Module C Business Assurance

HKMCST13 (3" front binder)_Layout 1 02/08/2013 11:14 Page 1
Qualification Programme
Module C: Business Assurance

4th EDITION F O U RT H E D I T I O N
LEARNING PACK
Module C
Business Assurance
First edition 2010
Fourth edition 2013
ISBN 9781 4453 6967 9

Previous ISBN 9781 4453 6127 7
British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the
British Library
Published by
BPP Learning Media Ltd

BPP House, Aldine Place
142-144 Uxbridge Road
London W12 8AA
www.bpp.com/learningmedia
The copyright in this publication is jointly owned by

BPP Learning Media Ltd and HKICPA.
Printed in Singapore by Ho Printing
31 Changi South Street 1

Changi South Industrial Estate
Singapore
486769
Your learning materials, published by BPP Learning

Media Ltd, are printed on paper obtained from
traceable sustainable sources.
All rights reserved. No part of this publication may be

reproduced, stored in a retrieval system or transmitted in
any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior
written permission of the copyright holders.
The contents of this book are intended as a guide and not

professional advice. Although every effort has been made
to ensure that the contents of this book are correct at the
time of going to press, BPP Learning Media makes no
warranty that the information in this book is accurate or
complete and accept no liability for any loss or damage
suffered by any person acting or refraining from acting as a
result of the material in this book.
Every effort has been made to contact the copyright

holders of any material reproduced within this publication.
If any have been inadvertently overlooked, BPP Learning
Media will be pleased to make the appropriate credits in
any subsequent reprints or editions.
We are grateful to HKICPA for permission to reproduce the

Learning Outcomes and past examination questions, the
copyright of which is owned by HKICPA.
©
HKICPA and BPP Learning Media Ltd
2013
ii
Contents
Page
Director's message v
Introduction vi
Module structure vii
Chapter features viii
Learning outcomes ix
Module C Business Assurance
Part A Corporate governance

1 Scope of corporate governance 3
2 Corporate governance reports and practice 31
Part B Internal assurance

3 Internal assurance 69
Part C Professional standards and guidance

4 Code of Ethics 97
5 Framework for assurance engagements 149
Part D Assurance engagements

6 Quality control 169
7 Changes in auditor appointment 185
8 Planning, materiality and risk assessment 209
9 Audit evidence, procedures, audit methodologies and audit sampling 241
10 Fraud and irregularities 271
11 Internal control and tests of controls 297
12 Substantive procedures, including analytical procedures 327
13 Specific audit procedures 345
14 Using the work of others 405
15 Accounting estimates, opening balances and comparatives 421
16 Overall audit review and finalisation 445
17 Audit reporting 487
Introduction iii
Page
Part E Other audit matters

18 Group audits 523
19 Audit-related services and other assurance engagements 543
Part F Computerised business systems

20 Information technology 583
Answers to exam practice questions 615
Question bank – questions 647
Question bank – answers 675
Glossary of terms 719
Index 731
iv Business Assurance
Director's message
Welcome to the Qualification Programme (QP) of the Hong Kong Institute of Certified Public
Accountants (HKICPA).
You have made the decision to complete the HKICPA's QP which entails completing the training
programme, passing professional examinations and acquiring practical experience under an
authorized employer or supervisor. This marks a further step on your pathway to a successful
business career as a CPA and becoming a valued member of the HKICPA.
The QP comprising four core modules and a final examination will provide you with a foundation for
life-long learning and assist you in developing your technical, intellectual, interpersonal and
communication skills. You will find this programme challenging with great satisfaction that will open
a wide variety of career opportunities bringing in attractive financial rewards.
A module of the QP involves approximately 120 hours of self-study over fourteen weeks,
participation in two full-day workshops and a three-hour open-book module examination at the
module end. We encourage you to read this Learning Pack which is a valuable resource to guide
you through the QP.
The four core modules of the QP are as follows:
Module A: Financial Reporting
Module B: Corporate Financing
Module D: Taxation
Should you require any assistance at any time, please feel free to contact us on (852) 2287 7228.
May I wish you every success in your QP!
Jonathan Ng
Executive Director
Hong Kong Institute of Certified Public Accountants
Introduction v
Introduction
This is the fourth edition of the Learning Pack for Module C Business Assurance of the HKICPA
Qualification Programme.
The Institute is committed to updating the content of the Learning Pack on an annual basis to keep
abreast of the latest developments. This edition has been developed after having consulted and
taken on board the feedback received from different users of the previous edition. Some of the
examples and self-test questions have been rewritten to better reflect current working practices in
industry and facilitate the learning process for users of the Learning Pack.
The Learning Pack has been written specifically to provide a complete and comprehensive
coverage of the learning outcomes devised by HKICPA, and has been reviewed and approved by
the HKICPA Qualification and Examinations Board for use by those studying for the qualification.
The HKICPA Qualification Programme comprises two elements: the examinations and the
workshops. The Learning Pack has been structured so that the order of the topics in which you
study is the order in which you will encounter them in the workshops. There is a very close inter-
relationship between the module structure, the Learning Pack and the workshops. It is important
that you have studied the chapters of the Learning Pack relevant to the workshops before you
attend the workshops, so that you can derive the maximum benefit from them.
On page (ix) you will see the HKICPA learning outcomes. Each learning outcome is mapped to the
chapter in the Learning Pack in which the topic is covered. You will find that your diligent study of
the Learning Pack chapters and your active participation in the workshops will prepare you to
tackle the examination with confidence.
One of the key elements in examination success is practice. It is important that not only you fully
understand the topics by reading carefully the information contained in the chapters of the Learning
Pack, but it is also vital that you take the necessary steps to practise the techniques and apply the
principles that you have learned.
In order to do this, you should:
 work through all the examples provided within the chapters and review the solutions,
ensuring that you understand them;
 complete the self-test questions within each chapter, and then compare your answer with the
solution provided at the end of the chapter; and
 attempt the exam practice questions that you will find at the end of the chapter. Many of
these are HKICPA past examination questions, which will give an ideal indication of the
standard and type of question that you are likely to encounter in the examination itself. You
will find the solutions to exam practice questions at the end of the book.
In addition, you will find at the end of the Learning Pack a bank of past HKICPA case-study style
questions. These are past ‘Section A' examination questions, which present a case study testing a
number of different topics within the syllabus. These questions will provide you with excellent
examination practice when you are in the revision phase of your studies, bringing together, as they
do, the application of a variety of different topics to a scenario.
Please note that the Learning Pack is not intended to be a 'know-it-all' resource. You are required
to undertake background reading including standards, legislation and recommended texts for the
preparation for workshop and examination.
vi Business Assurance
Module Structure
This module will enable you to perform effective assurance and related assignments. You will also
understand the importance of corporate governance and be able to ensure it has been effectively
set up in an organisation. Please refer to the QP Learning Centre for the six-month rule and
examinable standards.
Overall Structure of Module C (Business Assurance)
External Function Internal Function

Part C Professional Standards and Guidance
Part D Assurance Engagements Part A
Corporate
I. Engagement Acceptance Governance
II. Audit Planning
Part B
III. Audit Execution
Internal
IV. Audit Completion Assurance
Part E Other Audit Matters
Part F Computerised Business Systems
Introduction vii
Chapter features
Each chapter contains a number of helpful features to guide you through each topic.
Topic list Tells you what you will be studying in the chapter. The topic items form the
numbered headings within the chapter.
Learning focus Puts the chapter topic into perspective and explains why it is important, both
within your studies and within your practical working life.
Learning The list of Learning Outcomes issued for the Module by HKICPA,
Outcomes referenced to the chapter in the Learning Pack within which coverage will be
found.
Topic highlights Summarise the key content of the particular section that you are about to
start. They are also found within sections, when an important issue is
introduced other than at the start of the section.
Key terms Definitions of important concepts. You really need to know and understand
these before the examination, and understanding will be useful at the
workshops too.
Examples Illustrations of particular techniques or concepts with a worked solution or

explanation provided immediately afterwards.
Case study An example or illustration not requiring a solution, designed to enrich your
understanding of a topic and add practical emphasis. Often based on real
world scenarios and contemporary issues.
Self-test questions These are questions that enable you to practise a technique or test your
understanding. You will find the answer at the end of the chapter.
Formula to learn You may be required to apply financial management formulae in Module B,
Corporate Financing.
Topic recap Reviews and recaps on the key areas covered in the chapter.
Exam practice A question at the end of the chapter to enable you to practise the
techniques that you have learned. In most cases this will be a past HKICPA
examination question, updated as appropriate. You will find the answers in a
bank at the end of the Learning Pack entitled Answers to Exam Practice
Questions.
Further reading In Modules B and D you will find references to further reading that will help
you to understand the topics and put them into the practical context. The
reading suggested may be books, websites or technical articles.
Bold text Throughout the Learning Pack you will see that some of the text is in bold
type. This is to add emphasis and to help you to grasp the key elements
within a sentence or paragraph.
viii Business Assurance

Learning outcomes
HKICPA's learning outcomes for the Module are set out below. They are cross-referenced to the
chapter in the Learning Pack where they are covered.
Fields of competency
The items listed in this section are shown with an indicator of the minimum acceptable level of
competency, based on a three-point scale as follows
1 Awareness
To have a general professional awareness of the field with a basic understanding of relevant
knowledge and related concepts.
2 Knowledge
The ability to use knowledge to perform professional tasks competently without assistance in
straightforward situations or applications.
3 Application
The ability to apply comprehensive knowledge and a broad range of professional skills in a
practical setting to solve most problems generally encountered in practice.
Topics
Chapter
where
Competency covered
LO1. Professional standards and guidance

Identify and where appropriate apply ethical standards,
legislation and professional guidance:
LO1.01 The Institute’s Code of Ethics for Professional 3
Accountants:
1.01.01 Explain the fundamental principles and the 4
conceptual framework approach
1.01.02 Identify, evaluate and respond to threats to 4
compliance with the fundamental principles
1.01.03 Discuss and evaluate the effectiveness of 4
available safeguards
1.01.04 Recognise and advise on conflicts in the 4
application of fundamental principles for
Professional Accountants in practice and in
business
LO1.02 Professional standards and guidance: 3
1.02.01 Explain the importance of adherence to 5
professional standards and guidance
LO1.03 Legal and regulatory framework governing the profession: 3
1.03.01 Explain the regulatory framework for assurance 5
and non-assurance engagements in Hong Kong
1.03.02 Explain the nature and purpose of assurance and 5
non-assurance engagements
Introduction ix
Chapter
where
Competency covered
LO2. Assurance engagements

Apply relevant Hong Kong Standards on Quality Control,
Auditing, Assurance and Related Services, guidance and
legislation to plan, perform and complete assurance
engagements including the audits of financial statements with
emphases on:
LO2.01 Audit requirements for a complete set of general purpose 3
financial statements
LO2.02 Other assurance engagement requirements: 2
2.02.01 Identify the level of assurance and the issues 19
relating to other assurance and non-
assurable engagements, including:
2.02.01.01 Reviews 19
2.02.01.02 Agreed-upon procedures 19
2.02.01.03 Pro-forma financial information 19
2.02.01.04 Investment circular reporting 19
engagements
2.02.01.05 Preliminary announcements of 19
annual results
2.02.01.06 Comfort letters 19
2.02.01.07 Due diligence work 19
LO2.03 Client and engagement acceptance procedures: 3
2.03.01 Explain the reasons why entities change 7
their auditors/professional accountants
2.03.02 Explain the requirements relating to the 7
appointment of auditors under the Hong
Kong Companies Ordinance
2.03.03 Explain the procedure for a change of 7
auditors
2.03.04 Explain the rights of the auditors in the 7
process of a change of auditors
2.03.05 Explain the professional clearance 7
procedures
2.03.06 Explain the matters to be considered and the 7
procedures that an audit firm/professional
accountant should carry out before accepting
a specified new client/engagement including:
2.03.06.01 Client acceptance 7
2.03.06.02 Engagement acceptance 7
2.03.06.03 Agreement of the terms of 7
engagement
2.03.07 Identify the issues relating to the agreement 7
of the scope and terms of an engagement
with a client
x Business Assurance
Chapter
where
Competency covered
2.03.08 Explain the procedures for the transfer of books, 7

papers and information following a new
appointment
LO2.04 Audit methodologies: 3
2.04.01 Describe the key features of the following audit 3
methodologies:
2.04.01.01 Risk-based auditing 9
2.04.01.02 Top-down auditing 9
2.04.01.03 System-based auditing 9
2.04.01.04 Systems audit 9
2.04.01.05 Balance sheet approach 9
2.04.01.06 Transaction cycle approach 9
2.04.01.07 Directional testing 9
2.04.02 Understand the cost and performance efficiency 2
of different audit methodologies
LO2.05 Planning and risk assessment: 3
2.05.01 Identify and explain:
2.05.01.01 The need for planning an audit 8
2.05.01.02 The contents of the overall audit 8
strategy and the audit plan
2.05.01.03 The relationship between the 8
overall audit strategy and the
audit plan
2.05.02 Develop and document an audit plan 8
2.05.03 Explain how auditors obtain an initial 8
understanding of the entity and its environment
including the use of preliminary analytical review
procedures
2.05.04 Explain the components of audit risk 8
2.05.05 Assess the risk of material misstatement at the 8
financial statement level and assertion level
2.05.06 Recognise and suggest overall responses to 8
assessed risk
2.05.07 Recognise and suggest specific procedures to 8
respond to assessed risks
2.05.08 Explain the effect of fraud and misstatements on 10
audit planning and work
2.05.09 Explain the effect of law and regulations, and 10
non-compliance therewith, on audit planning and
procedures
Introduction xi
Chapter
where
Competency covered
LO2.06 Quality control considerations: 3

2.06.01 Explain the principles and purposes of quality 6
control of audit and other assurance
engagements
2.06.02 Identify the features of a system of quality control 6
relevant to a specific firm
2.06.03 Choose and explain quality control procedures 6
that are relevant to a specific audit engagement
2.06.04 Assess and explain whether an engagement has 6
been performed in line with professional
standards and whether reports issued are
appropriate
LO2.07 Documentation: 3
2.07.01 Document an audit plan 8
2.07.02 Explain the need for and the importance of audit 9
documentation
LO2.08 Materiality: 3
2.08.01 Define materiality and demonstrate how it should 8
be applied in the context of financial reporting and
auditing
LO2.09 Audit procedures: 3
2.09.01 Define audit sampling 9
2.09.02 Explain the need for sampling 9
2.09.03 Apply the basic principles of sampling 9
2.09.04 Assess and explain the results of sampling 9
2.09.05 Explain the importance of internal control to 3,11
auditors and the execution of tests of control
2.09.06 Explain how auditors identify weaknesses in 11
internal control systems and how those
weaknesses limit the extent of auditors’ reliance
on those systems
2.09.07 Explain the types of substantive procedures and 12
the issues in evaluating the results obtained
2.09.08 Explain what is meant by analytical review and 12
how analytical review procedures are used in an
audit
2.09.09 Explain the appropriate audit tests for:
2.09.09.01 Tangible non-current assets 13
2.09.09.02 Intangible non-current assets 13
2.09.09.03 Inventory 13
2.09.09.04 Receivables 13
2.09.09.05 Bank and cash 13
xii Business Assurance

