's legal department
Alternative courses of action – have all the consequences been evaluated? Consider laws and
regulations, long-term consequences, public consequences
5.2.1 Unresolved conflict
If the matter is unresolved, the member should consult with other appropriate persons within the firm.
They may then wish to obtain advice from the ACCA or legal advisers. If after exhausting all relevant
possibilities the ethical conflict remains unresolved, members should consider withdrawing from the
engagement team, a specific assignment, or to resign altogether from the engagement.
5.3 Example
An auditor encounters a fraud
Conflict: duty to report could
conflict with confidentiality
Take legal advice to
determine whether there is a
requirement to report
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 71
Chapter Roundup
Accountants require an ethical code because they hold positions of trust, and people rely on them.
The ACCA's guidance complies with the requirements of the IESBA Code.
The ACCA and IESBA Codes give examples of a number of situations where independence might be
threatened and suggest safeguards to independence.
The ACCA and IESBA Codes recognise a duty of confidence and several exceptions to it.
Auditors should identify potential conflicts of interest, as they could result in the ethical codes being
breached.
The Codes give some general guidance to members who encounter a conflict in the application of the
fundamental principles.
http://accountingpdf.com/
72 2: Code of ethics and conduct Part B Professional and ethical considerations
Quick Quiz
1 Match the fundamental principle to the characteristic.
(a) Integrity
(b) Objectivity
(i) Members should be straightforward and honest in all professional and business
relationships.
(ii) Members should not allow bias, conflict of interest or undue influence of others to override
professional or business judgements.
2 Name five general threats to independence.
(1) ………………………
(2) ………………………
(3) ………………………
(4) ………………………
(5) ………………………
3 Name four relevant safeguards against a financial interest in a client.
(1) ………………………
(2) ………………………
(3) ………………………
(4) ………………………
4 Complete the definition:
………… …………… are fees calculated on a predetermined basis relating to the outcome or result of a
transaction or the result of the work performed.
5 Name four exceptions to the duty of confidentiality in which voluntary disclosure may be made.
http://accountingpdf.com/
Part B Professional and ethical considerations 2: Code of ethics and conduct 73
Answers to Quick Quiz
1 (a)(i), (b)(ii)
2 (1) Self-review
(2) Self-interest
(3) Familiarity
(4) Intimidation
(5) Advocacy
3 (1) Disposing of the interest
(2) Removing the relevant individual from the assurance team
(3) Informing the audit committee of the situation
(4) Independent partner review of work undertaken
4 Contingent fees
5 In certain cases a professional accountant is free to disclose information, whatever its nature:
When it is in the public interest
In order to protect a professional accountant's interests
Where it is authorised by statute
To non-governmental bodies
Now try the questions below from the Practice Question Bank.
Number Level Marks Time
Q2 Examination 15 29 mins
Q3 Examination 15 29 mins
http://accountingpdf.com/
74 2: Code of ethics and conduct Part B Professional and ethical considerations
http://accountingpdf.com/
75
Topic list Syllabus reference
1 Legal liability B3
2 Negligence B3
3 Restricting liability B3
4 Current issues in auditor liability B3
5 Fraud and error B2
6 The expectations gap B3
Professional liability
Introduction
Auditors have responsibilities to several parties. This chapter explores the
various responsibilities and the liability that can arise in respect of them. It
also looks at ways of restricting liability, including professional indemnity
insurance.
The auditors' responsibility to members and other readers of the accounts in tort
and contract can give rise to liability, particularly in the event of negligence.
Case law on this matter is complex and not wholly satisfactory. It results in
auditors being liable to some readers and not others. However, auditors' liability
is a dynamic issue in that it evolves as cases are brought to court.
There are some interesting issues for auditors with regard to liability, for
example limited liability partnerships. This and other current issues pertaining
to the topics covered in this chapter are discussed in Section 4.
Critically, and contrary to widespread public belief, auditors do not have a
responsibility to detect and prevent fraud. The responsibilities that auditors do
have with regard to fraud and error are outlined in Section 5. Auditors are
required to follow the guidance of ISA 240 The auditor's responsibilities relating
to fraud in an audit of financial statements.
Reasons for audit failure and other factors contributing to the 'expectation gap'
are covered in Section 6.
http://accountingpdf.com/
76 3: Professional liability Part B Professional and ethical considerations
Study guide
Intellectual level
B2 Fraud and error
(a) Define and clearly distinguish between the terms 'error', 'irregularity', 'fraud'
and 'misstatement'.
2
(b) Compare and contrast the respective responsibilities of management and
auditors for fraud and error.
2
(c) Describe the matters to be considered and procedures to be carried out to
investigate actual and/or potential misstatements in a given situation.
2
(d) Explain how, why, when and to whom fraud and error should be reported
and the circumstances in which an auditor should withdraw from an
engagement.
2
(e) Discuss the current and possible future role of auditors in preventing,
detecting and reporting error and fraud.
2
B3 Professional liability
(a) Recognise circumstances in which professional accountants may have legal
liability.
2
(b) Describe the factors to determine whether or not an auditor is negligent in
given situations.
2
(c) Explain the other criteria for legal liability to be recognised (including 'due
professional care' and 'proximity') and apply them to given situations.
2
(d) Compare and contrast liability to client with liability to third parties. 3
(e) Evaluate the practicability and effectiveness of ways in which liability may be
restricted.
3
(f) Discuss liability limitation agreements. 2
(g) Discuss and appraise the principal causes of audit failure and other factors
that contribute to the 'expectation gap' (eg responsibilities for fraud and
error).
3
(h) Recommend ways in which the expectation gap might be bridged. 2
Exam guide
Auditor liability is a key issue facing the profession globally, and is linked in with ongoing debate about the
role of audit in the future. This area can be examined in topical discussion questions, or in practical
scenarios considering whether an auditor may be held to have been negligent in specific circumstances.
The extent of the auditor's responsibilities in relation to fraud and error is a critical element of the public's
perception of the auditor's role. The requirements of ISA 240 in this regard are core knowledge for this
paper and may have to be applied in practical scenarios.
1 Legal liability
Professional accountants may have professional liability under statutory law.
The auditor has a contractual relationship with their client. If they breach the contract then they can be
sued. In addition to this, auditors have a duty to carry out their work with reasonable skill and care.
FAST FORWARD
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 77
Under certain legislation, notably insolvency legislation, auditors may be found to be officers of the
company and could be charged with criminal offences or found liable for civil offences in connection with
the winding up of the company.
Auditors may also be found guilty of financial market abuse offences, such as insider dealing, since they
are privy to inside information and may use this information for their own gain.
Auditors could be found guilty of a criminal offence if they knew or suspected a person was laundering
money and they failed to report their suspicions to the proper authority.
2 Negligence 6/10, 6/13
Auditors may have professional liability in the tort of negligence.
Negligence is a common law concept. It seeks to provide compensation to a person who has suffered loss
due to another person's wrongful neglect. To succeed in an action for negligence, an injured party must
prove three things:
(a) That a duty of care which is enforceable by law existed
(b) This duty of care was breached
(c) The breach caused the injured party loss. In the case of negligence in relation to financial
advisers/auditors, this loss must be pecuniary (ie financial) loss.
2.1 Who might bring an action for negligence?
The parties likely to want to bring an action in negligence against the auditors, for example, if they have
given the wrong audit opinion through lack of care, include:
The company
Shareholders
The bank
Other lenders
Other interested third parties
A key difference between the various potential claimants is the extent of the proximity between the auditor
and the potential claimant, and whether the relationship is sufficiently proximal for the auditor to owe
them a duty of care.
2.2 The audit client
The auditor owes a duty of care to the audit client automatically under law.
The audit client is the company. It is a basic maxim of company law that the company is all of the
shareholders acting as a body. In other words, the 'company' cannot be represented by a single
shareholder.
COMPANY = SHAREHOLDERS AS A BODY
COMPANY = SHAREHOLDER + SHAREHOLDER
The company has a contract with the auditor. In the law of many countries, a contract for the supply of a
service such as an audit contains a duty of reasonable care implied by statute.
In other words, whatever the express terms of any written contract between the company and the audit
firm, the law always implies a duty of care into it. Therefore, if the company (all the shareholders acting as
a body) wants to bring a case for negligence, the situation would be as follows.
FAST FORWARD
FAST FORWARD
http://accountingpdf.com/
78 3: Professional liability Part B Professional and ethical considerations
Client
Duty of care exists? AUTOMATIC
Breached? MUST BE PROVED
Loss arising? MUST BE PROVED
In order to prove whether a duty of care had been breached, the court has to give further consideration to
what the duty of 'reasonable' care means in practice.
2.2.1 The auditor's duty of care
The standard of work of auditors is generally as defined by legislation. A number of judgements made in
law cases show how the auditor's duty of care has been gauged at various points in time because
legislation often does not state clearly the manner in which the auditors should discharge their duty of
care. It is also not likely that this would be clearly spelt out in any contract setting out the terms of an
auditor's appointment.
You are not expected to know all the precise details of the cases described in this section for your exam.
At Paper P7 level, you will not just be tested on your knowledge in the exam but also on your ability to
apply what you know – perhaps to specific scenarios. The cases here are useful illustrations of the issues
surrounding the professional liability of auditors, and will help you get to know the main principles which
you will then have to apply in your exam.
Case Study
Re Kingston Cotton Mill 1896
When Lopes L J considered the degree of skill and care required of an auditor he declared:
'... it is the duty of an auditor to bring to bear on the work he has to perform that skill, care and
caution which a reasonably competent, careful and cautious auditor would use. What is reasonable
skill, care and caution, must depend on the particular circumstances of each case.'
Lopes was careful to point out that what constitutes reasonable care depends very much on the facts of a
particular case. Another criteria by which the courts will determine the adequacy of the auditors' work is
by assessing it in relation to the generally accepted auditing standards of the day.
Case Study
The courts will be very much concerned with accepted advances in auditing techniques, demonstrated by
Pennycuick J in Re Thomas Gerrard & Son Ltd 1967 where he observed:
'... the real ground on which Re Kingston Cotton Mill ... is, I think, capable of being distinguished is
that the standards of reasonable care and skill are, upon the expert evidence, more exacting today
than those which prevailed in 1896.'
Case Study
Lord Denning in the case of Fomento (Sterling Area) Ltd v Selsdon Fountain Pen Co Ltd 1958 sought to
define the auditor's proper approach to their work by saying:
'... they must come to it with an inquiring mind – not suspicious of dishonesty ... – but suspecting
that someone may have made a mistake somewhere and that a check must be made to ensure that
there has been none.'
Exam focus
point
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 79
The auditors have a responsibility to keep themselves abreast of professional developments. Auditing
standards are likely to be taken into account when the adequacy of the work of auditors is being
considered in a court of law or in other contested situations.
When the auditors are exercising judgement they must act both honestly and carefully. Obviously, if
auditors are to be 'careful' in forming an opinion, they must give due consideration to all relevant matters.
Provided they do this and can be seen to have done so, then their opinion should be above criticism.
However if the opinion reached by the auditors is one that no reasonably competent auditor would have
been likely to reach, then they would still possibly be held negligent. This is because however carefully the
auditors may appear to have approached their work, it clearly could not have been careful enough, if it
enabled them to reach a conclusion which would be generally regarded as unacceptable.
If the auditors' suspicions are aroused, they must conduct further investigations until such suspicions are
either confirmed or allayed. Over the years, there have been many occasions where the courts have had to
consider cases in which it has been held, on the facts of those cases, that the auditors ought to have been
put upon enquiry.
2.3 Third parties
The auditor only owes a duty of care to parties other than the audit client if one has been established.
'Third parties' in this context means anyone other than the company (audit client) who wishes to make a
claim for negligence. It therefore includes any individual shareholders in the company and any potential
investors. It also includes, importantly, the bank, who is very often a key financier of the company.
The key difference between third parties and the company is that third parties have no contract with the
audit firm, thus there is therefore no implied duty of care. The situation is therefore as follows.
Third parties
Duty of care exists? MUST BE PROVED
Breached? MUST BE PROVED
Loss arising? MUST BE PROVED
Traditionally the courts have been averse to attributing a duty of care to third parties to the auditor. We
can see this by looking at some past cases that have gone to court.
A very important case is Caparo Industries plc v Dickman and Others 1990, which is described here.
Case Study
The facts as pleaded were that in 1984 Caparo Industries purchased 100,000 Fidelity shares in the open
market. On 12 June 1984, the date on which the financial statements (audited by Touche Ross) were
published, they purchased a further 50,000 shares. Relying on information in the financial statements,
further shares were acquired. On 4 September, Caparo made a bid for the remainder and by October had
acquired control of Fidelity. Caparo alleged that the financial statements on which they had relied were
misleading in that an apparent pre-tax profit of some £1.3 million should in fact have been shown as a
loss of over £400,000. The plaintiffs argued that Touche owed a duty of care to investors and potential
investors.
The conclusion of the House of Lords hearing of the case in February 1990 was that the auditors of a
public company's financial statements owed no duty of care to members of the public at large who relied
on the financial statements in deciding to buy shares in the company. And as a purchaser of further
shares, while relying on the auditor's report, a shareholder stood in the same position as any other
investing member of the public to whom the auditor owed no duty. The purpose of the audit was simply
that of fulfilling the statutory requirements of the Companies Act. There was nothing in the statutory duties
of company auditors to suggest that they were intended to protect the interests of investors in the market.
FAST FORWARD
http://accountingpdf.com/
80 3: Professional liability Part B Professional and ethical considerations
And in particular, there was no reason why any special relationship should be held to arise simply from the
fact that the affairs of the company rendered it susceptible to a takeover bid.
In its report The Financial Aspects of Corporate Governance, the Cadbury Committee gave an opinion on
the situation as reflected in the Caparo ruling. It felt that Caparo did not lessen auditors' duty to use skill
and care because auditors are still fully liable in negligence to the companies they audit and their
shareholders collectively. Given the number of different users of financial statements, it was impossible
for the House of Lords to have broadened the boundaries of the auditor's legal duty of care.
The decision in Caparo v Dickman considerably narrowed the auditor's potential liability to third parties.
The judgement appears to imply that members of various such user groups, which could include
suppliers, potential investors or others, will not be able to sue the auditors for negligence by virtue of their
placing reliance on audited annual financial statements, as their relationship with the auditor is
insufficiently proximate.
Case Study
In James McNaughton Paper Group Ltd v Hicks Anderson & Co 1990, Lord Justice Neill set out the
following position in the light of Caparo and earlier cases.
(a) 'In England a restrictive approach was now adopted to any extension of the scope of the duty of
care beyond the person directly intended by the maker of the statement to act upon it.
(b) In deciding whether a duty of care existed in any particular case it was necessary to take all the
circumstances into account.
(c) Notwithstanding (b), it was possible to identify certain matters which were likely to be of
importance in most cases in reaching a decision as to whether or not a duty existed.'
A more recent court case produced a development in the subject of audit liability. In December 1995, a
High Court judge awarded electronic security group ADT £65m plus interest and costs (£40m) in damages
for negligence against the former BDO Binder Hamlyn (BBH) partnership.
Case Study
The firm had jointly audited the 1988/89 financial statements of Britannia Security Group (BSG), which
ADT acquired in 1990 for £105m, but later found to be worth only £40m. Although, under Caparo,
auditors do not owe a duty of care in general to third parties, the judge found that BBH audit partner
Martyn Bishop, who confirmed that the firm stood by BSG's financial statements at a meeting with ADT in
the run-up to the acquisition, had thereby taken on a contractual relationship with ADT. This
development occurred, apparently, because (post-Caparo) solicitors and bankers were advising clients
intent on acquisitions to get direct assurances from the target's auditors on the truth and fairness of the
financial statements.
BBH appealed this decision; the liable partners, because of a shortfall in insurance cover, were left facing
the prospect of coming up with £34m. An out of court settlement was reached with ADT.
A case in 1997 appeared to take a slightly different line, although this case related to some management
accounts on which no written report had been issued.
Case Study
In Peach Publishing Ltd v Slater & Co 1997 the Court of Appeal ruled that accountants are not
automatically liable if they give oral assurances on accounts to the purchaser of a business. The case
involved management accounts, which the accountant stated were right subject to the qualification that
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 81
they had not been audited. The Court held that the purpose of giving the assurance was not to take on
responsibility to the purchaser for the accuracy of the accounts. The purchaser's true objective in this case
was to obtain a warranty from the accountant's client, the target. Therefore the accountant was not
assuming responsibility to the purchaser by giving their client information on which it could decide
whether or not to give the warranty. The Court of Appeal also observed that the purchaser should not have
relied on the management accounts without having them checked by its advisers.
Case Study
In a further case, the Court of Appeal gave guidance on the effect of a disclaimer which stated that the
report had been prepared for the client only and no-one else should rely on it. In Omega Trust Co Ltd v
Wright Son & Pepper 1997 (which related to surveyors but the facts of which can be applied to
accountants) the court held that the surveyor was entitled to know who their client was and to whom their
duty was held. They were entitled to refuse liability to an unknown lender or any known lender with whom
he had not agreed.
All this case law raised some problems. In spite of the judgement in Caparo, the commercial reality is that
creditors and investors (especially institutional ones) do use audited financial statements. In the UK the
Companies Act requires a company to file financial statements with the Registrar. Why is this a statutory
requirement? It is surely because the public, including creditors and potential investors, have a need for a
credible and independent view of the company's performance and position.
It would be unjust if auditors, who have secondary responsibility for financial statements being prepared
negligently, bore the full responsibility for losses arising from such negligence just because they are
insured. It would also be unjust if the auditors could be sued by all and sundry. While the profession has
generally welcomed Caparo, two obvious problems are raised by the decision.
Is a restricted view of the usefulness of audited financial statements in the profession's long-term
interests?
For private companies there will probably be an increase in the incidence of personal guarantees
and warranties given by the directors to banks and suppliers.
Developments in the US in recent years appear to try to redress the balance of liability by highlighting the
responsibilities of management with regard to published financial statements. The Sarbanes-Oxley Act
requires chief executive officers and finance officers to certify that the financial statements of listed
companies are not misleading and present the company's financial position and results fairly. In addition,
they are required to confirm that they are responsible for internal controls and have reported significant
control deficiencies to the auditors/audit committee.
The UK Companies Act 2006 requires the directors' report to contain a statement to the effect that, in the
case of each director:
(a) So far as the director is aware, there is no relevant audit information of which the auditor is
unaware
(b) They have taken all the steps that they ought to have taken as a director in order to make
themselves aware of any relevant audit information and to establish that the auditor is aware of that
information
If the statement in the directors' report is false, every director who knew it was false or who was reckless
as to whether it was false, and failed to take reasonable steps to prevent the report from being approved,
commits an offence.
In addition, Companies Act 2006 now makes it possible for auditors to limit their liability by agreement
with a company. We will look at this issue in more detail in Section 4.
http://accountingpdf.com/
82 3: Professional liability Part B Professional and ethical considerations
2.3.1 Banks and other major lenders
Banks and other major lenders have generally been excluded from the extent of negligent auditor's liability
by the decision in Caparo.
Banks often include clauses in loan agreements referring to audited financial statements and requesting
that they have access to audited financial statements on a regular basis or when reviewing the loan facility.
In other words, banks may document a 'relationship' with the auditors to establish that there is sufficient
proximity and that a duty of care exists.
The following Scottish case involved a situation similar to this.
Case Study
In Royal Bank of Scotland v Bannerman Johnstone Maclay and Others 2002 the bank, who provided an
overdraft facility to the company being audited, claimed the company had misstated its position due to a
fraud and that the auditors were negligent in not discovering the fraud. The auditors claimed that they had
no duty of care to the bank. However, the judge determined that the auditors would have known that the
bank required audited financial statements as part of the overdraft arrangement and could have issued a
disclaimer to the bank. The fact that they had not issued a disclaimer was an important factor in deciding
that the auditors did owe a duty of care to the bank.
2.3.2 Assurance services
The audit firm might be able and prepared to offer assurances to the bank in relation to financial
statements, position, internal controls or other matters of interest to a primary lender. If this is the case,
and the service is required by the bank, the auditor should seek to create an engagement with the bank
itself.
You should bear in mind that providing assurance services to a lender could result in a conflict of interest
arising, of course.
It is vital that you use the right kind of language when answering questions in this area. Your correct use
of such terms as duty of care, liability, negligence, proximity and third party can help to demonstrate to
the marker that you are familiar with the subject matter and are simply applying it to the circumstances in
the question.
2.4 Disclaimers 6/08
Auditors may attempt to limit liability to clients. This may not always be effective in law.
The cases above suggest that a duty of care to a third party may arise when an accountant does not know
that their work will be relied on by a third party, but only knows that it is work of a kind which is liable in
the ordinary course of events to be relied on by a third party.
Conversely, an accountant may sometimes be informed or be aware, before they carry out certain work, that
a third party will rely on the results. An example is a report on the business of a client which the accountant
has been instructed to prepare for the purpose of being shown to a potential purchaser or potential creditor
of that business. In such a case, an accountant should assume that they will be held to owe the same duty to
the third party as to their client. The Bannermann case suggests this will also be necessary for audit work.
Since the Bannermann case, many audit firms have included a disclaimer in their audit report.
When ACCA's Council considered the use of disclaimers, its view was:
'Standard disclaimers are not an appropriate or proportionate response to the Bannermann decision. Their
incorporation as a standard feature of the audit report could have the effect of devaluing that report.'
FAST FORWARD
Exam focus
point
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 83
However, there are areas of professional work (for example when acting as an auditor under the
Companies Act on behalf of shareholders and no liability limitation agreement is in place) where it is not
possible for liability to be limited or excluded. There are other areas of professional work (for example
when preparing reports on a business for the purpose of being submitted to a potential purchaser) where,
although such a limitation or exclusion may be included, its effectiveness will depend on the view that a
court may subsequently form of its reasonableness.
2.5 Litigation avoidance
The other aspect of how firms are trying to deal with litigation is what they are trying to do to avoid
litigation. This strategy has various aspects.
Client acceptance procedures. These are very important, particularly the screening of new clients
and the use of engagement letters. This is covered in more detail in Chapter 5.
Performance of audit work. Firms should make sure that all audits are carried out in accordance
with professional standards and best practice.
Quality control. This includes not just controls over individual audits but also stricter 'whole-firm'
procedures. This is considered in more detail in Chapter 4.
Issue of appropriate disclaimers. We discussed above the importance of these.
In ACCA's view the best way of restricting liability is for auditors to carry out their audit work in
accordance with auditing standards. Where work is properly conducted the auditor should not need to
subject it to blanket disclaimers.
Read the financial and accountancy press on a regular basis between now and your examination and note
any new cases or developments in the question of auditor liability.
Question Negligence claims
Although auditors can incur civil liability under various statutes, it is far more likely that they will incur
liability for negligence under the common law, as the majority of cases against auditors have been in this
area. Auditors must be fully aware of the extent of their responsibilities, together with the steps they must
take to minimise the danger of professional negligence claims.
Required
(a) Discuss the extent of an auditor's responsibilities to shareholders and others during the course of
their normal professional engagement.
(b) List six steps which auditors should take to minimise the danger of claims against them for
negligent work.
Answer
(a) Responsibility under statute
An auditor of a limited company has a responsibility, imposed upon him by statute, to form
and express a professional opinion on the financial statements presented by the directors to
the shareholders. He must report upon the truth and fairness of such statements and the fact
that they comply with the law. In so doing, the auditor owes a duty of care to the company
imposed by statute. But such duty also arises under contract and may also arise under the
common law (law of tort).
Responsibility under contract
In the UK the Companies Act does not state expressly the manner in which the auditor should
discharge their duty of care; neither is it likely that this would be clearly spelt out in any contract
setting out the terms of an auditor's appointment (eg the engagement letter). Although the articles of
Exam focus
point
http://accountingpdf.com/
84 3: Professional liability Part B Professional and ethical considerations
a company may extend the auditor's responsibilities beyond those envisaged by the Companies Act,
they cannot be used so as to restrict the auditor's statutory duties; neither may they place any
restriction upon the auditor's statutory rights which are designed to assist them in the discharge of
those duties.
The comments of Lopes L J when considering the degree of skill and care required of an auditor in
Re Kingston Cotton Mill 1896 are still relevant.
'... It is the duty of an auditor to bring to bear on the work he has to perform the skill, care and
caution which a reasonably competent, careful and cautious auditor would use. What is
reasonable skill, care and caution must depend on the particular circumstances of each case.'
Clearly, with the advent of auditing standards, a measure of good practice is now available for the
courts to take into account when considering the adequacy of the work of the auditor.
Responsibility in tort
The law of tort has established that a person owes a duty of care and skill to 'our neighbours'
(common and well-known examples of this neighbour principle can be seen in the law of trespass,
slander, libel and so on). In the context of the professional auditor the wider implications, however,
concern the extent to which the auditor owes a duty of care and skill to third parties who rely on
financial statements upon which they have reported but with whom he has no direct contractual or
fiduciary relationship.
Liability to third parties
In Caparo Industries plc v Dickman & Others 1990, it was held that the auditors of a public
company's financial statements owed no duty of care to members of the general public who relied
upon the financial statements in deciding to buy shares in the company. Furthermore as a
purchaser of more shares, a shareholder placing reliance on the auditor's report stood in the same
position as any other investing member of the public to whom the auditor owed no duty. This
decision appeared to radically reverse the tide of cases concerning the auditor's duty of care. The
purpose of the audit was simply that of meeting the statutory requirements of the Companies Act.
There was nothing in the statutory duties of a company auditor to suggest that they were intended
to protect the interests of investors in the market. In particular, there was no reason why any
special relationship should be held to arise simply from the fact that the affairs of the company
rendered it susceptible to a takeover bid.
The case between BDO Binder Hamlyn and ADT seems to have moved the argument on. In this
case, it was argued that proximity between a prospective investor and the auditor of a company
could be created if the investor asked the auditor whether they stood by their last audit. An appeal
is likely in this case, as the auditor involved face a large shortfall in the proceeds of an insurance
claim. The Scottish Bannerman case suggests that judges may be more likely to impute a duty of
care to the auditors if they were aware that the bank made use of audited financial statements and
did not disclaim liability to them.
(b) In order to provide a means of protection for the auditor arising from the comments in (a) above,
the following steps should be taken.
