Answer 1 AUDITORS AND AUDITING STANDARDS (a) Development, role, and authority of ISAs
ISAs set out the basic principles and essential procedures that auditors should follow in the conduct of an audit of financial statements. Auditing Standards are in bold type. The grey type found in ISAs provides guidance on the application of ISAs.
Each Standard contains objectives and requirements (“shall”) with related guidance (introductory, explanatory, application, definitions and other material, including appendices). The entire text of a Standard must be understood in order to apply the requirements of that Standard.
A current project is underway to redraft all ISAs – not to revise but to rewrite in plainer language and an improved structure. The differentiation between bold and plain text has been removed. The structure of the redrafted standard will show the objective and requirements of the standard and will be supported by application and other explanatory material – all of which should be considered as an integral part of the standard.
International Standards on Auditing are set by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC). The IAASB is made up of representatives (in practice, commerce, research and academic) of the profession who are members of IFAC.
Projects are identified by the members of the IAASB, the Consultancy Advisory Group, the Forum of Firms, national auditing standard setting bodies and IFAC members.
The Consultancy Advisory Group gives representatives of the business community and international organisations the opportunity to contribute to the development of international auditing guidance. Members of the Group represent organisations that have an interest in international auditing.
The Task Force carries out the basic research and development of an Exposure Draft (ED). This may be done as a joint project with a national auditing standard setting body.
ISAs apply to all audits of financial statements that are expressed in “true and fair”, “fair presentation”, or similar terms. Each of the objectives within a Standard must be considered within the context of the overall objective of the audit as a whole. If an objective cannot be achieved, the auditor must use their judgement to evaluate the impact on their ability to achieve the overall audit objective.
By their very nature, ISAs require auditors to use their professional judgement when applying them.
In exceptional circumstances, a professional accountant may judge it necessary to depart from a basic principle or essential procedure of a Standard (and Practice Statement) to achieve more effectively the objective of the engagement. When such a situation arises, the professional accountant should be prepared to justify the
Project is proposed and input sought
If approved, project assigned to a Task Force
Research carried out and Exposure Draft prepared
ED placed on IFAC website and widely distributed for comment to member bodies, interested parties and
Comments received are considered, ED revised and re-issued if substantive changes made
(b) The role of the ACCA in the regulation of auditors
Auditors are regulated differently in different countries. In some countries
governments regulate auditors directly, or through government organisations (eg the Public Accounting Oversight Board in the USA established by the Sarbannes-Oxley Act). In other countries the profession is self-regulating. In most cases, there is some combination of self-regulation and government regulation.
In the UK, the monitoring of the quality of the audit function carried out by listed company auditors is conducted by the Professional Oversight Board for
Accountancy (POBA) of the Financial Reporting Council (FRC).
The FRC is the UK’s independent regulator for corporate reporting and governance and is responsible for:
setting, monitoring and enforcing accounting and auditing standards statutory oversight and regulation of auditors
overseeing the regulatory activities of the professional accountancy bodies promoting high standards of corporate governance
operating an independent investigation and discipline scheme for public
interest (eg listed) cases
Inspection of auditors under the monitoring of the POBA is carried out by the Audit Inspection Unit (AIU). Such inspection incorporates a very thorough quality control review including reviews of audit working papers and audit procedures.
The regulation and inspection of auditors for non-listed companies is carried out directly by the professional bodies, eg the ACCA.
Professional bodies such as the ACCA, seek to uphold professional standards, to investigate complaints against auditors, and to assist auditors in the performance of their duties. They have both investigative powers and sanctions against auditors who do not comply with professional standards. These include fines, exclusion from membership, and the withdrawal of the licence to audit (audit registration).
Members of the ACCA are bound by its “Rules of Professional Conduct”.
The ACCA encourages high professional standards by setting academic requirements for those wishing to study for the examinations, by setting the examinations and by requiring additional experience of those who wish to practice as auditors. This includes passing both Auditing papers (F8 and P7) in the ACCA examinations.
In addition, all members of the IFAC (this includes the ACCA) are required to continue their development throughout their careers (CPD).
(c) How ISAs and national standards influence each other
In many countries, all new national Auditing Standards contain a statement to the effect that compliance with the national standard will ensure compliance with the relevant International Standard in all material respects, if that is the case, or it will explain the difference(s).
The requirements of the Standards do not override local regulations governing audit and assurance in a particular country. If local regulations have been followed and ISAs (and Practice Statements) that are applicable to the engagement have not been applied in their entirety, then compliance with ISAs cannot be stated as fact.
It is not always possible for local Auditing Standards to be the same as International Standards because of local legal requirements. Nevertheless, a number of countries have accepted International Standards in their entirety, or have accepted them subject to some minor local variations. International Standards are thus extremely useful for countries where the profession is not strong and where government does not seek to detail Auditing Standards, and where there are few resources to develop local standards.
Standard setters in countries where the profession is mature make a significant contribution to the development of ISAs by providing representatives to sit on IFAC Committees and working parties and by providing the resource to help draft
standards. National standard setters comment on consultation papers and exposure drafts issued by the IAPC and help summarise responses on certain projects.
ISAs only have force internationally if they have the support of those countries who lead the profession internationally. It is therefore essential for both national standard setters and international standard setters to take account of each other’s work.
Answer 2 JUMPER & CO
Memo From: A Manager, Tela & Co
To: Jumper & Co
Subject: Corporate Governance in the SGCC Company Date: dd/mm/yyyy
As requested, I write to explain where your client SGCC does not appear to be following appropriate corporate governance codes and to recommend changes to ensure that the principles of good corporate governance are being followed.
Chief Executive Officer (CEO) and Chairman
Mr Sheppard is both CEO and chairman of SGCC. Corporate governance indicates that the person responsible for running the company (the CEO) and the person responsible for controlling the board (the chairman) should be different people. This is to ensure that no one individual has unrestricted powers of decision.
I recommend that Mr Sheppard is either the CEO or the chairman and that a second individual is appointed to the other post to ensure that Mr Sheppard does not have too much power in SGCC. Composition of board
a balance of executive and executive directors so this cannot happen. A minimum of three non-executive directors are also normally recommended, although reports such as Cadbury note this may be difficult to achieve.