Chapter
where
Competency covered
2.09.09.06 Trade payables and accruals 13

2.09.09.07 Non-current liabilities 13
2.09.09.08 Provisions and contingencies 13
2.09.09.09 Capital and other issues 13
2.09.09.10 Long-term investments 13
2.09.09.11 Segment information 13
2.09.09.12 Revenue 13
2.09.09.13 Purchases 13
2.09.09.14 Wages and salaries 13
2.09.10 Discuss the audit problems and identify
procedures for the audit of:
2.09.10.01 Accounting estimates 15
2.09.10.02 Fair values 15
2.09.10.03 Opening balances 15
2.09.10.04 Comparatives 15
2.09.10.05 Related party transactions 16
2.09.11 Recognise and explain the issues relating to the 18
audit of a group of companies
LO2.10 Audit evidence: 3
2.10.01 Explain the procedures by which audit evidence 3 9
may be obtained
2.10.02 Assess the appropriateness and sufficiency 3 9
(relevance and reliability) of different sources of
audit evidence
2.10.03 Explain the assertions contained in the financial 3 9
statements and their use in obtaining evidence
2.10.04 Explain the need to modify the audit strategy and 3 11
audit plan following the results of tests of control
2.10.05 Discuss why auditors may rely on the work of 2 14
others, including internal audit, experts and
service organisations
LO2.11 Internal audit: 2
2.11.01 Explain the relationship between internal auditors 3
and external auditors
2.11.02 Discuss why auditors may rely on the work of 3, 14
others, including internal audit, experts and
service organisations
Introduction xiii
Chapter
where
Competency covered
LO2.12 Completion procedures: 3

2.12.01 Explain the purpose of and procedures to be
used in:
2.12.01.01 A subsequent events review 16
2.12.01.02 A going concern review 16
2.12.01.03 Obtaining written 16
representations from
management
2.12.01.04 Review of report by other 18
auditors to principal auditors of a
group of companies
2.12.01.05 Overall review of the financial 16
statements
2.12.01.06 Review of other published 16
information
2.12.02 Explain the procedures required to identify and 16
audit related party transactions
2.12.03 Explain the need to evaluate misstatements 16
identified during the audit
2.12.04 Explain the follow up on illegal act or fraud found 10, 16
while performing an audit especially in the case of
money laundering or corruption
LO2.13 Reporting: 3
2.13.01 Discuss and provide examples of how the 11
reporting of internal control weaknesses and
recommendations to overcome those
weaknesses are provided to management
2.13.02 Explain the requirement for an auditor to report to 16
management or those charged with governance
2.13.03 Explain and analyse the format and content of 17
unmodified audit reports
2.13.04 Explain and analyse the format and content of 17
modified audit reports
LO3. Corporate governance
Describe current developments and issues in corporate
governance and explain the impact that it will have on
management, assurance engagements and auditors'
responsibilities:
LO3.01 Background to corporate governance developments: 2
3.01.01 Explain the objectives, concepts, relevance and 1
importance of corporate governance
3.01.02 Discuss the provisions of international codes of 1

corporate governance (such as OECD) that are
most relevant to auditors
xiv Business Assurance

Chapter
where
Competency covered
3.01.03 Explain corporate governance developments in 2

Hong Kong and the structure of the Code on
Corporate Governance Practices and Corporate
Governance Report in Hong Kong
LO.3.02 Key issues relating to corporate governance including 2
directors’ remuneration, board composition, audit
committee and non-controlling interests:
3.02.01 Explain the concept of stakeholder theory in 1
corporate governance
3.02.02 Describe the corporate governance requirements 2
as set out in the Companies Ordinance and Hong
Kong Stock Exchange Listing Requirements
relating to directors’ responsibilities (for example,
risk management and internal control) and the
reporting responsibilities of auditors
LO3.03 Management’s responsibilities to comply with corporate 3
governance requirements and to implement related
practices:
3.03.01 Explain the responsibilities of management within 2
the corporate governance framework
3.03.02 Analyse the structure and roles of board 2
committees and discuss their drawbacks and
limitations
LO3.04 Auditors’ responsibilities to consider and address 3
corporate governance requirements:
3.04.01 Explain the auditor’s responsibility to consider 2
and address corporate governance requirements
LO3.05 Implications of overseas legislation such as the Sarbanes- 2
Oxley Act 2002 on Hong Kong companies and auditors:
3.05.01 Explain the effect of the Sarbanes-Oxley Act on 3
Hong Kong companies and their auditors
LO4. Computerised business systems
Discuss the features of computerised business systems and
assess and advise on risk and control frameworks:
LO4.01 Key features of a computerised business system: 3
4.01.01 Explain the characteristics of an entity operating a 20
networked computer system
4.01.02 Explain the characteristics of an entity operating 20
with standalone PCs
LO4.02 Categories and types of controls: 3
4.02.01 State examples of controls in a computerised 11, 20
system
4.02.02 Define and give examples of general and 11, 20
application controls
Introduction xv
Chapter
where
Competency covered
LO4.03 Impact of increasing use and share of ownership by 2 20

accountants in corporate information system
LO4.04 Impact of e-commerce: 3
4.04.01 Recognise and discuss the importance of e- 20
commerce to a business
4.04.02 Identify and explain the effect of e-commerce on 20
the auditor’s risk assessment and audit approach
4.04.03 Identify the knowledge and skills required to audit 20
an entity’s e-commerce activities
LO4.05 Opportunities and threats to corporate information system 2 20
including capabilities in data treatment and analysis, data
integrity, system security and issues in access restriction,
and business contingency/continuity
LO4.06 Risk and control framework: 3
4.06.01 Explain the audit problems of an entity operating 20
a networked computer system
4.06.02 Explain the audit problems of an entity operating 20
with standalone PCs
LO4.07 Internal audit: 3
4.07.01 Explain the ways in which internal audit is of 20
particular significance in a computerised
accounting system
4.07.02 Identify the procedures that an auditor may have 20
to undertake to assess the role of internal audit
LO4.08 System change processes: 2
4.08.01 Explain the potential impact on the auditor where 20
an entity changes its computerised system
LO4.09 Risk assessment and evaluation of IT processes: 2
4.09.01 Identify what factors the auditor may need to 20
consider in assessing the audit risk of a
computerised environment
4.09.02 Describe the use of computer-assisted audit 20
techniques (CAAT) in an audit
xvi Business Assurance

Part A
Corporate governance
This Part explains the importance and implication of corporate governance in an assurance
process.
Practical situations and requirements for good corporate governance are also discussed and
presented.
1
Business Assurance
2
chapter 1
Scope of corporate
governance
Topic list
1 Codes of corporate governance 4 Major issues in corporate governance

1.1 What is corporate governance? 4.1 Duties of directors
1.2 Contribution of corporate governance 4.2 Composition and balance of the board
codes 4.3 Reliability of financial reporting and
1.3 Elements of corporate governance external auditors
1.4 Organisation for Economic Co-operation 4.4 Directors’ remuneration and rewards
and Development (OECD) Principles of 4.5 Responsibility of the board for risk
Corporate Governance management and internal control
1.5 Corporate governance concepts systems
1.6 HKICPA Guide on corporate 4.6 Rights and responsibilities of
governance shareholders
2 Corporate governance and agency 4.7 Corporate social responsibility and
2.1 Nature of agency business ethics
2.2 Accountability and fiduciary 4.8 Public and non-governmental bodies’
responsibilities corporate governance
2.3 The agency problem 4.9 The driving forces underlying the
2.4 Resolving the agency problem: governance code development
alignment of interests 4.10 Development of corporate governance
3 Stakeholders in corporate governance codes
3.1 Stakeholders 5 Corporate social responsibility
3.2 Stakeholder theory 5.1 Significance of social corporate
3.3 Classifications of stakeholders responsibility
3.4 Reconciling viewpoints of different 5.2 Corporate social responsibility and
stakeholders stakeholders
3.5 Stakeholder and agency theory 5.3 Impact of corporate social responsibility
on strategy and corporate governance
5.4 Ownership and corporate social
responsibility
Learning focus
Corporate governance is the system by which a company is directed and controlled. There are
a number of separate codes of corporate governance with which companies must be familiar.
3
Business Assurance
Learning outcomes
In this chapter you will cover the following learning outcomes:
Competency
level
3.01 Background to corporate governance developments 2
3.01.01 Explain the objectives, concepts, relevance and importance of

3.01.02 Discuss the provisions of international codes of corporate
governance (such as the OECD) that are most relevant to
auditors
3.02 Key issues relating to corporate governance including 2
directors' remuneration, board composition, audit
committee and non-controlling interests
3.02.01 Explain the concept of stakeholder theory in corporate
governance
4
1: Scope of corporate governance | Part A Corporate governance
1 Codes of corporate governance
Topic highlights
There is no single definition of what corporate governance really means. The most widely accepted
definition is defined by the UK Cadbury Committee Report (1992) as the “system by which a
company is directed and controlled”. It can also be considered as the “set of relationships between
the management, the Board of Directors (BOD), the shareholders as well as other stakeholders to
the corporation” (HKICPA, 2006). It is needed because of the agency problem: this arises due to
the separation of ownership and control of the company, ie the owners of a company and the
people who manage it are not always the same.
1.1 What is corporate governance?
Key terms
Corporate governance is the system by which companies are directed and controlled. Linked to
corporate governance is Stewardship, which refers to taking care of something (the company and
its assets) which is owned by someone else (shareholders).
Corporate governance includes managing the relationships among the many parties interested in
an entity and providing transparent, responsible management practices to meet the entity's
objectives. The first corporate governance code was the Cadbury Report, published in the UK in
1992. This identified a number of internal and external parties who hold an interest in the effective
corporate governance of an entity:
 Directors: responsible for corporate governance
 Shareholders: linked to the directors as users of the financial statements and as individuals
who stand to directly benefit financially from the activities of the entity
 Other relevant parties: these may be numerous but include employees, customers,
suppliers, the tax authorities and any special interest groups, regulators, and the wider
public.
1.1.1 The importance of corporate governance

Companies differ in the degree of shareholder involvement; in some companies, shareholders are
well informed about the direction of and management of the business because they hold
positions as directors and directly influence day-to-day management such as “insider company”.
But in companies where the shareholders are not employed to manage the business (ie “outsider
company”), they may only have a limited opportunity to find out about the management of the
company, usually at the AGM (annual general meeting).
AGMs are notoriously poorly attended which adds to the agency problem discussed in more
detail later. This arises when shareholders, who are actually the owners of the company (the
principals), delegate decision-making authority for the day-to-day operations to the directors
and other senior management (the agents). Since the interests of management may not always
be in line with those of shareholders, management may act in a way that is detrimental to the
interests of the shareholders. Even though management submit the company's results for
shareholders' approval at the AGM, poor turnout and little involvement in day-to-day matters means
this is usually only a matter of rubber stamping the proposals put forward by management. It is also
very unusual for the directors to be challenged on any key areas such as compensation packages.
5
Business Assurance
As a result, there is the potential for conflicts of interest between management and
shareholders.
The current framework of corporate governance in Hong Kong and China lays down both statutory
and non-statutory requirements as to how directors should run a business to best enhance and
keep in balance stakeholders' interests. Statutory requirements consist of the Companies
Ordinance, Securities (Disclosure of Interests) Ordinance, Securities (Insider Dealing) Ordinance,
and Takeover Codes. Non-statutory requirements are those specified by the Hong Kong Stock
Exchange relating to Listing Rules and Code of Corporate Governance Practice. The Hong Kong
Code is based on the UK Combined Code of July 2003, which was renamed as the UK Corporate
Governance Code in 2010, with additional rules on connected transactions and non-controlling
interests, together with changes that tailor the approach to the Hong Kong environment (family
control and Mainland Enterprises).
There are a number of different facets to corporate governance:
 Commitment to ethical values
 Transparency in company activities
 Managing stakeholders' interests
 Safeguarding of the company's assets
 Establishing strong internal controls to deter and detect fraud
 Ensuring the efficient use of resources to create and enhance shareholder value
 Accountability, which ultimately rests with the directors and those charged with governance.
Good corporate governance is essential in today's global business environment, and especially so
in Hong Kong, if the Territory is to maintain its competitive status as one of the world's major
financial centres, in addition to acting as a premier international capital market for Mainland China
and the region.
In summary, it is necessary for processes to be in place in every entity to ensure that the interests
of every stakeholder are safeguarded. It is a fiduciary duty of management that they act in the best
interests of the shareholders, employees and the external parties to whom they are accountable.
1.2 Contribution of corporate governance codes

Investors are often prepared to pay a premium to invest in a company with good corporate
governance practices in place. The individual provisions of the Codes have undoubtedly made a
number of contributions to the corporate environment:
(a) The reports have highlighted the contributions good corporate governance can make to
companies.
(b) The codes have emphasised certain risks that have contributed to corporate governance
failure, for example individual directors having too great an influence.
(c) The provisions have provided benchmarks that can be used to judge the effectiveness of
internal controls and risk management systems.
(d) The guidelines have promoted specific good practice in a number of areas, for example
non-executive directors, performance-related pay and disclosure.
(e) The recommendations have highlighted the importance of basic concepts and highlighted
how these can be put into practice, for example accountability through recommendations
about organisation-stakeholder relationships and transparency by specifying disclosure
requirements.
In Hong Kong
In Hong Kong, the Code on Corporate Governance Practices (“HK Code”) sets out the principles of
good corporate governance. It refers to the companies subject to the Code as “issuers”. The HK
Code was launched in January 2005 and requires listed issuers to report regularly their corporate
governance performance in their financial reports. With the collective and concerted efforts made
6
by all market participants, the overall standard of corporate governance in Hong Kong has been
improving.
There are two levels of recommendations:
(a) Code provisions
(b) Recommended best practices.
Hong Kong listed companies are expected to comply with the provisions of the Code, but may
choose to deviate from them. If they deviate then they need to explain why in the annual report, this
is called the “comply or explain approach”. The recommended best practices are for guidance
only, although companies are encouraged to comply. Hong Kong companies may also devise their
own code on corporate governance practices on such terms as they may consider appropriate.
In late 2010, The Hong Kong Stock Exchange published its “Consultation Conclusions on Review
of the Corporate Governance Code and Associated Listing Rules” (Consultation Conclusions). The
Consultation Papers contain proposals to amend the Corporate Governance Code (as renamed)
and the Rules pertaining to corporate governance.
The consultation period ended in March 2011 where the Hong Kong Stock Exchange adopted most
of the proposals outlined in the Consultation Paper, subject to certain modifications as set out in
the Consultation Conclusions.
The amendments will keep the Corporate Governance Code in line with international best practice.
In its first interim/half year or annual report covering a period after 1 April 2012, the issuer must
state, in that report, whether it has, for that period, complied with the Code Provisions in the revised
Code as well as those of the former Code. Issuers may adopt the revised Code at an earlier date
than 1 April 2012.
1.3 Elements of corporate governance

There are a number of elements in corporate governance:
(a) The management, awareness, evaluation and mitigation of risk is fundamental in all
definitions of good governance. This includes the operation of an adequate and
appropriate system of control.
(b) The notion that overall performance is enhanced by good supervision and management
within set best practice guidelines underpins most definitions.
(c) Good governance provides a framework for an organisation to pursue its strategy in an
ethical and effective way and offers safeguards against misuse of resources, human,
financial, physical or intellectual.
(d) Good governance is not just about externally established codes, it also requires a willingness
to apply the spirit as well as the letter of the law.
(e) Good corporate governance can attract new investment into companies, particularly in
developing nations.
(f) Accountability is generally a major theme in all governance frameworks, including
accountability not just to shareholders but also other stakeholders.
(g) Corporate governance underpins capital market confidence in companies and in the
government/regulators/tax authorities that administer them.
7
Business Assurance
1.4 Organisation for Economic Co-operation and Development