(i) Agreements concerning the duties of the auditor should be:
(1) Clear and precise
(2) In writing
(3) Confirmed by a letter of engagement, including matters specifically excluded
(ii) Audit work should be:
(1) Relevant to the system of internal control, which must be ascertained, evaluated and
tested. Controls cannot be entirely ignored: for the auditor to have any confidence in
an accounting system, there must be present and evident the existence of minimum
controls to ensure completeness and accuracy of the records
(2) Adequately planned before the audit commences
(3) Reviewed by a senior member of the firm to ensure quality control of the audit and
to enable a decision to be made on the form of audit report
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 85
(iii) Any queries arising during the audit should be:
(1) Recorded on the current working papers
(2) Cleared and filed
(iv) A management letter should be:
(1) Submitted to the client or the board of directors in writing immediately following an
audit
(2) Seen to be acted on by the client
(v) All members of an auditing firm should be familiar with:
(1) The standards expected throughout the firm
(2) The standards of the profession as a whole by means of adequate training, which
should cover the implementation of the firm's audit manual and the
recommendations of the professional accountancy bodies
(vi) Insurance should be taken out to cover the firm against possible claims.
3 Restricting liability 6/10
ACCA requires that auditors take out professional indemnity insurance.
Whether an auditor can restrict their liability to clients depends on the jurisdiction in question. Historically
it has been rare for liability to be restricted, but there are now some important exceptions to this such as
the UK (see section 4.1 below).
3.1 Professional indemnity insurance (PII)
Professional indemnity insurance (PII) is insurance against civil claims made by clients and third parties
arising from work undertaken by the firm.
Fidelity guarantee insurance is insurance against liability arising through any acts of fraud or dishonesty
by any partner, director or employee in respect of money or goods held in trust by the firm.
These types of insurance do not actually restrict the auditor's liability, but rather provide compensation to
the auditor for liabilities that are incurred.
It is important that auditors have insurance so that if negligence occurs:
The audit firm does not find itself with a liability that is too big for it to pay; and
The client can be compensated for the error. An insurance policy would enable this to happen even
where the compensation is greater than the resources of the firm.
Remember that accountants usually trade as partnerships, so all the partners are jointly and severally
liable to claims made against individual partners.
3.2 ACCA requirements
ACCA requires that all firms which hold practising and auditing certificates have PII with a reputable
insurance company. If the firm has employees, it must also have fidelity guarantee insurance.
The insurance must cover 'all civil liability incurred in connection with the conduct of the firm's business
by the partners, directors or employees'.
The cover must continue to exist for six years after a member ceases to engage in public practice.
FAST FORWARD
Key terms
http://accountingpdf.com/
86 3: Professional liability Part B Professional and ethical considerations
3.3 Advantages and disadvantages
The key advantage of such insurance is that it provides funds for an innocent party to be compensated in
the event of a wrong having been done to it.
An advantage to the auditor is that it provides some protection against bankruptcy in the event of
successful litigation against the firm. This is particularly important for a partnership, as partners may be
sued personally for the negligence of their fellow partners.
A key disadvantage is that the existence of insurance against the cost of negligence might encourage
auditors to take less care than:
Would otherwise be the case
Their professional duty requires
Another problem associated with such insurances are that there are limits of cover (linked with the cost of
buying the insurance) and any compensation arising from a claim could be higher than those limits. This
could lead to partners being bankrupted despite having insurance. A simple disadvantage associated with
the above is the regular cost of the insurance to the partnership.
3.4 Incorporation
The major accountancy firms have been interested in methods of reducing personal liability for partners in
the event of negligence for some time. For example, some years ago KPMG (one of the Big Four
accountancy firms) incorporated its UK audit practice. This was allowed under the UK's Companies Act
1989.
The new arrangement created 'a firm within a firm'. KPMG Audit plc is a limited company wholly owned by
the partnership, KPMG. The reason behind this is to protect the partners from the crushing effects of
litigation. The other side of incorporation means that KPMG Audit plc is subject to the statutory disclosure
requirements of companies.
An alternative to incorporation as a company is incorporation as a limited liability partnership.
Limited liability partnership can be operated in some countries, for example some US states and the UK,
which we will look at briefly below.
3.5 Limited liability partnerships
The Limited Liability Partnership Act 2000 enabled UK firms to establish limited liability partnerships as
separate legal entities. These combine the flexibility and tax status of a partnership with limited liability for
members.
The effect of this is that the partnership, but not its members, will be liable to third parties. However,
the personal assets of negligent partners will still be at risk.
Limited liability partnerships could be formed from 6 April 2001. Several prominent professional
partnerships have incorporated as LLPs.
Limited liability partnerships are set up by similar procedures to those for incorporating a company. An
incorporation document is sent to the Registrar of Companies. The Registrar will issue a certificate of
incorporation to confirm that all statutory requirements have been fulfilled.
In a similar way to traditional partnerships, relations between partners will be governed by internal partner
agreements, or by future statutory regulations. Each member of the partnership will still be an agent of the
partnership unless they have no authority to act and an outside party is aware of this lack of authority.
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 87
3.6 Advantages and disadvantages of different structures
Advantages Disadvantages
Partnership Less regulation than for companies
Financial statements not on public
record
Joint and several liability
Personal assets at risk
Incorporation Limited liability Public filing of audited financial
statements
Management must comply with
Companies Acts
LLP Protection of personal assets
Limited liability of members
Similar tax effect of partnership
Flexible management structures
Public filing of audited financial
statements
4 Current issues in auditor liability
Auditor liability is an important practical issue.
Even with PII and other means of restricting liability there has been great concern throughout the audit
profession globally about the remaining risks to firms' survival in the face of claims which might exceed
their insurance cover.
The profession has lobbied for further protection in the form of proportionate liability or capping
liability.
Proportionate liability allows claims arising from successful negligence claims to be split between the
auditors and the directors of the client company, the split being determined by a judge on the basis of
where the fault was seen to lie. This would require the approval of shareholders.
Capping liability sets a maximum limit on the amount that the auditor would have to pay out under any
claim.
4.1 UK Companies Act 2006
The Companies Act 2006 made it possible for auditors to limit their liability by agreement with a company.
It does this by defining a liability limitation agreement, which is a contractual limitation of the auditor's
liability to a company, requiring shareholder agreement by resolution and only effective if it is fair and
reasonable.
The agreement can cover liability for negligence, default, breach of duty or breach of trust by the auditor in
relation to the audit of financial statements for a particular year. For the agreement to be valid it cannot
cover more than one financial year. The company can also withdraw its authorisation of the agreement by
passing an ordinary resolution.
It is currently open to negotiation between auditors and their client companies as to what form the
agreement will take, for example a liability cap (fixed or variable), or proportionate liability but the Act
leaves it open for the Government to issue regulations in future as to the nature of these agreements.
Under current legislation, it is possible for auditors to suffer the entire liability for corporate collapse even
if they are found to be only partly to blame. The Big Four firms lobbied the then Department of Business,
Enterprise and Regulatory Reform (BERR) to get a limit on their exposure in the event of claims from
investors and others in the event of a company failure. This was prompted by fears that a blockbuster
lawsuit, if successful, could put one or more of them out of business, which in turn could trigger a
collapse of the audit market and cause chaos for business.
FAST FORWARD
Key terms
http://accountingpdf.com/
88 3: Professional liability Part B Professional and ethical considerations
The Big Four have been pushing for proportionate liability ever since the collapse of Arthur Andersen, then
one of the world's five biggest accounting firms, over its involvement in the Enrol scandal in 2002.
4.2 Ongoing debate
There have been concerns that regulations such as the UK Companies Act 2006 may distort competition in
the audit market. If the biggest firms set caps at very high levels, mid-tier firms could be disadvantaged. In
the UK the Government has left a provision for the relevant government ministers to issue specific rules
specifying what can and cannot be included in agreements in case competition problems arise.
There are also arguments that capping liability will reduce the value of the audit to investors and may put
pressure on firms to reduce fees.
Overall, the profession has reacted positively to these rules. The reaction was less positive to the other
major effect of the bill, introducing a criminal offence of 'knowingly or recklessly' including in the auditor's
report any matter that is misleading, false or deceptive in a material particular. The Government saw this
as being a necessary change in order to maintain audit quality.
4.3 Network firms
Several accountancy firms have moved towards network models over recent years. This is where member
firms are part of a larger structure, often sharing a name (or using a similar name) and professional
resources. As part of a global network, member firms have been able to sell services based on the value
and reputation of their global brand name. However in recent liability cases, some network firms have
claimed the network is not liable for negligence in an individual member firm even though they appear to
be operating under the same brand.
Case Study
BDO Seidman, a member firm of the global network BDO International, faced audit negligence claims to
the sum of $500m over the audit of ES Bankest, a company owned by the Portuguese bank Banco Espirito
Santo. Auditors from BDO Seidman had been accused of being grossly negligent in audits some seven
years previously. BDO International had claimed that they should not be held liable as member firm audits
are conducted independently.
It is possible that the network model may disappear or be modified in future years. The current situation
where network firms advertise under one brand and then claim they are separate firms when things go
wrong may not be sustainable given the outcome of current legal activity.
There is a useful article on auditor liability on the ACCA website, entitled 'Auditor liability: 'fair and
reasonable' punishment?'
5 Fraud and error 6/09, 6/13
Misunderstanding of the auditor's responsibilities in respect of fraud is a major component of the
'expectations gap'.
The key difference between fraud and error is that fraud is intentional.
FAST FORWARD
Point to note
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 89
5.1 What is fraud?
Fraud is an intentional act by one or more individuals among management, those charged with
governance (management fraud), employees (employee fraud) or third parties involving the use of
deception to obtain an unjust or illegal advantage. Fraud may be perpetrated by an individual, or in
collusion with people internal or external to the business.
Fraud is a wide legal concept, but the auditor's main concern is with fraud that causes a material
misstatement in financial statements. Specifically, there are two types of fraud causing material
misstatement in financial statements:
Fraudulent financial reporting
Misappropriation of assets
Fraud is distinguished from error, which is when a material misstatement is caused by mistake, for
example in the application of an accounting policy. Other examples of errors are mistakes in gathering or
processing financial data, and errors in making accounting estimates.
5.1.1 Fraudulent financial reporting
This may include:
Manipulation, falsification or alteration of accounting records/supporting documents
Misrepresentation (or omission) of events, transactions or other significant information in the
financial statements
Intentional misapplication of accounting principles
Such fraud may be carried out by overriding controls that would otherwise appear to be operating
effectively, eg by recording fictitious journal entries or improperly adjusting assumptions or estimates
used in financial reporting.
Aggressive earnings management is a topical issue and, at its most aggressive, may constitute fraudulent
financial reporting. Auditors should consider such issues as unsuitable revenue recognition, accruals,
liabilities, provisions and reserves accounting and large numbers of immaterial breaches of financial
reporting requirements to see whether together, they constitute fraud.
Revenue recognition is perhaps the single most common area of fraudulent financial reporting, and is an
area that your examination team has highlighted as important. If a scenario in your exam features complex
or material revenue recognition, immediately think 'risk of fraudulent financial reporting'.
5.1.2 Misappropriation of assets
This is the theft of the entity's assets (for example, cash, inventory). Employees may be involved in such
fraud in small and immaterial amounts; however, it can also be carried out by management for larger items
who may then conceal the misappropriation, for example by:
Embezzling receipts (for example, diverting them to private bank accounts)
Stealing physical assets or intellectual property (inventory, sales data)
Causing an entity to pay for goods not received (payments to fictitious vendors)
Using assets for personal use
From the auditor's point of view, the main problem with theft is while it is ongoing and undiscovered, it
may result in the accounting records being misstated. For example, if inventory is stolen then the
accounting records will show more items in inventory than there really are.
5.2 Responsibilities with regard to fraud
Management and those charged with governance are primarily responsible for preventing and detecting
fraud.
Key term
Exam focus
point
FAST FORWARD
http://accountingpdf.com/
90 3: Professional liability Part B Professional and ethical considerations
It is up to management to put a strong emphasis within the company on fraud prevention, putting in place
systems to prevent fraud.
Management must also establish a strong control environment, with an emphasis on the principles of
good corporate governance but also a culture of honesty and ethical behaviour. In relation to fraud in
particular, this would mean eg putting policies in place to help ensure that employees are aware of their
responsibilities regarding fraud, issuing guidance for employees on what they should do if they encounter
or suspect a fraud.
Auditors are responsible for carrying out an audit in accordance with international auditing standards, one
of which is ISA 240 The auditor's responsibilities relating to fraud in an audit of financial statements,
which we shall look at now. The auditor is not responsible for preventing fraud; the auditor may be
deemed responsible only if they have not conducted their audit properly.
5.3 The auditor's approach to the possibility of fraud
5.3.1 General
The key responsibility of an auditor is set out early in ISA 240: essentially the auditor is only concerned
about fraud if it causes the financial statements to be misstated. The auditor's concern is with
misstatements, whatever their cause. The main objective is to obtain reasonable assurance that there are
no material misstatements, whether they are caused by fraud or by error.
Fraud and error are, however, different. If the auditor is to detect misstatements caused by fraud, then
they must focus on the risks that are specific to fraud. ISA 240 therefore gives the following objectives,
which are specific to fraud.
ISA 240.10
The objectives of the auditor are:
(a) To identify and assess the risks of material misstatement of the financial statements due to fraud;
(b) To obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses; and
(c) To respond appropriately to fraud or suspected fraud identified during the audit.
Fraud may be harder to detect than error, because with a fraud the fraudster is actively trying to hide
what they have done.
An overriding requirement of the ISA is that auditors are aware of the possibility of there being
misstatements due to fraud. The mindset of professional scepticism is important here, with the auditor
always being alert to the possibility that things are not as they seem, and that the management who have
always appeared honest may not really be.
5.3.2 Discussion with the engagement team
ISA 240 requires there to be discussion by members of the engagement team of the susceptibility of the
entity's financial statements to material misstatement due to fraud, including how fraud might occur.
The engagement partner must consider what matters discussed should be passed on to other members of
the team not present at the discussion. The discussion itself usually includes consideration of:
How fraud could be done
Circumstances that might be indicative of aggressive earnings management
Known factors that might give incentive to management to commit fraud
Management's oversight of employees with access to cash/other assets
Any unusual/unexplained changes in lifestyle of management/employees
How to maintain professional scepticism throughout the audit
The types of circumstance that might indicate fraud
How unpredictability will be incorporated into the audit
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 91
What audit procedures might be carried out to answer any suspicions of fraud
Any allegations of fraud that have come to the auditors' attention
The risk of management override of controls.
5.3.3 Risk assessment procedures
The auditor would undertake risk assessment procedures as set out in ISA 315 Identifying and assessing
the risks of material misstatement through understanding the entity and its environment (see Chapter 6)
which would include assessing the risk of fraud. These will include:
Inquiries of management and those charged with governance
Consideration of whether fraud risk factors are present
Consideration of results of analytical procedures
Consideration of any other relevant information
In identifying the risks of fraud, the auditor is required by the ISA to carry out some specific procedures.
The auditor must ask management about:
Management's assessment of the risk of misstatement due to fraud
How management identifies and responds to fraud risks, and details of any specific risks identified
Whether they know of any actual or suspected fraud.
If the entity has an internal audit function, the auditor must ask it for its views on the risks of fraud, and
whether fraud has taken place.
The size, complexity and ownership characteristics of the entity have a significant influence on the
consideration of relevant fraud risk factors. For example in the case of a large entity there may be factors
that generally constrain improper conduct by management including effective oversight by those charged
with governance, an effective internal audit function and a written code of conduct. These considerations
are less likely in the case of a small entity.
Examples of fraud risk factors
ISA 240 does not attempt to provide a definitive list of risk factors but, in an appendix, identifies and gives
examples of two types of fraud that are relevant to auditors:
Fraudulent financial reporting
Misstatements arising from misappropriation of assets
For each of these, the risk factors are classified according to three conditions that are generally present
when misstatements due to fraud occur:
Incentives/pressures
Opportunities
Attitudes/rationalisations
http://accountingpdf.com/
92 3: Professional liability Part B Professional and ethical considerations
ISA 240.26
When identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based
on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue,
revenue transactions or assertions give rise to such risks.
ISA 240.27
The auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and
accordingly, to the extent not already done so, the auditor shall obtain an understanding of the entity's
related controls, including control activities, relevant to such risks.
Generally, the auditor:
Identifies fraud risks
Relates this to what could go wrong at a financial statement level
Considers the likely magnitude of potential misstatement
Fraudulent financial
reporting
Incentives/pressures Opportunities Attitudes/rationalisations
Financial stability/profitability
is threatened
Pressure on management to
meet the expectations of third
parties
Personal financial situation of
management threatened by the
entity's financial performance
Excessive pressure on
management or operating
personnel to meet financial
targets
Significant related-party
transactions
Assets, liabilities,
revenues or expenses
based on significant
estimates
Domination of
management by a single
person or small group
Complex or unstable
organisational structure
Internal control
components are deficient
Ineffective communication
or enforcement of the entity's
values or ethical standards
by management
Known history of violations
of securities laws or other
laws and regulations
A practice by management
of committing to achieve
aggressive or unrealistic forecasts
Low morale among senior
management
Relationship between
management and the current
or predecessor auditor is strained
Misappropriation
of assets
Opportunities
Personal financial obligations
Adverse relationships between
the entity and employees with
access to cash or other assets
susceptible to theft
Large amounts of cash on
hand or processed
Inventory items that are
small in size, of high value,
or in high demand
Easily convertible assets,
such as bearer bonds,
diamonds, or computer chips
Inadequate internal control
over assets
Overriding existing controls
Failing to correct known
internal control deficiencies
Behaviour indicating
displeasure or dissatisfaction
with the entity
Changes in behaviour or
lifestyle
Incentives/pressures Attitudes/rationalisations
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 93
Question Fraud risk factors
You are an audit manager for Elle and Emm, Chartered Certified Accountants. You are carrying out the
planning of the audit of Sellfones Co, a listed company, and a high street retailer of mobile phones, for the
year ending 30 September 20X7. The notes from your planning meeting with Pami Desai, the financial
director, include the following.
(1) One of Sellfones' main competitors ceased trading during the year due to the increasing pressure
on margins in the industry and competition from online retailers.
(2) A new management structure has been implemented, with 10 new divisional managers appointed
during the year. The high street shops have been allocated to these managers, with approximately
20 branch managers reporting to each divisional manager. The divisional managers have been set
challenging financial targets for their areas, with substantial bonuses offered to incentivise them to
meet the targets. The board of directors have also decided to cut the amount that will be paid to
shop staff as a Christmas bonus.
(3) In response to recommendations in the prior year's Report to Management, a new inventory
system has been implemented. There were some problems in its first months of operation but a
report has been submitted to the board by Steven MacLennan, the chief accountant, confirming
that the problems have all been resolved and that information produced by the system will be
accurate. Pami commented that the chief accountant has had to work very long hours to deal with
this new system, often working at weekends and even refusing to take any leave until the system
was running properly.
(4) The company is planning to raise new capital through a share issue after the year-end in order to
finance expansion of the business into other countries in Europe. As a result, Pami has requested
that the auditor's report is signed off by 15 December 20X7 (six weeks earlier than in previous
years).
(5) The latest board summary of results includes:
9 months to 30 June 20X7 (unaudited) Year to 30 September 20X6 (audited)
$m $m
Revenue 320 Revenue 280
Cost of sales 215 Cost of sales 199
Gross profit 105 Gross profit 81
Operating expenses (89) Operating expenses (70)
Exceptional profit on sale
of properties 30 –
Profit before tax 46 11
(6) Several shop properties owned by the company were sold under sale and leaseback arrangements.
Required
Identify and explain any fraud risk factors that the audit team should consider when planning the audit of
Sellphones Co.
http://accountingpdf.com/
94 3: Professional liability Part B Professional and ethical considerations
Approaching the answer
Look for key words and ask questions of the information given to you. This is illustrated below.
Question Fraud risk factors
You are an audit manager for Elle and Emm, Chartered Certified Accountants. You are carrying out the
planning of the audit of Sellfones Co, a listed company, and a high street retailer of mobile phones, for the
year ending 30 September 20X7. The notes from your planning meeting with Pami Desai, the financial
director, include the following.
(1) One of Sellfones' main competitors ceased trading during the year due to the increasing pressure
on margins in the industry and competition from online retailers.
(2) A new management structure has been implemented, with 10 new divisional managers appointed
during the year. The high street shops have been allocated to these managers, with approximately
20 branch managers reporting to each divisional manager. The divisional managers have been set
challenging financial targets for their areas, with substantial bonuses offered to incentivise them to
meet the targets. The board of directors have also decided to cut the amount that will be paid to
shop staff as a Christmas bonus.
(3) In response to recommendations in the prior year's Report to Management, a new inventory
system has been implemented. There were some problems in its first months of operation but a
report has been submitted to the board by Steven MacLennan, the chief accountant, confirming
that the problems have all been resolved and that information produced by the system will be
accurate. Pami commented that the chief accountant has had to work very long hours to deal with
this new system, often working at weekends and even refusing to take any leave until the system
was running properly.
(4) The company is planning to raise new capital through a share issue after the year-end in order to
finance expansion of the business into other countries in Europe. As a result, Pami has requested
that the auditor's report is signed off by 15 December 20X7 (six weeks earlier than in previous
years).
(5) The latest board summary of results includes:
9 months to 30 June 20X7 (unaudited) Year to 30 September 20X6 (audited)
$m $m
Revenue 320 Revenue 280
Cost of sales 215 Cost of sales 199
Gross profit 105 Gross profit 81
Operating expenses (89) Operating expenses (70)
Exceptional profit on sale
of properties 30 –
Profit before tax 46 11
(6) Several shop properties owned by the company were sold under sale and leaseback arrangements.
Required
Identify and explain any fraud risk factors that the audit team should consider when planning the audit of
Sellphones Co.
Identify the stage of the
audit
Nature of industry –
very competitive
Indication of level of
competition
Is it effective? Do they
have the expertise?
Increased risk? Morale?
Pressure on
management to be
successful
Reliability? Under
pressure?
Suspicious? Pressure on results
Increased audit risk?
Changes in margin
in line with
expectations?
Substance
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 95
Answer plan
Not all the points you notice will necessarily be relevant and you may also find that you do not have time
to mention all the points. You may also notice that certain issues are related and should be dealt with
together. Prioritise your points in a more formal plan and then write out your answer.
Risk factors:
Nature of industry and operating conditions
Management structure and incentives
New inventory system/chief accountant
Results
Exceptional gain
Time pressure
Theft of assets
Answer
In this scenario there are a large number of factors that should alert the auditors to the possibility of
misstatements arising from fraudulent financial reporting, and others that could indicate a risk of
misstatements arising from misappropriation of assets.
(1) Operating conditions within the industry
The failure of a competitor in a highly competitive business sector highlights the threat to the
survival of a business such as Sellphones and this could place the directors under pressure to
overstate the performance and position of the company in an attempt to maintain investor
confidence, particularly given the intention to raise new share capital.
(2) Management structure and incentives
It is not clear in the scenario how much involvement the new divisional managers have in the
financial reporting process but the auditors would need to examine any reports prepared or
reviewed by them very carefully, as their personal interest may lead them to overstate results in
order to earn their bonuses.
(3) New inventory system/chief accountant
The problems with the implementation of the new inventory system suggest that there may have
been control deficiencies and errors in the recording of inventory figures. Misstatements, whether
deliberate or not, may not have been identified. The amount of time spent by the chief accountant
on the implementation of the new inventory system could be seen as merely underlining the
severity of the problems, but the fact that they have not taken any leave should also be considered
as suspicious and the auditors should be alert to any indication that they may have been involved in
any deliberate misstatement of figures.
(4) Results
The year on year results look better than might be expected given the business environment. The
gross profit margin has increased to 32.8% (20X6 25.3%) and the operating profit margin has
increased to 5% (20X6 3.9%). This seems to conflict with what is known about the industry and
should increase the auditor's professional scepticism in planning the audit.
(5) Exceptional gain
The sale and leaseback transaction may involve complex considerations relating to its commercial
substance. It may not be appropriate to recognise a gain or the gain may have been miscalculated.
(6) Time pressure on audit
The auditors should be alert to the possibility that the tight deadline may have been set to reduce
the amount of time the auditors have to gather evidence after the end of the reporting period,
perhaps in the hope that certain deliberate misstatements will not be discovered.
(7) Risk of misappropriation of assets
The nature of the inventory held in the shops increases the risk that staff may steal goods. This risk
is perhaps increased by the fact that the attitude of the staff towards their employer is likely to have
been damaged by the cut in their Christmas bonus. The problems with the new inventory recording
system increase the risk that any such discrepancies in inventory may not have been identified.
http://accountingpdf.com/
96 3: Professional liability Part B Professional and ethical considerations
5.3.4 Responding to assessed risks
The auditor must then come up with responses to the assessed risks.
ISA 240.28
In accordance with ISA 330 the auditor shall determine overall responses to address the assessed risks of
material misstatement due to fraud at the financial statement level.
In determining overall responses to address the risks of material misstatement due to fraud at the financial
statement level the auditor should:
(a) Consider the assignment and supervision of personnel
(b) Consider the accounting policies used by the entity
(c) Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit
procedures
ISA 240.30
In accordance with ISA 330, the auditor shall design and perform further audit procedures whose nature,
timing and extent are responsive to the assessed risks of material misstatement due to fraud at the
assertion level.
The auditor may have to amend the nature, timing or extent of planned audit procedures to address
assessed risks. The auditor should also consider the following.
Audit procedures responsive to management override of controls
Journal entries and other adjustments
Accounting estimates
Business rationale for significant transactions
Examples: specific audit procedures
The auditor might to choose to attend previously unvisited branches to carry out inventory or cash checks.
The auditor might perform detailed analytical procedures using disaggregated data, for example,
comparing sales and costs of sales by location.
The auditor might use an expert to assess management estimates in a subjective area.
5.4 Evaluation of audit evidence
The auditor evaluates the audit evidence obtained to ensure it is consistent and that it achieves its aim of
answering the risks of fraud. This will include a consideration of results of analytical procedures and any
misstatements found. The auditor must also consider the reliability of written representations.