I recommend that the number of executive and non-executive directors is equal to help ensure no one group dominates the board. This will mean appointing more non-executive directors to SGCC. Director appointment
At present, Mr Sheppard appoints directors to the board, giving him absolute authority over who is appointed. This makes the appointment procedure and qualities directors are being appointed against difficult to determine. Corporate governance suggests that appointment procedures should be
transparent so that the suitability of directors for board positions can be clearly seen.
I recommend that an appointments committee is established comprising three non-executive directors to ensure there is no bias in board appointments. Formal job descriptions should also be published making the appointment process more transparent.
Review of board performance
It is correct that the performance of senior managers is reviewed, but this principle should also be applied to the board. While Mr Sheppard may undertake some review, this is not transparent and it is not clear what targets the board either met or did not meet.
I recommend that performance targets are set for each director and actual performance assessed against these on a regular basis. Reasons for underperformance should also be ascertained and where
appropriate, changes made to the composition of the board. Board pay
At present, board members’ pay is set by Mr Sheppard. This process breaches principles of good governance because the remuneration structure is not transparent and Mr Sheppard sets his own pay. Mr Sheppard could easily be setting remuneration levels based on his own judgements without any objective criteria.
I recommend that a remuneration committee is established comprising three non-executive directors. They will set remuneration levels for the board, taking into account current salary levels and the performance of board members. Remuneration should also be linked to performance, to encourage a high standard of work.
The system of internal control in SGCC does not appear to be reviewed correctly. While external auditors will review the control system, this review is based on their audit requirement and cannot be relied on to test the overall effectiveness of the system. The system may therefore still contain weaknesses and errors.
SGCC does not have an internal audit department. Given the lack of formal review of internal control in the company, this is surprising. Good corporate governance implies that the control system is monitored and that an internal audit department is established to carry out this task.
I recommend that an internal audit department is established, reporting initially to the audit committee who will monitor internal control and then summarise reports for the board.
There appears to be acceptable disclosure in the financial statements regarding the past results of the company. However, the board should also provide an indication of how the company will perform in the future, by a forecast review of operations or similar statement. This is partly to enable investors to assess the value of their investment in the company.
I therefore recommend that the annual accounts of SGCC include some indication of the future operations of the company.
There is no mention in the report of an audit committee. Good corporate governance implies that there is some formal method of monitoring external auditors as well as checking that the reports from the external auditors are given appropriate attention in the company.
I recommend that an audit committee is established – made up from non-executive directors. The committee will receive reports from the external and internal auditors (as mentioned above) and ensure that the board takes appropriate action on these reports.
I hope this information is useful. Please contact me again if you require any further assistance. Sincerely
Ann C. Outent
Answer 3 CORPORATE GOVERNANCE
Memo From: Chief Internal Auditor
To: Board of ZX
Subject: Role of Audit Committee Date: dd/mm/yyyy
Areas where the internal audit department can assist the directors with the implementation of good corporate governance in an organisation include:
Reviewing reports to the board and reports produced by the board to ensure that they do present a balanced and understandable assessment of the company’s position and prospects. The internal audit department will have good knowledge of the operations of the company as well as access to accounting information. The department can effectively “audit” board reports to ensure they are accurate and understandable.
The board need to maintain a sound system of internal control. The internal audit department will be able to review existing controls and recommend improvements to ensure this objective is met.
Application of ISA and IFRS
The board need to have a policy for applying appropriate International Statements on Auditing (ISA) and International Financial Reporting Standards (IFRS) to the organisation. Internal audit will certainly be aware of new auditing standards and will have the technical expertise (especially where internal auditors are professionally qualified) to identify changes required by accounting standards. Amendments to control systems for new auditing standards and financial accounting systems for new accounting standards can therefore be
Communication with external auditors
Under corporate governance regulations, communications with external auditors will normally be via the audit committee, although the board must maintain an appropriate relationship with the external auditors. However, internal and external auditors can also work together to ensure that the internal control system is sufficient; possibly by external audit delegating work to internal audit, and each auditor reviewing the work of the other auditor. The board will therefore receive reports from both sets of auditors which will be accurate because they have been properly checked.
Communication to the board
(b) The advantages of an audit committee include: Public confidence
Providing increasing public confidence in the creditability and objectivity of published financial information. This will be particularly important for ZX if listing arrangements go ahead. While an internal audit department is not normally necessary for incorporated companies, the provision of that department will provide additional confidence in the accuracy of the financial statements and hopefully make ZX an attractive investment. Financial reporting
Supports the directors in fulfilling their financial reporting obligations. The directors have to prepare financial statements for ZX. The committee can assist by checking the financial statements to ensure that they comply with appropriate reporting requirements. This is especially important where the board do not have detailed knowledge of accounting requirements.
Enhancing the role of ZX’s external auditors by providing an appropriate channel of
communication. Use of the audit committee will enable the external auditor to discuss issues with the financial statements with the internal auditor, prior to providing a final summary of key points to the board.
“Friend” of the Board
The audit committee may also act as a “critical friend” to the board by monitoring the work of the board and providing helpful guidance, where corporate governance requirements do not appear to be being met. The audit committee should have detailed knowledge of corporate governance as part of its monitoring function of the company and can share this with the board who may not have the time to obtain detailed information.
The disadvantages of an audit committee include: Lack of understanding of function
As the directors in ZX do not have much knowledge of corporate governance, they may see the additional involvement of the audit committee as a threat to their authority or taking away some of their responsibilities. This memo has hopefully outlined the advantages of an audit committee in supporting the work of the directors, removing this as a problem.
Role of non-executive directors
As the audit committee will be made up mainly from non-executive directors, the board may see this as a means of decreasing their power and possibly letting other people run the
company. Again, the audit committee must be seen as fulfilling a supporting role for the main board. It will utilise the special knowledge of account production and internal controls from the external auditor and business non-executives to provide appropriate review of information being given to the board.