(OECD) Principles of Corporate Governance
Topic highlights
The OECD Principles of Corporate Governance set out the rights of shareholders, the
importance of disclosure and transparency and the responsibilities of the board of directors.
An important question to consider is “will the same way of managing companies be the best
method for all companies?” The answer is likely to be no. Companies are different from each other,
and globally, they operate in different legal systems with different institutions, frameworks and
traditions. It would not be possible to construct one single approach to operating companies that
could be described as best practice for all.
The key issue in corporate governance is that “a high degree of priority [is] placed on the interests
of shareholders, who place their trust in corporations to use their investment funds wisely and
effectively”. Shareholders in a company might be a family, they might be the general public or they
might be institutional investors representing, in particular, people's future pensions. These
shareholders will vary in their degree of interaction with the company and their directors.
Codes such as the OECD Code have been developed from best practice in a number of
jurisdictions. As such, they can be seen as representing an international consensus on common
elements that underlie good corporate governance. They stress global issues that are important to
companies operating in a number of jurisdictions. The OECD Code for example, emphasises the
importance of eliminating impediments to cross-border shareholdings and treating overseas
shareholders fairly.
In the context of this great variety in the basic element of these companies, the OECD has
established a number of Principles of Corporate Governance, which were issued in 1999 and
reviewed in 2004, and which serve as a reference point for countries (to develop corporate
governance codes if they wish) and companies. They were developed in response to a mandate
given to the OECD to develop a set of standards and guidelines on good corporate governance.
OECD Principles of Corporate Governance

I The corporate governance framework should promote transparent and efficient markets,
be consistent with the rule of law and clearly articulate the division of responsibilities
among different supervisory, regulatory and enforcement authorities.
II The corporate governance framework should protect shareholders' rights.
III The corporate governance framework should ensure the equitable treatment of all
shareholders, including minority and foreign shareholders. All shareholders should have
the opportunity to obtain effective redress for violation of their rights.
IV The corporate governance framework should recognise the rights of stakeholders
established by law or through mutual agreements and encourage active co-operation
between corporations and stakeholders in creating wealth, jobs and the sustainability of
financially sound enterprises.
V The corporate governance framework should ensure that timely and accurate disclosure
is made on all material matters regarding the corporation, including the financial
situation, performance, ownership, and governance of the company.
VI The corporate governance framework should ensure the strategic guidance of the
company, the effective monitoring of management by the board, and the board's
accountability to the company and the shareholders.
8
The above Principles are non-binding on countries and companies. Rather they seek to identify
objectives and various means for achieving them. Their purpose is to serve as a reference point
that can be used by policy makers to analyse and develop their own legal and regulatory
frameworks for corporate governance, given their individual mixes of economic, social and legal
circumstances.
In order to obtain the best of the advantages and avoid the worst disadvantages, countries may
take a hybrid approach and make some elements of corporate governance mandatory and some
voluntary.
Self-test question 1
Keepalive Life Assurance Company is a mutual organisation, owned by its policyholders. Owing to
changes in capital adequacy requirements imposed by the regulator and pressure from lobby
groups, it has decided to convert to a public limited company and float on the stock exchange.
The board of directors is anxious to ensure that the very highest standards of governance are
adopted in the transition to the new corporate form. It has decided to review the scope of its
policies in this respect.
The policyholders, who own the voting rights in the company, have expressed concerns about the
company's plans for several reasons. First, some doubt that the existing directors have the
experience necessary to manage the company in the new form. Many of the directors only have
experience in the life assurance industry and have been with the company for a long time. The two
previous chief executives remain on the board. Second, the company had to increase its provisions
for losses last year, causing an embarrassing admission by the board that the financial statements
were “distorted”. One major investor has accused the board of a “clear lack of probity”. Third, when
the company is floated it is likely that its shares will be purchased by a few very large institutional
investors who may force the company to adopt a less “customer friendly” approach to business. At
the moment, the company offers many investment products that are highly valued by smaller, less
wealthy customers but apparently make little profit for the company.
(a) With reference to an appropriate framework, such as the one proposed by the OECD,
explain the matters that the board of directors of Keepalive Life Assurance Company should
consider in its review of corporate governance arrangements.
(b) Explain what is meant by “lack of probity” and why probity is important.
(The answer is at the end of the chapter)
1.5 Corporate governance concepts

1.5.1 Fairness
The directors' deliberations and also the systems and values that underlie the company must be
balanced by taking into account everyone who has a legitimate interest in the company, and
respecting their rights and views. In many jurisdictions, corporate governance guidelines reinforce
legal protection for certain groups, for example minority shareholders.
1.5.2 Openness and transparency
Key term
Transparency means open and clear disclosure of relevant information to shareholders and
other stakeholders, and not concealing information which may affect decision-making. It means
open discussion, with a default position of information provision rather than concealment.
9
Business Assurance
Disclosure in this context obviously includes information in the financial statements, not just the
numbers and notes to the financial statements but also narrative statements such as the directors'
report and the operating and financial review. It also includes all voluntary disclosure, that is
disclosure above the minimum required by law or regulation. Voluntary corporate communications
include management forecasts, analysts' presentations, press releases, information placed on
websites and other reports such as stand-alone environmental or social reports.
The main reason why transparency is so important relates to the agency problem (the potential
conflict between owners and managers). This will be discussed further in section 2 of this chapter.
Without effective disclosure the position could be unfairly weighted towards managers, since they
have far more knowledge of the company's activities and financial situation than owner/investors.
Avoiding the creation of an information asymmetry between managers and owners requires not
only effective disclosure rules, but strong internal controls that ensure the reliability of information
disclosures.
Linked with the agency issue, publication of relevant and reliable information underpins stock
market confidence in how companies are being governed and thus significantly influences
market prices. International Financial Reporting Standards (IFRSs), Hong Kong Financial
Reporting Standards (HKFRSs), and stock market regulations based on corporate governance
codes require published financial statements to present a true and fair view. Information can only
fulfil this requirement if adequate disclosure is made of uncertainties and adverse events.
Circumstances where restricted disclosure may be justified include discussions about future
strategy (knowledge of which would benefit competitors), confidential issues relating to
individuals and discussions leading to an agreed position that is then made public.
1.5.3 Independence
Independence is an important concept in relation to directors. Corporate governance reports have
increasingly stressed the importance of independent non-executive directors; directors who are
not primarily employed by the company and who have very strictly controlled other links with it. As
a result they should be free from conflicts of interest and in a better position to promote the
interests of shareholders and other stakeholders. Freed from pressures that could influence
their activities, independent non-executive directors should be able to carry out effective
monitoring of the company in conjunction with equally independent external auditors on behalf of
shareholders.
Non-executive directors' lack of links and limits on the time that they serve as non-executive
directors should promote avoidance of managerial capture – accepting executive managers'
views on trust without analysing and questioning them.
In the Hong Kong context, the Hong Kong Stock Exchange Listing Rules specify that there must be
at least three independent non-executive directors on the main board for listed companies.
1.5.4 Probity and honesty

Hopefully this should be the most self-evident of the principles, relating not only to telling the truth,
but also not misleading shareholders and other stakeholders by presenting information in a biased
way.
Probity can be defined in terms of receipt of gifts or hospitality by trustees. The Code stresses that
all gifts should be clearly recorded, and trustees should not accept gifts with a significant monetary
value or lavish hospitality. They should certainly not accept gifts or hospitality which may seem
likely to influence their decisions.
10
1.5.5 Responsibility
Responsibility means management accepting the credit or blame for governance decisions.
Management theories stress that for management to be held properly responsible, there must be a
system in place that allows for corrective action and penalising mismanagement. Responsible
management should act in the best interests of the company and take the necessary steps to
ensure the company stays on the right path.
The board of directors must act responsively to, and with responsibility towards, all stakeholders of
the company. However, the responsibility of directors to other stakeholders, both in terms of to
whom they are responsible and the extent of their responsibility, remains a key point of contention
in corporate governance debates. We shall discuss the importance of stakeholders later in this
chapter.
1.5.6 Accountability
Key term
Corporate accountability refers to whether an organisation (and its directors) are answerable in
some way for the consequences of their actions.
Accountability of directors to shareholders has always been an important part of company law, well
before the development of the corporate governance codes. For example, companies have been
required to provide financial information to shareholders on an annual basis and hold annual
general meetings. However, particularly because of the corporate governance scandals of the last
30 years, investors have demanded greater assurance that directors are acting in their interests.
This has led to the development of corporate governance codes, which we shall consider in the
next chapter. The UK Cadbury Report stresses that making the accountability work is the
responsibility of both parties. Directors, as we have seen, do so through the quality of information
that they provide whereas shareholders do so through their willingness to exercise their
responsibility as owners, which means using the available mechanisms to query and assess the
actions of the board.
As with responsibility one of the biggest debates in corporate governance is the extent of
management's accountability towards other stakeholders such as the community within which
the organisation operates. This has led on to a debate about the contents of financial statements
themselves; for what should financial statements actually account.
1.5.7 Reputation
An organisation's reputation depends on how likely other risks are to crystallise. In the same way
directors' concern for an organisation's reputation will be demonstrated by the extent to which they
fulfil the other principles of corporate governance. There are purely commercial reasons for
promoting the organisation's reputation, that the price of publicly traded shares is often dependent
on reputation and hence reputation is often a very valuable asset of the organisation.
1.5.8 Judgment
Judgment means the board making decisions that enhance the prosperity of the organisation.
This means that board members must acquire a broad enough knowledge of the business and its
environment to be able to provide meaningful direction to it. This has implications not only for the
attention directors have to give to the organisation's affairs, but also the way the directors are
recruited and trained.
The complexities of senior management mean that the directors have to bring multiple
conceptual skills to management that aim to maximise long-term returns. This means that
corporate governance can involve balancing many competing people and resource claims against
each other; although, as we shall see, risk management is an integral part of corporate
governance, corporate governance is not just about risk management.
11
Business Assurance
1.5.9 Integrity
Key term
Integrity means straightforward dealing and competence. Financial reporting should be honest
and should present a balanced picture of the state of the company's affairs. The integrity of reports
depends on the integrity of those who prepare and present them.
Integrity can be taken as meaning someone of high moral character, who sticks to principles no
matter the pressure to do so otherwise. In working life this means adhering to principles of
professionalism and probity. Straightforward dealing in relationships with the different people
and constituencies whom you meet is particularly important; trust is vital in relationships and belief
in the integrity of those with whom you are dealing underpins this. The Cadbury Report definition
highlights the need for personal honesty and integrity of preparers of financial statements. This
implies qualities beyond a mechanical adherence to accounting or ethical regulations or guidelines.
At times accountants will have to use judgment or face financial situations which aren't covered by
regulations or guidance, and on these occasions integrity is particularly important.
Integrity is an essential principle of the corporate governance relationship, particularly in
relationship to representing shareholder interests and exercising agency. As with financial reporting
guidance, ethical codes don't cover all situations and therefore depend for their effectiveness on
the qualities of the accountant. In addition, we have seen that a key aim of corporate governance is
to inspire confidence in participants in the market and this significantly depends upon a public
perception of competence and integrity.
1.6 HKICPA Guide on Corporate Governance

The HKICPA has published several study reports and practice guidance on corporate governance.
The following are some of the more recent of these.
In March 2001, HKICPA issued the Guide Corporate Governance Disclosure in Annual
Reports for the purpose to promote high standards of corporate governance disclosure in annual
reports of Hong Kong companies, focusing especially on listed companies.
The Guide provided practical guidance and examples of corporate governance disclosures that
would fulfil the regulatory requirements at that time in Hong Kong. It also included additional
recommended disclosures that went beyond the rules and regulations of the time and provided
illustrations and examples to show how such voluntary disclosures might be presented.
The following is the summary of the major recommendations:
Statement on Listed companies and other companies are encouraged to include a

corporate statement of corporate governance in their annual report for
governance communicating to stakeholders.
The content includes information on directors and committees, investor
relations and other matters such as corporate social responsibility.
Directors' In order to enhance comparability and transparency of directors'
remuneration remuneration, detailed disclosure is required for directors'
remunerations such as performance-related pay and non-performance
related pay. The remuneration should be disclosed by individual name
of director.
Disclosure of Directors' standard remuneration should be analysed and details of
standard directors' share options should be disclosed such as value of the share
remuneration and options.
directors' share
options
12
Non-audit fees paid Disclosure of any non-audit fees should be disclosed as this would
to the auditors affect auditor's independence.
In May 2004, HKICPA issued the Guide Corporate Governance for Public Bodies – a Basic
Framework for the purpose to provide a basic framework for public sector corporate governance
and provide recommendation on good corporate governance.
It outlines a basic framework of corporate governance principles and recommended best practice
for such organisations to adopt, as appropriate.
The Guide aims to assist governing boards, councils and management of public sector bodies to
establish and maintain a clear focus on performance, transparency and accountability. It identifies
certain fundamental principles expected of an organisation, namely openness, integrity and
accountability, and key personal qualities required of governing board members, namely
selflessness, integrity, objectivity, accountability, openness, honesty and leadership, and applied
these principles and qualities to four dimensions of the governance of public sector organisations.
Standards of Ethical conduct – governing board members should endeavour to

behaviour exemplify the personal qualities in their entirety
Codes of conduct – a formal code of ethical conduct should be in place
to define standards of acceptable conduct for governing board
members and employees
Organisational (i) Accountability to stakeholders – directors are accountable to
structures and stakeholders for complying with statutory and regulatory
processes requirements, safeguarding funds and taking proper stewardship
of assets and resources
(ii) Commitment to openness and transparency – the governing
board in all of the main activities of the organisation
(iii) Roles and responsibilities of the board, committees, chairman,
non-executive directors should be clearly disclosed in the annual
report
(iv) Overall human resources policy – there should be effective
policies and procedures to recruit, retain and train suitable staff
Risk management (i) An effective system of internal control should be in place and
and control operating effectively
(ii) The governing board should have risk management and should
consider the need of contingency plans as risk responses
(iii) An effective internal audit function should be part of the
framework of control
(iv) An effective audit committee should be established
(v) External auditor should be appointed to conduct an audit of
financial statements for public sector organisations
(vi) The governing board should maintain adequate oversight to
ensure there are efficient budgeting and financial management
13
Business Assurance
Accountability, (i) Committees should have regular and informative reporting to the
reporting and governing board
disclosure (ii) Any major issues should be brought to the attention of the board
on a timely basis
(iii) An annual report incorporating financial statement should be
published on a timely basis after the end of the financial year
(iv) Appropriate accounting policies and standards should be adopted
in preparation of financial statements
(v) Financial and non-financial performance measures should be
established and reported.
The Guide draws reference from important overseas studies to provide a set of recommendations
that are suitable for the public sector environment in Hong Kong. It should be applicable to
most types of organisations in the public sector, and the recommendations contained therein can
be tailored to the circumstances of individual organisations, depending on their size, complexity
and resources.
In June 2005, HKICPA issued a Guide Internal Control and Risk Management – a Basic
Framework for the purpose of providing a basic conceptual framework, general principles and
recommendations for a system of internal control and risk management. It also outlines the
responsibilities of the board and senior management in this regard, and the role that other parties,
such as the audit committee and internal auditors, can play. It should help listed companies to
understand and fulfil the requirements on internal controls contained in the revised Code on
Corporate Governance Practices and the disclosure requirements of the new Corporate
Governance Report (Main Board and the GEM Listing Rules, respectively).
The Guide also emphasises that establishing effective internal controls should not be seen as an
exercise in compliance but is about putting in place processes that will help a business to achieve
its corporate objectives and to identify, assess and manage the significant risks that could
otherwise prevent it from doing so. It is also a question of being more transparent and
accountable to shareholders and other stakeholders about how the business is being run.
In producing this Guide, the Institute has looked at conditions in Hong Kong and has drawn on
important international benchmarks in this field, such as the report published in the US by the
Committee of Sponsoring Organisations of the Treadway Commission, commonly known as
COSO, and the Turnbull Guidance, which formed part of the Combined Code, now known as the
UK Corporate Governance Code.
While the Guide is not intended to be exhaustive or prescriptive in nature, the Institute believes that
the principles and recommendations contained therein will provide a useful reference for listed and
group companies, as well as other companies that aim to implement or enhance their system of
internal control.
In December 2008, HKICPA published a Guide Defining and Developing an Effective Code of
Conduct for Organisations.
This was originally produced by the International Federation of Accountants (IFAC). Acknowledging
its value to listed companies, public interest and other organisations, the Institute, together with the
Hong Kong Stock Exchange, the Hong Kong Institute of Directors and the Hong Kong Ethics
Development Centre, Independent Commission Against Corruption republished the guide with the
addition of an explanatory foreword by the four bodies.
The Guide is designed to assist professional accountants, and the organisations in which they
work, to develop a code of conduct of their own or to improve an existing code. While it does not
aim to provide detailed and prescriptive terms that are applicable to all organisations, it sets out key
principles and general guidance that should help all types of organisation to develop a more
detailed code of conduct that takes account of their own individual circumstances.
14
The following are the key principles in the guide, demonstrating widely accepted good practice:
Values-based The organisation's overarching objective should be to develop a values-

organisation based organisation and a values-driven code, to promote a culture that
and culture encourages employees to internalise the principle of integrity and
practise it, and encourages employees to “do the right thing” by allowing
them to make appropriate decisions.
Code of conduct A code of conduct reflects organisational context. The nature, title and
reflects content of an effective code will vary between organisations, as will the
organisation approach to its development.
context
Commitment from Ultimately, ethical responsibility lies with the board of directors (or its
board of directors equivalent), the body that has power to influence an organisation's
culture and behaviour.
Boards should specifically oversee the development of the code of
conduct (and a wider initiative to achieve a values-based organisation),
and formally appoint a senior manager to supervise that development.
Personnel A multi-disciplinary and cross-functional group including international
personnel should lead code development where organisational size
permits.
Groups of employees and other key stakeholders can help to identify
risks to corporate culture and business conduct and consider potential
vulnerabilities arising from these risks and can usefully assist in defining
and reviewing code content.
Process for Clearly identifying the established process for defining, developing and
defining, reviewing a code will promote understanding of, and agreement on, the
developing and key stages and activities.
reviewing the code
Application across A code of conduct should apply across all jurisdictions in which an
jurisdictions organisation operates, unless contrary to local laws and regulations.
Continuous Continuous awareness and promotion of the code and the wider approach
awareness to ethics and compliance is an important part of conveying management's
and promotion commitment to their underlying principles. A continuous awareness
programme should sustain interest in and commitment to the code.
Employees and others should be made aware of the consequences of not
adhering to the code.
15
Business Assurance
2 Corporate governance and agency