The auditor must obtain written representation that management accepts its responsibility for the
prevention and detection of fraud and has made all relevant disclosures to the auditors.
5.5 Documentation
The auditor must document:
The significant decisions reached as a result of the team's discussion of fraud
The identified and assessed risks of material misstatement due to fraud
The overall responses to assessed risks
Results of specific audit tests
Any communications with management
Reasons for concluding that the presumption that there is a risk of fraud related to revenue
recognition is not applicable
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 97
5.6 Reporting
There are various reporting requirements in ISA 240.
ISA 240.40
If the auditor has identified a fraud or has obtained information that indicates a fraud may exist, the auditor
shall communicate these matters on a timely basis to the appropriate level of management in order to
inform those with primary responsibility for the prevention and detection of fraud of matters relevant to
their responsibilities.
ISA 240.41
Unless all of those charged with governance are involved in managing the entity, if the auditor has
identified or suspects fraud involving:
(a) management;
(b) employees who have significant roles in internal control; or
(c) others, where the fraud results in a material misstatement in the financial statements,
the auditor shall communicate these matters to those charged with governance on a timely basis. If the
auditor suspects fraud involving management, the auditor shall communicate these suspicions to those
charged with governance and discuss with them the nature, timing and extent of audit procedures
necessary to complete the audit.
The auditor should also make relevant parties within the entity aware of significant deficiencies in the
design or implementation of controls to prevent and detect fraud which has come to the auditor's
attention, and consider whether there are any other relevant matters to bring to the attention of those
charged with governance with regard to fraud.
The auditor may have a statutory duty to report fraudulent behaviour to regulators outside the entity. If no
such legal duty arises, the auditor must consider whether to do so would breach their professional duty of
confidence. In either event, the auditor should take legal advice.
5.7 Auditor unable to continue
The auditor should consider the need to withdraw from the engagement if they uncover exceptional
circumstances with regard to fraud.
Remember the confidentiality issues from Chapter 2. When you are considering whether to make a public
interest disclosure, you should always bear it in mind.
Question Detection of fraud
Required
(a) Discuss what responsibility auditors have to detect fraud.
(b) Explain how the auditors might conduct their audit in response to an assessed risk of:
(i) Misappropriation
(ii) Fraudulent financial reporting
Answer
(a) The primary responsibility for the prevention and detection of fraud and irregularities rests with
management and those charged with governance. This responsibility may be partly discharged by
the institution of an adequate system of internal control including, for example, authorisation
controls and controls covering segregation of duties.
Exam focus
point
http://accountingpdf.com/
98 3: Professional liability Part B Professional and ethical considerations
The auditors should recognise the possibility of material irregularities or frauds which could,
unless adequately disclosed, distort the results or state of affairs shown by the financial
statements. ISA 240 states that the auditor is responsible for obtaining reasonable assurance that
the financial statements taken as a whole are free from material misstatement whether caused by
fraud or error. Auditors are required to carry out their audit with professional skepticism.
Auditors are required to carry out risk assessment procedures in respect of fraud. This will involve
making enquiries of management, considering if any risk factors (such as the existence of pressure
for management to meet certain targets) are present and considering the results of analytical
procedures if any method or unexpected relationships have been identified.
If there is an assessed risk of fraud, the auditor must make suitable responses. Overall responses
include considering the personnel for the assignment (for example, using more experienced
personnel), considering the accounting policies used by the entity (have they changed? Are they
reasonable?) and incorporating an element of unpredictability into the audit.
Specific responses to the risk of misstatement at the assertion level due to fraud will vary
depending on the circumstances but could include:
(i) Changing the nature of audit tests (for example, introducing computer-assisted audit
techniques if more detail is required about a computerised system)
(ii) Changing the timing of audit tests (for example, testing throughout an audit period, instead
of extending audit conclusions from an interim audit)
(iii) Changing the extent of audit tests (for example, increasing sample sizes)
(b) (i) Misappropriation
Employee frauds such as misappropriation are likely to take place when controls are weak.
If controls are weak, auditors may not test controls and therefore evidence of employee
fraud might go undetected. However, if auditors have identified a risk of employee fraud,
they might as a response test controls in the relevant area (such as purchases or sales) in
order to identify any unexplained patterns in the company's procedures. For example, if a
purchase fraud is suspected, auditors might scrutinise authorisation controls to see if a
particular member of staff always authorises certain items/for certain people, where the
system does not require that.
Many substantive procedures normally performed by the auditors may assist in isolating
employee frauds, if they are occurring. For example, tests performed on the receivables
ledger may be aimed at revealing overstatement or irrecoverable receivables, but the design
of such tests also assists with cash understatement objectives and may reveal irregularities
such as 'teeming and lading'.
(ii) Fraudulent financial reporting
If the auditors conclude that there is a high risk of fraudulent financial reporting by
management, they will concentrate on such techniques as analytical procedures, scrutiny of
unusual transactions and all journal entries, review of events after the reporting period
(including going concern evaluation), and review of the financial statements and accounting
policies for any changes or material distortions.
6 The expectations gap
The 'expectations gap' refers to the difference between the public's and auditors' expecations of the audit
process.
The 'expectations gap' can be narrowed either by educating the users of audited financial statements, or
by extending the auditor's role.
FAST FORWARD
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 99
ISA 240 sets out the current position on the auditor's responsibility to consider fraud. There remains a
debate as to whether this is sufficient, as the area of fraud is a key part of the expectations gap between
what users of auditors' reports believe to be the purposes of the audit compared with the actual nature of
the assurance reported to them by auditors.
The issue of the expectations gap is consistently in and out of the financial press. In recent years, there
has been a focus on the role of auditors in evaluating whether a company is a going concern. In the USA,
the collapse of Lehman Brothers brought with it accusations from some quarters that its auditor, Ernst &
Young, had failed to discharge its responsibilities as auditor.
A recent example of such coverage relates to auditors Ernst & Young (EY) and its audit client, the
Olympus Corporation. A scandal was precipitated when Olympus's recently-appointed chief executive was
ousted from his position after having exposed what was described as a loss-hiding arrangement of
fraudulent financial reporting. A succession of auditors had issued unmodified reports throughout this
period. An internal Olympus inquiry into the fraud concluded that the scheme had been too well-concealed
for the auditors to detect it:
'The masterminds of this case were hiding the illegal acts by artfully manipulating experts'
opinions…'
Reuters report, at www.webcitation.org/65x0p5rgR
High profile cases such as these have brought up the question of the extent to which auditors should be
responsible for detecting fraud, and how this differs from the way that the responsibilities of the auditor
are perceived.
6.1 Narrowing the expectations gap
Logically, the expectations gap could be narrowed in two ways.
(1) Educating users – The auditor's report as outlined in ISA 700 Forming an opinion and reporting on
financial statements includes an explanation of the auditor's responsibilities, but also quite
extensive discussions of the key matters arising from the audit.
(2) Extending the auditor's responsibilities – Research indicates that extra work by auditors with the
inevitable extra costs is likely to make little difference to the detection of fraud because:
Most material frauds involve management
More than half of frauds involve misstated financial reporting but do not include diversion of
funds from the company
Management fraud is unlikely to be found in a financial statement audit
Far more is spent on investigating and prosecuting fraud in a company than on its audit
Suggestions for expanding the auditor's role have included:
Requiring auditors to report to boards and audit committees on the adequacy of controls to
prevent and detect fraud
Encouraging the use of targeted forensic fraud reviews (see Chapter 14)
Increasing the requirement to report suspected frauds
http://accountingpdf.com/
100 3: Professional liability Part B Professional and ethical considerations
Chapter Roundup
Professional accountants may have professional liability under statutory law.
Auditors may have professional liability in the tort of negligence.
The auditor owes a duty of care to the audit client automatically under law.
The auditor only owes a duty of care to parties other than the audit client if one has been established.
Auditors may attempt to limit liability to clients. This may not always be effective in law.
ACCA requires that auditors take out professional indemnity insurance.
Auditor liability is an important practical issue.
Misunderstanding of the auditor's responsibilities in respect of fraud is a major component of the
'expectations gap'.
The key difference between fraud and error is that fraud is intentional.
Management and those charged with governance are primarily responsible for preventing and detecting
fraud.
The 'expectations gap' refers to the difference between the public's and auditors' expectations of the audit
process.
The 'expectations gap' can be narrowed either by educating the users of audited financial statements, or
by extending the auditor's role.
http://accountingpdf.com/
Part B Professional and ethical considerations 3: Professional liability 101
Quick Quiz
1 Define fraud.
2 Draw a table showing the reporting requirements of ISA 240 The auditor's responsibilities relating to fraud
in an audit of financial statements.
3 Determine whether each of the following is an example of fraud or of error.
Fraud or error?
Clerical mistake resulting in overstatement of profit before taxation ……..
Theft of cash from the company ……..
Failing to consolidate a loss-making subsidiary in order to improve group results ……..
Misinterpretation of facts resulting in incorrect accounting estimate ……..
4 What three matters must an injured party satisfy to the court in an action for negligence?
(1) ........................................
(2) ........................................
(3) ........................................
5 Name four aspects of litigation avoidance.
(1) ........................................
(2) ........................................
(3) ........................................
(4) ........................................
6 Professional indemnity insurance is insurance against liability arising through any acts of fraud or
dishonesty by partners in respect of money held in trust by the firm.
True
False
http://accountingpdf.com/
102 3: Professional liability Part B Professional and ethical considerations
Answers to Quick Quiz
1 Fraud is the use of deception to obtain unjust or illegal financial advantage and intentional
misrepresentation by management, employees or third parties.
2 Management If the auditors suspect or detect any fraud (even if immaterial) they
should tell management as soon as they can.
Those charged with governance If the auditor has identified fraud involving management, employees
with significant roles in internal control, or others, if it results in a
material misstatement, they must report it to those charged with
governance.
Third parties Auditors may have a statutory duty to report to a regulator. Auditors
are advised to take legal advice if reporting externally to the company.
3
Clerical mistake resulting in overstatement of profit before taxation Error
Theft of cash from the company Fraud
Failing to consolidate a loss-making subsidiary in order to improve group results Fraud
Misinterpretation of facts resulting in incorrect accounting estimate Error
4 (1) A duty of care existed
(2) Negligence occurred
(3) The injured party suffered pecuniary loss as a result
5 (1) Client acceptance procedures
(2) Performance of audit work in line with ISAs
(3) Quality control
(4) Disclaimers
6 False. That is fidelity guarantee insurance. Professional indemnity insurance is insurance against civil
claims made by clients and third parties arising from work undertaken by the firm.
Now try the questions below from the Practice Question Bank.
Number Level Marks Time
Q4 Examination 15 29 mins
Q5 Examination 20 39 mins
http://accountingpdf.com/
103
Practice management
P
A
R
T
C
http://accountingpdf.com/
104
http://accountingpdf.com/
105
Topic list Syllabus reference
1 P rinciples and purpose C1
2 Quality control at a firm level C1
3 Quality control on an individual audit C1
Quality control
Introduction
The role performed by auditors represents an activity of significant public
interest. Quality independent audit is crucial, both to users and to the audit
profession as a whole. Poor audit quality damages the reputation of the firm and
may lead to loss of clients and thus fees, as well as an increased risk of litigation
and concomitant professional insurance costs.
Although there are specific standards giving guidance on how auditors should
perform their work with satisfactory quality, these can never cater for every
situation. Two standards deal with quality at a general level. These are ISQC 1
Quality control for firms that perform audits and reviews of financial statements,
and other assurance and related services engagements, and ISA 220 Quality
control for an audit of financial statements.
http://accountingpdf.com/
106 4: Quality control Part C Practice management
Study guide
Intellectual level
C1 Quality control
(a) Explain the principles and purpose of quality control of audit and other
assurance engagements.
1
(b) Describe the elements of a system of quality control relevant to a given firm. 2
(c) Select and justify quality control procedures that are applicable to a given
audit engagement.
3
(d) Assess whether an engagement has been planned and performed in
accordance with professional standards and whether reports issued are
appropriate in the circumstances.
3
Exam guide
Issues relating to quality control can be linked with almost any area of the P7 syllabus, from ethics and
auditor liability covered in Part B to any of the specific areas covered in Part D of this Study Text. You
could be asked to suggest quality control procedures that a firm should implement in specific
circumstances; to review a firm's procedures and assess their adequacy; or to assess procedures planned
or performed, and evidence obtained, for a specific engagement.
1 Principles and purpose
There is no simple definition of audit quality because there is no one 'correct' way to audit. It is often a
matter of conducting an audit in line with the spirit as well as the letter of professional guidance.
Audit quality is not defined in law or through regulations, and neither do auditing standards provide a
simple definition.
Although each stakeholder in the audit will give a different meaning to audit quality, at its heart it is about
delivering an appropriate professional opinion supported by the necessary evidence and judgements.
Many principles contribute to audit quality, including good leadership, experienced judgement, technical
competence, ethical values and appropriate client relationships, proper working practices and effective
quality control and monitoring review processes.
The standards on audit quality provide guidance to firms on how to achieve these principles.
2 Quality control at a firm level Pilot, 6/09, 12/11, 6/14
The International Standard on Quality Control (ISQC 1) helps audit firms to establish quality standards for
their business.
The fact that auditors follow international auditing standards provides a general quality control framework
within which audits should be conducted. There are also specific quality control standards.
FAST FORWARD
FAST FORWARD
http://accountingpdf.com/
Part C Practice management 4: Quality control 107
2.1 Purpose of ISQC 1
ISQC 1.11
The objective of the firm is to establish and maintain a system of quality control to provide it with
reasonable assurance that:
(a) The firm and its personnel comply with professional standards and applicable legal and regulatory
requirements; and
(b) Reports issued by the firm or engagement partners are appropriate in the circumstances.
All quality control policies and procedures should be documented and communicated to the firm's
personnel.
We have already considered the sections of this standard relating to ethics in Chapter 2 and those relating
to client acceptance will be covered in Chapter 5 of this Study Text. We shall now consider the
requirements of the rest of the standard, which fall into the following areas.
Firm and leadership responsibilities for quality within the firm
Human resources
Engagement performance (see also below, the requirements of ISA 220)
Monitoring
2.2 Firm and leadership responsibilities for quality within the firm
ISQC 1.13
Personnel within the firm responsible for establishing and maintaining the firm's system of quality control
shall have an understanding of the entire text of this ISQC, including its application and other explanatory
material, to understand its objective and to apply its requirements properly.
Firms are required to ensure that the appropriate training is provided to ensure there is complete
understanding of the objectives and procedures under ISQC 1. The standard stipulates further that some
firms may need to apply additional procedures (beyond those of the standard) to ensure that the
objectives are met.
The standard requires that the firm implements policies such that the internal culture of the firm is one
where quality is considered to be essential. Such a culture must be inspired by the leaders of the firm,
who must promote this culture by the example of their actions and messages. In other words, the entire
business strategy of the audit firm should be driven by the need for quality in its operations.
The firm may appoint an individual or group of individuals to oversee quality in the firm. Such individuals
must have:
Sufficient and appropriate experience
The ability to carry out the job
The necessary authority to carry out the job
2.3 Human resources
The firm's overriding desire for quality will necessitate policies and procedures on ensuring excellence in
its staff, to provide the firm with 'reasonable assurance that it has sufficient personnel with the
capabilities, competence, and commitment to ethical principles necessary to perform its engagements
in accordance with professional standards and regulatory and legal requirements, and to enable the firm
or engagement partners to issue reports that are appropriate in the circumstances'.
http://accountingpdf.com/
108 4: Quality control Part C Practice management
These will cover the following issues.
Recruitment Performance evaluation
Capabilities Competence
Career development Promotion
Compensation The estimation of personnel needs
The firm is responsible for the ongoing excellence of its staff, through continuing professional
development, education, work experience and coaching by more experienced staff.
2.3.1 Assignment of engagement teams
The assignment of engagement teams is an important matter in ensuring the quality of an individual
assignment.
This responsibility is given to the audit engagement partner. The firm should have policies and procedures
in place to ensure that:
Key members of client staff and those charged with governance are aware of the identity of the
audit engagement partner
The engagement partner has appropriate capabilities, competence, authority and time to perform
the role
The engagement partner is aware of their responsibilities as engagement partner
The engagement partner should ensure that they assign staff with sufficient capabilities, competence and
time to individual assignments so that they will be able to issue an appropriate report.
2.4 Engagement performance
The firm should take steps to ensure that engagements are performed correctly, that is, in accordance
with standards and guidance. Firms often produce a manual of standard engagement procedures to give
to all staff so that they know the standards they are working towards. These may be in an electronic
format.
Ensuring good engagement performance involves a number of issues:
Direction Consultation
Supervision Resolution of disputes
Review
Many of these issues will be discussed in the context of an individual audit assignment (see Section 3
below).
ISQC 1.34
The firm shall establish policies and procedures designed to provide it with reasonable assurance that:
(a) Appropriate consultation takes place on difficult or contentious matters
(b) Sufficient resources are available to enable appropriate consultation to take place
(c) The nature and scope of, and conclusions resulting from, such consultations are documented and
are agreed by both the individual seeking consultation and the individual consulted
(d) Conclusions resulting from consultations are implemented
This may involve consulting externally, for example with other firms, or the related professional body
(ACCA), particularly when the firm involved is small.
When there are differences of opinion on an engagement team, a report should not be issued until the
dispute has been resolved. This may involve the intervention of the quality control reviewer.
http://accountingpdf.com/
Part C Practice management 4: Quality control 109
A peer review is a review of an audit file carried out by another partner in the assurance firm.
A hot review (also known as a pre-issuance review) is a peer review carried out before the audit report is
signed.
A cold review (also known as a post-issuance review) is a peer review carried out after the audit report is
signed.
The firm should have policies and procedures to determine when a quality control reviewer will be
necessary for an engagement. This will include all audits of financial statements for listed companies.
When required, such a review must be completed before the report is signed.
The firm must also have standards as to what constitutes a suitable quality control review (the nature,
timing and extent of such a review, the criteria for eligibility of reviewers and documentation requirements).
Quality control reviews
Nature, timing and extent It ordinarily includes discussion with the engagement partner, review of the
financial statements/other subject matter information and the report, and
consideration of whether the report is appropriate. It will also involve a
selective review of working papers relating to significant judgements made.
Eligibility The reviewer must have sufficient technical expertise and be objective
towards the assignment.
Documentation Documentation showing that the firm's requirements for a review have been
met, that the review was completed before the report was issued and a
conclusion that the reviewer is not aware of any unresolved issues.
Listed companies The review should include:
The engagement team's evaluation of the firm's independence in relation
to the specific engagement
Significant risks identified during the engagement and the responses to
those risks
Judgements made, particularly with respect to materiality and significant
risks
Whether appropriate consultation has taken place on matters involving
differences of opinion or other difficult or contentious matters, and the
conclusions arising from those consultations
The significance and disposition of corrected and uncorrected
misstatements identified during the engagement
The matters to be communicated to management and those charged with
governance and, where applicable, other parties such as regulatory
bodies
Whether working papers selected for review reflect the work performed
in relation to the significant judgements and support the conclusions
reached
The appropriateness of the report to be issued
2.5 Monitoring
The standard states that firms must have policies in place to ensure that their quality control procedures are:
Relevant Operating effectively
Adequate Complied with
In other words, they must monitor their system of quality control. Monitoring activity should be reported
to the management of the firm on an annual basis.
Key terms
http://accountingpdf.com/
110 4: Quality control Part C Practice management
There are two types of monitoring activity, an ongoing evaluation of the system of quality control and
periodic inspection of a selection of completed engagements. An ongoing evaluation might include such
questions as, 'have we kept up to date with regulatory requirements?'
A periodic inspection cycle would usually fall over a period such as three years, in which time at least one
engagement per engagement partner would be reviewed.
The people monitoring the system are required to evaluate the effect of any deficiencies found. These
deficiencies might be one-offs. Monitors will be more concerned with systematic or repetitive
deficiencies that require corrective action. When evidence is gathered that an inappropriate report might
have been issued, the audit firm may want to take legal advice.
Corrective action
Remedial action with an individual
Communication of findings with the training department
Changes in the quality control policies and procedures
Disciplinary action, if necessary
Read the requirements of any quality control questions carefully. If you are asked to comment on the
procedures relevant to the individual audit, firm-wide procedures will not be relevant. This point has been
made in a number of recent Examiner's Reports.
3 Quality control on an individual audit 12/07, 6/08, 6/09
6/11, 12/12, 6/13, 6/14, 12/14, 6/15
ISA 220 requires firms to implement quality control procedures over individual audit engagements.
The requirements concerning quality control on individual audits are found in ISA 220 Quality control for
an audit of financial statements. This international auditing standard (ISA) applies the general principles of
the ISQC we looked at in the previous section to an individual audit.
ISA 220.6
The objective of the auditor is to implement quality control procedures at the engagement level that
provide the auditor with reasonable assurance that:
(a) The audit complies with professional standards and applicable legal and regulatory requirements;
and
(b) The auditor's report issued is appropriate in the circumstances.
The burden of this falls on the audit engagement partner, who is responsible for the audit and the ultimate
conclusion.
3.1 Leadership responsibilities
The engagement partner is required to set an example with regard to the importance of quality.
ISA 220.8
The engagement partner shall take responsibility for the overall quality on each audit engagement to which
that partner is assigned.
FAST FORWARD
Exam focus
point
http://accountingpdf.com/
Part C Practice management 4: Quality control 111
3.2 Ethical requirements
ISA 220.9
Throughout the audit engagement, the engagement partner shall remain alert, through observation and
making inquiries as necessary, for evidence of non-compliance with relevant ethical requirements by
members of the engagement team.
This includes the ACCA Code of Ethics and Conduct, with its fundamental principles and all the other
detailed requirements. The ISA also contains some detailed guidance about independence in particular.
ISA 220.11
The engagement partner shall form a conclusion on compliance with independence requirements that
apply to the audit engagement. In doing so, the engagement partner shall:
(a) Obtain relevant information from the firm and, where applicable, network firms, to identify and
evaluate circumstances and relationships that create threats to independence;
(b) Evaluate information on identified breaches, if any, of the firm's independence policies and
procedures to determine whether they create a threat to independence for the audit engagement;
and
(c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying
safeguards, or, if considered appropriate, to withdraw from the audit engagement, where
withdrawal is possible under applicable law and regulation. The engagement partner shall promptly
report to the firm any inability to resolve the matter for appropriate action.
ISA 220.24
The auditor shall include in the audit documentation … conclusions on compliance with independence
requirements that apply to the audit engagement, and any relevant discussions with the firm that support
these conclusions.
3.3 Acceptance/continuance of client relationships and specific audit
engagements
The partner is required to ensure that the requirements of ISQC 1 in respect of accepting and continuing
with the audit are followed. If the engagement partner obtains information that would have caused them to
decline the audit in the first place they should communicate that information to the firm so that swift
action may be taken. They must document conclusions reached about accepting and continuing the audit.
3.4 Assignment of engagement teams
As discussed in the previous section, this is also the responsibility of the audit engagement partner. They
must ensure that the team is appropriately qualified and experienced as a unit.
3.5 Engagement performance
Several factors are involved in engagement performance, as discussed above (Section 2.4).
3.5.1 Direction
The partner directs the audit. They are required by other auditing standards to hold a meeting with the
audit team to discuss the audit, in particular the risks associated with the audit. This ISA suggests that
direction includes 'informing members of the engagement team of:
(a) Their responsibilities (including objectivity of mind and professional scepticism)
(b) Responsibilities of respective partners where more than one partner is involved in the conduct of
the audit engagement
(c) The objectives of the work to be performed
http://accountingpdf.com/
112 4: Quality control Part C Practice management
(d) The nature of the entity's business
(e) Risk-related issues
(f) Problems that may arise
(g) The detailed approach to the performance of the engagement'
3.5.2 Supervision
The audit is supervised overall by the engagement partner, but more practical supervision is given within
the audit team by senior staff to more junior staff, as is also the case with review (see Section 3.5.3
below). It includes:
Tracking the progress of the audit engagement
Considering the capabilities and competence of individual members of the team, and whether they
have sufficient time and understanding to carry out their work
Addressing significant issues arising during the audit engagement and modifying the planned
approach appropriately
Identifying matters for consultation or consideration by more experienced engagement team
members during the audit engagement
3.5.3 Review
Review includes consideration of whether:
The work has been performed in accordance with professional standards and regulatory and legal
requirements
Significant matters have been raised for further consideration
Appropriate consultations have taken place and the resulting conclusions have been documented
and implemented
There is a need to revise the nature, timing and extent of work performed
The work performed supports the conclusions reached and is appropriately documented
The evidence obtained is sufficient and appropriate to support the auditor's report
The objectives of the engagement procedures have been achieved
Before the audit report is issued, the engagement partner must be sure that sufficient and appropriate
audit evidence has been obtained to support the audit opinion. The audit engagement partner need not
review all audit documentation, but may do so. They should review critical areas of judgement, significant
risks and other important matters.
3.5.4 Consultation
The partner is also responsible for ensuring that if difficult or contentious matters arise the team takes
appropriate consultation on the matter and that such matters and conclusions are properly recorded.
If differences of opinion arise between the engagement partner and the team, or between the engagement
partner and the quality control reviewer, these differences should be resolved according to the firm's
policy for such differences of opinion.
3.5.5 Quality control review
The audit engagement partner is responsible for appointing a reviewer, if one is required. They are then
responsible for discussing significant matters that arise with the reviewer and for not issuing the audit
report until the quality control review has been completed.
A quality control review should include:
An evaluation of the significant judgements made by the engagement team
An evaluation of the conclusions reached in formulating the auditor's report
http://accountingpdf.com/
Part C Practice management 4: Quality control 113
ISA 220.25
The engagement quality control reviewer shall document, for the audit engagement reviewed, that:
(a) The procedures required by the firm's policies on engagement quality control review have been
performed;
(b) The engagement quality control review has been completed on or before the date of the auditor's
report; and
(c) The reviewer is not aware of any unresolved matters that would cause the reviewer to believe that
the significant judgements the engagement team made and the conclusions it reached were not
appropriate.