Answer 4 FRAUD AND COMPLIANCE SEMINAR (a) Missing share certificates
The auditors must treat this matter as extremely serious. Not only has a senior executive perpetrated an illegal act, he has also been guilty of deliberately attempting to mislead the auditors.
The auditors must report the matter immediately to the audit committee, if there is one, or otherwise to the full board of directors (ISA 240). A criminal offence has been committed in the theft of the shares and in attempting to mislead the auditors. The auditors would expect appropriate action to be taken. Any further course of action depends on the action taken by the directors.
If the directors do not take appropriate action, such as reporting the matter to the police, the auditors must consider the desirability of continued association with the company. Failure to take action would make the directors a party to the wrongdoing involving, as it does, money for which they have a responsibility to the shareholders.
In most jurisdictions the auditors do not normally have any responsibility for reporting the matter to third parties except in the public interest or where there is some direct legal duty imposed on auditors. Their duty of confidentiality prevents their taking further action. However, on resigning, they can take the opportunity to reveal their concerns in any communication accompanying their resignation. They may also respond appropriately to professional enquiries from auditors nominated to replace them. However, they need to obtain legal advice on the form of such communication to avoid the risk of action for breach of confidence by the company or even defamation by the finance director.
If the directors do take appropriate action, the auditors must consider their position with respect to the current audit engagement. The finance director is a key person with respect to representations on which the auditors would have relied. Now that the credibility of that officer is in doubt, the necessary level of professional scepticism becomes much greater.
Such an official has the authority to override almost any control and is in a position to conceal such actions. The control environment must be regarded as being wholly ineffective and inherent risk assessed as high. Extended substantive procedures will now need to be performed in all areas that could have been manipulated by the chief financial officer.
Providing sufficient appropriate evidence is available then there would be no effect on the auditors’ report. It is possible, under the circumstances, that the auditors may be unable to reassure themselves that further misstatements are not present. In this case they would need to issue an “except for – scope limitation” qualified auditors’ report.
(b) Product safety
The finance director may be right in claiming the matter is of no consequence, but the fact of attempting to conceal the evidence from the proper authorities must arouse suspicions that the matter is serious. The auditors need to obtain independent expert advice on the implications of the matter. If the company denies access to an independent expert the auditors may consider, at the very least, issuing an “except for – scope limitation” qualified auditors’ report. If the expert confirms suspicions and the effect is potentially material, at the very least the auditors would require full provision to be made, failing which an “except for –
disagreement” qualified auditors’ report would be necessary (ISA 250).
If the auditors’ suspicions are confirmed and the effect is material, the auditors would normally report the matter to the board of directors and to the audit committee, if the
company has one. In this case, however, the board is implicated in the attempt to cover up the evidence, so the auditors would report solely to the audit committee.
Again legal advice needs to be sought on whether the actions of the board are illegal. If so, then they may consider it desirable to resign from the audit. Moreover, consideration must be given to the consequences of the continued supply of unsafe goods. It is likely the auditors have a case for alerting the appropriate authorities in the public interest which overrides their duty of confidentiality to the client – legal advice must be sought before doing so.
(c) Understatement of royalties
This suspected fraud differs in being perpetrated by the company and not by employees against the company. The auditors’ duty of confidentiality to the company prevents them from communicating their suspicions to the authors. However, the company has a liability under the terms of the royalty agreements which must be provided for until extinguished by the statute of limitations or other limitation on the rights of creditors to sue for amounts due.
The auditors would possibly seek legal advice on whether the company’s action was illegal, such as a conspiracy to defraud the authors or false accounting to obtain a pecuniary
advantage. If the directors’ actions are illegal the auditors would expect the directors to pay the amounts due in full. If the directors refuse, the auditors should consider resigning.
If the action is not illegal, it is certainly unethical, and the audit will be affected in two ways. Firstly, if the amounts are material and the company fails to make adequate provisions within the financial statements, the auditors must issue an “except for – disagreement” qualified auditors’ report (ISA 240). Secondly, the auditors will need to revise their assessment of inherent risk at the entity level. They would need to increase the tolerable level of detection risk and perform a higher level of substantive procedures than previously would have been considered necessary (ISA 240).
(d) Unclaimed wages
If there is no immediately apparent explanation, such as an employee on long-term sick leave, the circumstances arouse suspicions that the employee is fictitious – possibly a former
employee whose resignation the supervisor has deliberately withheld from the personnel department. If the amount is wholly immaterial, the auditor has no duty to investigate the matter further.
Answer 5 STONE HOLIDAYS
(a) Internal audit function: risk of fraud and error
The internal audit function in any entity is part of the overall corporate governance function of an entity. Corporate governance objectives include the management of the risks to which the entity is subject that would prevent it achieving its overall objectives such as profitability. Corporate governance objectives also include the overarching need for the management of an entity to exercise a stewardship function over the entity’s assets.
A large part of the management of risks, and the proper exercise of stewardship, involves the maintenance of proper controls over the business. Controls over the business as a whole, and in relation to specific areas, include the effective operation of an internal audit function.
Internal audit can help management manage risks in relation to fraud and error, and exercise proper stewardship by:
(1) commenting on the process used by management to identify and classify the specific fraud and error risks to which the entity is subject (and in some cases helping management develop and implement that process);
(2) commenting on the appropriateness and effectiveness of actions taken by management to manage the risks identified (and in some cases helping management develop appropriate actions by making recommendations);
(3) periodically auditing or reviewing systems or operations to determine whether the risks of fraud and error are being effectively managed;
(4) monitoring the incidence of fraud and error, investigating serious cases and making recommendations for appropriate management responses. In practice, the work of internal audit often focuses on the adequacy and
effectiveness of internal control procedures for the prevention, detection and reporting of fraud and error. Routine internal controls (such as the controls over computer systems and the production of routine financial information) and non-routine controls (such as controls over year-end adjustments to the financial statements) are relevant.
It should be recognised however that many significant frauds bypass normal internal control systems and that in the case of management fraud in particular, much higher level controls (those relating to the high level governance of the entity) need to be reviewed by internal audit in order to establish the nature of the risks, and to manage them effectively.