Topic highlights
Agency is extremely important in corporate governance as often the directors/managers are acting
as agents for the owners (principals). Corporate governance frameworks aim to ensure directors/
managers fulfil their responsibilities as agents by requiring disclosure and suggesting they are
rewarded on the basis of performance.
2.1 Nature of agency
Key term
Agency relationship is a contract under which one or more persons (the principals) engage
another person (the agent) to perform some service on their behalf that involves delegating some
decision-making authority to the agent. In other words, in a company, the shareholders are actually
the owners (the principal) of the company, who delegate decision-making authority to the senior
management (the agents). Since the interests of the managers are not always in line with those of
shareholders, they may act in a way that is detrimental to the company as a whole.
There are a number of specific types of agent. These have either evolved in particular trades or
developed in response to specific commercial needs. Examples include factors, brokers, estate
agents, del credere agents, bankers and auctioneers.
2.2 Accountability and fiduciary responsibilities

2.2.1 Accountability
Key term
In the context of agency, accountability means that the agent is answerable under the contract
to his principal and must account for the resources of his principal and the money he has gained
working on his principal's behalf.
Two problems potentially arise with this:

 How does the principal enforce this accountability (the agency problem see below)?
As we shall see, the corporate governance systems developed to monitor the behaviour of
directors have been designed to address this issue; and
 What if the agent is accountable to parties other than his principal – how does he
reconcile possibly conflicting duties?
16
2.2.2 Fiduciary duty

A legal definition of fiduciary duty is as follows:
Key term
Fiduciary duty is a duty imposed upon certain persons because of the position of trust and
confidence in which they stand in relation to another. The duty is more onerous than generally
arises under a contractual or tort relationship. It requires full disclosure of information held by the
fiduciary, a strict duty to account for any profits received as a result of the relationship, and a duty
to avoid conflicts of interest.
In Hong Kong, the general duties of directors are mainly found in case law (leaving aside certain
specific obligations imposed by the Companies Ordinance and by the memorandum and articles of
association of a company). Directors' duties can be classified into two broad categories: fiduciary
duties, and duties of skill and care. For accountability purposes, the fiduciary duty is directly
relevant. The fiduciary duties of directors, which are generally based on equitable principles, mainly
include:
(1) duty to act in good faith in the interests of the company
(2) duty to exercise powers for proper purpose
(3) duty to avoid conflicts of duty and interest
However, at present Hong Kong has still not codified any directors' duties into our Companies
Ordinance, though the Registrar of Companies has issued several Non-statutory Guidelines on
Directors' Duties in Hong Kong. By way of contrast, in the UK, the Companies Act 2006 introduced
a statutory statement on directors' duties which covered specific general duties such as:
(1) duty to act within powers
(2) duty to promote the success of the company
(3) duty to exercise independent judgment
(4) duty to exercise reasonable care, skill and diligence
(5) duty to avoid conflicts of interest
(6) duty not to accept benefits from third parties
(7) duty to declare interest to proposed transaction or arrangement
As such under the Hong Kong Companies Ordinance, directors owe a fiduciary duty to the
company to exercise their powers bona fide in what they honestly consider to be the interests of
the company. This duty is owed to the company and not generally to individual shareholders. In
exercising the powers given to them by the constitution, the directors have a fiduciary duty not only
to act bona fide but also only to use their powers for a proper purpose. The powers are restricted
to the purposes for which they were given.
Clearly the concepts of fiduciary duty and accountability are very similar though not identical.
Where certain wider responsibilities are enshrined in law, do directors have a duty to go beyond the
law, or can they regard the law as defining what society as a whole requires of them?
2.2.3 Fiduciary relationship with stakeholders

Some management theorists have argued that management bears a fiduciary relationship to
stakeholders and to the corporation as an abstract entity. It must act in the interests of the
stakeholders as their agent, and it must act in the interests of the corporation to ensure the
survival of the firm, safeguarding the long-term stakes of each group. Adoption of these principles
would require significant changes to the way corporations are run. Some theorists, for example
Silvia Ayuso, go on to propose a “stakeholder board of directors”, with one representative for
each of the stakeholder groups and one for the company itself. Each stakeholder representative
would be elected by a stakeholder assembly. Companies law would have to develop to protect the
interests of stakeholders.
17
Business Assurance
2.3 The agency problem
Topic highlights
The agency problem arises from separation of ownership from management of the entity and
can cause a conflict of interests if there is a breach of trust by directors by intentional action,
omission, neglect or incompetence.
The agency problem arises when a principal hires an agent to perform in the interest of principal.
In listed companies the agency problem derives from the principals (shareholders) not being able
to run the business themselves and therefore having to rely on agents (board of directors) to do so
for them. This separation of ownership from management can cause a conflict of interest or
moral hazard if there is a breach of trust by directors by intentional action, omission, neglect or
incompetence. This breach may arise because the directors are pursuing their own interests
rather than the shareholders (conflict of interest). Alternatively, the board of directors may
undertake a risky project without considering carefully the full consequences as they have a
different attitude to risk-taking to the shareholders (moral hazard).
For example, if managers hold none or very little of the equity shares of the company they work for,
what is to stop them from working inefficiently, concentrating too much on achieving short-term
profits and hence maximising their own bonuses? Without the incentive of equity ownership the
agent may not look for profitable new investment and growth opportunities, or may over-consume
perquisites such as high salaries and other benefits.
There are two possible approaches to aligning the interests between agent and principal, in order
to remedy this agency problem. One would be to offer incentive plans such as stock options or
equity in the company; the alternative would be to curb managerial controlling powers within the
firm. Ultimately shareholders do possess the right to remove the directors from office. But
shareholders have to take the initiative to do this, and in many companies they may lack the energy
and organisation to take such a step. As a last resort, they can vote in favour of a takeover or
removal of individual directors or entire boards, but this may be undesirable for other reasons.
2.4 Resolving the agency problem: alignment of interests

Agency theory sees employees of businesses, including managers, as individuals, each with his or
her own objectives. Within a department of a business, there are departmental objectives. If
achieving these various objectives leads also to the achievement of the objectives of the
organisation as a whole, there is said to be alignment of interests.
Key term
Alignment of interests is accordance between the objectives of agents acting within an
organisation and the objectives of the organisation as a whole. Alignment of interests is sometimes
referred to as goal congruence, although goal congruence is used in other ways.
Alignment of interests may be better achieved and the “agency problem” better dealt with by giving
managers the appropriate incentives, such as profit-related pay, or by providing more longer-term
incentives that are related to the overall company performance. Examples of such remuneration
incentives are:
 profit-related/economic value-added pay
 rewarding managers with shares
 executive share option plans
18
Such measures might merely encourage management to adopt more “creative accounting”
methods which will distort the reported performance of the company in the service of the managers'
own ends.
An alternative approach is to attempt to monitor managers' behaviour, for example by
establishing “management audit” procedures, to introduce additional reporting requirements, or
to seek assurances from managers that shareholders' interests will be foremost in their priorities.
The most significant problem with monitoring is likely to be the agency costs involved, as they
may imply significant shareholder engagement with the company.
3 Stakeholders in corporate governance
Topic highlights
Directors and managers need to be aware of the interests of stakeholders in governance issues.
Governance reports have emphasised the role of institutional investors (insurance companies,
investment houses, or pension funds such as CalPers) in directing companies towards good
corporate governance.
3.1 Stakeholders
Key term
Stakeholders are any entity (person, group or possibly non-human entity) that can affect or be
affected by the achievements of an organisation's objectives. It is a bi-directional relationship.
Each stakeholder group has different expectations about what it wants and different claims upon
the organisation.
3.2 Stakeholder theory

Traditionally, the management of a company has a fiduciary duty to put the shareholders' interests
first. The company converts the input from the investors, employees, and suppliers into goods to
sell to the customer (output). By this model, companies only address the needs and wishes of
those four parties: investors, employees, suppliers and customers.
Stakeholder theory proposes corporate accountability to a broad range of stakeholders. It is
based on companies being so large, and their impact on society being so significant that they
cannot just be responsible to their shareholders. Stakeholders should be seen not as just existing,
but as making legitimate demands upon an organisation. The relationship should be seen as a
two-way relationship.
What stakeholders want from an organisation will vary. Some will actively seek to influence what
the organisation does; others may be concerned with limiting the effects of the organisation's
activities upon themselves.
There is considerable dispute about whose interests should be taken into account. The legitimacy
of each stakeholder's claim will depend on your ethical and political perspective on whether
certain groups should be considered as stakeholders. Should, for example, distant (developing
world) communities, other species, the natural environment in general or future generations be
considered as legitimate stakeholders?
19
Business Assurance
3.3 Classifications of stakeholders

Stakeholders can be classified by their proximity to the organisation:
Stakeholder group Members

Internal stakeholders Employees, management
Connected stakeholders Shareholders, customers, suppliers, bankers, lenders, trade
unions, competitors
External stakeholders The government, local government (such as the council for a local
district), the public, pressure groups, opinion leaders
There are other ways of classifying stakeholders.
3.4 Reconciling viewpoints of different stakeholders

Enlightened long-term value maximisation offers the best, fairest, method of reconciling the
competing interests of stakeholders. Enlightened long-term value maximisation means pursuing
profit maximisation, but with regard to business ethics and the social consequences of the
organisation's actions. It is argued that the problem with traditional stakeholder theory is that it
gives no indication of how to trade off competing interests; lacking measurable targets, managers
are left unaccountable for their actions.
3.5 Stakeholder and agency theory

It is argued that agency theory does not allow managers to avoid their normal moral obligations,
particularly avoiding harm to others, respecting the autonomy of others, telling the truth and
honouring agreements. Only after fulfilling these can they maximise shareholder wealth. The
agency-principal relationship can only be meaningful if managers attend to the moral principles.
An alternate view, supported by Classical Economics, is that managers are solely responsible for
maximising the value of the firm for the owners. If managers are argued to have social
responsibilities, then they have to act in some ways that are not in the best interests of the owners,
their principals, and in ways that may reduce the value of the firm. They therefore are not acting
properly as agents; instead they are in effect raising taxes and deciding how these taxes should be
spent, which is the proper function of government, not agents.
4 Major issues in corporate governance

Topic highlights
Key issues in corporate governance reports have included the role of the board, the quality of
financial reporting and auditing, directors' remuneration, risk management and corporate
social responsibility.
We shall examine the major areas that have been affected by corporate governance.
4.1 Duties of directors

The corporate governance reports have aimed to build on the directors' duties as defined in
statutory and case law. These include the fiduciary duties to act in the best interests of the
company, use their powers for a proper purpose, avoid conflicts of interest and exercise a
duty of care.
20
4.2 Composition and balance of the board

A feature of many corporate governance scandals has been boards that are dominated by a single
senior executive with other board members merely acting as a rubber stamp. Sometimes the
single individual may bypass the board to further his own interests. Even if an organisation is not
dominated by a single individual, there may be other weaknesses in board composition.
The organisation may be run by a small group centred round the chief executive and chief financial
officer, where appointments may be made by personal recommendation rather than a formal,
objective process.
Hong Kong is quite unique in some respects in that family-owned enterprises compose the major
part of the region's businesses. This poses challenges for the composition and balance of the
board, as family members tend to dominate. A 2001 study by the OECD indicated that around 80%
of listed companies in Hong Kong are controlled by family members.
4.2.1 Independent Non-Executive Directors [INEDs] required to form one-
third of board
One of the new rules from the Consultation paper (see Chapter 2, section 2) is that at least one-
third of an issuer’s board should be independent non-executive directors (INEDs). Listed
companies must comply with the rule by 31 December 2012. Also the Exchange has introduced a
rule which allows an issuer a three-month period to appoint a sufficient number of INEDs to comply
with the one-third rule if it has previously failed to meet the requirement.
4.3 Reliability of financial reporting and external auditors

Issues concerning financial reporting and auditing are seen by many investors as crucial
because of their central importance in ensuring management accountability. They have therefore
been the focus of much debate and litigation. While focusing the corporate governance debate
solely on accounting and reporting issues is inadequate, the greater regulation of practices such as
off-balance sheet financing has led to greater transparency and a reduction in risks faced by
investors.
External auditors may not carry out the necessary questioning of senior management because of
fears of losing the audit, and internal auditors do not ask awkward questions because the chief
financial officer determines their employment prospects. Often corporate collapses are followed
by criticisms of external auditors, where poorly planned audit work failed to identify illegal use of
client monies.
4.4 Directors' remuneration and rewards

Directors being paid excessive salaries and bonuses has been seen as one of the major corporate
abuses for a large number of years. It was therefore inevitable that the corporate governance
codes have targeted this issue.
4.5 Responsibility of the board for risk management and internal

control systems
Boards that meet irregularly or fail to consider systematically the organisation's activities and risks
are clearly not fulfilling their responsibilities. Sometimes the failure to carry out proper oversight is
due to a lack of information being provided, which in turn may be due to inadequate systems
being in place for the measurement and reporting of risk.
4.6 Rights and responsibilities of shareholders

It is important to know shareholders' rights and the role of shareholders, particularly institutional
shareholders and it has been the subject of much debate. Shareholders should have the right to
21
Business Assurance
receive all material information that may affect the value of their investment and to vote on
measures affecting the organisation's governance.
Commencing on 1 April 2012, under the new Code Provisions an issuer must disclose the following
“shareholder rights” information in its Corporate Governance Report:
 The way in which shareholders can convene an extraordinary general meeting;
 The procedures for sending enquiries to the board (with sufficient contact details); and
 The procedures for making proposals at shareholders’ meetings (with sufficient contact
details).
Previously it was a recommendation only that this information should be disclosed.
4.7 Corporate social responsibility and business ethics