A quality control review for a listed entity will include a review of:
Discussion of significant matters with the engagement partner
Review of financial statements and the proposed report
Review of selected audit documentation relating to significant audit judgements made by the audit
team and the conclusions reached
Evaluation of the conclusions reached in formulating the auditor's report and consideration of
whether the auditor's report is appropriate
The engagement team's evaluation of the firm's independence towards the audit
Whether appropriate consultations have taken place on differences of opinion/contentious matters
and the conclusions drawn
Whether the audit documentation selected for review reflects the work performed in relation to
significant judgements/supports the conclusions reached
Other matters relevant to evaluating significant judgements made by the audit team are likely to be:
The significant risks identified during the engagement and the responses to those risks (including
assessment of, and response to, fraud)
Judgements made, particularly with respect to materiality and significant risks
Significance of corrected and uncorrected misstatements identified during the audit
Matters to be communicated with management / those charged with governance
Quality control is often examined as one part of a requirement that also covers professional and ethical
matters. A typical requirement might be 'Comment on the quality control, ethical and professional issues
raised [by the scenario]'. The scenario might then depict an audit that had problems in each of these
areas.
Alternatively, whole questions (or parts of questions) may be set on quality control alone.
3.6 Monitoring
The audit engagement partner is required to consider the results of monitoring of the firm's (or network
firm's) quality control systems and consider whether they have any impact on the specific audit they are
conducting.
Exam focus
point
http://accountingpdf.com/
114 4: Quality control Part C Practice management
Question Quality control issues
You are an audit senior working for the firm Addystone Fish. You are currently carrying out the audit of
Wicker Co, a manufacturer of waste paper bins. You are unhappy with Wicker's inventory valuation policy
and have raised the issue several times with the audit manager. They have dealt with the client for a
number of years and does not see what you are making a fuss about. They have refused to meet you on
site to discuss these issues.
The former engagement partner to Wicker retired two months ago. As the audit manager had dealt with
Wicker for so many years, the other partners have decided to leave the audit of Wicker in their capable
hands.
Required
Comment on the situation outlined above.
Answer
Several quality control issues are raised in the above scenario:
Engagement partner
An engagement partner is usually appointed to each audit engagement undertaken by the firm, to take
responsibility for the engagement on behalf of the firm. Assigning the audit to the experienced audit
manager is not sufficient.
The lack of an audit engagement partner also means that several of the requirements of ISA 220 about
ensuring that arrangements in relation to independence and directing, supervising and reviewing the audit
are not in place.
Conflicting views
In this scenario the audit manager and senior have conflicting views about the valuation of inventory. This
does not appear to have been handled well, with the manager refusing to discuss the issue with the senior.
ISA 220 requires that the audit engagement partner takes responsibility for settling disputes in accordance
with the firm's policy in respect of resolution of disputes as required by ISQC 1. In this case, the lack of
engagement partner may have contributed to this failure to resolve the disputes. In any event, at best, the
failure to resolve the dispute is a breach of the firm's policy under ISQC 1. At worst, it indicates that the
firm does not have a suitable policy concerning such disputes as required by ISQC 1.
The June 2013 exam contained a 13-mark requirement to evaluate the quality control, ethical and
professional matters in relation to the performance of a particular audit. When answering questions in this
area, many candidates are aware that there is something wrong with the scenario, but those who score
well are able to state precisely why it is wrong too.
3.7 Applying ISQC 1 proportionately with the nature and size of a firm
The International Auditing and Assurance Standards Board has issued guidance for small firms in applying
ISQC 1 in the form of a 'Questions & Answers' document. Small firms do have to apply ISQC 1 in full, but
this should not result in 'standards overload' because ISQC 1 is drafted in such a way that it can be
applied proportionately.
3.7.1 Only comply with relevant requirements
Importantly, firms only have to comply with requirements that are relevant to them and to the services
they are providing.
Exam focus
point
http://accountingpdf.com/
Part C Practice management 4: Quality control 115
ISQC 1.14
The firm shall comply with each requirement of this ISQC unless, in the circumstances of the firm, the
requirement is not relevant to the services provided in respect of audits and reviews of financial
statements, and other assurance and related services engagements.
So a small practitioner who does not provide audit services would clearly not be required to follow ISQC
1's requirements in relation to audit services.
3.7.2 Structure and formality is proportionate
Smaller firms may use less structured means and simpler processes to comply with ISQC 1.
Communications may be more informal than in a larger firm.
Smaller firms still need to read ISQC 1, but they may legitimately use their judgement in tailoring it to
their circumstances. For example, it would not be necessary for a sole practitioner to establish an explicit
process for assigning personnel to engagement teams (because the 'process' in this case would be the
nonsensical statement that there is no process because there are no teams).
3.7.3 Using external resources
In order to comply with ISQC 1's requirements, it may be necessary to make use of the services of another
organisation, such as another firm or a professional or regulatory body. This may be particularly helpful
where ISQC 1 requires an engagement quality control review, or where there is a need for monitoring
processes which could be carried out by an external person or firm.
3.7.4 Documentation
ISQC 1 does require all firms to document the operation of its system of quality control. However, the
form and content of this documentation is a matter of judgement and would depend on the size of the firm
and complexity of its organisation. Smaller firms would therefore have less to document, and could make
use of less formal methods of documentation such as manual notes and checklists.
http://accountingpdf.com/
116 4: Quality control Part C Practice management
Chapter Roundup
There is no simple definition of audit quality because there is no one 'correct' way to audit. It is often a
matter of conducting an audit in line with the spirit as well as the letter of professional guidance.
The International Standard on Quality Control (ISQC 1) helps audit firms establish quality standards for
their business.
ISA 220 requires firms to implement quality control procedures over individual audit engagements.
http://accountingpdf.com/
Part C Practice management 4: Quality control 117
Quick Quiz
1 The objective of a firm applying ISQC 1 is to:
'Establish and maintain a system of ………… …………. to provide it with ……………………….
assurance that
(a) The firm and its personnel comply with ...................... standards and .......................... and
........................... requirements and
(b) ......................................... issued by the firm or engagement partners are .................. in the
circumstances.'
2 List five issues relating to good engagement performance that should be addressed in an audit firm's
procedures manual.
(1)
(2)
(3)
(4)
(5)
3 Who reviews audit work in an audit of financial statements?
4 Who is responsible for the overall quality of an individual audit assignment?
(a) Ethics partner
(b) Pre-issuance reviewer
(c) Engagement partner
(d) Managing partner
5 ISQC 1 sets out requirements about the nature of the firm's internal culture.
True
False
http://accountingpdf.com/
118 4: Quality control Part C Practice management
Answers to Quick Quiz
1 Quality control, reasonable, professional, regulatory, legal, reports, appropriate
2 (1) Direction
(2) Supervision
(3) Review
(4) Consultation
(5) Resolution of disputes
3 Audit work is generally reviewed by the staff member who is more senior on the team than the person who
did the work. The partner must carry out a review to ensure there is sufficient and appropriate evidence to
support the audit opinion. It might also be necessary under the firm's quality control policies to obtain a
quality control review by a suitable person outside the audit team. This will be necessary if the audit is of a
listed entity.
4 (c) Engagement partner
5 True. ISQC 1 requires the firm to establish policies and procedures to promote an internal culture that
recognises that quality is essential in performing engagements.
Now try the question below from the Practice Question Bank.
Number Level Marks Time
Q6 Examination 15 29 mins
http://accountingpdf.com/
119
Obtaining and
accepting professional
appointments
Introduction
It is a commercial fact that companies change their auditors. The question that
firms of auditors need to understand the answer to is: why do companies change
their auditors? We shall examine some of the common reasons here.
Related to the fact that entities change their auditors is the fact that many
auditing firms advertise their services. The ACCA has set out rules for
professional accountants who advertise their services. We shall examine these
rules and the reasons behind them in Section 2.
As we will discover in Section 1, the audit fee can be a very key item for an entity
when it makes decisions about its auditors. Determining the price to offer to
potential clients can be a difficult process, but it is just one part of the whole
process that is tendering. Audits are often put out to tender by companies. We
shall examine all the matters firms consider when tendering for an audit in
Section 3.
Linked in with the tendering process is the process of determining whether to
accept the audit engagement if it is offered. ISQC 1 Quality control for firms that
perform audits and reviews of financial statements, and other assurance and
related services engagements sets out some basic requirements for all audit
firms accepting engagements. This is discussed in Section 4.
ISA 210 Agreeing the terms of audit engagements sets out the agreement
necessary when an audit is accepted and this is covered in Section 5.
Topic list Syllabus reference
1 Change in auditors C3
2 Advertising and fees C2
3 Tendering C3
4 Acceptance C4
5 Terms of the engagement C4
http://accountingpdf.com/
120 5: Obtaining and accepting professional appointments Part C Practice management
Study guide
Intellectual level
C2 Advertising, publicity, obtaining professional work and fees
(a) Recognise situations in which specified advertisements are acceptable. 2
(b) Discuss the restrictions on practice descriptions, the use of the ACCA logo
and the names of practising firms.
2
(c) Discuss the extent to which reference to fees may be made in promotional
material.
2
(d) Outline the determinants of fee-setting and justify the bases on which fees
and commissions may and may not be charged for services.
3
(e) Discuss the ethical and other professional problems, for example,
lowballing, involved in establishing and negotiating fees for a specified
assignment.
3
C3 Tendering
(a) Discuss the reasons why entities change their auditors/professional
accountants.
2
(b) Recognise and explain the matters to be considered when a firm is invited to
submit a proposal or fee quote for an audit or other professional
engagement.
2
(c) Identify the information to be included in a proposal. 2
C4 Professional appointments
(a) Explain the matters to be considered and the procedures that an audit firm/
professional accountant should carry out before accepting a specified new
client/engagement including:
3
(i) Client acceptance
(ii) Engagement acceptance
(iii) Establish whether the preconditions for an audit are present
(iv) Agreeing the terms of engagement
(b) Recognise the key issues that underlie the agreement of the scope and
terms of an engagement with a client.
2
Exam guide
Many of the issues in this chapter are ethical. You could be faced with a change in appointment scenario
in the exam. The issues surrounding a change in auditor have often been examined in the past, with
scenarios featuring tendering and practical issues around audit planning.
1 Change in auditors 6/09
Common reasons for companies changing their auditor include audit fee, auditor not seeking re-election
and change in the size of company.
1.1 Why do companies change their auditor?
It is a fact of life that companies change their auditors sometimes. Not all new clients of a firm are new
businesses, some have decided to change from their previous auditors. Obviously, it is often not in the
interests of audit firms to lose clients. Therefore a key issue in practice management for auditors is to
understand why companies change their auditors so that, as far as they are able, they can seek to prevent
it.
FAST FORWARD
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 121
Question Change of auditor
Before you read the rest of this chapter, spend a minute thinking about the reasons why companies might
change their auditors. You might want to close the Study Text and write them down and then compare
them with the reasons that we give in the rest of this section.
Answer
Read through the rest of Section 1 and compare your answer with ours.
The following diagram shows some of the more common reasons that companies might change their
auditors.
CHANGE IN AUDIT FIRM
Audit fee
Size
Audit firm does not
seek re-election Personality: client falls
out with audit staff
Audit rotation: relationship
ended for independence
reasons
Disagreement with
the client
Another client is
in competition
Audit firm has other ethical
reasons
Perceived not to
be value for money
Perceived to be
too high
Not competitive
Interested in whether
price is negotiable
Client falls below
exemption limit
Client's business
expands beyond
audit firm's capacity
Not wanting to
reduce fee
1.2 Audit fee
The audit fee can be a very sensitive issue. Audit is required by statute for many companies. Many people
perceive that it has very little intrinsic value. Therefore, when setting audit fees, auditors must take
account of the fact that clients may hold this opinion. Setting fees will be discussed later in the chapter.
Here, we shall explore some of the fee-related reasons why companies change their auditors.
1.2.1 Perceived to be too high
This is a common reason for auditors being changed. It is strongly linked to people's perception that audit
has no intrinsic value. If directors of a company believe that audit is a necessary evil, they will seek to
obtain it for as little money as they can.
Much of the 'value', in cost terms, of an audit is carried out away from a client's premises. This is because
the most expensive audit staff (managers and partners) often do not carry out their audit work on site. If
the client does not understand this, the following sort of situation may arise.
http://accountingpdf.com/
122 5: Obtaining and accepting professional appointments Part C Practice management
Case Study
Bob is the owner-manager of Fixings Co, a small business which manufactures metal fixings. It has a
revenue of $4.5 million and the auditors come in for the second week of October every year. Every
year a different senior is in charge and they ask similar questions to the ones asked the previous
year, because the business rarely changes and the audit is low risk. The partner and manager rarely
attend the audit itself because it is not considered cost-effective or necessary to do so.
Bob's audit fee was set at $4,500 five years ago when the business was incorporated for tax and
inheritance reasons, and has gone up at 3% a year ever since. It now stands at $5,200. During that time,
he has paid the same firm $1,200 a year to organise his tax return and deal with the tax authorities on his
behalf. He considers this service far more valuable, as he has no understanding of tax issues and is
exceedingly nervous of a taxation inspection.
Bob cannot understand how the audit fee is four times the size of the tax fee when the auditors attend for a
week and do the same work every year. He is also irritated that it continues to steadily rise while the
service does not change.
The example given above is a little exaggerated and generalisations have been made. However, there is
some truth in it. An auditor understands the costs that go in to making up the audit fee. It is essential that
the client does too.
1.2.2 Perceived not to be value for money
This often goes hand in hand with the audit fee being seen to be too high. In the above example of Bob
and Fixings Co, this was certainly the case. However, it is possible that a company could be paying its
audit firm a fee that it considers reasonable for an audit, but it just believes that another firm could give
them a better audit for a similar fee.
1.2.3 Not competitive
Again, this issue can be linked with the value for money perception. It is true to say that in some
cases, audit firms will offer audit services at low prices. This is on the grounds that they then sell
other services to the same clients at profitable prices. It is through practices like this that the
problem of lowballing can arise. You should remember the issue of lowballing from your earlier
studies. In such conditions, a well-set audit fee may not be competitive even if it is a reasonable fee
for the service provided.
1.2.4 Interest in whether price is negotiable
This reason may be linked to all the above fee-related issues, or it may just arise out of interest on the
client's part. It costs the client very little except some time on their part to put their audit out to tender.
They might even do this with every intention of keeping the present auditor.
Putting the audit out to tender would give them more insight into how competitive his audit fee is and keep
their auditor 'honest', in that they will have to justify their fee and risk it being higher than competitors in
the tender.
The by-product might be that they receive a competitive tender which offers them far more than they
receive from their current auditor and they change their auditor anyway. It could also mean that, when
forced to justify their position, the current auditor reassesses their service and comes up with a far more
competitive deal.
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 123
1.3 The auditor does not seek re-election
Another key reason for the auditor changing is that the auditor chooses not to stand for election for
another year. You should be familiar with many of the reasons behind this:
There could be ethical reasons behind the auditor choosing not to stand
The auditor might have to resign for reasons of competition between clients
The auditor might disagree with the client over accounting policies
The auditor might not want to reduce their audit fee.
Question Ethical reasons
Name three ethical reasons why an auditor might not seek re-election or might resign, explaining the
nature of the problem and the reasoning behind the resignation.
Answer
As you know from your earlier studies and from Chapter 2, there are countless ethical issues that could
have arisen. Here are some common ones. Refer back to Chapter 2 if you have included any that do not
appear here.
(a) Fee level
The audit fee which is necessary to carry out the audit at a profit may have reached a level which is
inappropriate according to the ACCA's guidance on fee levels for a public interest entity. If the audit
fee constituted more than 15% of the total practice income, this would be considered to be an
independence problem. This is because the audit opinion might be influenced by a fear of losing
the client. The auditor should consider the need for a pre-issuance or post-issuance review.
In such a situation, or if the practice had a large client below the limits but whose forecast
suggested future growth, it might be necessary for the auditor to end the relationship to ensure
that they did not become dependent on the client.
(b) Integrity of management
The auditor might feel that they have reason to doubt the integrity of management. There are many
reasons why this could be the case. It could be as a result of a breakdown in the relationship, or an
unproven suspected fraud.
If the auditor does not feel that the client is trustworthy they should not continue their relationship
with them.
(c) Other services
The auditor may offer a number of services to the client. They may be offered some lucrative
consultancy work by the client which they want to undertake, but they feel that the independence of
the audit will be severely affected by the provision of the consultancy work because of the heavy
involvement this would require in the client's business.
As the audit fee is substantially lower than the fees associated with the consultancy work and the
auditor is trying to develop their business advice department, they may decide to resign from the
audit to take on the consultancy.
1.4 Size of the company
This can be a major reason for a change in auditors. There are two key reasons, one of which has been
touched on already:
The client experiences rapid growth to the point where the audit is no longer practicable for the audit
firm.
The client retrenches or restructures in such a way that it no longer needs a statutory audit.
http://accountingpdf.com/
124 5: Obtaining and accepting professional appointments Part C Practice management
In the first instance, the auditor may no longer be able to provide the audit for several reasons:
Insufficient resources
Staff
Time
Fee level issue
In the second instance, the client may choose not to have an audit.
In either situation, there is little that the auditor can do to prevent losing the work.
1.5 Other reasons
These reasons may have been touched on in relation to the other reasons given above. We shall consider
them briefly here.
1.5.1 Personality
For many small owner-managed companies, audit is almost a personal service. The relationship between
such a client and its auditor may be strongly based on personality and, if relationships break down, it may
be necessary for the audit relationship to discontinue.
Personality may not be such an issue for bigger entities and audit firms where the audit engagement
partner could be transferred if required, while the audit stayed within the firm.
1.5.2 Audit rotation
Rotation of audit staff was discussed in Chapter 2 as a safeguard to audit independence. However, the
partners in a firm may sometimes conclude that the firm as a whole has been associated with a client for
too long, and therefore give up the audit.
1.5.3 UK Corporate Governance Code requirements
The UK Corporate Governance Code requires some companies to put the audit out to tender at least every
ten years. This will not always result in a change in auditor – it is possible that the current auditor will win
the tender. But it means that management will have to consider whether the audit meets its needs
discussed above.
1.6 Statement of circumstances
Under the UK Companies Act 2006, for a quoted company an auditor must now always submit a statement
of circumstances surrounding their leaving office, even where there are no matters which the auditor
believes should be brought to the attention of members or creditors. (Previously the auditor was able to
submit a negative statement, ie that there were no relevant circumstances.)
From the nature of the issues raised above, it is clear that some of them will affect small firms and not
larger ones and some will more predominantly affect larger ones. You should bear that in mind when
approaching exam questions and, as usual, apply common sense.
Question Control over reappointment
(a) Of the reasons for a change in auditors given above, which do you feel that an auditor may have
control over and therefore guard against? Ignore the cases when the auditor does not seek reelection
or resigns.
(b) What should the auditor do to guard against the issues you have identified in part (a)?
Exam focus
point
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 125
Answer
(a) Issues auditor may have control over
There are two key issues identified above that an auditor may have some control over:
(i) Fees
(1) Perception
(2) Competitiveness
(ii) Personality
(b) Actions to guard against issues arising
(i) With regard to fees, the auditor can ensure that the audit is conducted in such a way as to foster
the perception that the audit is good value for the fee. This can be done by encouraging the
attitude of audit staff and ensuring that a professional manner is always maintained. It also
requires a constant awareness by staff of the need to add value, and to ensure that the audit
provides more of a service than fulfilling a statutory requirement. This can be achieved by
offering relevant advice to the client as a by-product of the audit, predominantly through the
report to management, but also as an integral part of the culture of the audit.
Also with regard to fees, the auditor can ensure they are competitive in the first instance, by
setting reasonable fees and in the second instance by conducting research into what their
competitors charge. As companies have to file accounts and the audit fee must be
disclosed, this is readily available information.
(ii) Personality is obviously not an issue that an auditor can guard against. However, part of an
auditor's professionalism is to ensure that if personality problems arise, they are handled
sensitively and they only arise due to issues on the side of the client.
If serious conflict arises, firms should have a procedure for rotating audits between audit
partners.
2 Advertising and fees 12/09, 12/10
ACCA's general rule on advertising is 'the medium shall not reflect adversely on the professional
accountant, ACCA or the accountancy profession'.
2.1 ACCA guidance
Auditors are in business, and in business it is necessary to advertise. However, accountants are
professional people and people rely on their work. It is important therefore that their advertisements do
not project an image that is inconsistent with that fact.
ACCA gives guidance about advertising in the Code of Ethics and Conduct. This is one area in which ACCA
ethical guidance is considerably more detailed than that provided by the IESBA Code of Ethics alone. In general,
ACCA allows professional accountants to advertise their work in any way they see fit. In other words, it is a
matter of judgement for the professional accountant. This is subject to the following general principle.
ACCA Code of Ethics
'The medium shall not reflect adversely on the professional accountant, ACCA or the accountancy
profession.' (Code of Ethics, para 250A)
FAST FORWARD
http://accountingpdf.com/
126 5: Obtaining and accepting professional appointments Part C Practice management
Advertisements and promotional material should not:
Bring ACCA into disrepute or bring discredit to the professional accountant, firm or the
accountancy profession
Discredit the services offered by others whether by claiming superiority for the professional
accountant's or firm's own services or otherwise
Be misleading, either directly or by implication
Fall short of any local regulatory or legislative requirements, such as the requirements of the United
Kingdom Advertising Standard and Authority's Code of Advertising and Sales Promotion, notably
as to legality, decency, clarity, honesty and truthfulness
(Code of Ethics, para 250.2A)
2.2 Fees
It is generally inappropriate to advertise fees.
Three issues arise with regard to fees:
Referring to fees in promotional material
Commissions
Setting and negotiating fees
The last two issues are interrelated and are also closely connected with tendering, which is discussed in
the next section.
2.2.1 Advertising fees
The fact that it is difficult to explain the service represented by a single fee in the context of an
advertisement and that confusion might arise as to what a potential client might expect to receive in
return for that fee means that it is seldom appropriate to include information about fees in short
advertisements.
In longer advertisements, where reference is made to fees in promotional material, the basis on which those
fees are calculated (hourly and other charging rates etc) should be clearly stated.
The key issue to remember with regard to advertising fees is that the greatest care should be taken not to
mislead potential clients. It is appropriate to advertise free consultations to discuss fee issues. This free
consultation will allow fees to be explained, thus avoiding the risk of confusion.
2.2.2 Setting and negotiating fees
As this is a key part of the tendering process, this is discussed in Section 3.
2.2.3 Commissions
Professional accountants may accept or pay referral fees if appropriate safeguards exist.
ACCA members may offer commission (and by implication receive commission) for introducing clients.
However, they should only do so if there are appropriate safeguards, such as making full disclosure.
Commissions could be a threat to objectivity – refer back to Chapter 2 for more information on this.
2.3 Practice descriptions and the ACCA logo
Members of the ACCA may be either associates or fellows, in which case they are allowed to use the
designatory letters ACCA or FCCA after their names.
A firm may describe itself as a firm of 'Chartered Certified Accountants' where:
At least half the partners are ACCA members
Those partners hold at least 51% of voting rights under the partnership agreement
FAST FORWARD
FAST FORWARD
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 127
Such a firm may use the ACCA logo on its stationery and website.
A firm in which all the partners are Chartered Certified Accountants may use the description 'Members of
the Association of Chartered Certified Accountants'. A firm must not, however, use this term as part of its
registered practice name.
A firm which holds a firm's auditing certificate from ACCA may describe itself as 'Registered Auditors'.
Question Advertising and fees
Felicity Carr and Frank Harrison both qualified as Chartered Certified Accountants five years ago.
They have now decided to set up in practice together. Their new firm holds an auditing certificate
from ACCA and they intend to undertake small audits and some tax work. They will charge
themselves out at $200 per hour initially. They will operate from Frank's home. They are a little rusty
on the rules concerning advertising and obtaining professional work and so have asked you to advise
them.
They have decided to call their practice Harrison Carr and to advertise in the local paper. As they are
launching themselves, they have decided to take out a full page advertisement one week and then run a
series of smaller adverts in the future. They have also decided to advertise in a local business
newspaper.
Required
(a) Explain the ACCA guidance on advertising, including advertising fees.
(b) Advise Harrison Carr how they should proceed in relation to:
(i) How they may describe the firm
(ii) The adverts in the paper
Answer
(a) General guidance on advertising
Generally professional accountants may not advertise in a manner that reflects adversely on
themselves and their profession. This means that they should consider the quality of the paper they
intend to advertise in. The local paper is appropriate. They should also ensure that they do not
discredit the services offered by others in their advert.
Advertising fees
The key issue of importance when advertising fees is to ensure that the reference to fees is not
misleading. Generally, it is seldom appropriate to mention fees in a small advert.
(b) (i) Description of firm
As both partners are Chartered Certified Accountants it is acceptable to advertise the
firm as being a member of the ACCA. They may also describe themselves as registered
auditors.
(ii) The proposed advertisements
While they are planning a larger advert followed by several smaller ones, it may still not be
appropriate to mention fees. This is because while they could refer to charge out rates, it
would be impossible in the paper to describe how much each service would cost without
estimating the time jobs would take. It is impossible to generalise such matters and the
reference to fees could therefore be misleading.
It would be more appropriate to advertise that they will give free consultations to discuss
fees. They may include all the details given above, their name, the membership of the ACCA
and their registered auditor status.
http://accountingpdf.com/
128 5: Obtaining and accepting professional appointments Part C Practice management
3 Tendering 6/09, 12/11, 12/12, 12/14
When approaching a tender, it is important to consider both fees and practical issues.
3.1 Approach
A firm puts together a tender if:
It has been approached by a prospective client
The partners have decided that they are capable of doing the work for a reasonable fee
When approached to tender, the auditor has to consider whether they want to do the work. You should be
aware of all the ethical considerations that would go into this decision. The auditor will also have to
consider:
Fees
Practical issues
3.1.1 Fees
Determining whether the job can be done for a reasonable price will involve a substantial number of
estimates. The key estimate will be how long the partner thinks it will take to do the work. This will involve
meeting with the prospective client to discuss its business and systems and making the estimate from there.
The first stage of setting the fee is therefore to ascertain what the job will involve. The job should be
broken down into its respective parts, for example, audit and tax, or if it is a complex and/or pure audit,
what aspects of the job would be undertaken by what level of staff.
The second stage is therefore closely linked with the first. It involves ascertaining which staff, or which
level of staff, will be involved and in what proportions they will be involved.