(b) External auditors: fraud and error in an audit of financial statements
External auditors are required by ISA 240 The Auditor’s Responsibility to Consider Fraud in an Audit of Financial Statements to consider the risks of material
Members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements due to fraud.
Auditors should make enquiries of management regarding management’s
assessment of fraud risk, its process for dealing with risk, and its communications with those charged with governance and employees. They should enquire of those charged with governance about the oversight process.
Auditors should also enquire of management and those charged with governance about any suspected or actual instance of fraud.
Auditors should consider fraud risk factors, unusual or unexpected relationships, and assess the risk of misstatements due to fraud, identifying any significant risks. Auditors should evaluate the design of relevant internal controls, and determine whether they have been implemented.
Auditors should determine an overall response to the assessed risk of material misstatements due to fraud and develop appropriate audit procedures, including testing certain journal entries, reviewing estimates for bias, and obtaining an understanding of the business rationale of significant transactions outside the normal course of business. Appropriate management representations should be obtained.
Auditors are only concerned with risks that might cause material error in the financial statements. External auditors might therefore pay less attention than internal auditors to small frauds (and errors), although they must always consider whether evidence of single instances of fraud (or error) are indicative of more systematic problems.
It is accepted that because of the hidden nature of fraud, an audit properly
conducted in accordance with ISAs might not detect a material misstatement in the financial statements arising from fraud. In practice, routine errors are much easier to detect than frauds.
Where auditors encounter suspicions or actual instances of fraud (or error), they must consider the effect on the financial statements, which will usually involve further investigations. They should also consider the need to report to management and those charged with governance.
Where serious frauds (or errors) are encountered, auditors need also to consider the effect on the going concern status of the entity, and the possible need to report externally to third parties, either in the public interest, for national security reasons, or for regulatory reasons. Many entities in the financial services sector are subject to this type of regulatory reporting and many countries have legislation relating to the reporting of money laundering activities, for example.
(c) Nature of risks arising from fraud and error: Stone Holidays
Stone Holidays is subject to all of the risks of error arising from the use of computer systems. If programmed controls do not operate properly, for example, the
information produced may be incomplete or incorrect. Inadequate controls also give rise to the risk of fraud by those who understand the system and are able to
All networked systems are also subject to the risk of error because of the possibility of the loss or corruption of data in transit. They are also subject to the risk of fraud where the transmission of data is not securely encrypted.
All entities that employ staff who handle company assets (such as receipts from customers) are subject to the risk that staff may make mistakes (error) or that they may misappropriate those assets (fraud) and then seek to hide the error or fraud by falsifying the records.
Stone Holidays is subject to problems arising from the risk of fraud perpetrated by customers using stolen credit or debit cards or even cash. Whilst credit card companies may be liable for such frauds, attempts to use stolen cards can cause considerable inconvenience.
There is a risk of fraud perpetrated by senior management who might seek to lower the amount of money payable to the central fund (and the company’s tax liability) by falsifying the company’s sales figures, particularly if a large proportion of holidays are paid for in cash.
There is a risk that staff may seek to maximise the commission they are paid by entering false transactions into the computer system that are then reversed after the commission has been paid.
Answer 6 MANLY
(a) Removal from office
(i) Removal by management
The financial statements being reported on represent a statement of accountability by management and directors to those on whose behalf they exercise their function, that is the shareholders, in the case of an incorporated business. The ability of management to control the appointment of auditors threatens to undermine the independence of the audit. They can effectively evade an unsatisfactory auditor’s report by dismissing the auditor. Even where the right to appoint (and remove) auditors is in the hands of shareholders or members,
management are often able to influence the exercise of that function.
There are a number of safeguards available to auditors to minimise the extent of the problem.
Not accepting appointment where there is reason to suspect management might seek to dismiss the auditor to evade an unsatisfactory report.
Communicating with predecessor auditors to ascertain if such reasons lie behind the proposed change of auditor.
Adhering strictly to professional independence rules to ensure an ability to withstand management threats of removal from office in an attempt to dissuade auditors from modifying their report.
Taking full advantage of whatever statutory protection exists against removal from office such as a right to communicate with shareholders where a change in
Adhering to professional rules relating to providing advice to non-audit clients, which might put undue pressure on their auditor. Without discussing all of the issues with the current auditors, the other firm in this question appears to be acting in breach of this rule.
(ii) Audit committee
It is now a requirement under many listing jurisdictions for listed companies to have an independent audit committee. The role of the committee is to oversee the integrity of the financial reporting controls and procedures implemented by management, to protect the interests of shareholders and other stakeholders.
For example, under the OECD Principles, the audit committee should be responsible (or at least recommend – as required by the UK Combined Code) for the appointment, re-appointment and sacking of the external auditors.
This therefore clarifies that the external auditors are responsible to the shareholders and not directly to the executive management of an entity.
All material audit findings should be discussed with the audit committee, as well as the executive directors. If the audit committee accept the auditor’s findings and the need to qualify, then it is unlikely that they would also recommend sacking the auditor.
(b) Provision of other services
(i) Rules of Professional Conduct
An auditor should not provide accountancy services to listed or public interest company audit clients except of a purely mechanical nature such as drafting the statutory financial statements.
Where accountancy services are provided to other company audit clients, the client should accept full responsibility for the records, the assistance should not extend to management decision making and a full audit must also be undertaken.
In the provision of other services, care must be exercised that the service is limited to providing advice and not the exercise of management functions. This applies particularly in providing executive recruitment services. The service should be limited to identifying a short-list and not to making the final selection.
Other services should not include the making of specialist valuations, which are to be incorporated in the audited financial statements.
The provision of non-audit services should not constitute recurring work which brings total fees received from that audit client to more than 15% of the firm’s gross fee revenues or 10% if the client is a listed or public interest company. The reasons for this are evident from the engagement partner’s reluctance to qualify the opinion for fear of angering the management and losing the audit.
Although not over the limit, fees from the provision of non-audit services are, nevertheless, high. The engagement partner’s concern is unprofessional and it would be hoped that professional accountants would be more objective.