The lack of consensus about the issues for which businesses are responsible and the stakeholders
to whom they are responsible has inevitably made corporate social responsibility and business
ethics an important part of the corporate governance debate.
The relationship between a company and its stakeholders should be mutually beneficial and this is
the way to create sustained business success and steady long-term growth in corporate value.
4.8 Public and non-governmental bodies' corporate governance

Many of the principles that apply to company corporate governance also apply to government
bodies or other major entities such as charities. Boards will be required to act with integrity, to
supervise the body's activities properly and to ensure appropriate control and risk
management and reporting systems are being maintained.
However, there are certain ways in which companies might differ from other types of organisation,
such as in their ownership (principals), lack of competition and their legal/regulatory environment
within which they operate.
4.8.1 Composition of boards

This may be determined by regulation or may be tailored by the body's constitution. There may be
more than one board; possibly an executive board for overseeing operations, and a stakeholder
board containing representatives of all major stakeholder groups, which determines objectives and
ensures stakeholder interests are being represented.
4.8.2 Conduct of directors

Directors may be subject to organisation or sector-specific controls to ensure that they act in the
public interest.
4.8.3 Compulsory regulations versus voluntary best practice

Certain guidelines that are voluntary best practice in the corporate sector may be compulsory for
some other sorts of organisation, for example maintenance of an internal audit department.
4.8.4 Disclosure of internal control
Certain types of organisations are required to make disclosures about specific controls such as risk
registers, training, key performance indicators and reporting systems. Regulations such as the
Sarbanes Oxley Act 2002, section 404: Assessment of Internal Controls, have made this a
mandatory disclosure requirement in certain jurisdictions, such as the USA.
22
4.9 The driving forces underlying the governance code

development
Corporate governance issues came to prominence in the USA during the 1970s and in the UK and
Europe from late 1980s. The main, but not the only, drivers associated with the increasing demand
for the development of governance were as follows:
(a) Increasing internationalisation and globalisation meant that investors, and institutional
investors in particular, began to invest outside their home countries. The King report in South
Africa (1994 and revised in 2002) highlights the role of the free movement of capital,
commenting that investors are promoting governance in their own self-interest.
(b) The differential treatment of domestic and foreign investors, (both in terms of reporting
and associated rights/dividends) and the excessive influence of majority shareholders in
insider jurisdictions, caused many investors to call for parity of treatment.
(c) Issues concerning financial reporting were raised by many investors and were the focus of
considerable debate and litigation. Shareholder confidence in what was being reported in
many instances was eroded. While corporate governance development isn't just about better
financial reporting requirements, the regulation of practices such as off-balance sheet
financing has led to greater transparency and a reduction in risks faced by investors.
(d) The characteristics of individual countries may have a significant influence in the way
corporate governance has developed. The King report in South Africa (1994 and revised in
2002) emphasises the importance of qualities that are fundamental to the South African
culture such as collectiveness, consensus, helpfulness, fairness, consultation and religious
faith in the development of best practice.
(e) An increasing number of high profile corporate scandals and collapses including Maxwell
Communications Corporation (refer to the case study below) and the Enron scandal
prompted the development of governance codes. However, the scandals since then have
raised questions about further measures that may be necessary.
Case study
Robert Maxwell was a Czech refugee who came to the UK in 1940. He served in the British Army
and was awarded the Military Cross. After the war, he built up a massive publishing empire that
included at various times the Pergamon Press, Mirror Group Newspapers, the Berlitz language
guides and the New York Daily News. He was a famous celebrity, well-known to millions as a
flamboyant Member of Parliament and was heavily involved in professional football as the owner of
Oxford United Football Club and a director of Derby County Football Club.
Maxwell's success meant that at its peak Maxwell Communications plc was one of the largest
publicly quoted companies in the UK.
Like many publishing companies it was necessary to borrow to lever future growth. Maxwell
appeared to have no difficulty in financing his businesses. Although over time there were many
rumours about his business affairs, he adopted a highly litigious approach to his critics and took
several successful libel actions against popular magazines.
As it happened, Maxwell borrowed significant funds from the pensions funds run on behalf of his
companies' employees. Although this practice is subject to rigorous controls today, it was both
unregulated and quite common practice in the 1980s. In the same period he bought and sold
companies frequently in order to disguise the true financial position of his businesses.
In 1991 it was reported that Maxwell's companies were not meeting the statutory reporting
requirements in respect of the pension schemes. Members of these schemes made complaints in
both the UK and the USA. Maxwell's situation was worsened by the fact that he had used his
shares in his own companies to secure long-term borrowings. When the creditors sold these
shares it caused their prices to fall in the market. Maxwell responded by using borrowed funds,
including some of the operating balances of his companies and pension funds, to purchase shares
in order to support the share price.
23
Business Assurance
Maxwell died by drowning in 1991. The official verdict was accidental death, though inevitably there
have been numerous conspiracy theories surrounding the accident even since. As is often the
case, the true situation concerning his businesses did not emerge immediately. It transpired that he
had used many millions of pounds belonging to occupational pension schemes to support his
businesses. Many employees lost their pensions as a result.
In 1995 several directors of Maxwell companies, including his two sons, were tried for fraud but
were acquitted.
The Maxwell scandal and the resultant consequences led to the enactment of stringent new
legislation imposing strict controls on pension funds and their relationships with employers
contributing to the schemes.
4.10 Development of corporate governance codes

To combat these problems codes of best practice were developed in many jurisdictions. Some of
the main provisions of codes have been clear attempts to deal with difficult situations. The problem
of an overbearing individual dominating a company has been countered by recommendations in
many codes that different directors occupy the positions of a company of chief executive officer and
chairman at the head of a company.
The development of codes has been also prompted by the need to clarify ambiguities in the law, or
require a higher standard of behaviour than local legislation requires. Codes have also been
developed to ensure local companies comply with international best practice.
5 Corporate social responsibility

Topic highlights
Debates on organisations' social responsibilities focus on what these responsibilities are, how
organisations should deal with stakeholders and what aspects of an organisation's environment,
policies and governance are affected.
5.1 Significance of corporate social responsibility

Businesses, particularly large and high profile ones, are subject to increasing expectations that
they will exercise corporate social responsibility.
5.1.1 Economic responsibilities

Companies have economic responsibilities to shareholders demanding a good return, to
employees wanting fair employment conditions and customers who are seeking good-quality
products at a fair price. Businesses are set up to be properly functioning economic units and so this
responsibility forms the basis of all others.
5.1.2 Legal responsibilities

Since laws codify society's moral views, obeying those laws must be the foundation of
compliance with social responsibilities. Although in all societies corporations will have a minimum
of legal responsibilities, there is perhaps more emphasis on them in some European economies
where the focus of discussion has been whether many legal responsibilities constitute excessive
red tape.
24
5.1.3 Ethical responsibilities

These are responsibilities that require corporations to act in a fair and just way even if the law
does not compel them to do so.
5.1.4 Philanthropic responsibilities

These are desired rather than being required of companies. They include charitable donations,
contributions to local communities and providing employees with the chances to improve their own
lives.
5.2 Corporate social responsibility and stakeholders

Inevitably discussion on corporate social responsibilities has been tied in with the stakeholder view
of corporate activity, the view that since businesses benefit from the goodwill and other tangible
aspects of society, they therefore owe society certain duties in return, particularly towards those
affected by its activities.
5.2.1 Problems of dealing with stakeholders

Whatever the organisation's view of its stakeholders, certain problems in dealing with them on
corporate social responsibility may have to be addressed.
(a) Collaborating with stakeholders may be time-consuming and expensive;

(b) There may be culture clashes between the company and certain groups of stakeholders, or
between the values of different groups of stakeholders with companies caught in the middle;
(c) There may be conflict between company and stakeholders on certain issues when they
are trying to collaborate on other issues;
(d) Consensus between different groups of stakeholders may be difficult or impossible to
achieve, and the solution may not be economically or strategically desirable;
(e) Influential stakeholders' independence (and hence ability to provide necessary criticism)
may be compromised if they become too closely involved with companies; and
(f) Dealing with certain stakeholders (eg public sector organisations) may be complicated by
their being accountable in turn to the wider public.
5.3 Impact of corporate social responsibility on strategy and

Social responsibilities can impact on what companies do in a number of ways.
5.3.1 Objectives and mission statements

If the organisation publishes a mission statement to inform stakeholders of strategic objectives,
mention of social objectives is a sign that the board believes that they have a significant impact
on strategy.
5.3.2 Ethical codes of conduct

As part of their guidance to promote good corporate behaviour among their employees, some
organisations publish a business code of ethics.
5.3.3 Corporate social reporting and social financial statements

Some organisations, as part of their reporting on operational and financial matters, report on
ethical or social conduct. Some go further, producing social financial statements showing
quantified impacts on each of the organisation's stakeholder constituencies.
25
Business Assurance
5.3.4 Corporate governance

Impacts on corporate governance could include representatives from key stakeholder groups on
the board, or perhaps even a stakeholder board of directors. It also implies the need for a
binding corporate governance code that regulates the rights of stakeholder groups.
5.4 Ownership and corporate social responsibility

Having raised the issue of the social responsibilities of companies, we also need to consider the
responsibilities of shareholders in companies. One view is that shareholders, by buying shares in a
company in the hope of greater returns, buy a responsibility; they should be insisting that those
managing the company carry out a policy that is consistent with the public welfare.
One of the main problems with this view in relation to large corporations is the wide dispersion of
shareholders. This means that shareholders with small percentage holdings have negligible
influence on managers. In addition, the ease with which shareholders can dispose of shares on
the stock markets arguably loosens their feeling of obligation in relation to their property. This then
raises the question of why the speculative (and possibly short-term) interests of shareholders
should prevail over the longer-term interests of other stakeholders.
In corporate governance discussions, the idea of ownership responsibilities have had a significant
influence because of the importance of institutional shareholders. Not only do they have the level
of shareholdings that can be used as a lever to pressure managers, but they themselves have
fiduciary responsibilities as trustees on behalf of their investors.
Omnipower is an energy producer selling electricity and gas to private and business consumers.
It is a newly-established company, owned by a consortium of energy companies from different
countries.
The production of energy is a topical and controversial issue in the country in which Omnipower
operates. The country is very beautiful and rich in natural resources, so tourism is vital to the
national economy. The inhabitants of the country are fiercely protective of the environment and
their quality of life.
Anxious to build a positive relationship with the communities in which it will operate, Omnipower
has decided to produce a corporate social responsibility statement that will guarantee certain
principles to which it will adhere.
Greenspace, a local environmental pressure group, has already resisted the entry of new energy
companies to the country and has pledged that it will relentlessly pressurise Omnipower to adopt
environmentally friendly policies.
(a) Identify the stakeholders in relation to Omnipower. Compare and contrast their respective
needs.
(b) Set out the matters that should be included in Omnipower's corporate social responsibility
(CSR) statement, including details of commitments that the company should make to its
stakeholders.
26
Topic recap
• Rights of shareholders
• Treatment of stakeholders Code Recommended
• Disclosure/transparency provisions best practices
• Board responsibility
Hong Kong Code on

UK Corporate
Corporate Governance
Governance Code OECD Principles
Practices
International impact
Agency problem CORPORATE GOVERNANCE Stakeholder theory
Corporate governance reports Main concepts
• Role of board • Fairness

• Quality of financial reporting • Transparency
and auditing • Independence
• Probity
CSR: • Directors’ remuneration • Responsibility
• Economic • Risk management • Accountability
• Legal • Reputation
• Corporate social
• Ethical • Judgment
responsibility (CSR)
• Philanthropic
27
Business Assurance
Answers to self-test questions
Answer 1
(a) The OECD Framework proposes that corporate governance be considered in relation to five
areas:
Rights of shareholders
The corporate governance framework should protect shareholders and facilitate their rights
in the company. Companies are obliged to generate investment returns for the risk capital
put up by the shareholders. Directors should be accountable to shareholders in this respect.
Equitable treatment of shareholders
All shareholders should be treated equitably (fairly), including those who constitute a
minority, individuals and foreign shareholders. Shareholders should have redress when their
rights are contravened or where an individual shareholder or group of shareholders is
oppressed by the majority.
Stakeholders
The corporate governance framework should recognise the legal rights of stakeholders.
The company should facilitate co-operation with stakeholders in order to create wealth,
employment and sustainable enterprises.
Disclosure and transparency
Companies should make relevant and timely disclosures on matters affecting financial
performance, management and ownership of the business.
Board of directors
The board of directors is responsible for setting the direction of the company and monitoring
the management of the company in order to achieve its stated objectives. The corporate
governance framework should underpin the board's accountability to the company and its
members.
(b) The term “probity” relates to honesty but goes further than simply telling the truth. Being
dishonest implies telling lies. A lack of probity, on the other hand, is not giving the true
picture of a situation, or acting in a manner that is misleading to others.
For example, giving raw data or incomplete financial information that may lead to inaccurate
conclusions demonstrates a lack of probity.
The term has been used by several judges in cases of wrongful trading. Often, a business
person may not intend to defraud creditors but may present an over-optimistic view of the
business based on a belief that its fortunes can be turned around.
Answer 2
(a) The stakeholders in this situation are:
 customers of Omnipower
 owners of Omnipower
 the community and the local environment
 residents who are not customers
 the government
 Greenspace (whose members may also be customers, residents or both)
 employees of Omnipower
28
Using a table for simple presentation:
Stakeholder category Needs
Customers Low prices and good quality service.