Once estimates have been made of how long the work will take and what level of expertise is needed in
each area, the firm's standard charge out rates can be applied to that information, and a fee estimated.
Clearly, it is commercially vital that the estimates of time and costs are reasonable, or the audit firm will
be seeking to undertake the work at a loss. However, it is also ethically important that the fee estimate is
reasonable, or the result will be that the client is being misled about the sustainable fee level.
3.1.2 Lowballing
Problems can arise when auditing firms appear to be charging a fee level that is unsustainably low, or at
least less than the 'market rate' for the audit. The practice of undercutting, usually at tender for the audit of
large companies, has been called lowballing. In other cases, the audit fee has been reduced even though
the auditors have remained the same. The problem here is that, if the audit is being performed for less
than it is actually worth, then the auditors' independence is called into question.
This is always going to be a topical debate, but in terms of negotiating the audit fee the following factors
need to be taken into account.
(a) The audit is perceived to have a fluctuating 'market price' as any other commodity or service. In a
recession, prices would be expected to fall as companies aim to cut costs everywhere and as
auditors chase less work (supply falls). Audit firms are also reducing staffing levels and their own
overhead costs should be lower.
(b) Companies (especially groups of companies) can reduce external audit costs through various
legitimate measures:
(i) Extending the size and function of internal audit
(ii) Reducing the number of different audit firms used worldwide
(iii) Selling off subsidiary companies leaving a simplified group structure to audit
(iv) The tender process itself simply makes auditors more competitive
(v) Exchange rate fluctuations in audit fees
FAST FORWARD
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 129
(c) Auditing firms have increased productivity, partly through the use of more sophisticated
information technology techniques in auditing.
The ACCA's guidance on quotations states that it is not improper to secure work by quoting a lower fee
so long as the client has not been misled about the level of work that the fee represents.
In the event of investigations into allegations of unsatisfactory work, the level of fees would be considered
with regard to a member's conduct with reference to the ethical guidelines.
3.1.3 Practical issues
The firm will have to consider the practical points arising from the approach. Common considerations
include:
Does the proposed timetable for the work fit with the current work plan?
Does the firm have suitable personnel available?
Where will the work be performed and is it accessible/cost effective?
Are (non-accounting) specialist skills necessary?
Will staff need further training to do the work?
If so, what is the cost of that further training?
Certain information will be required to put together a proposal document. This has already been touched
on briefly, when discussing the audit fee. It is likely that audit staff would have to have a meeting with the
prospective client to discuss the following issues.
What the client requires from the audit firm (for example, audit, number of visits, tax work)
What the future plans of the entity are, for example:
– Is it planning to float its shares on an exchange in the near future?
– Is growth or diversification anticipated?
Whether the entity is seeking its first auditors and needs an explanation of audit
Whether the entity is seeking to change its auditors
If the entity is changing its auditors, the reason behind this
The December 2011 paper examined this area with a twist, asking candidates to comment on the practice
management and quality control issues raised by a suggestion to guarantee to clients that all audits will be
completed quicker than last year.
3.2 Content of an audit proposal (tender document)
An audit proposal, or tender, does not have a set format. The prospective client will indicate the format
that they want the tender to take. This may be merely in document form, or could be a presentation by
members of the audit firm.
Although each tender will be tailored to the individual circumstances, there are some matters which are
likely to be covered in every one. These are set out below.
Matters to be included in audit proposal
The fee, and how it has been calculated
An assessment of the needs of the prospective client
An outline of how the firm intends to meet those needs
The assumptions made to support that outline
The proposed approach to the engagement
A brief outline of the firm
An outline of the key staff involved
Exam focus
point
http://accountingpdf.com/
130 5: Obtaining and accepting professional appointments Part C Practice management
If the tender is being submitted to an existing client, some of those details will be unnecessary. However,
if it is a competitive tender, the firm should ensure they submit a comparable tender, even if some of the
details are already known to the client. This is because the tender must be comparable to competitors and
must appear professional.
In their review of this Study Text, your examination team commented specifically that students must apply
the points above to the question scenario, and must not simply repeat them as pre-learned knowledge.
This area was examined in December 2014, with 8 marks available for 'explaining the specific matters to
be included in the audit proposal (tender document)'. The candidates who did best used the information
from this section as a starting point for their answers, picking up information from the scenario that was
relevant to each of the bullet points in the previous box.
4 Acceptance 6/08, 6/09, 6/11
ISQC 1 sets out what a firm must consider and document in relation to accepting or continuing an
engagement, which is the integrity of the client, whether the firm is competent to do the work, and
whether the firm meets the ethical requirements in relation to the work.
4.1 Ethical requirements
There are a number of ethical procedures associated with accepting engagements which you have studied
previously.
Knowledge brought forward from earlier studies
From Paper F8 Audit and Assurance (or equivalent)
Procedures before accepting nomination
(a) Ensure that there are no ethical issues which are a barrier to accepting nomination.
(b) Ensure that the auditor is professionally qualified to act and that there are no legal or technical
barriers.
(c) Ensure that the existing resources are adequate in terms of staff, expertise and time.
(d) Obtain references for the directors if they are not known personally to the audit firm.
(e) Consult the previous auditors to ensure that there are no reasons behind the vacancy which the
new auditors ought to know. This is also a courtesy to the previous auditors.
Procedures after accepting nomination
(a) Ensure that the outgoing auditors' removal or resignation has been properly conducted in
accordance with the law.
The new auditors should see a valid notice of the outgoing auditors' resignation, or confirm that
the outgoing auditors were properly removed.
(b) Ensure that the new auditors' appointment is valid. The new auditors should obtain a copy of the
resolution passed at the general meeting appointing them as the company's auditors.
(c) Set up and submit a letter of engagement to the directors of the company (see below).
4.2 Requirements of ISQC 1
We touched on the bulk of the requirements of ISQC 1 Quality control for firms that perform audits and
reviews of financial statements, and other assurance and related services engagements in Chapter 4.
However, it also sets out standards and guidance in connection with the acceptance and continuance of
client relationships and specific engagements, which we shall consider here.
FAST FORWARD
Exam focus
point
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 131
ISQC 1.26 and 1.27
The firm shall establish policies and procedures for the acceptance and continuance of client relationships
and specific engagements, designed to provide the firm with reasonable assurance that it will only
undertake or continue relationships and engagements where the firm:
(a) Is competent to perform the engagement and has the capabilities, including time and resources, to
do so
(b) Can comply with relevant ethical requirements; and
(c) Has considered the integrity of the client, and does not have information that would lead it to
conclude that the client lacks integrity.
Such policies and procedures shall require:
(a) The firm to obtain such information as it considers necessary in the circumstances before
accepting an engagement with a new client, when deciding whether to continue an existing
engagement, and when considering acceptance of a new engagement with an existing client.
(b) If a potential conflict of interest is identified in accepting an engagement from a new or an existing
client, the firm to determine whether it is appropriate to accept the engagement.
(c) If issues have been identified, and the firm decides to accept or continue the client relationship or a
specific engagement, the firm to document how the issues were resolved.
The firm should carry out the following steps.
Step 1 Obtain relevant information
Step 2 Identify relevant issues
Step 3 If resolvable issues exist, resolve them and document that resolution
4.2.1 Obtain information
The standard outlines three general sources of information:
The communications auditors must make with the previous auditors according to the IESBA Code
Other relevant communications, for example with other parties in the firm, bankers or legal counsel
Searches on relevant databases
In deciding whether to continue an engagement with an existing client, or to accept a new engagement
with an existing client, the firm should also consider significant matters that have arisen in the course of
the previous/existing relationship, for example, expansion into a business area in which the audit firm has
no experience.
4.2.2 Identify issues
The standard gives a list of matters that the auditors might consider in relation to the acceptance decision.
Matters to consider
Integrity of a
client
The identity and business reputation of the client's principal owners, key management,
related parties and those charged with governance
Nature of the client's operations, including its business practices
Information concerning the attitude of the client's principal owners, key management, those
charged with governance towards matters such as aggressive interpretation of accounting
standards/internal control environment
Whether the client is aggressively concerned with maintaining the firm's fees as low as
possible
Indications of an inappropriate limitation in the scope of work
Indications that the client might be involved in money laundering or other criminal activities
The reasons for the proposed appointment of the firm and non-reappointment of the
previous firm
http://accountingpdf.com/
132 5: Obtaining and accepting professional appointments Part C Practice management
Matters to consider
Competence
of the firm
Do firm personnel have knowledge of relevant industries / subject matters?
Do firm personnel have experience with relevant regulatory or reporting requirements, or the
ability to gain the necessary skills and knowledge effectively?
Does the firm have sufficient personnel with the necessary capabilities and competence?
Are experts available, if needed?
Are individuals meeting the criteria and eligibility requirements to perform the engagement
quality control review available where applicable?
Is the firm able to complete the engagement within the reporting deadline?
In addition, the firm needs to consider whether acceptance would create any conflicts of interest.
ISQC 1.28
The firm shall establish policies and procedures on continuing an engagement and the client relationship
addressing the circumstances where the firm obtains information that would have caused it to decline the
engagement had that information been available earlier. Such policies and procedures shall include
consideration of:
(a) The professional and legal responsibilities that apply to the circumstances, including whether there
is a requirement for the firm to report to the person or persons who made the appointment or, in
some cases, to regulatory authorities, and
(b) The possibility of withdrawing from the engagement or from both the engagement and the client
relationship.
Such procedures might include discussions with client management and those charged with governance
and, if required, discussions with the appropriate regulatory authority.
The examination team wrote an article on this area entitled 'Acceptance decisions for audit and assurance
engagements'. The article discussed the engagement acceptance process, but with a particular emphasis
on the importance of establishing whether the preconditions for an audit are present.
Preconditions for an audit (see Section 5.2 below) were then examined in the next exam sitting. So make
sure you read Student Accountant, as it is likely to give a good indication of the topics that will be
examined, and the areas that will be emphasised.
Question Accepting nomination
You are a partner in Hamlyn, Jones and Co, a firm of Chartered Certified Accountants. You have just
successfully tendered for the audit of Lunch Co, a chain of sandwich shops across West London. The
tender opportunity was received cold, that is, the company and its officers are not known to the firm. The
company has just been incorporated and has not previously had an audit. You are about ready to accept
nomination.
(a) Explain the procedures you should carry out prior to accepting nomination.
In the course of your acceptance procedures you received a reference from a business contact of
yours concerning one of the five directors of Lunch Co, Mr V Loud. It stated that your business
contact had done some personal tax work for Mr Loud ten years previously, when he had found Mr
Loud to be difficult to keep in contact with and slow to provide information and he had suspected
Mr Loud of being less than entirely truthful when it came to his tax affairs. As a result of this
distrust, he had ceased to carry out work for him.
(b) Comment on the effect this reference would have on accepting nomination.
Exam focus
point
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 133
Answer
(a) The following procedures should be carried out.
(i) Ensure that my audit team and I are professionally qualified to act and consider whether
there are ethical barriers to my accepting nomination.
(ii) Review the firm's overall work programme to ensure that there are sufficient resources to
enable my firm to carry out the audit.
(iii) Obtain references about the directors, as they are not known personally by me or anyone
else in my firm.
(b) The auditor must use their professional judgement when considering the responses they get to
references concerning new clients. The guidance cannot legislate for all situations so it does not
attempt to do so. In the circumstance given above there is no correct answer, so in practice an
auditor would have to make a justifiable decision which they would then document.
Matters to be considered
The reference raises three issues for the auditor considering accepting nomination:
(i) The issue that the director has been difficult to maintain a relationship with in the past
(ii) The issue that the director was slow to provide information in the past
(iii) The suspicion of a lack of integrity in relation to his tax affairs
The auditor must consider these in the light of several factors:
(i) The length of time that has passed since the events
(ii) What references which refer to the interim time say
(iii) The difference between accepting a role of auditing a company and personal tax work
(iv) The director's role in the company and therefore the audit
(v) The amount of control exercised by the director
(1) Relationships with other directors
(2) Influence
At this stage they should not be considering how highly they value the opinion of the referee. That
should have been considered before they sent the reference. At this stage they should only be
considering the implications of the reference for their current decision.
Auditing a company is different from auditing personal affairs in terms of obtaining information and
contacting personnel. In this case, the key issue is the question over the integrity of the director.
As we do not have information about interim references and details of the business arrangements it
is difficult to give a definite answer to this issue. However, Mr Loud is likely to only have limited
control over decisions of the entity being one of five directors, which might lead to the auditor
deciding that the reference was insufficient to prevent him accepting nomination. If Mr Loud were
the finance director, the auditor would be more inclined not to take the nomination.
You can see from the answer above that there are no easy answers to ethical questions. You might be asked
questions in the exam similar to the one above as part of a scenario highlighting several ethical issues. It is
not enough just to state the rules at this level, you must explain what the practical issues are and try to draw
conclusions based on the facts you know. Once qualified, you may face issues like this in your working life
and will have to make judgements like this in practice. That is what the exam is trying to imitate.
4.3 Money laundering
As we discussed in Chapter 1, accountants are now required to carry out specific client identification
procedures when accepting new clients.
Exam focus
point
http://accountingpdf.com/
134 5: Obtaining and accepting professional appointments Part C Practice management
'Know your client' (KYC) is an important part of being in a position to comply with the law on money
laundering, because knowledge of the client is at the bottom of 'suspicion' in the context of making
reports about money laundering.
It is important from the outset of a relationship with a new client to obtain KYC information, such as:
Expected patterns of business
The business model of the client
The source of the client's funds
When the client's money is to be handled by the professional, there is a higher than normal risk to the
professional, so even more detailed KYC procedures will be required.
4.4 Politically exposed persons (PEPs)
Being involved with PEPs may be particularly risky for firms, particularly in terms of reputation risks if
things go wrong.
Politically exposed persons (PEPs) are individuals who are, or have been, entrusted with prominent
public functions in a foreign country (for example, heads of state or senior politicians and officials).
Firms and institutions should have risk management systems set up to determine whether an individual is
a PEP when client identification procedures are being carried out. When a person has been identified as a
PEP, a member of senior management should approve establishing a business relationship with that
person.
The firm should then take reasonable measures to establish the source of that individual's wealth and
funds and conduct enhanced ongoing monitoring of the firm's relationship with that individual.
4.5 Client screening
Many audit firms use a client acceptance checklist to assist them in making the decision and ensuring that
ISQC 1 requirements are met.
5 Terms of the engagement 6/11
The auditor must agree terms of the audit engagement with relevant personnel at the client and must
ensure that preconditions for an audit exist in order to agree to those terms.
5.1 Objective of ISA 210
ISA 210 Agreeing the terms of audit engagements sets out best practice concerning this issue.
ISA 210.3
The objective of the auditor is to accept or continue an audit engagement only when the basis on which it
is to be performed has been agreed, through:
(a) Establishing whether the preconditions for an audit are present, and
(b) Confirming that there is a common understanding between the auditor and management and,
where appropriate, those charged with governance of the terms of the audit engagement.
The preconditions for an audit are the use by management (those charged with governance in the UK) of
an acceptable financial reporting framework in the preparation of the financial statements and the
agreement of management and, where appropriate, those charged with governance to the premise on
which an audit is conducted.
FAST FORWARD
Key term
Key term
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 135
5.2 Preconditions for an audit
The auditor needs to carry out tests to ensure that the preconditions for an audit outlined above are met.
ISA 210.6
In order to establish whether the preconditions for an audit are present, the auditor shall determine
whether the financial reporting framework to be applied in the preparation of the financial statements is
acceptable.
ISA 210 then goes on to require the auditor to ensure that management understands its responsibilities:
ISA 210.6
(i) For the preparation of the financial statements in accordance with the applicable financial reporting
framework, including where relevant their fair presentation;
(ii) For such internal control as management determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error;
(iii) To provide the auditor with:
a. Access to all information of which management is aware that is relevant to the preparation of
the financial statements;
b. Additional information that the auditor may request from management for the purpose of the
audit; and
c. Unrestricted access to persons within the entity from whom the auditor determines it
necessary to obtain audit evidence.
This will all be confirmed in the engagement letter.
If any of these conditions does not exist (eg the framework used is unacceptable or management does not
acknowledge its responsibilities), the auditor shall not accept the audit unless legally required to so do.
In addition, the auditor should not accept the engagement if those charged with governance impose a
limitation on the scope of the auditor's work likely to result in a disclaimer of opinion, again, unless the
auditor is legally required to accept the audit.
5.3 Clarifying the agreement
It is important when entering into a contract to provide services to ensure that both parties fully
understand their respective responsibilities and what the agreed services are. Misunderstanding could lead
to a breakdown in the relationship, and eventually result in legal action being undertaken.
5.4 Engagement letter
An auditor will outline the basis for the audit agreement in their tender to provide services. However, once
they have accepted nomination, it is vital that the basis of their relationship is discussed with the new client
and laid out in contractual form. This is the role of the engagement letter, which you should be familiar
with from your earlier studies.
http://accountingpdf.com/
136 5: Obtaining and accepting professional appointments Part C Practice management
Matters which SHALL be clarified in the engagement letter
Objective and scope of the audit
Auditor's responsibilities
Management's responsibilities
Identification of applicable financial reporting framework
Expected form and contents of reports to be issued by the auditor and statement that there may be
circumstances when a report may differ from this
Matters which MAY be clarified in the engagement letter
More detail on the scope of the audit, including references to law, auditing and other standards the
auditor follows
Form of other audit communications
Limitation of audit and internal controls and resulting risk that material misstatements may not be
detected
Composition of the audit team and other practical arrangements
Expectation that the management will provide written representations
Agreement of management to make draft financial statements and other documents available in
good time
Agreement of management to inform the auditors of facts that may affect the financial statements
before the date of the audit report
Basis on which fees are computed and billing arrangements
A request for management to acknowledge receipt of audit engagement letter and agree to its
terms
Arrangements concerning the use of experts or other auditors
Arrangements concerning the use of internal auditors and other entity staff
Arrangements to be made with predecessor auditors (in the case of a new audit)
Any restrictions of the auditor's liability
References to any other agreements between parties
Any obligations to provide working papers to other parties
An auditor shall not agree to a change in the terms of the engagement letter where there is no reasonable
justification for the change. If the terms of the engagement are changed, this should be recorded. If the
auditor is unable to agree to a change, they shall withdraw from the engagement and consider whether
they have an obligation to report the circumstances to other parties.
In practice, the auditors and the new client will meet to negotiate the terms of the audit agreement which
the auditor will later clarify in the engagement letter.
Question Engagement letter
ISA 210 Agreeing the terms of audit engagements lists a series of matters which shall be referred to in an
engagement letter. What are they?
Answer
The International Auditing Standard (ISA) includes the following matters in paragraphs 10 and A22 to A24.
The objective of the audit of financial statements
Management's responsibility for the financial statements and auditor's responsibility
The scope of the audit, including reference to applicable legislation, regulations, or
pronouncements of professional bodies to which the auditor adheres
The form of any reports or other communication of results of the engagement
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 137
The fact that because of the test nature and other inherent limitations of an audit, together with the
inherent limitations of internal control, there is an unavoidable risk that even some material
misstatement may remain undiscovered
Unrestricted access to whatever records, documentation and other information requested in
connection with the audit
The agreement of management to make available to the auditor draft financial statements and any
accompanying other information in time to allow the auditor to complete the audit in accordance
with the proposed timetable
Arrangements regarding the planning and performance of the audit
Expectation of receiving from management written confirmation concerning representations made
in connection with the audit
Request for the client to confirm the terms of engagement by acknowledging receipt of the
engagement letter
Description of any other letters or reports the auditor expects to issue to the client
Basis on which fees are computed and any billing arrangements
Arrangements concerning the involvement of other auditors and experts in some aspects of the audit
Arrangements concerning the involvement of internal auditors and other client staff
Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit
Any restriction of the auditor's liability when such possibility exists
A reference to any further agreements between the auditor and the client
The June 2011 exam contained a scenario with a potential new audit client which had not been audited
before. To score well, candidates needed to spot that a number of preconditions for an audit did not
appear to be present: management did not acknowledge its responsibility for preparing the financial
statements (it did not want to prepare a statement of cash flows), and wanted to restrict access to the
company's books and records (management did not want auditors to see board minutes).
To score well on this question you need to know your auditing standards well enough to spot when a
standard is relevant, even though it has not been asked for specifically by the requirement.
5.4.1 Recurring audits
In a recurring audit, the auditor is not required to send a new letter for each audit, but must ensure that
the client still understands the existing terms.
It may be necessary to revise the terms in the event of new circumstances arising, as you are aware from
previous studies.
5.5 Other changes in agreement terms
ISA 210.14
The auditor shall not agree to a change in the terms of the audit engagement where there is no reasonable
justification for doing so.
If there is reasonable justification for changing the terms, the new terms should be agreed on and
recorded.
If the auditor is not able to agree to new terms, and management refuses to let the firm continue on the
basis of the old ones, the auditors should:
Withdraw, if legally entitled to
Consider if it is necessary to report the circumstances to other parties such as the shareholders or
regulators
Exam focus
point
http://accountingpdf.com/
138 5: Obtaining and accepting professional appointments Part C Practice management
Chapter Roundup
Common reasons for companies changing their auditors include audit fee, auditor not seeking re-election
and change in the size of company.
ACCA's general rule on advertising is 'the medium shall not reflect adversely on the professional
accountant, ACCA or the accountancy profession'.
It is generally inappropriate to advertise fees.
Professional accountants may accept or pay referral fees if appropriate safeguards exist.
When approaching a tender, it is important to consider both fees and practical issues.
ISQC 1 sets out what a firm must consider and document in relation to accepting or continuing an
engagement which is the integrity of the client, whether the firm is competent to do the work, and whether
the firm meets ethical requirements in relation to the work.
The auditor must agree terms of the audit engagement with relevant personnel at the client and must
ensure that preconditions for an audit exist in order to agree to those terms.
http://accountingpdf.com/
Part C Practice management 5: Obtaining and accepting professional appointments 139
Quick Quiz
1 Name three reasons why an auditor might not seek re-election.
2 Fill in the blanks:
Advertising and promotional material should not:
– …………………………. the service offered …………………………. ………………………….
– Be …………………………., either directly or by implication
– Fall short of the requirements of the …………………………. ………………………….
…………………………. …………………………. ………………………….
3 Why should accountants not usually advertise fees?
4 List six practical issues that an auditor should consider when approaching a tender.
5 Draw a diagram showing the key stages in a tender, explaining what happens at each stage.
6 List three sources of information about a new client given in ISQC 1.
7 According to ISQC 1, when considering whether to accept an engagement with a new or existing client, the
auditors must consider whether a …………………………. …….. …………………………. arises.
8 List five matters which may be referred to in an engagement letter.
http://accountingpdf.com/
140 5: Obtaining and accepting professional appointments Part C Practice management
Answers to Quick Quiz
1 (1) Ethical reasons (eg fees)
(2) Another client in competition
(3) Disagreement over accounting policy
2 Discredit, by others, misleading, United Kingdom Advertising Standard Authority's Code of Advertising
and Sales Promotion (or equivalent)
3 The advert is unlikely to be detailed, and facts given about fees could mislead potential clients.
4 (1) Does the timetable fit with current work plan?
(2) Are suitable personnel available?
(3) Where will work be performed? Is it cost effective?
(4) Are specialist skills needed?
(5) Will staff need further training?
(6) If so, what is the cost?
5 Auditor considers if it is possible to undertake work at a
reasonable fee
Arrange meeting to obtain information prior to tender
Obtain knowledge of the business and the service required
Allocate potential staff to work plan and calculate fee by
reference to standard charge out rates
This could be in the form of:
– Letter
– Report
– Presentation
6 (1) Communications with existing/previous auditors
(2) Communications with other third parties (eg bankers / legal counsel)
(3) Relevant databases
7 Conflict of interest
8 See the answer to the question in Section 5.4 in the body of the chapter.
Now try the question below from the Practice Question Bank.
Number Level Marks Time
Q7 Examination 20 39 mins
APPROACH BY CLIENT
AGREE TO TENDER
MEETING
ESTIMATE AND
PLAN WORK
REQUIRED
ESTIMATE
FEE
PRESENT TENDER
http://accountingpdf.com/
141
Audit of historical financial
information
P
A
R
T
D
http://accountingpdf.com/
142
http://accountingpdf.com/
143
Planning and risk
assessment
Introduction
The issue of audit planning should not be new to you. You learnt how to plan an
audit in your previous auditing studies. Why, then, is this chapter here? There
are three key reasons:
To provide you with a technical update
To revise the details that should be included in an audit plan and the
general considerations included in planning
To consider some of the finer points of planning from the point of view
of the engagement partner, specifically to consider the issue of the risk
associated with the assignment (which is a personal risk to the partner
in the event of litigation arising)
Risk is an important factor in the audit. It falls into two categories:
Specific assignment risk (known as audit risk), which you have studied
previously
Business risk associated with the client, which may form a part of
inherent risk and therefore impacts on the audit
Risk is a key issue in an audit, and the most common approach to audits
incorporates a recognition of those risks in the approach taken. This and other
audit methodologies are compared in Section 2.
Topic list Syllabus reference
1 Revision: overview of audit planning D1, D2
2 Audit methodologies D1
3 Materiality D1
4 Risk B1, D1
5 Analytical procedures D1
6 Planning an initial audit engagement D1
http://accountingpdf.com/
144 6: Planning and risk assessment Part D Audit of historical financial information
Study guide
Intellectual level
D Audit of historical financial information
D1 Planning, materiality and assessing the risk of misstatement
(a) Define materiality and performance materiality and demonstrate how it
should be applied in financial reporting and auditing.
2
(b) Identify and explain business risks for a given assignment. 3
(c) Identify and explain audit risks for a given assignment. 3
(d) Identify and explain risks of material misstatement for a given assignment. 3
(e) Discuss and demonstrate the use of analytical procedures in the planning of
an assignment.
3
(f) Explain how the result of planning procedures determines the relevant audit
strategy.
2
(g) Explain the planning procedures specific to an initial audit engagement. 2
(h) Identify additional information that may be required to assist the auditor in
obtaining an understanding of the entity.
2
(i) Recognise matters that are not relevant to the planning of an assignment. 2
D2 Evidence
(b) Identify additional information that may be required to effectively carry out a
planned assignment.