(ii) Prohibition of non-audit service provision
The Rules of Professional Conduct state that, in principle, there is no objection to providing non-audit services to audit clients. However, it is also claimed that the provision of such services impairs auditor independence. The alleged scenario is as follows:
As auditors, the firm is appointed by and is responsible to the members of the company.
In providing other services, the firm is appointed by and is responsible to the management, although an audit committee would advise on the appointment.
Because of the advantages of dealing with just one firm of accountants, the management tends to prefer to use the audit firm to provide these other services.
If the firm loses the audit, they are likely to lose revenues from the provision of other services. This is clearly the case here and the audit partner’s judgement is strongly influenced by the potential loss of revenue.
The auditors recognise the ability of the management to influence auditor
appointment. Where auditors receive revenues from providing non-audit services, as in the case of Manly, it is alleged that management may exploit this fact in order to put pressure on the auditors.
Other services often attract higher fees than audit services. Firms may seek to secure audit appointments primarily as a means of obtaining contracts for the provision of more rewarding other services.
For these reasons, it is argued, firms should be forbidden to provide non-audit services to audit clients, or at the very least, such services are appointed by the audit committee.
The profession, on the other hand, argues that quarantining audit from the provision of non-audit services denies companies the right to select their professional advisers. It also imposes costs in that the audit, necessarily, will become more expensive as will the provision of non-audit services as the firm providing the services will not have the benefit of knowledge of the company gained through the audit.
As professionals, it is argued, accountants will not allow their judgement to be influenced by such considerations and the situation illustrated in the question is an unlikely one. Moreover, there is bound to be overlap between audit and non-audit services such as advice on internal control and related matters contained in the management letter.
Rotation is the term given to limiting the number of years an individual or a firm is associated with the audit of a particular client.
At a further level it is argued that audit firms should only serve a fixed term of office,
although not part of the requirements of the ACCA. The benefits of securing non-audit work from clients are substantially reduced if the term of office as auditor is limited to say seven years. Similarly, efforts to maintain good relations with management possibly to the extent of condoning questionable financial statements would no longer serve a useful purpose.
The argument against rotation of audit firms is that it imposes additional costs and risks. It is the first year as auditor that is most costly and also the year the auditor is at greatest risk of failing to detect misstatement through unfamiliarity with the client. Rotation of audit firms is statutorily required in some countries.
Answer 7 INTERNAL AUDITOR (a) Request to alter accounts
The first Fundamental Principle of the ACCA’s “Rules of Professional Conduct” states that members should behave with integrity in all professional relationships, and that integrity implies honesty, fair dealing and truthfulness.
It is therefore unethical for members of the ACCA to falsify financial records. To do so might also constitute a criminal offence and if the public interest or national security is involved, there may even be a responsibility to report the matter to third parties, although there is no indication in the question that this is the case. In practice however, the dividing line between what is acceptable and what is not is often a difficult one to draw.
The internal auditor should first conduct a thorough review of the internal records to establish whether or not the company has in fact complied with the bank’s
requirements. If the company has not done so, the question arises as to whether any legitimate changes can be made in order to meet the requirements.
The question indicates that the profit figures are significantly affected by the
calculation of the bad debt and depreciation figures. It is not uncommon for changes to such calculations to be made, although the justification for such changes must be in order to present the financial position more fairly, and not simply to achieve targets.
Changes in these calculations do not generally amount to changes in accounting policy and do not therefore require separate disclosure in financial statements as required by accounting standards (IAS 8 “Accounting Policies, Changes in Accounting Estimates and Errors”), unless perhaps the amounts are material, in which case they might constitute exceptional items (IAS 1 “Presentation of
Financial Statements”). Only if a change in calculations is justified by reference to a re-assessment of assets lives perhaps, or because the bad debt provision has been calculated over-prudently in the past, will it be acceptable to make the changes.
It may be legitimate to move bad debts and certain elements of depreciation from cost of sales to overheads, thus improving gross margins. This would not amount to a change in accounting policy but it would be important for the change to be disclosed if the effect were to mean that the bank’s conditions were met, and they would not have been met were the changes not made.
The situation might arise where the changes are made and the internal auditor agrees, subject to proper disclosure being made, or signs relevant documentation, but at a later stage discovers that the bank has not been properly informed about the changes. In these circumstances, there is no duty to report the matter to the bank, and the auditor would be in breach of his duty of confidentiality to his employer if he did so.
However, I would seriously consider whether to continue in employment with such a company. I would express my concerns, in writing, at the highest possible level, at all stages during the proceedings.
(b) Implications for the audit, the auditor’s report and the relationship between the firm and client
(i) Implications for the audit of the financial statements
The reasons for the changes in the accounting policy in relation to leases is likely to be important, because the amounts involved are likely to be material and disclosure in the financial statements is required by IAS 8. The external auditor should satisfy himself that the reason for the change is justified in terms of the financial statements giving a true and fair view.
The external auditor should establish the reasons for the change in the calculation of provisions in the same way as the internal auditor in (a) above. Whilst a matter may be material to the bank in the context of the lending decision, it may not be material to the audit of the financial statements.
If the external auditor believes that these changes are unjustified and symptomatic of a wider problem, he should investigate any other areas in which inappropriate changes may have been made, and form an opinion on the view given by the financial statements as a whole, not just in part.
(ii) Potential effect on the auditor’s report
The fact that the chief financial accountant is on holiday and that the internal auditor is unavailable is suspicious in itself. If the auditor cannot obtain adequate
information and explanations from the company then he is required to say so in the auditor’s report, which will be qualified. The external auditor should warn senior management of the client of this possibility, at the earliest possible opportunity, preferably in writing.
Furthermore, if there is significant doubt about the company’s ability to continue as a going concern, then a modified (but unqualified) audit report may be required under ISA 570 “Going Concern” (provided that the matter is properly disclosed), or a qualified report if the matter is not properly disclosed.
(iii) Implications for the continuing relationship between the audit firm and the client
Answer 8 CLIENT CONFIDENTIALITY
(a) Disclosure of information relating to clients to third parties
Auditors are permitted or required to disclose information about their clients to third parties without their knowledge or consent in very limited circumstances.