Owners of Omnipower Capital growth and dividends. Payback on
investment.
Community and environment No adverse effects on landscape. No
depletion of natural resources if avoidable.
Development of new sources of renewable
energy. As little pollution as possible.
Residents who are not customers Same as community.
Government Compliance with laws. Operations to be
consistent with environmental policy.
Greenspace Same as community and environment.
Employees Stable salary, job satisfaction and future
employment development.
It can be seen from the table that the needs polarise into two sets of stakeholders. The first
set wants the company to be efficient and deliver energy as cost-effectively as possible.
A secondary concern here might be environmental impact. The second set are more
concerned with the impact on the environment as a primary need.
Energy companies are in an almost impossible position in relation to reconciling the needs of
stakeholders when there is polarisation of views.
(b) A CSR statement should address all major concerns in relation to social responsibilities.
In the case of Omnipower, it should address both social and environmental concerns.
One example of CSR policy is the stakeholder analysis that forms the basis of CSR in
Scottish Power, a UK-based energy company. It defines accountabilities in relation to:
 provision of energy (the primary economic aim)
 health and safety
 customer experience (satisfaction)
 climate change and emissions
 waste and resource usage
 biodiversity
 sites, siting and infrastructure
 employees
 customers with special circumstances
 community
 procurement
 economic
It will be apparent from the above list that most of the concerns of the stakeholders of
Omnipower fall into one or more categories.
29
Business Assurance
Exam practice
Corporate governance 16 minutes

Trading & Factory Limited (“T&F”) has been producing and selling outdoor furniture and garden
ornaments to North America for about ten years. T&F’s founder, Mr. Lee, has occupied the roles of
Chairman and Chief Executive Officer for three years, and has largely dominated its board of
directors.
T&F struggled financially during 20X8-X9, but it has managed to survive through the recession and
has recently presented the unaudited management accounts for the year ended 31 December
20Y0 to its auditor. Extracted below are certain key financials for the years 20X9 and 20Y0.
Extracts from Extracts from
unaudited management accounts audited financial statements
for the year ended 31 December for the year ended
20Y0 31 December 20X9
HK$'000 HK$'000
Sales 482,100 254,300
Gross margin 30% 29%
Net profit before tax 98,100 16,200
Current ratio 0.9 1.2
Following the recent revival in performance, Mr. Lee has expressed T&F’s desire to go for a listing
within a year or two.
Due to the lack of financial expertise on the board and without a separate audit committee, T&F’s
board has been relying on the management letter from its auditor to monitor the operating
effectiveness of its internal controls.
Required
Make three recommendations to improve T&F’s corporate governance. (9 marks)
HKICPA June 2011 (amended)
30
chapter 2
Corporate governance
reports and practice
Topic list
1 Significance of international codes 4 Board committees

1.1 Limitations of international codes 4.1 Audit committees
2 Code on Corporate Governance Practices in 4.2 Nomination committee
Hong Kong and the UK Corporate 4.3 Remuneration committee
Governance Code 5 Management’s responsibilities to comply
2.1 Code on Corporate Governance with corporate governance requirements
Practices in Hong Kong and the UK 5.1 Duties of directors
Corporate Governance Code 5.2 Composition and balance of the board
3 Corporate governance developments in 5.3 Reliability of financial reporting and
Hong Kong external auditors
3.1 Similarities between the Code in Hong 5.4 Directors’ remuneration and rewards
Kong and the UK Corporate
Governance Code
3.2 Comply or explain approach
(principles-based approach)
3.3 Application of principles-based
approaches by investors
3.4 Current issues
3.5 Structure of the Code in Hong Kong
3.6 Corporate Governance Report (CGR) in
Hong Kong
Learning focus
You may well have to discuss the implications of basing governance guidance on principles.
Knowledge of the main features and advantages and disadvantages of corporate governance
codes in general is important, but line-by-line knowledge is not required. Questions normally
require assessment of the strength of corporate governance arrangements in a particular
organisation.
As regards specific codes, the main themes of Sarbanes-Oxley may be tested. The UK
Corporate Governance Code (formerly known as the Combined Code) sets out good practice
but students should be aware of Hong Kong local codes of practice.
The existence of wider social responsibilities is likely to be a theme in questions.
31
Business Assurance
Learning outcome
Competency
level
3.01 Background to corporate governance developments 2
3.01.03 Explain corporate governance developments in Hong Kong
and the structure of the Code on Corporate Governance
Practices and Corporate Governance Report in Hong Kong
3.02 Key issues relating to corporate governance including 2
directors' remuneration, board composition, audit
committee and non-controlling interests
3.02.02 Describe the corporate governance requirements as set out in
the Companies Ordinance and Hong Kong Stock Exchange
Listings Requirements relating to directors' responsibilities (for
example, risk management and internal control) and the
reporting responsibilities of auditors
3.03 Management's responsibilities to comply with corporate 3
governance requirements and to implement related
practices
3.03.01 Explain the responsibilities of management within the
corporate governance framework
3.03.02 Analyse the structure and roles of board committees and
discuss their drawbacks and limitations
3.04 Auditor's responsibilities to consider and address 3
corporate governance requirements
3.04.01 Explain the auditor's responsibility to consider and address
32
2: Corporate governance reports and practice | Part A Corporate governance
1 Significance of international codes

Topic highlights
Codes such as the OECD Code mentioned in the previous chapter have been developed from best
practice in a number of jurisdictions. As such, they can be seen as representing an international
consensus. They stress global issues that are important to companies operating in a number of
jurisdictions. The OECD Code for example, emphasises the importance of eliminating
impediments to cross-border shareholdings and treating overseas shareholders fairly.
Although the OECD Code (mentioned in Chapter 1) is non-binding and voluntary, its principles
have been incorporated into national guidance by a number of countries. The OECD Principles
have also been used by world-wide organisations as a basis for assessing the corporate
governance frameworks and practices in individual countries. These assessments are used to
determine the level of policy dialogue with, and technical assistance given to, these countries.
The fact that the local codes of different countries are based on the same international code means
that compliance costs for companies who are operating in many jurisdictions will be reduced.
It also gives investors some confidence about the application of governance rules.
The development of international codes should also be seen in the context of the development of
robust financial reporting rules, since investors' concerns with unreliable accounting information
has meant that they have questioned corporate governance arrangements. Developments in
international accounting standards aim to promote greater international harmony in accounting
practice, and international convergence on corporate governance is consistent with this.
1.1 Limitations of international codes

A number of problems have been identified with international codes.
(a) International principles represent a lowest common denominator of general, fairly bland,
principles.
(b) Any attempt to strengthen the principles will be extremely difficult because of global
differences in legal structures, financial systems, structures of corporate ownership, culture
and economic factors.
(c) As international guidance has to be based on best practice in a number of regimes,
development will always lag behind changes in the most advanced regimes.
(d) The codes have no legislative power.
(e) The costs of following a very structured international regime (such as one based on
Sarbanes-Oxley) may be very burdensome for companies based in less developed
countries that are not used to such regulation.
33
Business Assurance
2 Code on Corporate Governance Practices in Hong

Kong and the UK Corporate Governance Code
2.1 Code on Corporate Governance Practices in Hong Kong and
the UK Corporate Governance Code
Topic highlights
The Hong Kong Stock Exchange published the Code on Corporate Governance Practices (the HK
Code) and the Corporate Governance Report (CGR) in November 2004, which is included into the
Appendix (Appendix 14) of the Main Board Listing Rules and the Growth Enterprise Market (GEM)
Listing Rules. The HK Code and CGR became effective in 2005.
A range of code provisions (“CP”), recommended best practices (“RBP”) and rules have been
amended. Most of the rule amendments will be effective on 1 January 2012 whilst other Code
amendments will be effective on 1 April 2012.
Listed companies are required to confirm their compliance with the HK Code or, where they do not
comply, to provide explanations for any variation in practice.
The HK Code is broken down into six main areas which will be examined later in this chapter:
1 Directors
2 Remuneration of Directors and Senior Management and Board Evaluation
3 Accountability and Audit
4 Delegation by the Board
5 Communication with Shareholders
6 Company Secretary
The UK Corporate Governance Code (formally known as the Combined Code) similarly contains
detailed guidance on good corporate governance, and strongly influences the corporate
governance requirements in other jurisdictions around the world including Hong Kong.
2.1.1 A history of corporate governance

Before we discuss the provisions of the HK Code, there is a history of corporate governance in
other countries, especially in the UK, that affects Hong Kong companies.
As a result of several accounting scandals in the 1980s and 1990s, the Cadbury Code in the UK
was the first code of corporate governance produced, for UK listed companies. Subsequently, in
1995, the Greenbury report added a set of principles on the remuneration of executive directors
for UK listed companies. The Hampel report in 1998 brought the Cadbury and Greenbury reports
together to form the first Combined Code, adding requirements relating to internal control and risk
management. In 1999, Turnbull produced a report explaining how the risk management and
internal control requirements should be applied.
In 2002, the Higgs report (Review of the role and effectiveness of non-executive directors) and the
Smith report on the role of audit committees were produced, and a new Combined Code was
issued.
In 2010, a new Stewardship Code for investment institutions was issued by the Financial
Reporting Council, providing guidelines on the role of investment institutions (as shareholders of
listed companies) in promoting good corporate governance practices. The Combined Code was
also revised in 2010 and renamed as the UK Corporate Governance Code. The amendments
included a clearer statement of the board’s responsibilities relating to risk, a greater emphasis on
the importance of getting the right mix of skills and experience on the board, and recommendation
that all directors of FTSE 350 companies be put up for re-election every year. The Code was
revised again in 2012.
34
The development of corporate governance in Hong Kong is considered below.

1998
The Hong Kong Stock Exchange issued its guidance of the Code of Best Practice for the Hong
Kong listed companies in 1998, to form the skeleton of a code of best practice to which listed
companies in Hong Kong should aim to adhere. Companies listed on the Main Board were required
to devise their own codes of practice in the interest of both non-executive directors and the
board of directors as a whole. Whereas, for companies listed on the Exchange's Growth Enterprise
Market (GEM) Board, the company had to establish an audit committee with at least three
independent non-executive directors and should appoint competent personnel for some specified
management positions.
2004 – 2005
In 2004, the Hong Kong Stock Exchange issued its draft Code on Corporate Governance Practices
(the Code) and the associated Corporate Governance Report (CGR) to help to strengthen the overall
standard of corporate governance of Hong Kong issuers. The revised Code on corporate governance
provides a detailed approach to various areas of corporate governance in Hong Kong. The HK
Code replaces the previous Listing Rules (the Code of Best Practice) related to corporate
governance whilst the Rules on the Corporate Governance Report set out the requirements in
respect of the preparation and issuance of a Corporate Governance Report (CGR). The new rules
require the board of directors to prepare an additional report (CGR), for inclusion in the annual report.
The HK Code and the CGR have considered the principles and guidelines set out in the revised UK
Corporate Governance Code and the proposals set by the Standing Committee on Company Law
Reform in June 2003.
The HK Code and the Rules on the CGR were effective for accounting periods commencing on or
after 1 January 2005. The Hong Kong Stock Exchange has issued the HK Code and the CGR as
Appendices to the Listing Rules for Main Board issuers and GEM issuers.
As mentioned in Chapter 1, the HKICPA Corporate Governance Committee (the CG Committee)
has issued several publications on corporate governance such as Corporate Governance for Public
Bodies – A Basic Framework in 2004 and Internal Control and Risk Management – A Basic
Framework in 2005 respectively.
2007 – 2009
In February 2009 the Hong Kong Stock Exchange issued its major findings of the third annual
review (2007) of listed issuers' compliance with the Code (the Third Review).
To develop or enhance an in-house code, the Hong Kong Institute of Certified Public Accountants,
The Hong Kong Institute of Directors, the Hong Kong Stock Exchange and the Hong Kong Ethics
Development Centre, Independent Commission Against Corruption (ICAC) sought permission from
the International Federation of Accountants (IFAC) to reproduce “The International Good Practice
Guide, entitled Defining and Developing an Effective Code of Conduct for Organisations”, in Hong
Kong. (We have already discussed the key principles of this guidance in Chapter 1.)
2010 – 2012
Following the financial crisis outbreak in late 2008, the Hong Kong Stock Exchange published a
consultation paper on proposed changes to the HK Code and certain Listing Rules to corporate
governance to enhance the corporate governance in Hong Kong in December 2010. The
consultation period ended in March 2011 where the Hong Kong Stock Exchange adopted most of
the proposals outlined in the Consultation Paper, subject to certain modifications as set out in the
Consultation Conclusions.
The amendments will keep the Corporate Governance Code in line with international best practices.
In its first interim/half year or annual report covering a period after 1 April 2012, the issuer must
state, in that report, whether it has, for that period, complied with the Code Provisions (CPs) in the
revised Code as well as those of the former Code. Issuers may adopt the revised Code at an
earlier date than 1 April 2012.
35
Business Assurance
HKEx’s Consultation on Board Diversity

On 7 September 2012, Hong Kong Exchanges and Clearing Limited (the “HKEx”) published its
“Consultation Paper – Board Diversity” (the Consultation Paper) to set out the proposed
amendments concerning board diversity to Appendix 14 (Corporate Governance Code (the Code)
and Corporate Governance Report) to the Rules Governing the Listing of Securities on the Hong
Kong Stock Exchange.
The major purposes of the proposed amendments are to promote effective decision-making and
better governance, and monitoring through diversity in the boardroom. It is proposed that diversity
will be given a wide interpretation and no criteria will be prescribed to define its meaning. An issuer
should take into account various factors to achieve boardroom diversity depending on its own
business model and circumstances, including gender, age, cultural and educational background
and professional experience.
On 13 December 2012, the HKEx published consultation conclusions on board diversity.
Having received broad support to promote board diversity within listed issuers, the HKEx has
decided to implement new measures. In brief, the measures include a Code Provision ("CP") which
requires the issuer to:
 have a Board Diversity policy
 disclose the policy or its summary in the issuer's corporate governance report, and
 disclose any measurable objectives for implementing the policy and progress on achieving
those objectives.
In addition, a note is added under the CP to clarify how the HKEx intends diversity to be
understood. The measures will be effective on 1 September 2013. The conclusions are as follow:
(i) Board composition
The board should have a balance of skills, experience and diversity of perspectives
appropriate to the requirements of the issuer’s business. It should ensure that changes to its
composition can be managed without undue disruption. It should include a balanced
composition of executive and non-executive directors (including independent non-executive
directors) so that there is a strong independent element on the board, which can effectively
exercise independent judgment. Non-executive directors should be of sufficient calibre and
number for their views to carry weight.
(ii) Appointments, re-election and removal
There should be a formal, considered and transparent procedure for the appointment of
new directors. There should be plans in place for orderly succession for appointments. All
directors should be subject to re-election at regular intervals. An issuer must explain the
reasons for the resignation or removal of any director.
(iii) Nomination Committee
The nomination committee (or the board) should have a policy concerning diversity of board
members, and should disclose the policy or a summary of the policy in the corporate
governance report which is included in the annual report.
Board diversity will differ according to the circumstances of each issuer.
Diversity of board members can be achieved through consideration of a number of factors,
including but not limited to gender, age, cultural and educational background, or
professional experience. Each issuer should take into account its own business model and
specific needs, and disclose the rationale for the factors it uses for this purpose.
36
2.1.2 Principles of the HK Code and the UK Corporate Governance Code

The HK Code lays down standards of good practice for entities on issues such as the composition
of the board, directors' remuneration, accountability and audit, relations with shareholders
communication with shareholders and the role of company secretary.
The HK Code contains a combination of:
 broad principles
 more specific provisions (Code provisions (CP) and
 recommended best practices (RBPs).
Companies are required to conduct their corporate governance in accordance with the principles
and to apply the detailed code provisions. They are also encouraged to follow recommended best
practices.
The Listing Rules (Chapter 3) apply a “comply or explain” approach, and listed companies in HK
have to disclose that they have applied the code provisions, or if they have not, to provide an
explanation why.
The HK Code refers to companies as “issuers”. The main principles of the Code are set out below.
The major principles of the HK Code
Section A: Directors
The Board
An issuer should be headed by an effective board, which should assume responsibility for
leadership and control of the issuer, and be collectively responsible for promoting the success of
the issuer by directing and supervising the issuer's affairs. Directors should take decisions
objectively and in the interests of the issuer.
Directors’ duties
The rule emphasises directors’ duties as it requires directors to take an active interest in the
issuer’s affairs, to obtain a general understanding of its business and follow up any relevant
matters that come to their attention. The directors are required to apply the required levels of skill,
care and diligence as failure to discharge their duties and responsibilities may result in disciplinary
action by the Hong Kong Stock Exchange and may attract civil and/or criminal liabilities. The rule
was implemented commencing on 1 January 2012.
Chairman and Chief Executive Officer
There are two key aspects of the management of every issuer – the management of the board, and
the day-to-day management of the issuer's business. There should be a clear division of these
responsibilities at the board level so that power is not concentrated in any one individual.
The new CP places greater emphasis on the roles and responsibilities of the chairman. The CP
was implemented commencing on 1 April 2012.
Board composition
The board should have a balance of skills and experience appropriate for the requirements of the
business of the issuer. The board should ensure that changes to its composition can be managed
without undue disruption.
The new rule requires that at least one-third of an issuer’s board should be independent non-
executive directors (INEDs). Listed companies must comply with the rule by 31 December 2012.
Companies which do not satisfy this rule have a three-month period to appoint a sufficient number
of INEDs.
37
Business Assurance
Appointments, re-election and removal