2
B1 Code of ethics for professional accountants
(e) Discuss the importance of professional scepticism in planning and
performing an audit.
2
(f) Assess whether an engagement has been planned and performed with an
attitude of professional scepticism, and evaluate the implications.
3
Exam guide
Exam case study questions are often set in the context of audit planning, identifying risk areas and
considering the audit strategy to apply to the audit. This would usually come up in Section A of the exam.
1 Revision: overview of audit planning
Auditors must plan their work so that it is done effectively.
One of the competences you require to fulfil Performance Objective 18 of the PER is the ability to
determine the level of audit risk and risk areas, including considering any internal or external information
that may have implications for the audit, and to use this to document the audit plan, designing audit
programmes and planning audit tests for an internal or external audit. You can apply the knowledge you
gain from this chapter of the Study Text to help demonstrate this competence.
FAST FORWARD
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 145
1.1 ISA 200 Overall objectives of the independent auditor and the conduct
of an audit in accordance with international standards on auditing
ISA 200.11
In conducting an audit of financial statements, the overall objectives of the auditor are:
(a) To obtain reasonable assurance about whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error, thereby enabling the auditor to express an
opinion on whether the financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework; and
(b) To report on the financial statements, and communicate as required by the ISAs, in accordance
with the auditor's findings.
ISA 200 states that the key requirements for the auditor to obtain reasonable assurance and to express an
opinion are:
Ethics: comply with relevant ethical requirements (ISA 200.14)
Professional scepticism: plan and perform an audit with professional scepticism, recognising that
circumstances may exist that cause the financial statements to be materially misstated (ISA
200.15)
Professional judgement: exercise professional judgement in planning and performing an audit
(ISA 200.16)
Sufficient appropriate audit evidence and audit risk: obtain sufficient appropriate audit evidence
to reduce audit risk to an acceptably low level (ISA 200.17)
The auditor then fulfils these requirements by conducting the audit in accordance with ISAs.
1.2 ISA 300 Planning an audit of financial statements
ISA 300 Planning an audit of financial statements states that the objective of the auditor is to plan the audit
so that it will be performed in an effective manner.
The International Auditing Standard (ISA) refers to two documents, the overall audit strategy and the
audit plan. The overall audit strategy sets out in general terms how the audit is to be carried out.
Considerations in establishing the overall audit strategy include:
Characteristics of the engagement
Reporting objectives, timing of the audit and nature of communications
Significant factors, preliminary engagement activities and knowledge gained on other engagements
Nature, timing and extent of resources
The audit plan details specific procedures to be carried out to implement the strategy and complete the audit.
In the case of a smaller entity the strategy is likely to be a brief memorandum and the audit plan a series of
tailored standard audit programmes.
ISA 300 tends to conceive of audit planning as a series of activities rather than as a single event: the
planning is not just something written out at the start of the audit, which is then stuck to rigidly, but is an
activity that goes on throughout the audit process. For example, audit procedures need to be performed
with their planned objectives in mind, and it may be necessary to revise the audit plan during the course of
the audit if significant new information or events come to light.
Amendments to ISA 200 and ISA 300 in 2015 emphasised that the financial statements include the
disclosures, and that audit planning should include considering how to audit disclosures. This then carries
advantages for the audit overall, helping the auditor to identify important issues such as changes in the
entity's environment, changes in the financial reporting framework, or the need to involve an auditor's
expert in relation to some disclosures.
http://accountingpdf.com/
146 6: Planning and risk assessment Part D Audit of historical financial information
1.3 ISA 315 Identifying and assessing the risks of material misstatement
through understanding the entity and its environment 6/09, 6/12
The objective of ISA 315 (Revised) Identifying and assessing the risks of material misstatement through
understanding the entity and its environment is as follows.
ISA 315.3
The objective of the auditor is to identify and assess the risks of material misstatement, whether due to
fraud or error, at the financial statement and assertion levels, through understanding the entity and its
environment, including the entity's internal control, thereby providing a basis for designing and
implementing responses to the assessed risks of material misstatement.
The emphasis here is on risk and understanding. ISA 315 is all about getting away from the idea of the
audit as 'checking' transactions, and emphasises instead the need to gain a real understanding of the
entity first, and then to use this to work out where the greatest risks of material misstatement might be.
ISA 315 is examined indirectly in virtually every P7 exam Question One, where you are often required to
identify, explain or evaluate risks, be they audit risks, risks of material misstatement or simply business
risks.
1.3.1 What do we need to get an understanding of?
The ISA sets out a number of areas of the entity and its environment that the auditor should gain an
understanding of.
Areas to gain an understanding of
Industry, regulatory and other external factors
Nature of the entity
Selection, application and reasons for changes of accounting policies
Objectives, strategies and related business risks
Measurement and review of the entity's financial performance
Internal control
ISA 315 was revised in March 2012 as part of the IAASB's project on using the work of internal auditors to
require the external auditor to obtain an understanding of internal audit.
Amendments to ISA 315 (in 2015) point out that as well as understanding how information is obtained
from within the general and subsidiary ledgers, auditors must gain an understanding of the system
relating to information obtained outside of the ledgers.
Understand the entity, in order to ...
Design and
perform audit
procedures
Identify and assess
risks of material
misstatement
Provide a frame of
reference for
judgements
Exam focus
point
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 147
Paper P7 questions in this area are likely to give you a scenario, and then a requirement such as 'Identify
and explain the risks of material misstatement' in the scenario. You can use this list – and the one below –
to help you generate ideas when answering such a question. You can even show off to your marker by
stating that applying ISA 315 would require you to gain an understanding of these areas.
A word of warning, though: do not be tempted to simply recite these lists in the exam. Your answers need
to be very specific about addressing the requirement and the scenario. If your answer looks like a prelearned
list then your marker is not likely to give you many marks – if any at all!
1.3.2 How do we get this understanding?
The ISA sets out ways of getting this understanding:
Methods of obtaining an understanding of the entity
Enquiries of management (and others within the entity)
Analytical procedures (on both financial and non-financial data)
Observation and inspection
Audit team discussion of the susceptibility of the financial statements to material misstatement
Prior period knowledge (but should check that it is still relevant)
The auditors must use a combination of the top three techniques, and must engage in the discussion for
every audit. The auditor may use their prior period knowledge, but must carry out procedures to ensure
that there have not been changes in the year meaning that it is no longer valid.
For each risk identified, ISA 315 requires the auditor to take the following steps.
Step 1 Identify risks throughout the process of obtaining an understanding of the entity
Step 2 Assess whether the identified risks relate more pervasively to the financial statements as a
whole
Step 3 Relate the risks to what can go wrong at the assertion level, and assess the controls in
place to address each risk
Step 4 Consider the likelihood of misstatement and whether the risks are of a magnitude that
could result in a material misstatement
Throughout this process, the size of the entity being audited must be considered. For example, in a small
entity there is likely to be limited segregation of duties. This may be compensated for by increased
management oversight, however this in turn increases the risk of override of controls.
Case Study
The audit team at Ockey Co has been carrying out procedures to obtain an understanding of the entity. In
the course of making enquiries about the inventory system, they have discovered that Ockey Co designs
and produces tableware to order for a number of high street stores. It also makes a number of standard
lines of tableware, which it sells to a number of wholesalers. By the terms of its contracts with the high
street stores, it is not entitled to sell uncalled inventory designed for them to wholesalers. Ockey Co
regularly produces 10% more than the high street stores have ordered, in order to ensure that they meet
requirements when the stores do their quality control check. Certain stores have more stringent control
requirements than others and regularly reject some of the inventory.
The knowledge above suggests two risks, one that the company may have obsolescent inventory, and another
that if their production quality standards are not sufficiently high then they risk losing custom.
We shall look at each of these risks in turn and relate them to the assertion level.
Inventory
If certain of the inventory is obsolescent due to the fact that it has been produced in excess of the
customer's requirement and there is no other available market for it, then there is a risk that inventory as a
whole in the financial statements will not be carried at the appropriate value. Given that inventory is likely
Exam focus
point
http://accountingpdf.com/
148 6: Planning and risk assessment Part D Audit of historical financial information
to be a material balance in the statement of financial position of a manufacturing company, and the value
could be up to 10% of the total value, this has the capacity to be a material misstatement.
The factors that will contribute to the likelihood of these risks causing a misstatement are such matters as:
Whether management regularly review inventory levels and scrap items that are obsolescent
Whether such items are identified and scrapped at the inventory count
Whether such items can be put back into production and changed so that they are saleable
Losing custom
The long-term risk of losing custom is that in the future the company will not be able to continue as a
going concern (we shall revise going concern in Chapter 8). A further risk is of customer disputes leading
to sales returns which may not be recognised, in which case sales and receivables could be overstated.
However, it appears less likely that this would be a material problem in either area, as the issue is likely to
be restricted to a few customers, and only a few sales to those customers.
Again, review of the company's controls over the recording of sales and the debt collection procedures of
the company would indicate how likely these risks to the financial statements are to materialise.
Some risks identified may be significant risks.
Significant risks are those that require special audit consideration.
The following factors indicate that a risk might be significant.
Risk of fraud
The degree of subjectivity in the financial information
Unusual transactions
Significant transactions with a related party
Complexity of the transactions
Try to be on the lookout for these factors in exam questions/scenarios. If you spot one – and mentioning it
is relevant to the requirement – then try to use the term 'significant risk'. This will signal to the marker that
you are applying the ISA to the scenario.
Routine, non-complex transactions are less likely to give rise to significant risk than unusual transactions
or matters of director judgement because the latter are likely to have more management intervention,
complex accounting principles or calculations, greater manual intervention or there is less opportunity for
control procedures to be followed.
When the auditor identifies a significant risk, if they haven't done so already, they should evaluate the
design and implementation of the entity's controls in that area. If management has not implemented
appropriate internal controls, then this may point to a significant deficiency in internal control.
Additional information
The auditor will often need to obtain additional information in order to gain the required understanding of
the entity, and in order to perform planned procedures. Much of the time the auditor only has incomplete
information about the entity being audited, and it is important to be able to recognise when more is
needed.
This can be a bit like performing an audit procedure, because the auditor must go out and get the
information in order to find something out about the entity. The difference is that at this stage, the auditor
is obtaining preliminary information that it can then use to plan and perform the detailed audit procedures.
For instance, a client might have made an investment during the year which it classifies as an associate.
The auditor will need to obtain information about this purchase – eg the purchase agreement – in order to
determine whether it really is an associate. The auditor must also ask management why the purchase was
made, as part of understanding the entity's objectives and strategies. This must be all be done at the
planning stage because it will then determine the auditor's assessment of risk and the audit procedures
which must then be performed – these would be very different if the investment was actually a subsidiary,
for example.
Key term
Exam focus
point
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 149
One approach to questions in this area (to identify further information needed) is to think about:
1. What risks might there be in relation to a particular issue (eg that an investment is classified
incorrectly); then
2. What information would help us to plan our procedures (eg the purchase agreement).
P7 exams often contain a requirement to identify additional information needed, eg in relation to audit
risks identified in a scenario. These are often easy marks, and to get them you need to:
Be specific about what information you need
State why you need the information.
For example, Question One of the June 2014 paper featured a company which had material investment
properties. Further information was needed on whether there had been any additions or disposals during
the year.
It is not necessary at this stage to speculate in too much detail about what might go wrong in each area.
Questions will usually contain a little bit of information – eg that a company runs a bonus scheme for
managers – but with clear gaps in it – eg how the bonuses are determined will not be stated. All you need
to do is to point out this gap and say what information is needed to fill it.
Additional information does not have to be a document, but can be eg the reason why management has
done something in the scenario.
1.4 ISA 330 The auditor's responses to assessed risks
ISA 330 The auditor's responses to assessed risks states that the objective of the auditor is to 'obtain
sufficient, appropriate audit evidence regarding the assessed risks of material misstatement, through
designing and implementing appropriate responses to these risks'.
Overall responses include emphasising to the audit team the need for professional scepticism, assigning
additional/alternative staff to the audit, using experts, providing more supervision on the audit and
incorporating more unpredictability into the audit.
The evaluation of the control environment that will have taken place as part of the assessment of the
client's internal control systems will help the auditor determine whether they are going to take a
substantive approach (focusing mainly on substantive procedures) or a combined approach (tests of
control and substantive procedures).
In accordance with this approach, the auditor should then determine further audit procedures designed to
address the assessed risks.
The auditor must carry out substantive procedures on material items. In addition, the auditor must carry
out the following substantive procedures.
Agreeing the financial statements to the underlying accounting records
Examining material journal entries
Examining other adjustments made in preparing the financial statements
1.5 Documentation requirements
ISAs 315 and 330 contain a number of documentation requirements. The following matters should be
documented.
The discussion among the audit team concerning the susceptibility of the financial statements to
material misstatements, including any significant decisions reached
Key elements of the understanding gained of the entity including the elements of the entity and its
control specified in the ISA as mandatory, the sources of the information gained and the risk
assessment procedures carried out
The identified and assessed risks of material misstatement
Significant risks identified and related controls evaluated
The overall responses to address the risks of material misstatement
Exam focus
point
http://accountingpdf.com/
150 6: Planning and risk assessment Part D Audit of historical financial information
Nature, extent and timing of further audit procedures linked to the assessed risks at the assertion
level
If the auditors have relied on evidence about the effectiveness of controls from previous audits,
conclusions about how this is appropriate
Question Revision of audit planning
You have been informed by the senior partner of your firm that you are to be in charge of the audit of a
new client, Peppermint Chews, for the year ended 31 December 20X4. She tells you that the company is
engaged in the manufacture and wholesaling of sweets and confectionery, with revenue of approximately
$10,000,000 and a workforce of about 150. The company has one manufacturing location, sells mainly to
the retail trade but also operates ten shops of its own. The senior partner asks you to draw up an outline
audit plan for the assignment showing when you anticipate visits to the client will be made and what kind
of work will be carried out during each visit. The deadline for your audit report is 28 February 20X5.
Required
Draw up an outline plan for the audit of Peppermint Chews for the year ended 31 December 20X4,
including:
(a) Approximate timing in the company's year of each stage of the audit of this new client. State why
you have selected the approximate timing
(b) The objective of each stage
(c) The kind of work that will be carried out at each stage
Answer
Initial visit
(a) Timing. As this is a new client, this visit should take place as soon as possible after the terms of
engagement have been agreed with and accepted by the directors of Peppermint Chews.
(b) Objective. To build up a background knowledge of the company to assist in the more detailed
planning of audit work that will be required at a later stage.
(c) Audit work. We shall need to obtain details of the following:
(i) The history and development of the company
(ii) The nature of the commercial environment within which the company operates
(iii) The nature of the company's products and manufacturing processes
(iv) The plan of organisation within the company
(v) The accounting and internal control systems operating within the company
(vi) The accounting and other records of the company and how they are maintained
The above will be obtained using such techniques as interview, observation, reviewing the client's
systems documentation, and so on.
We shall not at this stage carry out detailed tests of controls on the company's systems, but we should
carry out 'walk-through' tests to gain confirmation that the systems outlined to us in theory appear to
operate that way in practice.
Interim visit(s)
(a) Timing. As this is the first audit of Peppermint Chews, it may, in view of the extra work involved, be
necessary to have more than one interim visit. If we decided that only one such visit would be
needed, however, then ideally it should take place reasonably close to the year end, in, say, October
20X4. If it were decided that more than one visit were needed, then perhaps the first interim visit
should take place in April/May 20X4.
(b) Objective. The purpose of interim audits is to carry out detailed tests on a client's accounting and
internal control systems to determine the reliance that may be placed thereon.
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 151
(c) Audit work. Following the initial visit to the client, we should have completed our documentation of
the client's systems using narrative notes and flowcharts. We should also have assessed the
strengths and deficiencies of the systems and determined the extent to which we wish to place
reliance on them.
Given effective controls, we shall select and perform tests designed to establish compliance with
the system. We shall therefore carry out an appropriate programme of tests of controls. The
conclusion from the results may be either:
(i) That the controls are effective, in which case we shall only need to carry out restricted
substantive procedures; or
(ii) That the controls are ineffective in practice, although they had appeared strong on paper, in
which case we shall need to carry out more extensive substantive procedures.
After carrying out tests of controls, it is normal practice, as appropriate, to send management a
letter identifying any deficiencies and making recommendations for improvements.
Final visit
(a) Timing. This may well be split into a pre-final visit in December 20X4 and a final audit early in
20X5, or it could be a continuous process.
(b) Objective. We should visit the client prior to the year end to assist in the planning of the final audit
so as to agree with the client detailed timings such as year-end inventory count and trade
receivables circularisation, preparation of client schedules, finalisation of accounts and so forth.
The object of the final audit is to carry out the necessary substantive procedures, these being
concerned with substantiating the figures in the accounting records and, eventually, in the financial
statements themselves. The completion of these tests, followed by an overall review of the financial
statements, will enable us to decide whether we have obtained 'sufficient appropriate audit
evidence to be able to draw reasonable conclusions' so that we are in a position to express an
opinion on the company's financial statements, the expression of an opinion in their audit report
being the primary objective of the audit.
(c) Audit work. The audit work to be carried out at this final stage would include:
Consideration and discussion with management of known problem areas
Attendance at inventory count
Verification of assets and liabilities / income and expenditure
Following up interim audit work
Carrying out review of events after the reporting period
Analytical procedures
Obtaining representations from management
Reviewing financial statements
Drafting the audit report
2 Audit methodologies
The audit strategy document will describe the audit methodology to be used in gathering evidence. This
section describes the main methodologies currently used by auditors.
Exam questions in this area are as always likely to involve application to a scenario. There are unlikely to
be many marks available for pre-learned knowledge about the various kinds of audit methodology.
Instead, you will need to stick to the scenario to explain how the results of planning procedures determine
the audit strategy. The audit methodologies discussed in this section may be a good starting point for
doing this.
Exam focus
point
http://accountingpdf.com/
152 6: Planning and risk assessment Part D Audit of historical financial information
2.1 Risk-based audit
Risk-based auditing refers to the development of auditing techniques that are responsive to risk factors in
an audit. As we set out in Section 4, the auditors apply judgement to determine what level of risk pertains
to different areas of a client's system and devise appropriate audit tests.
This approach should ensure that the greatest audit effort is directed at the areas in which the financial
statements are most likely to be misstated, so that the chance of detecting misstatements is improved and
time is not spent on unnecessary testing of 'safe' areas.
The increased use of risk-based auditing reflects two factors.
(a) The growing complexity of the business environment increases the danger of fraud or
misstatement. Factors such as the developing use of computerised systems and the growing
internationalisation of business are relevant here.
(b) Pressures are increasingly exerted by audit clients for the auditors to keep fee levels down while an
improved level of service is expected.
The risk approach is best illustrated by a small case study.
Case Study
Audit risk approach
Your audit firm has as its client a small manufacturing company. This company owns the land and buildings
in its statement of financial position, which it depreciates over 50 years (buildings only) and has always
been valued at cost.
The other major item in the statement of financial position is inventory.
Looking at these two items from the point of view of the audit firm, the following conclusions can be
drawn.
(1) There is only a small chance that the audit engagement partner will draw an inappropriate
conclusion about land and buildings.
(2) In a manufacturing company, inventory is likely to be far more complex. There may be a significant
number of lines to count and value, the quantity will change all the time, inventory may grow
obsolete. The chance of the audit engagement partner drawing an inappropriate conclusion about
inventory is higher than the risk in connection with land and buildings.
The auditors will have to do less work to render audit risk acceptable for land and buildings than on
inventory. The audit risk approach will mean doing less work on land and buildings than on inventory.
2.2 'Top-down' approach 12/12
With a 'top-down' approach (also known as the business risk approach) controls testing is aimed at high
level controls, and substantive testing is reduced.
ISA 315 requires that auditors consider the entity's process for assessing its own business risks, and the
impact that this might have on the audit in terms of material misstatements. Auditors consider:
What factors lead to the problems which may cause material misstatements?
What can the audit contribute to the business pursuing its goals?
This 'business risk' approach was developed because it is sometimes the case that the auditors believe the
risk of the financial statements being misstated arises predominantly from the business risks of the
company.
FAST FORWARD
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 153
The table below highlights some of the factors that exist.
Principal risk Immediate financial statement implications
(1) Economic pressures causing reduced unit sales
and eroding margins
Inventory values (IAS 2)
Going concern
(2) Economic pressures resulting in demands for
extended credit
Receivables recoverability
(3) Product quality issues related to inadequate
control over supply chain and transportation
damage
Inventory values – net realisable value and
inventory returns
(4) Customer dissatisfaction related to inability to
meet order requirements
Going concern
(5) Customer dissatisfaction related to invoicing
errors and transportation damage
Receivables valuation
(6) Unacceptable service response call rate related
to poor product quality
Going concern
Litigation – provisions and contingencies
Inventory – net realisable value
(7) Out of date IT systems affecting management's
ability to make informed decisions
Anywhere
The business risk audit approach tries to mirror the risk management steps that have been taken by the
directors. In this way, the auditor will seek to establish that the financial statement objectives have
been met, through an investigation into whether all the other business objectives have been met by the
directors.
This approach to the audit has been called a 'top-down' approach because it starts at the business and its
objectives and works back down to the financial statements, rather than working up from the financial
statements which has historically been the approach to audit.
The other key element of a business risk approach is that as it is focused on the business more fully,
rather than the financial statements, there is greater opportunity for the auditor to add value to the client's
business and to assist in managing the risks that the business faces.
2.2.1 Advantages of business risk approach
There are a number of reasons why firms who use the business risk approach prefer it to historic
approaches:
Added value is given to clients, as the approach focuses on the business as a whole.
Audit attention focused on high level controls with extensive use of analytical procedures,
increases audit efficiency and therefore reduces cost.
It does not focus on merely routine processes, which technological developments have rendered
less prone to error than has historically been the case.
It responds to the importance placed by regulators and the Government on corporate governance.
Engagement risk (risk of auditor being sued) is lower as a result of broader understanding of the
client's business and practices.
2.3 Other audit strategies
In addition to the 'top-down' or business risk approach, a variety of different audit strategies may be
adopted. These have been covered in your previous studies, and will only be mentioned briefly here. They
include:
Systems audit
Balance sheet approach
Transaction cycle approach
Directional testing
http://accountingpdf.com/
154 6: Planning and risk assessment Part D Audit of historical financial information
2.3.1 Systems audit
An auditor may predominantly test controls and systems, but substantive testing can never be eliminated
entirely.
2.3.2 Balance sheet approach
This is the most common approach to the substantive part of the audit, after controls have been tested. It
is named after the old name for the statement of financial position, the 'balance sheet'.
The statement of financial position gives a snapshot of the financial position of the business at a point in
time. It follows that if it is not a misstatement, and the previous snapshot was fairly stated, then it is
reasonable to undertake lower-level testing on the transactions which connect the two snapshots, for
example, analytical procedures.
Under this approach, therefore, the auditors seek to concentrate efforts on substantiating the closing
position in the year, shown in the statement of financial position, having determined that the closing
position from the previous year (also substantiated) has been correctly transferred to the opening position
in the current year.
In some cases, particularly small companies, the business risks may be strongly connected to the fact that
management is concentrated on one person. Another feature of small companies may be that their
statement of financial position is uncomplicated and contains one or two material items, for example,
receivables or inventory. When this is the case, it is often more cost effective to undertake a highly
substantive statement of financial position audit than to undertake a business risk assessment, as it is
relatively simple to obtain the assurance required about the financial statements from taking that
approach.
However, when not undertaken in conjunction with a risk-based approach or systems testing, the level of
detailed testing can be high in a balance sheet approach, rendering it costly.
2.3.3 Transaction cycle approach
Cycles testing is in some ways closely linked to systems testing, because it is based on the same systems.
However, here we are looking at them in terms of substantive testing.
When auditors take a cycles approach, they test the transactions which have occurred, resulting in the
entries in the statement of profit or loss (for example, sales transactions, inventory purchases, wages
payments, other expenses).
They would select a sample of transactions and test that each transaction was complete and processed
correctly throughout the cycle. In other words, they substantiate the transactions which appear in the
financial statements.
The auditors may assess the systems of a company as ineffective. In this case, they would carry out
extensive substantive procedures. The substantive approach taken in this situation could be a transaction
cycles approach. In fact, if systems have been adjudged to be ineffective, the auditor is more likely to take
a transaction cycles approach than a balance sheet approach, as it will be essential that the auditor
substantiates that the transactions have been recorded properly in spite of the poor systems.
2.3.4 Directional testing
Directional testing is a method of undertaking detailed substantive testing. Substantive testing seeks to
discover misstatements and omissions, and the discovery of these will depend on the direction of the test.
Broadly speaking, substantive procedures can be said to fall into two categories:
(a) Tests to discover misstatements (resulting in over- or under-statement). These tests will start with
the accounting records in which the transactions are recorded and check from the entries to
supporting documents or other evidence. Such tests should detect any over-statement and also
any under-statement through causes other than omission.
Point to note
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 155
(b) Tests to discover omissions (resulting in under-statement). These tests must start from outside
the accounting records and then check back to those records. Understatements through omission
will never be revealed by starting with the account itself, as there is clearly no chance of selecting
items that have been omitted from the account.
The concept of directional testing derives from the principle of double entry bookkeeping, in that for every
debit there is a corresponding credit (assuming that the double entry is complete and that the accounting
records balance). Therefore, any misstatement of a debit entry will result in either a corresponding
misstatement of a credit entry or a misstatement in the opposite direction, of another debit entry.
By designing audit tests carefully, the auditors are able to use this principle in drawing audit conclusions,
not only about the debit or credit entries that they have directly tested but also about the corresponding
credit or debit entries that are necessary to balance the books. Tests are therefore designed in the
following way.
The matrix set out below demonstrates how directional testing is applied to give assurance on all account
areas in the financial statements.
Primary test also gives comfort on
Type of account Purpose of primary test Assets Liabilities Income Expenses
Assets Overstatement (O) U O O U
Liabilities Understatement (U) U O O U
Income Understatement (U) U O O U
Expense Overstatement (O) U O O U
A test for the overstatement of an asset simultaneously gives comfort on understatement of other assets,
overstatement of liabilities, overstatement of income and understatement of expenses.