Generally, auditors can be required to, or are permitted to, disclose information to certain regulatory bodies, including certain specialist units within police forces under legislation. Such legislation in many countries includes financial services legislation, legislation concerning banks and insurance companies, legislation concerning money laundering and legislation concerning the investigation of serious fraud or tax evasion.
Auditors are also permitted or required to disclose information where they are personally involved in litigation, including litigation that involves the recovery of fees from clients, or where they are subject to disciplinary proceedings brought by ACCA or similar professional bodies.
Auditors are also permitted to disclose information where they consider it to be in the “public interest” or in the interests of national security. Factors to take into account include the seriousness of the matter, the likelihood of repetition and the extent to which the public is involved. This right is rarely used in practice.
(b) Response to requests
It is not unusual in practice for various bodies to request information from auditors “informally” because it relieves them of the obligation to obtain the necessary statutory authorities which may be time consuming or difficult.
Auditors must not disclose information without the consent of the client or unless the necessary statutory documentation is provided by the person(s) requesting the information.
Unless the auditor has reason to believe that there is a statutory duty not to inform the client that an approach has been made, the client should first be approached to see if consent can be obtained, and to see if the client is aware of the investigations, as should normally be the case. The auditor should ensure that the client is aware of the fact that voluntary disclosure may work in the client’s favour in the long run, but if the client refuses, the auditor should inform the client if the auditor has a statutory duty of disclosure.
Auditors should consider taking legal advice in all of the cases described.
Where auditors are made aware of potential actions against the client that may have an effect on the financial statements, they must consider the effect on the audit report. If the client is aware of the investigation, auditors will be able to seek audit evidence to support any necessary provisions or disclosures in the financial statements.
Auditors will be in a very difficult situation if they become aware of an action that may materially affect the financial statements, but where the client is not, and where auditors are under a statutory duty not to inform the client. This situation will not be improved by the resignation of auditors as they may be obliged to make a statement on resignation. This puts auditors in a very difficult position and legal advice is essential in such circumstances.
Tax authorities normally have powers to ask clients to disclose information voluntarily. Such voluntary disclosure is often looked on favourably by the tax authorities and the courts. Tax authorities normally also have statutory powers to demand information from both clients and auditors. The same is generally true of environmental and health and safety inspectors.
The power of the police to demand information is sometimes less clear and auditors and clients should take care to ensure that the appropriate authorities are in place. Those sections of the police investigating serious frauds usually have more powers than the general police. It is unlikely that trade union representatives have any statutory powers to demand information.
Answer 9 MELTON MANUFACTURING
(a) Investigations and practical and ethical matters to be considered
Eligibility – the firm should be recognised to provide audit services (eg a firm of Chartered Certified Accountants) and the reporting partner should hold a recognised qualification (eg be a member of the Association of Chartered Certified
Accountants and hold a practising certificate). The firm should have adequate professional indemnity insurance (PII) cover.
The reason for the change in auditor – whether it is just that the directors believe they do not receive a cost effective service from the existing auditor. There may be problems with the level of the audit fee or the existing auditor may want to modify his auditor’s report (which the directors are trying to prevent).
Previous years’ audited accounts. If the auditor’s report is modified, it indicates that the audit has a higher than normal risk. From these accounts it may be possible to assess:
whether the company appears to be having going concern problems (eg by
calculating appropriate ratios, eg debt/equity ratio);
if there could be weaknesses in the system of internal control (because the
company is small or has a dominant proprietor).
With a manufacturing company there are likely to be more problems with the valuation of inventory, but there would be less risks over sales and purchases as they are likely to be on credit. There could be problems with obsolete plant and equipment.
This does not appear to be a public company, but for a public company the auditor should not normally both prepare and audit the financial statements. For other companies, if the auditor both prepares and audits the financial statements, it is desirable that these are carried out by different staff.
Independence issues – in particular, shares should not be held in the client company. (Any shareholdings should be disposed before being appointed as auditor.) Close family and business relationship with any directors of the company would also impair objectivity.
Fees – should be sufficient to provide an acceptable return. An inadequate fee could result in insufficient audit work being carried out and thus increase the audit risk.
Prior experience of the manufacturing industry and auditing companies in this industry. Without such experience the auditor may not have the skills necessary to audit inventory, impairment of plant and equipment, etc. Thus, the invitation to accept the audit appointment would need to be declined.
Whether staff with special skills (eg of computer-aided manufacturing design) or external specialists may be required to carry out certain aspects of the audit.
Whether Melton Manufacturing will give permission to communicate in writing with the retiring auditor. If the prospective client refuses, the nomination should be refused.
With permission, the retiring auditor will be contacted and asked if there are any professional reasons why the appointment should not be accepted.
If the company has not paid the retiring auditor’s fees, the appointment can be accepted. However, if it suggests that Melton is a “bad payer” it can obviously be declined.
(b) Letter of engagement
The main reason why it is important that an auditor should send a letter of
engagement to the client is that it explains the duties of the auditor: and the contract, which exists between the auditor and the client. If no letter of engagement is sent, disputes and misunderstandings may arise about the auditor’s duties.
The letter of engagement explains that the auditor’s duties are governed by the relevant legislation and cannot be limited by the company. Also, the auditor reports to the shareholders (and not the directors) whether the financial statements show a true and fair view.
Further, it explains the directors’ responsibilities, particularly that they are
The auditors are only responsible for giving an opinion on the financial statements. They are not responsible for detecting small errors and fraud, but their audit
procedures should have a reasonable expectation of detecting material errors and fraud.
Finally, the engagement letter explains that the fee is based on the time spent by partners and staff in carrying out the audit.
It is important that the auditor obtains the directors’ agreement of the letter of engagement and that a revised letter is sent when there are significant changes to the terms of the existing letter.
(ii) Main contents
The letter is written on the auditor’s headed paper and is addressed to the directors of Melton Manufacturing.
It states the directors’ responsibilities for keeping proper accounting records and for preparing financial statements which show a true and fair view. The directors must make available to the auditor all the records he may reasonably require, and provide answers to the auditor’s questions.
The auditor has a duty to report on whether the financial statements show a true and fair view and comply with any relevant legislation.