There should be a formal, considered and transparent procedure for the appointment of new
directors to the board. There should be plans in place for orderly succession for appointments to
the board. All directors should be subject to re-election at regular intervals. An issuer must explain
the reasons for the resignation or removal of any director.
Notifying directorship change and disclosure of directors’ information (including the chief
executive)
The amended rule requires issuers to:
 disclose information on the retirement or removal of a director or supervisor;
 disclose information on the appointment, resignation, re-designation, retirement or removal
of a chief executive;
 disclose director’s information on all civil judgments of fraud, breach of duty, or other
misconduct involving dishonesty; and
 clarify that the sanctions referred to in rule 13.51B(3)(c) are those made against the issuer.
The RBP has been upgraded to a CP stating that a list of directors should be published on the
issuer’s website and added that it should also be published on the HKEx website.
(Implementation date: 1 January 2012)
An INED who has served nine years
The previous RBP has been upgraded to CP. This states that it recommends that shareholders
should vote on a separate resolution to retain an INED who has served on the board for more than
nine years. Listed companies should include the reasons why the board considers the INED
independent in the circular nominating him for election.
(Implementation date: 1 April 2012)
Directors’ training
The Hong Kong Stock Exchange has upgraded a RBP to a CP on directors’ training. According to
the new CP, directors should provide issuers with records of training they have received.
Listed companies must disclose in their Corporate Governance Reports how directors have
complied with the CP on training.
Responsibilities of directors
Every director is required to keep abreast of his responsibilities as a director of an issuer and of the
conduct, business activities and development of that issuer. Given the essential unitary nature of
the board, non-executive directors have the same duties (of care and skill, and fiduciary duties) as
executive directors.
The new CP states that the board should regularly review the contribution made by a director and
the performance of his responsibilities including whether he is spending sufficient time performing
them. Under the new CP, the directors should inform the issuer of any change in their significant
commitments. This information should be provided in a timely manner.
Supply of and access to information
Directors should be provided in a timely manner with appropriate information, in such form and of
such quality as will enable them to make an informed decision and to discharge their duties and
responsibilities as directors of an issuer.
38
The new CP states that management should provide monthly updates to board members giving a
balanced and understandable assessment of the issuer’s performance, position and prospects in
sufficient detail to enable them to discharge their duties. This information may include information
such as monthly management accounts and management updates.
Corporate governance functions
The new CP states that the board should be responsible for corporate governance and in addition,
says that an issuer should establish terms of reference on duties that should be performed by the
board or committees delegated by the board.
A new rule has also been introduced which requires issuers to disclose the corporate governance
policy and duties performed in the Corporate Governance Report.
Board evaluation
An RBP has been introduced recommending that the board conducts a regular evaluation of its
performance.
Directors’ insurance
The RBP had been upgraded requiring that an issuer should arrange appropriate insurance
coverage for directors.
Directors’ attendance at board meetings
The new CP states that non-executive directors, including INEDs, should attend board, committee
and general meetings and contribute to the issuer’s strategy and policies.
The new requirement also states that issuers must disclose details of the attendance at general
meetings of each director by name in its Corporate Governance Report.
Further, it should disclose the attendance at the AGM of the chairman of the board and the
chairmen of the audit, remuneration and nomination committees and other chairmen of “any other
committee”.
The new CP clarifies that, subject to the issuer’s constitutional documents and the laws and
regulations of its place of incorporation, it may count directors’ attendance by electronic means
(including telephonic or video-conferencing) as attendance at a physical board meeting.
A new rule which should be implemented from 1 April 2012 removes the 5 per cent threshold for
voting on a resolution in which a director has an interest.
Section B: Remuneration of directors and senior management and board

evaluation
The level and make-up of remuneration and disclosure
An issuer should disclose information relating to its directors' remuneration policy and other
remuneration related matters. There should be a formal and transparent procedure for setting
policy on executive directors' remuneration, and for fixing the remuneration packages for all
directors. Levels of remuneration should be sufficient to attract and retain the directors needed to
run the company successfully, but companies should avoid paying more than is necessary for this
purpose. No director should be involved in deciding his own remuneration.
39
Business Assurance
Notes
1 Under paragraph 24 of Appendix 16, directors' fees and any other reimbursement or
emolument payable to a director must be disclosed in full in the annual reports and
accounts of the issuer on an individual and named basis.
2 Under paragraph 24B of Appendix 16 of the Listing Rules, issuers are required to give a
general description of the emolument policy and long-term incentive schemes of the group
as well as the basis of determining the emolument payable to their directors.
Disclosure of senior management remuneration by band
A new CP states that senior management remuneration should be disclosed by band.
Disclosure of chief executive’s remuneration
Issuers are required to disclose the remuneration of a chief executive who is not a director.
Section C: Accountability and audit

Financial reporting
The board should present a balanced, clear and comprehensible assessment of the company's
performance, position and prospects.
Internal controls
The board should ensure that the issuer maintains sound and effective internal controls to
safeguard the shareholders' investment and the issuer's assets.
(Note. The objectives of the internal controls are:
– To ensure achievements of the company’s objectives, including its stated goals and business
targets in an effective and efficient manner
– To ensure economical and effective use of resources and adequately safeguard the Group’s
assets against unauthorised use or disposition
– To ensure maintenance of proper records for providing reliable financial, managerial and
operating information for decision-making, evaluation of activities or publication
– To ensure adequate control of the risks inherent in operations
– To ensure compliance with applicable legislation and regulations.)

Audit committee
The board should establish formal and transparent arrangements for considering how it will apply
the financial reporting and internal control principles and for maintaining an appropriate
relationship with the company's auditors. The audit committee established by an issuer pursuant
to the Hong Kong Stock Exchange Listing Rules should have clear terms of reference.
Section D: Delegation by the board

Management functions
An issuer should have a formal schedule of matters specifically reserved to the board for its
decision. The board should give clear directions to management as to the matters that must be
approved by the board before decisions are made on behalf of the issuer.
40
Board committees
Board committees should be formed with specific written terms of reference which deal clearly
with the committees' authority and duties.
Section E: Communication with shareholders
Effective communication
The board should endeavour to maintain an on-going dialogue with shareholders and in particular,
use annual general meetings or other general meetings to communicate with shareholders and
encourage their participation.
A new CP states that issuers should establish a shareholder communication policy.
Issuers should also avoid “bundling” resolutions and, where they are “bundled”, issuers are
required to explain the reasons and material implications in the notice of meeting.
Voting by poll
The issuer should ensure that shareholders are familiar with the detailed procedures for conducting
a poll.
The rule has been amended to allow a chairman at a general meeting to exempt certain
prescribed procedural and administrative matters from a vote by poll.
Publishing constitutional documents on website
A new rule requires an issuer to publish an updated and consolidated version of its constitutional
documents on its own website and the HKEx website. Any significant changes to constitutional
documents during the year in its Corporate Governance Report should be disclosed.
In addition, issuers are required to publish on their websites the procedures shareholders can use
to propose a person for election as a director.
Section F: Company Secretary
The company secretary plays an important role in supporting the board by ensuring good
information flow within the board and that board policy and procedures are followed. The company
secretary is responsible for advising the board through the chairman and/or the chief executive on
governance matters and should also facilitate induction and professional development of directors.
Functions of the Company Secretary
The Company Secretary supports the Chairman in promoting the highest standards of corporate
governance, and facilitating the effective functioning of the board and its committees, where
appropriate.
 The Company Secretary reports to the Chairman on Board/committee matters and to the
Chief Executive on administrative matters. The appointment and removal of the Company
Secretary is a matter for the Board as a whole.
 All directors have direct access to the advice and services of the Company Secretary for the
ongoing discharge of their duties and responsibilities.
 The key functions of the Company Secretary include:
– assisting the Chairman in ensuring that there are timely and appropriate information
flows to the board and between the non-executive Directors and the management, to
enable directors to discharge their responsibilities
– ensuring that board’s policy and procedures, and all applicable rules and regulations,
are complied with by each and every director
41
Business Assurance
– ensuring accurate records of board/committee (where appropriate) meeting

proceedings, discussions and decisions are recorded
– giving independent, impartial advice to the board on governance matters
– providing updates to the Board on regulatory, CG and CSR issues, new legislations,
and directors’ duties and obligations
– facilitating induction and professional development of directors
– facilitating communications with shareholders through a variety of means, including
annual general meetings, circulars and periodic reports.
The Company Secretary’s biography is set out in the annual reports.
In addition to the above, a new section has been added in the CP setting out the role and
responsibilities of a company secretary:
(i) The company secretary should be an employee of the issuer. If the issuer engages an
external service provider, it should disclose the identity of the person with sufficient seniority
at the issuer for the external provider to contact;
(ii) The selection, appointment, or dismissal of the Company Secretary should be a board
decision;
(iii) The Company Secretary should report to the board Chairman and/or the Chief Executive;
and
(iv) All directors should have access to the advice and services of the company secretary to
ensure that board procedures, and all applicable laws, rules and regulations are followed.
Company Secretary’s qualifications, experience and training
The academic or professional qualifications that the Hong Kong Stock Exchange considers
acceptable include a member of Hong Kong Institute of Chartered Secretaries, a lawyer or an
accountant. Clarification has also been issued regarding the factors the Hong Kong Stock
Exchange would consider in assessing “relevant experience”. These include the length of
employment with an issuer, training received, familiarity with the rules and relevant laws, and
qualifications in other jurisdictions.
Requirement for a Company Secretary to be ordinarily resident in Hong Kong
The requirement for a company secretary to be ordinarily resident in Hong Kong has been
removed. This has made the requirements for company secretaries of Mainland issuers the same
as for other issuers.
In addition, company secretaries are required to have 15 hours’ professional training in a financial
year.
In comparison, the UK Corporate Governance Code sets out standards of good practice in
relation to board leadership and effectiveness, remuneration, accountability and relations with
shareholders.
All companies with a premium listing of equity shares in the UK (“premium listed companies”) are
required under the Listing Rules to report on how they have applied the UK Corporate Governance
Code in their annual report and accounts.
The UK Code contains broad principles and more specific provisions, but does not contain
recommended best practices. Listed companies are required to report on how they have applied
the main principles of the Code, and either to confirm that they have complied with the Code's
provisions or – where they have not – to provide an explanation (“comply or explain”).
Compared with the HK Code, the UK Corporate Governance Code is substantially more detailed.
42
2.1.3 Auditors and the Code

The Hong Kong Stock Exchange in October 2011 amended the Main Board/GEM Listing Rules
relating to the Corporate Governance Code (“the revised Code”) and associated Listing Rules. One
of the amendments of introducing the new provision in the revised Code is that the management of
a company should ensure the company’s auditor attends the annual general meeting (“AGM”) to
answer questions relevant to:
(i) the conduct of the audit – responses to questions about the conduct of the audit;
(ii) the preparation and content of the auditor’s report;
(iii) the accounting policies adopted by the company in relation to the preparation of the financial
statements;
(iv) the independence of the auditor in relation to the conduct of the audit; and
(v) modification to the independent auditor's report, if any
The revised Code is effective from 1 April 2012, and accordingly an auditor is expected to attend
and answer questions at an AGM that is held on or after 1 April 2012.
The new Rule requires shareholders’ approval at a general meeting of any proposal to appoint or
remove an auditor before the end of the term of his office. The Rule requires the issuer to send a
circular containing any written representation from the auditor to shareholders and the auditor must
be allowed to make a written and/or verbal representation at the general meeting to remove him.
2.1.4 Directors
Directors are usually responsible for setting an entity's strategy, formulating policies and identifying
systems and controls and monitoring performance. Let's break this down further:
Setting strategy and guiding policy
Directors are ultimately responsible for the safe stewardship of the company, and this includes
all aspects of its management: formulating strategic plans, and translating this into budgets, HR
plans, developing and maintaining assets, investing in technology and ensuring corporate
governance rules or any industry regulation or tax rules are complied with. One important area in
formulating strategy is identifying and controlling risks. Internal audit may have a very important
role to play in this area, although it is a decision made by the directors as to whether to set up an
internal audit department, and if so, to direct relevant work activity to that department.
In an effective board, there should be a balance of power as well as a balance of skills and
experience, and a single individual should not be able to dominate the board. One way of achieving
this is to comply with the provision in the HK Code that the roles of Chairman of the board and
Chief Executive Officer should be separate and should not be performed by the same individual.
This means that no one individual should have unfettered powers of decision.
The board should also take responsibility for monitoring its own fitness to manage the company.
This means an assessment of the knowledge, experience, and skills of the directors in areas core
to the entity's business as well as the directors' personal characteristics, such as integrity.
judgment and available energy and time to invest in the business. It also involves decisions as to
new members, good induction procedures and personal development.
The board relies on reliable, timely information from the entity's systems in order to make decisions
and should review the availability and quality of the information available and set up procedures to
improve any deficiencies.
43
Business Assurance
Setting up systems, controls and monitoring

Directors are also responsible for the systems used to fulfil the company objectives and the
controls put in place to safeguard against risks, a point we will return to later in this chapter. The
HK Code requires the boards of listed HK companies to consider annually whether an internal
audit department is required (HK Code Section C.2.6).
Directors are also responsible for monitoring the effectiveness of the system of internal
control and risk management. An internal audit department can support the board in ensuring
adequate oversight of internal systems and controls and therefore has a primary role to play in an
entity's corporate governance framework.
In the UK, the Turnbull report on the review by the board of the effectiveness of internal control
and risk management made the following recommendations:
Turnbull Guidelines
Have a defined process for the effectiveness of internal control
Review regular reports on internal control
Consider key risks and how they have been managed
Check the adequacy of action taken to remedy weaknesses and incidents
Consider the adequacy of monitoring
Conduct an annual assessment of risks and the effectiveness of internal control; and
Make a statement on this process in the annual report
2.1.5 Non-executive directors
Key term
Non-executive directors are directors who do not have day-to-day operational responsibility for
the company. They are not employees of the company or affiliated with it in any other way.
Non-executive directors may be independent or they may not be independent. When a non-
executive director is considered “not independent”, this means that the individual may be subject to
the views and influence of others. For example a non-executive director may represent the
interests of a major shareholder, or the director may be subject to the influence of the executive
management team, especially after serving as a non-executive director many years.
The Listing Rules provide guidelines on how the “independence” of a non-executive director may
be assessed. The HK Code also specifies that if a non-executive director has been on the board for
more than nine years, this would be a factor to consider when judging whether he is still
independent.
Board composition has a significant impact on corporate performance. The importance of
independent non-executive directors is their detachment from the day to day operational
responsibility of the company, in other words they are “objective”. As already stated in Section
2.1.2, at least one-third of an issuer’s board should be independent non-executive directors
(INEDs).
A company should also maintain on its website an up-to-date list of all its directors, indicating their
function or role and whether they are independent non-executive directors.
Non-executive directors may be appointed to oversee a particular sensitive area such as company
reporting, nomination of directors and remuneration of executive directors. Often entities establish
sub-committees of board members to deal with these issues. We will consider one such sub-
committee, the audit committee, in more detail in Section 4.1.
44
The HK Code on Corporate Governance Practices is a Hong Kong Stock Exchange requirement
for listed companies. It is recommended for other companies. Some argue that the HK Code
should be mandatory for all companies.
Required
(a) Discuss the benefits of the HK Code to shareholders and other users of financial statements.
(b) Discuss the merits and drawbacks of having such provisions in the form of a voluntary code.
3 Corporate governance developments in Hong Kong

Topic highlights
Listed companies are required to confirm their compliance with the HK Code or, where they do not
comply, to provide explanations for any variation in practice.
3.1 Similarities between the Code in Hong Kong and the