So, by performing the primary tests shown in the matrix, the auditors obtain audit assurance in other audit
areas. Successful completion of the primary tests will therefore result in them having tested all account
areas both for overstatement and understatement.
The major advantage of the directional audit approach is its cost effectiveness.
(a) Assets and expenses are tested for overstatement only, and liabilities and income for
understatement only, that is, items are not tested for both overstatement and understatement.
(b) It audits directly the more likely types of transactional misstatement, ie unrecorded income and
improper expense (arising intentionally or unintentionally).
Directional testing is particularly useful when there is a high level of detailed testing to be carried out, for
example, when the auditors have assessed the company's controls and accounting system as ineffective.
Question Audit strategy
As audit senior, you have recently attended a meeting with the managing director of Go Shop Co (audit
client) and the new audit partner assigned to the audit, Mike Kenton, who has recently joined your firm,
Eastlake and Pond. The audit partner is familiarising himself with the client.
Go Shop Co is a large limited liability building company set up by John Yeams, who has been managing
director since incorporation. It operates in the south of the country, purchasing land outside of major
towns and building retail parks, which the company then manages. You are familiar with the client, as you
have taken part in the audit for the last three years. The other key member of the board is Kathleen Hadley,
who set up the business with John Yeams and is finance director. Kathleen is a qualified accountant, and
the accounting systems and procedures at Go Shop Co have always appeared sound.
You took minutes of the meeting, which are given below.
Point to note
http://accountingpdf.com/
156 6: Planning and risk assessment Part D Audit of historical financial information
Minutes of a meeting between Mike Kenton and John Yeams, 30 March 20X2
MK introduced himself to JY and asked for a brief history of the business, which was given. Currently, the
majority of income is from the property management side, as the building market is becoming saturated.
With interest rates set to rise, JY is less keen to borrow and build in the current climate.
MK asked JY whether a recent spate of terrorist bomb attacks had had any effect on business. JY
commented that he had been given the impression that retail was down and that customers were staying
away from the retail centres – but he felt that some of that could be attributed to a rise in interest rates and
was likely to be temporary. The first months of the year are always poor for retail …
MK asked whether there had been a rise in empty units in the retail centres. JY said there had been a small rise.
MK asked JY about his views in relation to the current proposed legislation before the Government
concerning quality standards in the building trade. JY commented that it seemed like a 'load of nonsense'
to him, and expressed some dissatisfaction with the current political situation … MK pressed the matter,
enquiring as to JY's opinion on the likely effects on his business were more stringent standards to be
required in the future. JY is of the firm belief that it would not be passed. MK expressed his fear that the
legislation was more than likely to be passed, and would have far-reaching and expensive effects on most
builders in the country. JY repeated some of his previous comments about politicians.
MK enquired as to whether there were any anticipated developments in the business that he should know
about. JY made reference to KH's plans to retire from full-time work in the business. MK asked how JY
was going to replace her. JY commented that he was hoping to persuade her to stay on as she deals with
all the financial side, and he'd be lost without her. MK tried to enquire how firm her retirement plans were,
but JY was not forthcoming.
After the meeting, Mike Kenton asked you to ring Kathleen and discuss her plans. She confirmed that she
does plan to retire. She informed you that she plans to emigrate to Australia, and is not keen to put back
her plans. She asked about the possibility of Eastlake and Pond assisting in the recruitment process for
her replacement, as she does not feel that John Yeams has the technical ability to recruit someone without
her, and has not accepted her plans enough to recruit before her retirement. She said that she has even
wondered about the possibility of someone being seconded to the company from Eastlake and Pond to
cover her position after she has left and before her replacement is found.
Mike is keen to reappraise the audit strategy taken towards the audit of Go Shop, as he feels the audit
could be conducted more efficiently than it has been in the past. Historically the audit has been highly
substantive.
Required
(a) Identify and explain the key business risks that exist at Go Shop.
(b) Explain what is meant by the 'business risk approach' to an audit.
(c) Propose and justify a strategy for the audit of Go Shop.
(d) Discuss the ethical implications for the audit of the two suggestions made by Kathleen.
Approaching the answer
Question Audit strategy
As audit senior, you have recently attended a meeting with the managing director of Go Shop Co (audit
client) and the new audit partner assigned to the audit, Mike Kenton, who has recently joined your firm,
Eastlake and Pond. The audit partner is familiarising himself with the client.
Go Shop Co is a large limited liability building company set up by John Yeams, who has been managing
director since incorporation. It operates in the south of the country, purchasing land outside of major
towns and building retail parks, which the company then manages. You are familiar with the client, as you
Volatile industry
Cumulative knowledge and
understanding
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 157
have taken part in the audit for the last three years. The other key member of the board is Kathleen Hadley,
who set up the business with John Yeams and is finance director. Kathleen is a qualified accountant, and
the accounting systems and procedures at Go Shop Co have always appeared sound.
You took minutes of the meeting, which are given below.
Minutes of a meeting between Mike Kenton and John Yeams, 30 March 20X2
MK introduced himself to JY and asked for a brief history of the business, which was given. Currently, the
majority of income is from the property management side, as the building market is becoming saturated.
With interest rates set to rise, JY is less keen to borrow and build in the current climate.
MK asked JY whether a recent spate of terrorist bomb attacks had had any effect on business. JY
commented that he had been given the impression that retail was down and that customers were staying
away from the retail centres – but he felt that some of that could be attributed to a rise in interest rates and
was likely to be temporary. The first months of the year are always poor for retail ...
MK asked whether there had been a rise in empty units in the retail centres. JY said there had been a small
rise.
MK asked JY about his views in relation to the current proposed legislation before the Government
concerning quality standards in the building trade. JY commented that it seemed like a 'load of nonsense'
to him, and expressed some dissatisfaction with the current political situation … MK pressed the matter,
enquiring as to JY's opinion on the likely effects on his business were more stringent standards to be
required in the future. JY is of the firm belief that it would not be passed. MK expressed his fear that the
legislation was more than likely to be passed, and would have far-reaching and expensive effects on most
builders in the country. JY repeated some of his previous comments about politicians.
MK enquired as to whether there were any anticipated developments in the business, which he should
know about. JY made reference to KH's plans to retire from full-time work in the business. MK asked how
JY was going to replace her. JY commented that he was hoping to persuade her to stay on as she deals
with all the financial side, and he'd be lost without her. MK tried to enquire how firm her retirement plans
were, but JY was not forthcoming.
After the meeting, Mike Kenton asked you to ring Kathleen and discuss her plans. She confirmed that she
does plan to retire. She informed you that she plans to emigrate to Australia, and is not keen to put back
her plans. She asked about the possibility of Eastlake and Pond assisting in the recruitment process for
her replacement, as she does not feel that John Yeams has the technical ability to recruit someone without
her, and has not accepted her plans enough to recruit before her retirement. She said that she has even
wondered about the possibility of someone being seconded to the company from Eastlake and Pond to
cover her position after she has left and before her replacement is found.
Good control
environment
Impact on
any
borrowing
Going concern
Knock on
going
concern
issues? Pressure on major
customers
Compliance risk if legislation is passed – likely?
And going concern?
Operational risk – loss of key staff member, and implications for FS
and control environment
Independence
issues
http://accountingpdf.com/
158 6: Planning and risk assessment Part D Audit of historical financial information
Mike is keen to reappraise the audit strategy taken towards the audit of Go Shop, as he feels the audit
could be conducted more efficiently than it has in the past. Historically the audit has been highly
substantive.
Answer plan
(a) Business risks (b) Business risk approach (BRA)
Operational – industry
(i) Building industry volatile and apparently
saturated
(ii) Retail management – retail industry
volatile and affected by bomb threats /
interest rates
Define BRA – link to Audit Risk Approach,
etc …
Indicator of going concern problem?
Receivables' recoverability
Tangible non-current assets impairment
Operational – personnel
About to lose key management on the financial
side and no current plans to replace her. Could
severely affect systems in the finance department
– could have knock-on effects on sales and
purchases relationships – suppliers/customers.
Effect on financial statements (FS)
themselves – more prone to error?
Also, impact on control environment?
Finance
Likely that Go Shop has high borrowings against
buildings built and managed – therefore increase
in interest rates could be bad – particularly if they
have borrowed lots while interest rates were low.
Going concern
Interest rates
Compliance
Potential statute concerning quality standards:
(i) Far reaching
(ii) Expensive
(iii) Going concern?
Going concern
(c) Strategy
BRA – have identified business risk
Key risks to financial statements as identified above – linked strongly … seems reasonable to
extend audit risk approach in this way.
Control environment strong – therefore reasonable to do controls testing – but question if this will
still be the case when KH leaves.
Also, senior has cumulative knowledge and understanding – therefore analytical procedures will be
good. Explanations available for analytical review.
BRA is generally more efficient than highly substantive – due to top-down procedures.
(d) Ethical implications
Recruitment mustn't make management decisions.
Secondment – must ensure that there are 'Chinese walls' between staff on audit team and
seconded staff – may represent too great a loss of objectivity due to familiarity.
Link with senior's cumulative knowledge and understanding – analytical
review? Use of business risk approach. Control environment is sound …
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 159
Answer
(a) Key business risks at Go Shop
Operational – industry
The building industry is generally considered to be a volatile industry and sensitive to changes in
economic climate. The managing director has identified that the particular market that the company
operates in, retail parks, has become saturated. Go Shop's business is therefore likely to be volatile
generally and the market for the services Go Shop provides is saturated. This is an operational risk
– what will Go Shop do if it does not do what it has done historically?
The company is not only strongly connected with the building industry but also the retail industry.
This is another industry that is volatile. It has recently been affected by higher interest rates and
reduced consumer spending. It has also suffered due to the bomb threats made against retail
parks, which have discouraged consumers from shopping.
Operational – personnel
The business is about to lose a key member of personnel on the financial side, and there appear to
be no current plans to replace her. This could severely affect systems in the finance department,
which could have a knock-on effect on crucial supplier and customer relations and therefore the
operations of the wider business.
Finance
It is likely that Go Shop has a high level of borrowings secured on the buildings that they have
built and now manage. If this is the case, the increase in interest rates will adversely affect their
business directly in the form of interest on these loans. This may be particularly severe if they have
overborrowed when interest rates were low.
Compliance
There is currently legislation before the Government that is likely to have far-reaching effects on the
operations of Go Shop's building arm. The law relates to quality standards in the building industry
and is likely to be costly to implement. It is possible that Go Shop will struggle to afford to
implement such standards. An even more significant concern is that it appears that the director
has taken no steps to mitigate this risk and has put no action plans into place to ensure that the
law would be complied with, if passed. This could mean that the company could be liable to legal
action and fines.
(b) Business risk approach
The business risk approach is an extension of the audit risk approach. When using an audit risk
approach, the auditors focus their attention on matters that they feel are the most significantly risky
to the financial statements so that they can provide a cost-effective audit.
The audit risk approach concentrates on three areas of risk; inherent risk, control risk and detection
risk.
In a business risk approach, the auditors determine that the risks that are most likely to adversely
affect the financial statements are the business risks of the company, hence they direct their testing
to the business risks apparent in the business.
This can be illustrated in the given scenario by looking at the significant links between the business
risks identified and the financial statements.
http://accountingpdf.com/
160 6: Planning and risk assessment Part D Audit of historical financial information
Operational – industry
Volatile
industry
Significant issues relating to going concern arising, auditors should direct their
audit work in this area.
Retail units
affected by
bomb threats
Potential issues relating to receivables' recoverability. Retail units may not be able
to pay rent/honour leases if they are not receiving sufficient income from sales.
The potential fall in income related to the retail units could affect the valuation of
tangible non-current assets – is there a need for an impairment review?
Operational – personnel
Loss of FD
This could have a significant impact on the calculation and presentation of the
financial statements if they are now drafted by an inexperienced person.
There is also a significant impact on the control environment, which will affect
assessment of control risk.
Finance
Interest rates The issues relating to high interest rates will affect the interest figure in the
statement of profit or loss. It may also affect the going concern assumption.
Compliance
New law Depending on the timing of the new legislation and the outcomes discussed above,
this could affect events after the reporting period, contingencies or provisions. It
could also potentially affect going concern.
(c) Audit strategy
The audit strategy will depend on certain matters, such as the date when Kathleen Hadley leaves
the business. Assuming that she leaves after the audit, a business risk approach would be
appropriate.
This is because business risks have already been identified and, as outlined above, there are
significant links between the business risks and the financial statements.
The control environment has historically been strong, so making use of controls testing would
appear to be appropriate. This in particular is highly dependent on the presence of Kathleen Hadley
at the audit date.
The audit senior has experience of the client and significant knowledge of the business therefore
it seems appropriate that a high use be made of analytical procedures. It also appears that strong
explanations will be available for movements on accounts over the period. Again, this is dependent
on the presence of Kathleen Hadley.
Lastly, the business risk approach is considered an efficient approach as it uses 'top-down'
procedures, so as strong evidence appears to be available, it is sensible to take the most efficient
approach possible, while ensuring that a quality audit is conducted.
(d) Ethical implications
(i) Recruitment
It is very important that the audit firm does not take management decisions on behalf of the
entity. Hence it would be appropriate for it to take an advisory role in the recruitment
process, perhaps reviewing CVs and advising as to qualifications and factors to look for.
However, it should not get heavily involved in the interviewing process, as this could lead it
to, in effect, make management decisions on behalf of the directors.
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 161
(ii) Secondment
If a staff member of the audit firm is to be seconded to the audit client to work in this
significant role, the firm would have to be very clear that there were boundaries in place
between that staff member and the audit team. This may in practice be impossible.
However, provided that objectivity can be retained for the audit team and that there is not a
problem of familiarity, a secondment might be appropriate.
A problem of familiarity could arise in either of the following scenarios.
(1) The person seconded had previously worked on the audit and the strategy and
approach were not changed.
(2) The audit team were familiar with the person seconded and had a personal
relationship with them that presented a significant risk to objectivity.
Your approach to scenario questions should be to read the scenario as closely as you can, making notes
of anything that will help you answer the requirement. However, although it is true that everything in the
scenario has been put there on purpose by the examination team, not all of it will be relevant to the
requirement. Some of it could have been put there as a distraction, so you will need to make a judgement
about whether it is relevant or not.
A common example of this is where information on the business's operations is included in a scenario,
but this is not relevant to the audit. You should bear in mind that operations only affect the audit if they
result in an audit risk. Another example of irrelevant information would be matters that are clearly
immaterial to the audit in question.
Finally, just as the scenario may include irrelevant information, it may also be missing out information that
is relevant to you. A common requirement is to identify and explain any further information that will be
required. It is important here that you think practically about the evidence you would need to address the
audit risks you have found in the scenario.
Question More information needed?
You are currently planning the audit of Howling Wolf Co, a logistics firm. One of Howling Wolf's trucks
was involved in an unfortunate accident which resulted in the deaths of a number of sheep that belonged
to a local farmer. The farmer is angry, and is threatening to take legal action against Wolf unless it agrees
to compensate them for the damage done.
Howling Wolf's financial statements include a provision for the cost of replacing the sheep.
Required
Identify and explain the additional information that you would require to obtain audit evidence in respect of
the provision.
Answer
Information required includes:
The date of the incident with the sheep, which should already have happened. IAS 37 specifies that
a provision can only be created in relation to a present obligation arising as a result of a past event.
The probability that Wolf will be required to pay compensation to the farmer. If Wolf is likely to win
in any legal action, then no provision should be set up.
The number of sheep involved in the incident, along with an estimate of the cost of replacing them.
Exam focus
point
http://accountingpdf.com/
162 6: Planning and risk assessment Part D Audit of historical financial information
An estimate of the amount most likely to be paid to the farmer as compensation (if payment is
likely).
An estimate of the date by when the farmer is likely to paid. The time value of money is unlikely to
be material here, so the provision would be unlikely to be discounted.
Whether Howling Wolf's truck suffered significant damage as a result of the accident, and if so
what the costs of rectifying this damage are likely to be.
3 Materiality 12/10, 12/11, 6/13, 12/13, 6/14
Materiality considerations are important in both planning and performing the audit. An item might be
material due to its nature, value or impact on the users of the financial statements as a group.
3.1 ISA 320 Materiality in planning and performing an audit
Materiality issues are dealt with in two standards:
ISA 320 Materiality in planning and performing an audit
ISA 450 Evaluation of misstatements identified during the audit
Materiality. Misstatements, including omissions, are considered to be material if they, individually or in
the aggregate, could reasonably be expected to influence the economic decisions of users taken on the
basis of the financial statements.
Performance materiality. The amount or amounts set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If
applicable, performance materiality also refers to the amount or amounts set by the auditor at less than
the materiality level or levels for particular classes of transactions, account balances or disclosures.
(ISA 320)
ISA 320 requires auditors to set materiality (and performance materiality) at the planning stage. The
assessment of materiality at this stage should be based on the most recent and reliable financial
information and will help to determine an effective and efficient audit approach. Materiality assessment will
help the auditors to decide:
How many and what items to examine
Whether to use sampling techniques
What level of misstatement is likely to lead to a modified audit opinion
The resulting combination of audit procedures should help to reduce audit risk to an appropriately low
level.
FAST FORWARD
Key terms
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 163
Materiality criteria
An item might be material due to its:
Nature Given the definition of materiality as an item that would affect the readers of the financial
statements, some items might by their nature affect readers. Examples include
transactions related to directors, such as remuneration and contracts with the
company.
Value Some items will be significant in the financial statements by virtue of their size; for
example, if the company had bought a piece of land with a value which comprised threequarters
of the asset value of the company, that would be material. That is why
materiality is often expressed in terms of percentages (of assets, of profits).
Impact Some items may by chance have a significant impact on financial statements; for
example, a proposed journal which is not material in itself could convert a profit into a
loss. The difference between a small profit and a small loss could be material to some
readers.
3.1.1 Performance materiality
The concept of performance materiality allows an auditor to set different materiality levels for different
areas of the financial statements, according to their judgement of the audit risk that is particular to that
area. The idea is that overall materiality needs to be adjusted for the actual 'performance' of the audit in
particular areas, and cannot just be applied blindly. A better word for the concept might have been
'applied materiality', since it is mainly about how overall materiality is applied to particular areas.
The concept of performance materiality focuses in on the difference between the level of tolerable
misstatement and the level of actual misstatements detected. For example, if a misstatement were
detected that was just below overall materiality, then there is a difficulty for the auditor: the financial
statements are not materially misstated, but there is a risk that there may be undetected misstatements
which would push over the materiality threshold. The auditor should not just compare the amount of
detected misstatements with materiality as a whole, but should take into account the fact that only some
specific items have been tested (eg because sampling is used). Consideration of materiality needs to take
into account the possible undetected misstatements which might be lurking. Thinking in terms of
performance materiality means thinking of what the effect of individual misstatements might be on audit
risk for the financial statements as a whole. This provides the auditor with a margin of safety in relation to
any undetected misstatements, which are then less likely to exceed materiality as a whole.
Performance materiality therefore entails a prudent approach to materiality, and to determining the
procedures that are needed to conclude on whether or not the financial statements are materially
misstated. The higher the assessed risk, the lower the performance materiality must be set. This means
that the auditor will perform more audit work than if the concept of performance materiality did not exist.
As with overall materiality, setting performance materiality involves the use of professional judgement.
This judgement must take into account qualitative aspects, such as the level of risk attached to a particular
balance in the financial statements.
Example
An auditor might judge an entity's non-current assets to be a high-risk area. If non-current assets were
$20m and total assets $50m, then overall materiality might be set at 2% of total assets, ie $1m.
Performance materiality for non-current assets could then be set as a simple proportion of materiality, eg
$400,000 (= $20m/$50m × $1m).
Taking into account the auditor's judgement that non-current assets are higher risk, this could thus be
decreased to $300,000 in order to provide a greater margin of safety. Any misstatements above this level
would be judged material.
http://accountingpdf.com/
164 6: Planning and risk assessment Part D Audit of historical financial information
3.2 Guidelines for materiality
It is clear from the points made about materiality criteria that materiality is judgemental, and an issue that
auditors must be aware of when approaching all their audit work.
However, you will know from your previous studies that generally accepted rules about materiality exist.
Examples are:
Items relating to directors are normally always material.
Percentage guidelines are often given for materiality.
While materiality must always be a matter of judgement for the auditor, it is helpful to have some
guidelines to bear in mind. Reasons for this are:
The guidelines give the auditor a framework within which to base their thoughts on materiality.
The guidelines provide a benchmark against which to assess the quality of auditing, for example, in
the event of litigation or disciplinary action.
The following figures are appropriate starting points for the consideration of materiality.
Value %
Profit before tax 5
Gross profit ½–1
Revenue ½–1
Total assets 1–2
Net assets 2–5
Profit after tax 5–10
3.2.1 Qualitative materiality
Most of the discussion on materiality focuses on quantitative materiality, but materiality must also be
applied to qualitative disclosures in the financial statements. ISA 320 and ISA 315 were revised in 2015
to include guidance here. Essentially the same concept of materiality applies, ie a misstatement must be
viewed in terms of its effect on the economic decisions of users.
Examples of disclosures to which misstatements might be material include:
Liquidity/debt covenants
Events leading to recognition of impairment losses
Changes in accounting policies, eg because of a new IFRS, where this has a significant impact
Share-based payments
Related parties (and transactions with related parties)
3.3 Problems with materiality
As discussed above, materiality is a matter of judgement for the auditor. Therefore, prescriptive rules will
not always be helpful when assessing materiality. A significant risk of prescriptive rules is that a
significant matter, which falls outside the boundaries of the rules, could be overlooked, leading to a
material misstatement in the financial statements.
The percentage guidelines of assets and profits that are commonly used for materiality must be handled
with care. The auditor must bear in mind the focus of the company being audited.
In some companies, post-tax profit is the key figure in the financial statements, as the level of dividend is
the most important factor in the accounts.
In owner managed businesses, if owners are paid a salary and are indifferent to dividends, the key profit
figure stands higher in the statement of profit or loss, say at gross profit level. Alternatively in this
situation, the auditor should consider a figure that does not appear in the statement of profit or loss: profit
before directors' salaries and benefits.
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 165
Some companies are driven by assets rather than the need for profits. In such examples, higher
materiality might need to be applied to assets. In some companies, say charities, costs are the driving
factor, and materiality might be considered in relation to these.
While rules or guidelines are helpful to auditors when assessing materiality, they must always keep in
mind the nature of the business they are dealing with. Materiality must be tailored to the business and
the anticipated user of financial statements, or it is not truly materiality. Refer back to the definition of
materiality and consider all the elements of it.
In earlier studies, you may have calculated materiality by taking a weighted average of the calculated
percentages of revenue (½–1%), profit before tax (5%) and net assets (2–5%). This is appropriate when
calculating preliminary (planning) materiality. In this paper, you will often be calculating materiality in
relation to a specific item. You must only use the relevant comparator; for example, total assets if the
matter relates to the statement of financial position, profit before tax if the matter impacts on profit, and
both if it relates to the statement of financial position and impacts on profit; for example, a provision.
Question Materiality
You are the manager responsible for the audit of Albreda Co. The draft consolidated financial statements
for the year ended 31 March 20X2 show revenue of $42.2 million (20X1 $41.8 million), profit before
taxation of $1.8 million (20X1 $2.2 million) and total assets of $30.7 million (20X1 $23.4 million). In
March 20X2, the management board announced plans to cease offering 'home delivery' services from the
end of the month. These sales amounted to $0.6 million for the year to 31 March 20X2 (20X1
$0.8 million). A provision of $0.2 million has been made at 31 March 20X2 for the compensation of
redundant employees (mainly drivers).
Required
Comment on the materiality of these two issues.
Answer
Home delivery sales
The appropriate indicator of materiality with regard to the home delivery sales is revenue, as the home
delivery sales form part of the total revenue of the company.
$0.6 million is 1.4% of the total revenue for 20X2 (see Working 1).
An item is generally considered to be material if it is in the region of ½-1% of revenue, so the home
delivery services are material.
Provision
The appropriate indicators of materiality with regard to the provision are total assets and profit, as the
provision affects both the statement of financial position (it is a liability) and the statement of profit or loss
and other comprehensive income (it is a charge against profit).
$0.2 million is 0.65% of total assets in 20X2 (see Working 2). As an item is generally considered to be
material if it is in the region of 1–2% of total assets, the provision is not material to the statement of profit
or loss and other comprehensive income.
However, $0.2 million is 11% of profit before tax for 20X2 (see Working 3 below). An item is considered
material to profit before tax if it is in the region of 5%. Therefore, the provision is material to the statement
of financial position.
Exam focus
point
http://accountingpdf.com/
166 6: Planning and risk assessment Part D Audit of historical financial information
Working 1 Working 2 Working 3
$42.2million
$0.6million
× 100% = 1.4%
$30.7million
$0.2million
× 100 = 0.65%
$1.8million
$0.2million
× 100 = 11%
In the exam it is not necessary to comment, as in the question above, on the relevant indicator of
materiality. The bits that would have earned marks in the exam are shown in grey shade above. Note that
this question is for practice only, and is not representative of the actual P7 exam.
As a general rule, if an exam question gives you the information to calculate materiality then you should
calculate it. You should then think about whether there is anything else to think about in relation to
materiality or performance materiality – perhaps there will be a hint in the question that an item is material
by nature or impact? At P7 you will need to spot things, eg an immaterial misstatement that becomes
material by turning a profit into a loss.
Materiality is unlikely to be tested on its own, so once you have considered it you will probably need to go
on to consider other audit issues, eg further evidence or procedures required and the effect of a
misstatement on the audit report.
3.3.1 Revision as audit progresses
The auditor will revise the materiality level during the audit if they become aware of information that would
have caused a different materiality level to have been set in the first place.
Your ability to answer a question in the P7 exam often depends on little points like this. The December
2011 exam, for example, contained a scenario in which the audit manager stated that they wanted to 'fix
materiality at the planning stage for all audits'.
Most candidates could probably have guessed that this was wrong, but to score the two marks you
needed to state why it was wrong.
3.4 Documentation
The auditor must document:
Materiality for the financial statements as a whole
Materiality for particular balances, classes of transactions or disclosures
Performance materiality
Any revisions to the above
3.5 Evaluating material misstatements
ISA 450 Evaluation of misstatements identified during the audit provides more specific guidance on the
documentation and communication of misstatements identified.