Normally, the auditor would report if the financial statements do not comply in any material respect with accounting standards (IFRSs).
The audit is conducted in accordance with Auditing Standards (ISAs).
Oral or written representations may be asked from the directors concerning various matters in the financial statements.
The directors are responsible for preventing and detecting irregularities and fraud. The audit procedures would be designed so there is a reasonable expectation of detecting material misstatements in the financial statements: However, the audit should not be relied upon for detecting all irregularities and fraud that may exist.
As auditor, we may provide additional services. For example:
Preparing financial statements;
Lodging returns with the Registrar of Companies; Investigating irregularities and fraud;
Providing taxation services.
Fees are based on the time spent by partners and staff and on the levels of skill and responsibility involved.
Answer 10 BONDI
(a) Arguments against acceptance of nomination
Rapid growth is often accompanied by inadequate accounting systems and weak internal controls. Of itself this is not sufficient reason to decline an audit but it increases inherent risk.
Rapid growth through aggressive take-overs implies a management philosophy that is willing to accept risks and this is likely to apply to controls as well. Again this increases inherent risk.
Failure to take action against employee fraud brought to their notice by the auditors is more serious. This fosters a visible culture of unethical behaviour that is likely to permeate the company and to be shared by all employees. This will result in a weak control environment.
Introduction of a new computer system must be undertaken very carefully. In addition, an unnecessarily complicated system is one of the warning signs of fraud. Such a computer system may be difficult to audit.
Aggression against audit staff is a well known device for concealment of top management fraud. There are many documented examples of audit failure through fear of the audit staff to query management explanations.
The impending public listing means that the company is under pressure to show an improving performance but also means that the work of the auditor will come under increasing scrutiny. There are always significant risks in accepting an audit under such terms.
Arguments for accepting nomination
As a larger firm your firm is likely to have the capability of influencing the directors of Bondi and persuading them of the benefits of a more ethical style of business. This will benefit the company’s shareholders. If your firm rejects the audit they are likely to appoint a less
reputable firm. This will not be in the shareholders’ interest and may discredit the profession.
(b) Matters relevant to obtaining knowledge for development of the audit plan
More information is needed about the alleged employee frauds. In particular the specific control weaknesses that were exploited and whether any changes have since been made to the accounting and internal control systems.
The current positions held by the guilty employees and whether they have access to assets and accounting records. Also, whether they are adequately supervised especially if a lack of segregation of duties is apparent.
Particular attention should be given to the control environment relating to computer systems and to the evaluation of general (IT) and application controls.
Tests of controls could include the use of test data or other computer assisted audit techniques.
Contracts with manufacturers
Examine the terms of contracts and the strategies adopted by the company for securing maximum benefit from them.
An industry specialist may provide evidence regarding the problems encountered by manufacturers and dealers in confirming compliance with these contracts.
As the incentive schemes may have accounting implications (eg 0% finance) the commercial substance as well as the legal form of the transactions with the manufactures must be understood and the impact on the financial statements assessed.
As this appears to be a fraud against the government through falsification of accounting records, the evidence that the falsification of the records is deliberate and not an accidental consequence of a poorly designed computer system, must be documented.
The matter must be discussed with management. Management must be asked to:
−correct the fictitious records;
−make full provision for all taxes including any penalties for which they are potentially liable; and
−make a full disclosure to the taxation authorities.
If management refuse, the audit opinion should be qualified if the amount of taxes not provided for, if material. (However, the auditor’s report should not, for example, accuse the directors of impropriety.)
The auditor’s duty of confidentiality prevents the auditor from raising the matter with the taxation authorities. Therefore, it may be most appropriate to resign from the audit if management refuse to put a stop to the malpractice. Any written “statement of circumstances” required on ceasing to hold office could allude to the matter but would need to be carefully worded, probably with legal advice, to avoid accusing the directors of fraud and exposing the firm to a charge of defamation.
Answer 11 PLANNING DOCUMENTATION (a) “Overall strategy” v “Audit plan”
These documents are prepared and updated during the planning process, which is an ongoing process throughout the audit.
The audit strategy sets the scope, timing and direction of the audit, and helps guide the development of the more detailed audit plan. For example:
Ascertaining the reporting objectives deals with the timing of the audit and communications required, deadlines for interim and final reporting; key dates for expected communications with management and those charged with governance.
Establishing the direction of the audit deals with, for example, determination of appropriate materiality levels, preliminary identification of areas where there may be higher risks of material misstatement, preliminary identification of material components and account balances, evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of internal control, identification of recent, industry, financial reporting or other relevant developments impacting upon the entity.
The process of establishing the audit strategy helps the auditor to ascertain the nature, timing and extent of resources necessary to perform the engagement
The detailed approach for the nature, timing and extent of the audit procedures is set out in the audit plan.
The plan is more specific and concerns the principal audit areas, eg tangible assets, inventory, revenue cycle (ie sales, receivables and cash receipts), subsequent events and going concern.
An audit program typically contains:
Audit objectives eg “To ensure inventory is materially correctly stated”;
Audit procedures eg attendance at physical inventory count;
Timing of tests of control (usually “interim audit” procedures) and substantive procedures (usually at the “final audit”).
The audit program has to be much more detailed than the overall strategy in order to serve as a set of instructions.
(b) Standardized audit programs
Tutorial note: The Q refers only to the use of standardized AUDIT PROGRAMS and not “working papers” in general. Thus references to the use of standard letters and
documentation other than programs are not relevant to answering the question set. Advantages
Their use can lead to more efficient planning in identifying the audit objectives and adopting an approach based on these objectives. Greater assurance as to the completeness of the audit approach is obtained than if it were started from scratch. Planning can be undertaken by less senior staff.
Standardised programmes facilitate delegation to junior staff and help to instruct in basic audit techniques. They help to ensure that all assignments are planned and conducted to a consistent quality.
Standardisation may lead to an overly mechanical approach. This may stifle initiative because an alternative, more efficient approach may not be considered.
No account is taken of the particular circumstances of the individual enterprise. This decrease in the use of professional judgement for a particular assignment might result in over-auditing low risk or immaterial areas.
There is a risk that sufficient, relevant and reliable audit evidence may not be obtained. For example, where alternatives to tests not applicable to a particular client, are not considered.
Standard audit programmes may be useful on certain assignments to improve audit efficiency but they cannot replace the need for professional judgement.
(c) Information in working papers relating to attendance at physical inventory count Viewco’s physical count arrangements and instructions should be obtained before
attending the count:
to assess the adequacy of the client’s planned procedures; and to ascertain whether client’s staff are carrying out their instructions
Pre-selected (eg high value) items chosen to ensure that an adequate proportion of the final inventory value is tested (to conclude satisfactorily on the population).
Results of test counts (ie serial/component references and quantities) provide evidence as to the completeness and accuracy (or otherwise) of the count records (ie rough count sheets). Test counts also enable the auditor to assess whether the client’s count procedures and controls are working properly.
The sequence of rough count sheets issued and used will detect any additional items being included subsequent to attending the count.
Inventories identified as damaged, obsolete or slow-moving must be detailed to assess the adequacy of allowances/provisions for items with net realisable value less than cost.
Items owned by third parties must be recorded to ensure exclusion from the final inventory valuation sheets.
Last goods movement document references for 31 December 2008 (ie goods received note, stores requisition, despatch note/sales invoice) are needed to check the accuracy of the year-end cut-off.
A floor plan (sketch) of central warehouse should ensure complete coverage (by management and auditor) of the physical inventory count.
Details (eg serial numbers) of finished goods held by third parties are required to confirm the validity of their inclusion in the final inventory value.
The degree of assembly of incomplete TVs and VRs must be noted to assess appropriateness of stage of completion used in valuing WIP.
Instances where the client’s procedures have not been satisfactorily carried out (eg damaged items not set aside) will be required for the report to management with recommendations for improvements (eg in standing instructions for physical counts).
Answer 12 BESTWOOD TRADING (a) Audit working papers
The permanent audit file contains information which is relevant to many years’ audits. Its contents can include:
the letter of engagement;
the legal and organisational structure of the company, memorandum and articles of the company;
a history of the company, a description of its business, products, markets, production facilities, workforce, major suppliers, major customers;
details of statute/regulations under which the business operates, regulatory reports, related parties and past transactions;
details of directors and senior staff, non-executive directors, major shareholders, financing arrangements;
copies of previous years’ financial statements with key ratio analysis/trends (eg over five years) and commentary on the figures, performance measures
details of the company’s business control system, internal audit, risk procedures, control environment, accounting systems, control procedures, flowcharts, completed control and evaluation questionnaires, Business Risk Assessments;
details of the company’s locations, relevance to audit and visits made (perhaps on a rotational basis and rotational testing of controls)
copies of significant documents, including long-term contracts, finance leases minutes of significant board meetings;
The current audit fire contains documents which are relevant to the current year’s audit. This information includes:
understanding the entity and its environment updated from prior year and showing the impact for this year;
evidence of planning (strategy and plan) of the audit including the audit planning memorandum and briefing of key audit team members;
copies of board minutes, significant management reports, management accounts, the trial balance and draft financial statements. There should be a reconciliation of any difference in profit between the draft financial statements and the management accounts;
consideration of business and audit risk for each area of the audit. This could include notes on high risk areas of the audit, decisions on sampling approach, materiality etc;
consideration of fraud indicators;
copies of flowcharts and completed ICQs or ICEs if they are not included in the permanent audit file;
Tutorial note: It may be preferable to include flowcharts and ICEs or ICQs in the current audit file when there are changes to the systems in the year.
records of the audit work done (effectiveness of controls, transaction work, substantive work and analytical review), problems encountered and conclusions reached (see below);
by whom the schedules have been prepared and reviewed (as evidenced by their initials) and when (ie date);
evaluation, review and closedown procedures, going concern, subsequent events, IFRS checklists
a section for the manager’s and partner’s attention which lists significant problems encountered in the audit. This will include a summary of unadjusted errors. This section will direct the partner to these important areas, and to decide whether the financial statements need amending or a qualified auditors’ report should be given;
details of discussions with management and audit committee;
partner completion, approval and sign off.
(ii) Referencing system
Recording audit work in working papers is usually divided into sections which have a reference letter or number. For instance, the letter “R” could be used for Sales and
Within each section, there will be a sub-division whereby verification of receivables will be in pages Rl to 099 and audit work on the sales system will be on pages R100 to R199 (ie tests on statement of financial position items will be on pages 1-99 and tests on accounting systems will be on pages 100-199 – these numbers will be preceded by a letter which signifies the area of the audit, with “R” being for sales and receivables).
The front page of the “R” section of the audit file will show the value of receivables in the statement of financial position, and references on the make-up of receivables will be to the pages where details of verification of these items is included in the working papers. For instance, the total value of receivables will be broken down into:
verifying the gross value of trade receivables (eg on page R2 of the audit file); checking the bad and doubtful debt provision (eg on page R5);
audit of sundry receivables and prepayments (eg on page R10).
By using this standardized procedure for referencing audit files, all members of the firm’s audit staff, including managers and partners can review each section of the audit in a systematic manner. This should enable them to come to an appropriate conclusion on the audit work done and the form of auditors’ report which should be attached to the financial statements.
If no standardized procedure is used. the partner would find it time-consuming to find a particular matter in the audit file. By standardizing audit files, the audit work should be carried out in a more systematic manner which should ensure a high quality audit is carried out.
Particularly important sections in audit files include:
conclusions reached in each area of the audit and notes of any significant problems detected;
matters for consideration by the partner and the summary of unadjusted errors (which should include significant uncertainties).
(iii) Types of checklists
Internal control evaluation questionnaires (ICE) and internal control questionnaires (ICQ) for evaluating controls in accounting systems.
Physical inventory count checklists which are used to record work done and to ensure all aspects are covered.
Companies Act and International Financial Reporting Standards checklists to ensure the financial statements comply with relevant statutory and professional
Audit completion checklists (senior, manager and partner) to help the auditor ensure all material audit work has been performed and matters considered.