ISA 450.5
The auditor shall accumulate misstatements identified during the audit, other than those that are clearly
trivial.
Exam focus
point
Exam focus
point
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 167
All misstatements (other than those that are clearly trivial) must be communicated on a timely basis to
management with a request that they are corrected. If management does not correct them, then the
auditor is obliged to communicate the individual uncorrected misstatements to those charged with
governance, together with the effect on the audit opinion. Finally, for those misstatements that remain
uncorrected, management must provide written representations that they believe that the effects of the
misstatements (individually and in aggregate) are immaterial.
ISA 450.15
The auditor shall include in the audit documentation:
(a) The amount below which misstatements would be regarded as clearly trivial;
(b) All misstatements accumulated during the audit and whether they have been corrected; and
(c) The auditor's conclusion as to whether uncorrected misstatements are material, individually or in
aggregate, and the basis for that conclusion.
One of the competences you require to fulfil Performance Objective 19 of the PER is the ability to evaluate
evidence collected, demonstrating professional scepticism, investigating areas of concern and ensuring
documentation is complete and all significant matters and areas of judgement are highlighted. You can
apply the knowledge you gain from this chapter of the Text to help demonstrate this competence.
4 Risk 12/07, 6/08, 6/09, 12/10, 12/11,
6/12, 12/12, 6/13, 12/13, 6/14, 12/14, 6/15
As you know from your earlier auditing studies, the auditor must be aware of two types of risk.
Audit risk (sometimes known as assignment or engagement risk)
Business risk
Risk is examined in virtually every P7 exam paper, usually in the first question.
4.1 Audit risk
Auditors must assess the risk of material misstatements arising in financial statements and carry out
procedures in response to assessed risks.
ISA 200 Overall objectives of the independent auditor and the conduct of an audit in accordance with
international standards on auditing states that 'the auditor shall obtain sufficient appropriate evidence to
reduce audit risk to an acceptably low level'. As discussed in Section 1, the way they do this is by carrying
out risk assessment procedures, and then further audit procedures to respond to the risk assessment. We
shall look in detail at audit risk here.
ISA 200.5
… ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a
whole are free from material misstatement … It is obtained when the auditor has obtained sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level.
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. Audit risk is a function of the risk of material misstatement and
detection risk. Risk of material misstatement breaks down into inherent risk and control risk.
FAST FORWARD
Key terms
Exam focus
point
http://accountingpdf.com/
168 6: Planning and risk assessment Part D Audit of historical financial information
Inherent risk is the susceptibility of an assertion about a class of transaction, account balance or
disclosure to a misstatement that could be material, either individually or when aggregated with other
misstatements, before consideration of any related controls.
Control risk is the risk that a misstatement that could occur in an assertion about a class of transaction,
account balance or disclosure and that could be material, either individually or when aggregated with other
misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal
control.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements.
Case Study
Consider an oil company which has abandoned one of its oil rigs. This abandonment increases the risk of
material misstatement because the abandonment gives rise to an impairment in the value of the rig, which
might not be reflected in the financial statements. In other words, there is a risk that the financial
statements are misstated in respect of this oil rig.
You must be able to distinguish between audit risk and business risk. While many business risks will have
consequences for the audit by increasing audit risk, they are two separate issues. For example, the fact
that a company is exposed to foreign exchange risk is not an audit risk in itself. The audit risk is the
potential for material misstatement of the financial statements, especially in relation to IAS 21The effects
of changes in foreign exchange rates. This issue is discussed more fully in section 4.2.1 below.
4.1.1 Inherent risk
Although this section divides risks into inherent, control and detection risk, for your exam you will
generally only need to discuss the specific risks in the scenario in line with the requirement. For example,
if the requirement asks for a discussion of the audit risks in a scenario, then you should not spend time
trying to place risks into these categories (unless you are asked to do so). It is better focus instead on
describing the risks themselves.
Inherent risk is the risk that items will be misstated due to characteristics of those items, such as the fact
that they are estimates or that they are important items in the accounts. The auditors must use their
professional judgement and the understanding of the entity they have gained to assess inherent risk. If no
such information or knowledge is available then the inherent risk is assessed as high.
Factors affecting client as a whole
Integrity and attitude to risk of directors and
management
Domination by a single individual can cause problems
Management experience and knowledge Changes in management and quality of financial
management
Unusual pressures on management Examples include tight reporting deadlines, or market
or financing expectations
Nature of business Potential problems include technological
obsolescence or overdependence on single product
Industry factors Competitive conditions, regulatory requirements,
technology developments, changes in customer demand
Exam focus
point
Exam focus
point
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 169
Factors affecting client as a whole
Information technology Problems include lack of supporting documentation,
concentration of expertise in a few people, potential
for unauthorised access
Factors affecting individual account balances or transactions
Financial statement accounts prone to
misstatement
Accounts which require adjustment in previous period
or require high degree of estimation
Complex accounts Accounts which require expert valuations or are
subjects of current professional discussion
Assets at risk of being lost or stolen Cash, inventory, portable non-current assets (eg
laptop computers)
Quality of accounting systems Strength of individual departments (sales, purchases,
cash etc)
High volume transactions Accounting system may have problems coping
Unusual transactions Transactions for large amounts, with unusual names,
not settled promptly (particularly important if they
occur at period end)
Transactions that do not go through the system, that
relate to specific clients or are processed by certain
individuals
Staff Staff changes or areas of low morale
4.1.2 Control risk
Control risk is the risk that client controls fail to detect material misstatements. A preliminary assessment
of control risk at the planning stage of the audit is required to determine the level of controls and
substantive testing to be carried out.
If the auditor judges that the internal control system is good then control risk will probably be low. The
appendix to ISA 315 contains a summary of the components of a good system of internal controls. Here is
a summary of the summary.
Control environment. This encompasses:
Communication and enforcement of integrity and ethical values
Commitment to competence
Participation by those charged with governance
Management's philosophy and operating style
Organisational structure
Assignment of authority and responsibility
Human resource policies and practices
Entity's risk assessment process. The entity should have a process for identifying risks that may affect its
financial reporting, assessing these risks and then responding to them. Examples of risks that might affect
financial reporting include:
Changes in operating environment. Changes in the regulatory or operating environment can result
in changes in competitive pressures and significantly different risks.
New personnel. New personnel may have a different focus on or understanding of internal control.
New or revamped information systems. Significant and rapid changes in information systems can
change the risk relating to internal control.
http://accountingpdf.com/
170 6: Planning and risk assessment Part D Audit of historical financial information
Rapid growth. Significant and rapid expansion of operations can strain controls and increase the
risk of a breakdown in controls.
Information system. The information system relevant to financial reporting objectives, which includes the
financial reporting system, encompasses methods and records that:
Identify and record all valid transactions
Describe on a timely basis the transactions in sufficient detail to permit proper classification of
transactions for financial reporting
Measure the value of transactions in a manner that permits recording their proper monetary value
in the financial statements
Determine the time period in which transactions occurred to permit recording of transactions in the
proper accounting period
Present properly the transactions and related disclosures in the financial statements
Control activities. These include:
Performance reviews. These control activities include reviews and analyses of actual performance
versus budgets, forecasts and prior period performance
Information processing
Physical controls, encompassing eg the physical security of assets
Segregation of duties
Monitoring of controls. In addition to putting controls in place, management must monitor that they are
operating effectively, and that they continue to be appropriate when there are changes in circumstances.
4.1.3 Detection risk
Detection risk is part of audit risk, but it is not included in the risk of material misstatement.
Detection risk is the risk that audit procedures will fail to detect material misstatements. Detection risk
relates to the inability of the auditors to examine all evidence. Audit evidence is usually persuasive rather
than conclusive so some detection risk is usually present, allowing the auditors to seek 'reasonable
assurance'.
The auditors' inherent and control risk assessments influence the nature, timing and extent of
substantive procedures required to reduce detection risk and thereby audit risk.
The P7 examination team has commented again and again in examiner's reports that students often fail to
get the marks in questions on risk by not being specific enough about the audit risk being discussed.
The examiner's report for the December 2013 sitting is instructive in this regard. It identifies the following
common weaknesses in answers to a question asking for an evaluation of business risk in a scenario, and
identification and explanation of risks of material misstatement.
Writing too little for the marks available
Identifying issues but not explaining, evaluating or assessing the issues as required
Lack of any real analytical or discursive skills
Illegible handwriting and inadequate presentation
Lack of audit knowledge
Lack of basic accounting knowledge
Exam focus
point
Point to note
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 171
4.2 Business risk Pilot paper, 6/09
Business risk is the risk arising to companies through being in operation.
One of the competences you require to fulfil Performance Objective 3 of the PER is the ability to evaluate
activities in your area and identify potential risks of fraud, error or other hazards assessing their
probability and impact. You can apply the knowledge you have obtained from this chapter of the Study
Text to help demonstrate this competence.
Business risk is the risk inherent to the company in its operations. It is risks at all levels of the business. It
is split into three components.
Financial risks are the risks arising from the financial activities or financial consequences of an operation,
for example, cash flow issues or overtrading.
Operational risks are the risks arising with regard to operations, for example, the risk that a major
supplier will be lost and the company will be unable to operate.
Compliance risk is the risk that arises from non-compliance with the laws and regulations that surround
the business. The compliance risk attaching to environmental issues, for example, is discussed in
Chapter 15.
The above components of business risk are the risks that the company should seek to mitigate and
manage.
The process of risk management for the business is:
Identify significant risks that could prevent the business achieving its objectives
Provide a framework to ensure that the business can meet its objectives
Review the objectives and framework regularly to ensure that objectives are met
A key part of the process is therefore to identify the business risks. There are various tools used to do
this that you may have come across before. They are listed below.
SWOT analysis
The five forces model
The PEST analysis
Porter's value chain
The Study Guide states that you should be able to identify business risks in a question. If you have
previously used any of the above techniques they may be useful to you, but in the exam it will be better to
use common sense as you work through any given question, bearing in mind the three components of
business risk given above. You are unlikely to get many marks just for explicitly applying the above four
models to a scenario in P7.
4.2.1 Relationship between business risk and audit risk
On the one hand, business risk and audit risk are completely unrelated.
Business risk arises in the operations of a business.
Audit risk is focused on the financial statements of the business.
Audit risk exists only in relation to an opinion given by auditors.
In other ways, the two are strongly connected. At the most basic level, almost everything that a
company does results in some sort of financial effect, and where there are financial transactions there is
always the risk that these transactions are reported wrongly. For example, if a business makes a sale,
then there is a risk that this sale will not be reported in accordance with IFRS 15 Revenue from
contracts with customers.
FAST FORWARD
Key terms
Exam focus
point
http://accountingpdf.com/
172 6: Planning and risk assessment Part D Audit of historical financial information
The links between business risk and audit risk can be seen in the inherent and control aspects of audit
risk. In audit risk these are limited to risks pertaining to the financial statements, but the same risks that
are inherent audit risks can also be business risks. For example, a business with significant trade
receivables may have the business risk that cash is not recovered from receivables, and the audit risk that
trade receivables are overstated.
Likewise, control risk. In response to business risk, the directors put in place a system of controls. These
will include controls to help mitigate the financial aspect of business risk. These are the controls that audit
control risk incorporates.
Therefore, although audit risk is very financial statements focused, business risk does form part of the
inherent risk associated with the financial statements, not least because if the risks materialise, the going
concern basis of the financial statements could be affected.
Your examination team has stated that P7 students frequently confuse business risk with audit risk. If a
question asks for audit risks, do not write about business risks. The main way business risks directly
affect audit risk is through going concern, so if you are making a point about any other business risks in a
question on audit risk, then you need to be very clear and precise about the audit risk that the business
risk gives rise to.
It is important that you do not simply identify business risks if a question is to do with the risk of material
misstatement. In an article in Student Accountant, your examination team warns that 'the business risk
must be developed into a specific risk of material misstatement in the financial statements'.
4.3 Business risks from current trends in IT
4.3.1 The increasing risk of cyber incidents
Increasing connectivity and the openness of computer networks in the global business environment
exposes businesses to system and network failures and to cyber attack. The 2011 Norton Cyber Crime
report found that the total cost of cyber crime over the 24 countries being reported on was over $388bn,
with more than 1m people becoming victims of cyber crime every day. This figure is made up of £113bn
in lost cash (including the cost of repairing IT systems), along with $274bn in lost time.
4.3.2 Audit considerations
Auditors must assess their clients' procedures for identifying and addressing these risks. Some main
considerations are:
Has management established an information and internet security policy?
How does the entity identify critical information assets and the risk to these assets?
Does the entity have cyber insurance (many general policies now exclude cyber events)?
Is there a process for assuring security when linked to third-party systems (eg partners/
contractors)?
What controls are in place to ensure that employees only have access to files and applications that
are required for their job?
Are regular scans carried out to identify malicious activity?
Are procedures in place to ensure that security is not compromised when the company's systems
are accessed from home or on the road?
What plans are in place for disaster recovery in case of an incident?
These issues will be built into the auditor's assessment of the control environment of the entity and in
some cases may influence the auditor's view as to whether there are any uncertainties relating to the
going concern status of the entity.
Exam focus
point
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 173
4.3.3 E-commerce
Where an entity undertakes e-commerce, risk identification is crucial. E-commerce has become
increasingly important in recent years, and to a large extent early fears about security have proven to be
unfounded. However, a number of recent high-profile security breaches in relation to e-commerce
systems have underlined that this is an area that can carry significant operational risks, to which auditors
must give specific consideration.
Specific business risks include:
Loss of transaction integrity
Pervasive e-commerce security risks
Improper accounting policies
Non-compliance with tax, legal and regulatory requirements (eg local laws in relation to protection
of customers' data)
Overreliance on e-commerce
Systems and infrastructure failures
Damage to reputation if website fails or security is breached
Audit procedures regarding the integrity of the information in the accounting system relating to
e-commerce transactions will be concerned with evaluating the reliability of the system for capturing and
processing transactions.
Therefore in contrast to audit procedures for traditional business activities which focus separately on
control processes relating to each stage of transaction processing, audit procedures for sophisticated
e-commerce often focus on automated controls.
Case Study
Risk in an e-commerce environment
Tripper Co is a travel agency operating in three adjacent towns. The directors have recently taken the
decision that they should cease their operations and convert into a dot.com. The new operation,
Trippers.com, will benefit from enlarged markets and reduced overheads, as they will be able to operate
from single, cheaper premises.
Such a business decision has opened Tripper Co up to significant new business risks.
Customers
Converting to a dot.com company in this way enforces a loss of 'personal touch' with customers. Tripper
staff will no longer meet the customers face to face. In a business such as a travel agency, this could be a
significant factor. Customers may have appreciated the service given in branches and may feel that this
level of service has been lost if it is now redirected through computers and telephones. Trippers should be
aware of the possibility of, and mitigate against, loss of customers due to perceived reduction in service.
Competition
By leaving the local area and entering a wider market, Tripper is opening itself up to much more
substantial competition. Whereas previously Trippers competed with other local travel agents, it will now
be competing theoretically with travel agents everywhere that have internet facilities.
Technology issues
As Tripper has moved into a market that necessitates high technological capabilities, a number of
business risks are raised in relation to technological issues:
Viruses
There is a threat of business being severely interrupted by computer viruses, particularly if the staff of
Trippers are not very computer literate or the system the company invests in is not up to the standard
required.
http://accountingpdf.com/
174 6: Planning and risk assessment Part D Audit of historical financial information
Viruses could cause interrupted sales and loss of customer goodwill, which could have a significant
impact on the going concern status of the company.
Loss of existing custom
Technology could be another reason for loss of existing customers. Their existing customers might not
have internet access or the ability to use computers. We do not know what Tripper's demographic was
prior to conversion.
However, if conversion means that Tripper loses its existing client base completely and has to rebuild
sales, the potential cost in advertising could be excessive.
Cost of system upgrades
Technology is a fast moving area and it will be vital that Tripper's website is kept up to current standards.
The cost of upgrade, both in terms of money and business interruption, could be substantial.
New supply chain factors
Tripper may keep existing links with holiday companies and operators. However, it will have new
suppliers, such as internet service providers, to contend with.
Personnel
Due to the conversion, Trippers.com will require technical staff and experts. It may not currently have
these staff. If this is the case, it could be at risk of severe business interruption and customer
dissatisfaction.
If the directors are not computer literate, they may find that they are relying on staff who are far more
expert than they are to ensure that their business runs efficiently.
Legislation
There are a number of issues to consider here. The first is data protection and the necessity to comply
with the law when personal details are given over the computer. It is important that the website is secure.
E-commerce is also likely to be an area where there is fast moving legislation as the law seeks to keep up
with developments. Tripper must also keep up with developments in the law.
Lastly, trading over the internet may create complications as to what domain Tripper are trading in for the
purposes of law and tax.
Fraud exposure
The company may find that it is increasingly exposed to fraud in the following ways.
Credit card fraud relating from transactions not being face to face
Hacking and fraud relating from the website not being secure
Overreliance on computer expert personnel could lead to those people committing fraud
Tripper's auditors will be regarding the conversion with interest. The conversion will also severely affect
audit risk.
Impact on audit risk
Inherent risk
Many of the business risks identified above could have significant impacts on going concern.
Control risk
The new operations will require new systems, many of which may be specialised computer systems.
Detection risk
The conversion may have the following effects.
(a) Create a 'paperless office' as all transactions are carried out online – this may make use of
computer-assisted auditing techniques essential.
(b) The auditors may have no experience in e-commerce which may increase detection risk.
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 175
(c) There are likely to be significant impacts on analytical review, as results under the new operations
are unlikely to be very comparable to the old.
(d) There may be a significant need to use the work of experts to obtain sufficient, appropriate audit
evidence.
When answering questions, try to let key phrases trigger your thoughts about particular issues, such as
systems and going concern. Above all, think about the nature of the business in the scenario and the
strengths and deficiencies likely to exist within it.
4.4 Risk of material misstatement 12/08, 12/09, 6/11
4.4.1 Definition
Risk of material misstatement is risk that the financial statements are materially misstated prior to audit.
This consists of two components: inherent risk and control risk. (ISA 200)
The material misstatement could involve:
Misstatements of the amounts recorded in the statement of profit or loss and other comprehensive
income or statement of financial position
Misstatements of, or omissions from, the disclosure notes
4.4.2 Link with business risk
Many, if not all, business risks will produce a risk of material misstatement.
Using the information in the previous case study to illustrate the link:
Business risk Risk of material misstatement
The business may lose sales as a result of computer
viruses, which could threaten the company's going
concern status.
Uncertainties over going concern may not be
fully disclosed.
Breaches of data protection law and other regulations
could result in the company suffering financial
penalties.
Provisions relating to breaches of regulations
may be omitted or understated.
The business may suffer losses from credit card fraud. Losses arising from frauds may not be
recognised in the financial statements.
Note that the definition of 'risk of material misstatement' given in ISA 200 refers to a misstatement 'prior
to audit'. What is being referred to here is the risk of material misstatement in the financial statements as
prepared by the client, completely apart from anything the auditor does. In terms of the audit risk model,
this can result from either a control risk or an inherent risk, but not a detection risk. Detection risks are
not 'prior to the audit', and do not meet ISA 200's definition of a 'risk of material misstatement'.
Your examination team stated in its April 2012 Student Accountant article that:
'Candidates are therefore advised that when answering a requirement based on the risk of material
misstatement they should focus their answer on inherent risk and control risk factors only.
Detection risk is not part of the risk of material misstatement.'
In other words, when you are asked for risks of material misstatement, you are not being asked for
anything about the audit itself (detection risk), but about the financial statements and the risk that they are
materially misstated. This is then a question of inherent risk and control risk, so when you are answering
questions in this area you should be looking for these types of risk.
Point to note
Exam focus
point
Key term
http://accountingpdf.com/
176 6: Planning and risk assessment Part D Audit of historical financial information
Question Audit risk
Forsythia is a small limited liability company offering garden landscaping services. It is partly owned by
three business associates, Mr Rose, Mr White and Mr Grass, who each hold 10% of the shares. The major
shareholder is the parent company, Poppy Co. This company owns shares in 20 different companies,
which operate in a variety of industries. One of them is a garden centre, and Forsythia regularly trades with
it. Poppy Co is in turn owned by a parent, White Holdings Co.
The management structure at Forsythia is simple. Of the three non-corporate shareholders, only Mr Rose
has any involvement in management. He runs the day to day operations of the company (marketing, sales,
purchasing etc) although the company employs two landscape gardeners to actually carry out projects.
The accounts department employs a purchase clerk and a sales clerk, who deal with all aspects of the
function. The sales clerk is Mr Rose's daughter, Justine. Mr Rose authorises and produces the payroll.
The company ledgers are kept on Mr Rose's personal computer. Two weeks after the year end, the sales
ledger records were severely damaged by a virus. Justine has a single printout of the balances as at year
end, which shows the total owed by each customer.
Forsythia owns the equipment which the gardeners use and they pay them a salary and a bonus based on
performance. Mr Rose is remunerated entirely on a commission basis relating to sales and, as a
shareholder he receives dividends annually, which are substantial.
Forsythia does not carry any inventory. When materials are required for a project, they are purchased on
behalf of the client and charged directly to them. Most customers pay within the 60 day credit period, or
take up the extended credit period which Forsythia offers. However, there are a number of accounts that
appear to have been outstanding for a significant period.
Justine and her father do not appear to have a very good working relationship. She does not live at home
and her salary is not significant. However, she appears to have recently purchased a sports car, which is
not a company car.
The audit partner has recently accepted the audit of Forsythia. You have been assigned the task of
planning the first audit.
Required
Identify and explain the audit and engagement risks arising from the above scenario.
Approaching the answer
Question Audit risk
Look for key words and ask questions of the information given to you. This is illustrated here:
Forsythia is a small limited company offering garden landscaping services. It is partly owned by three
business associates, Mr Rose, Mr White and Mr Grass, who each hold 10% of the shares. The major
shareholder is the parent company, Poppy Co. This company owns shares in 20 different companies,
'which operate in a variety of industries. One of them is a garden centre, and Forsythia regularly trades
with it. Poppy Co is in turn owned by a parent, White Holdings Co.
Receivables
likely to be
significant
Complicated
corporate
structure –
why?
Controlling
party?
http://accountingpdf.com/
Part D Audit of historical financial information 6: Planning and risk assessment 177
The management structure at Forsythia is simple. Of the three non-corporate shareholders, only
Mr Rose has any involvement in management. He runs the day-to-day operations of the company
(marketing, sales, purchasing etc) although the company employs two landscape gardeners to actually
carry out projects. The accounts department employs a purchase clerk and a sales clerk, who deal
with all aspects of the function. The sales clerk is Mr Rose's daughter, Justine. Mr Rose authorises and
produces the payroll. The company ledgers are kept on Mr Rose's personal computer. Two weeks
after the year end, the sales ledger records were severely damaged by a virus. Justine has a
single printout of the balances as at year end, which shows the total owed by each customer.
Forsythia owns the equipment which the gardeners use and they pay them a salary and a bonus based
on performance. Mr Rose is remunerated entirely on a commission basis relating to sales and as a
shareholder he receives dividends annually, which are substantial.
Forsythia does not carry any inventory. When materials are required for a project, they are purchased on
behalf of the client and charged directly to them. Most customers pay within the 60 day credit period, or
take up the extended credit period which Forsythia offers. However, there are a number of accounts that
appear to have been outstanding for a significant period.
Justine and her father do not appear to have a very good working relationship. She does not live at home
and her salary is not significant. However, she appears to have recently purchased a sports car, which is
not a company car.
The audit partner has recently accepted the audit of Forsythia. You have been assigned the task of
planning the first audit.
Answer plan
Not all the points you notice will necessarily be relevant and you may also find that you do not have time
to mention all the points in your answer. Now you should prioritise your points in a more formal answer
plan and then write your answer.
Is it slightly odd
that a landscape
gardening
business isn't
owned by
landscape
gardeners?
Poor controls
No segregation
of duties
Limitation? And given below, a suspicion of fraud?
Teeming and lading?
Any laws and
regulations
relevant?
Very profit
related focused
– management
bias?
How accounted
for?
Problem with
receivables fraud?
Fraud?
Detection risk
Opening balances
Comparatives – audited or not?
Any group
planning
issues?
Why not all the other group
companies? Why do they
have different auditors?
Key man?
Over reliance?
http://accountingpdf.com/
178 6: Planning and risk assessment Part D Audit of historical financial information
Audit risks
Inherent
Related party transactions/group issues
Receivables
Fraud – possible indicators, professional scepticism
Profit driven management
Credit extended – accounting/law and regs
Control
Lack of segregation of duties
PC/virus
Suspicion of fraud?
Key man insurance
Detection
First audit
Opening bals and comparatives – audited?
Engagement risks
Some questions raised which makes business look odd
Group (complex/different auditors/who controls?)
Nature of business – yet landscape gardeners hired
Indicators of potential fraud
Possible indicators of money laundering (complex structure/cash business)
These may be overstated, but auditor must (a) Consider them
(b) Be prepared for consequences
Answer
The following matters are relevant to planning Forsythia's audit.
Audit risks – inherent
Related parties and group issues
Forsythia is part of a complicated group structure. This raises several issues for the audit.
There is a risk of related party transactions existing and not being properly disclosed in the
financial statements in accordance with IAS 24 Related party disclosures.
Similarly, there is a risk that it will be difficult to ascertain the controlling party for disclosure.
There is likely to be some group audit implications. My firm may be required to undertake
procedures in line with the group auditors' requirements if Forsythia is to be consolidated.
Receivables
Forsythia is a service provider, and it extends credit to customers. This is likely to mean that trade
receivables will be a significant audit balance. However, there is limited audit evidence concerning trade
receivables due to the effects of a computer virus. There are also indicators of a possible fraud.
Fraud
There are various factors that may indicate a sales ledger fraud has taken/is taking place.
Lack of segregation of duties
Extensive credit offered
The virus only destroyed sales ledger information – too specific?
Poorly paid sales ledger clerk – with expensive lifestyle
Sales ledger clerk is daughter of a well-paid shareholder and they do not have a good relationship
None of these factors necessarily point to a fraud individually, but added together raise significant
concerns.
http://
No comments:
Post a Comment