UK Corporate Governance Code
When introducing the revised HK Code and the Rules on the CGR in Hong Kong, the Hong Kong
Stock Exchange noted that the HK Code represents a significant move towards the adoption of
international benchmarks of corporate governance, best practice and disclosure for Hong Kong
listed entities. The HK Code has taken into account the UK Corporate Governance Code.
In contrast to other corporate governance reporting regimes, the Hong Kong Code is broader in
coverage but less onerous in terms of required management action and attestation. This should
translate into a corporate governance framework that empowers business to succeed, while not
having a significant financial impact.
The Hong Kong Stock Exchange has adopted a “comply or explain” approach, (which we
discuss in the next Section 3.2) to both Main Board and GEM corporate governance
provisions. However, where an issuer chooses not to comply with the relevant Code, the issuer
must give considered reasons for any deviation, although such deviation may not necessarily
constitute a breach of Hong Kong Stock Exchange Listing Rules. In addition, the Hong Kong Stock
Exchange requires Main Board and GEM listed companies to include a Corporate Governance
Report (CGR) in the annual report. The Hong Kong Stock Exchange sets out mandatory and
recommended disclosures (discussed in Section 3.6) for inclusion in the CGR. Failure to include
any of the mandatory disclosures in the CGR will be regarded by the Hong Kong Stock Exchange
as a breach of the Listing Rules.
3.2 Comply or explain approach (principles-based approach)
Topic highlights
Many governance codes have adopted a principles-based approach allowing companies
flexibility in interpreting the codes' requirements and to explain if they have departed from the
provisions of the code.
A continuing debate on corporate governance is whether the guidance should predominantly be in
the form of principles, or whether there is a need for detailed laws or regulations.
45
Business Assurance
Hong Kong has adopted a non-statutory approach for its corporate governance framework, based
on the UK's Corporate Governance Code. This means that the Code is voluntary in nature, with HK
companies being asked to “comply or explain” any deviation from the code. The Hong Kong Stock
Exchange requires that disclosures be made as to whether it has been complied with, but there are
no statutory requirements to comply.
Principles-based approaches have often been adopted in jurisdictions where the governing bodies
of stock markets have had the prime role in setting standards for companies to follow. By
comparison the USA has adopted a more rules-based approach in their corporate governance
framework.
3.2.1 Benefits of comply or explain approach (principles-based approach)

Possible benefits of basing corporate governance codes on a series of principles are as follows:
(a) The approach focuses on objectives (for example, the objective that shareholders holding a
minority of shares in a company should be treated fairly) rather than the mechanisms by
which these objectives will be achieved. Possibly therefore, principles are easier to
integrate into strategic planning.
(b) Principles-based approaches can be applied across different legal jurisdictions rather than
being founded in the legal regulations of one country. The OECD Principles are a good
example of guidance that is applied internationally. This will increase global harmonisation.
(c) Where principles-based approaches have been established in the form of corporate
governance codes, the specific recommendations that the codes make are generally
enforced on a comply or explain basis. Listing Rules include a requirement to comply with
codes, but because the guidance is in a form of a code, companies have more flexibility
than they would if the code was underpinned by legal requirements.
(d) The disclosure requirements ensure that shareholders are aware of the position and they
can make any points they want to about compliance with the code at the AGM.
(e) It has been argued that making such a code obligatory would have punitive effects on
some companies, due to their size or investor make up and that legislation would create a
burden of requirement which could be excessive in many cases. Therefore, it is less
burdensome in terms of time and expenditure.
(f) A principles-based approach allows companies to develop their own approach to
corporate governance that is appropriate for their circumstances within the limits laid down
by stock exchanges.
(g) Enforcement on a comply or explain basis means that businesses can explain why they
have departed from the specific provisions if they feel it is appropriate. In many instances
now, the departures from best practice described in reports are of a minor or temporary
nature. Explanations of breaches have generally included details of how and when non-
compliance will be remedied.
3.2.2 Criticisms of comply or explain approach

(a) A principles-based approach can lay stress on those elements of corporate governance to
which rules cannot easily be applied. These include overall areas such as the requirement
to maintain sound systems of internal control, and “softer” areas such as organisational
culture and maintaining good relationships with shareholders and other stakeholders.
(b) Disclosure of non-compliance is insufficient as the AGM is still not sufficient protection for
shareholders.
(c) Having a voluntary code allows some companies not to comply freely, to the detriment of
their shareholders.
(d) The requirement to disclose is only a Stock Exchange requirement, and there are many
unlisted companies who should be encouraged to apply the codes.
46
(e) There may be confusion over what is compulsory and what isn't. Although codes may
state that they are not prescriptive, their adoption by the local stock exchange means that
specific recommendations in the codes effectively become rules, which companies have to
obey in order to retain their listing.
(f) Some companies may perceive a principles-based approach as non-binding and fail to
comply without giving an adequate or perhaps any explanation. Not only does this
demonstrate a failure to understand the purpose of principles-based codes but it also
casts aspersions on the integrity of the companies' decision-makers.
3.3 Application of principles-based approaches by investors

In practice, comply or explain has not led to lots of companies treating compliance as being
voluntary. Analysts and investors have taken breaches, particularly by larger listed companies, very
seriously. The reputation of companies has been adversely affected if they have tried to justify non-
compliance on the grounds of excessive trouble or cost. However the value of smaller or recently
listed companies has been less affected by non-compliance; stock markets have effectively
allowed these companies more latitude even though they have breached the governance codes.
The governments have shown concerns for this area in the past and it is believed that they might
take actions in the future to regulate this area more heavily.
However, at the moment, having a voluntary code is a compromise based on the points made
above.
3.4 Current issues

Some observers attributed the global economic downturn from 2008 to a failure of those in
corporate governance, such as non-executive directors and audit committees, to manage risk
effectively. In particular, several banks in the USA and Europe were criticised for poor governance
and a failure to understand the risk exposures the banks are facing. Other observers argue that it is
not fair to blame directors who, due to rigorous independence requirements, may only have a
limited knowledge of the business or industry and are only allocated a few days a month to their
role. There seems to be an expectations gap between what is expected of those in corporate
governance and the tasks they can reasonably be required to do.
It is likely that corporate governance regulation will be reviewed as regulators react to the situation.
However, it is important that any changes are carefully considered and not just quickly
implemented regulations to appease public opinion.
While it stressed that a different code may not have prevented the current economic conditions, it is
thought that it is an appropriate time to examine its effectiveness.
3.5 Structure of the Code in Hong Kong

Over the years, HKEx has undertaken a series of initiatives to raise the standards of corporate
governance in Hong Kong, improving the quality of disclosures and fostering corporate governance
culture amongst issuers in Hong Kong.
As stated earlier, the HK Code sets out the principles of good corporate governance, and two
levels of recommendations: (a) code provisions; and (b) recommended best practices. Hong Kong
listed companies are expected to comply with the code provisions (or explain any non-compliance).
The recommended best practices are for guidance only. Issuers may also devise their own code on
corporate governance practices on such terms as they may consider appropriate.
For the deviations the listed company must provide reasons in the annual reports and interim
reports.
47
Business Assurance
The Code is structured in the following sections:

A Directors
B Remuneration of directors and senior management and board evaluation
C Accountability and audit
D Delegation by the board
E Communication with shareholders
F Company secretary
The main provisions in the HK Code are set out below.
Key provisions of the HK Code

Section A Directors
 Every company should be headed by an effective board, which is responsible for
leadership and control and for promoting the success of the company.
 The board should meet regularly where appropriate agenda, meeting notices and
meeting minutes are prepared.
 The roles of Chairman and Chief Executive Officer should be separated and should
not be performed by the same individual.
 At least one-third of an issuer’s board should be independent non-executive directors
(INEDs).
 There should be a formal, considered and transparent procedure for the appointment
of new directors to the board. There should be regular re-elections of all directors at
regular intervals. Non-executive directors should be appointed for a specific term and
subject to election. Their term of appointment must be disclosed in the Report in
accordance with the Listing Rules. Shareholders should vote on a separate resolution to
retain an INED who has served on the board for more than nine years.
 The board should regularly review the contribution by a director to performing his
responsibilities to the issuer, and whether he is spending sufficient time performing
them.
 Directors should inform the issuer of any change to directors’ significant commitments in
a timely manner.
 Every director should be subject to retirement by rotation at least once every three
years.
 The reason for the resignation and removal of a director must be explained.
 Every director should keep abreast of his responsibilities as a director of the company,
the conduct and development of that company.
 The board should be provided with timely information in a form and of a quality
appropriate to enable it to discharge its duties. All directors are entitled to have access
to board papers and related materials.
 All directors should receive induction on joining the board and should regularly update
and refresh their skills and knowledge by participating in continuous professional
development. Subsequently such briefings and professional development should be on
an “as is necessary” basis.
 There should be a procedure agreed by the Board to enable directors, upon reasonable
request, to seek independent professional advice in appropriate circumstances, at the
company's expense.
 Directors should provide records of directors’ training they received to issuers.
48

Section B Remuneration of directors and senior management and board evaluation
 The company should establish a remuneration committee, consisting of the majority of
independent executive directors who should consult the Chairman and/or Chief
Executive Officer about its proposals relating to the remuneration of the executive
directors.
 Levels of remuneration should be sufficient to attract, retain and motivate directors of
the quality required to run the company successfully, but a company should avoid
paying more excessive amounts than is necessary for this purpose. (It should be noted
that this is a principle in the HK Code, not a provision.)
 Senior management remuneration should be disclosed by band.
 The issuers should disclose the remuneration of a Chief Executive who is not a director.
Section C Accountability and audit
 Management should provide such information to the board that will enable the board to
make an informed assessment of the financial and other information that is presented to
them for approval.
 The directors should acknowledge in the Corporate Governance Report (CGR) their
responsibility for preparing the financial statements and there should be a statement by
the external auditors about their reporting responsibilities in the auditor's report on the
financial statements.
 The board should prepare the financial statements on a going concern basis unless the
board is aware of material uncertainties relating to events or conditions that may cast
significant doubt upon the company's ability to continue as a going concern.
 The board should present a balanced, clear and comprehensive assessment of the
company's position, performance and prospects.
 The board should maintain a sound system of internal control to safeguard
shareholders' investment and the company's assets.
 The directors should, at least annually, conduct a review of the effectiveness of the
group's system of internal controls and report to shareholders that they have done so in
their annual report. The review should consider the adequacy of resources,
qualifications and experience of staff of the issuer's accounting and financial reporting
functions, and their training programmes and budget.
49
Business Assurance
Section D Delegation by the board

 When the board delegates aspects of its management and administration functions to
management, it must give clear directions to management as to the powers they have
been given. In particular, the board must specify the circumstances where management
must report back to the board and obtain prior approval before making a decision or
making commitments on behalf of the company.
 When a board committee is established, it should be given clear terms of reference to
enable it to discharge its responsibilities effectively. These terms of reference should
include a requirement for the committee to report back to the full board on their
decisions or recommendations.
 The board should not delegate matters to a board committee, executive directors or
management to an extent that would reduce its ability to discharge its functions properly.
 There should be a formal list of matters that are reserved for decision-making by the
board, that the board must not delegate.
Section E Communications with shareholders

 A principle in the Code is that the board should maintain on-going communication with
shareholders and in particular, use annual general meetings (AGM) or other general
meetings to communicate with shareholders and encourage their participation.
 The Code provisions about communications with shareholders relate to general
meetings, such as a requirement to have a separate resolution for each substantial
issue of shareholding, and sending out the notice of the annual general meeting well in
advance. At the beginning of a general meeting the Chairman should also explain the
detailed procedures for conducting a poll.
 Issuers should establish a shareholder communication policy.
Section F Company Secretary

 The Company Secretary should be an employee of the issuer and have day-to-day
knowledge of the issuer’s affairs.
 The board should approve the selection, appointment or dismissal of the Company
Secretary.
 The Company Secretary should report to the board Chairman and/or the Chief
Executive.
 All directors should have access to the advice and services of the Company Secretary to
ensure that board procedures, and all applicable law, rules and regulations, are
followed.
 The academic or professional qualifications that the Hong Kong Stock Exchange would
consider acceptable include a member of Hong Kong Institute of Chartered Secretaries,
a lawyer or an accountant.
 Factors the Hong Kong Stock Exchange will consider in assessing “relevant experience”
include the length of employment with an issuer, training received, familiarity with the
rules and relevant laws, and qualifications in other jurisdictions.
 The company Secretary should have 15 hours’ professional training in a financial year.
50
3.6 Corporate Governance Report (CGR) in Hong Kong

As stated, listed companies are required to include a CGR in each annual report and summary
financial report (if any). The rules on the CGR set out two levels of disclosure:
 Mandatory disclosure requirements: Failure to include these mandatory disclosure in the
CGR will be regarded by the Hong Kong Stock Exchange as a breach of the Listing Rules.
 Recommended disclosure requirements: The Hong Kong Stock Exchange notes that the
list of recommended disclosures is provided for listed companies' references and is not
intended to be mandatory. The listed companies are encouraged to state whether they have
complied.
Mandatory disclosure requirements Recommended disclosure requirements

 Narrative statement about how the  Shareholders' rights
principles of the Code have been applied.  Share interests of senior management
A statement of compliance with the Code
provisions or an explanation of any non-  Investor relations
compliance  Division of responsibility between the
 Details of board members board and management
 Directors' securities transactions  Additional disclosures regarding

internal control
 Non-executive directors' terms of
appointment
 Identity and segregation of Chairman
and Chief Executive Officer
 Directors' remuneration policy
 Nomination committee information
 Auditors' remuneration
 Audit committee information
 Board diversity policy
According to HKSA 720 (Clarified) The Auditor's Responsibilities Relating to Other Information in
Documents Containing Audited Financial Statements, the auditor should read the narrative
statement of how a listed company has complied with the principles in the HK Code for any
inconsistencies with the audited financial statements.
A new CP states that the annual report should include an explanation of the basis on which the
company generates or preserves value over the longer term and the strategy for delivering the
objectives of the company.
In addition, the Hong Kong Stock Exchange has amended the Rule to remove the requirement for
issuers to publish a Next Day Disclosure Form following the exercise of an option for shares in the
issuer by a director of its subsidiaries so that options for shares in the issuer exercised by a director
of a subsidiary only triggers an announcement if the change in its share capital, individually or
when aggregated with other events, is 5% or more since its last Monthly Return.
3.7 The New Hong Kong Companies Ordinance

A comprehensive exercise to rewrite the Companies Ordinance (Cap. 32) was launched in mid-
2006 with the aim of modernising Hong Kong's company law and further enhancing Hong Kong's
status as a major international business and financial centre. The Companies Bill was finalised
and introduced into the Legislative Council ("the LegCo") on 26 January 2011. On 12 July 2012,
the Companies Bill was passed by the LegCo.
51
Business Assurance
The New Companies Ordinance ("the new CO"), which consists of more than 900 sections and
11 schedules, provides a modernised legal framework for the incorporation and operation of
companies in Hong Kong. It aims to achieve four main objectives, namely, to enhance corporate
governance, ensure better regulations, facilitate business and modernise the law.
To facilitate implementation of the new CO, over ten regulations will have to be made in 2013-14.
In parallel, the Companies Registry will enhance its information system and carry out an overall
review of its procedures and forms for the implementation of the new legislation. The new CO is
expected to commence operation in 2014.
Under the new CO, there are new measures for enhancing corporate governance and the following
are some of the major measures for the enhancement:
(a) Strengthening the accountability of directors
Restricting the appointment of corporate directors by requiring every private company to
have at least one natural person to act as director, to enhance transparency and
accountability.
Clarifying in the statute the directors’ duty of care, skill and diligence with a view to providing
clear guidance to directors.
(b) Enhancing shareholder engagement in the decision-making process
Introducing a comprehensive set of rules for proposing and passing a written
resolution.
Requiring a company to bear the expenses of circulating members’ statements relating to
the business of, and proposed resolutions for, Annual General Meetings, if they are received
in time to be sent with the notice of the meeting.
Reducing the threshold requirement for members to demand a poll from 10% to 5% of the
total voting rights.
(c) Improving the disclosure of company information
Requiring public companies and the larger (i.e., companies that do not qualify for simplified
reporting) private companies and guarantee companies to prepare a more comprehensive
directors’ report which includes an analytical and forward-looking “business review”, whilst
allowing private companies to opt out by special resolution. The business review will provide
useful information for shareholders. In particular, the requirement to include information
relating to environmental and employee matters that have a significant effect on the
company is in line with international trends to promote corporate social responsibility.
(d) Fostering shareholder protection
Introducing more effective rules to deal with directors’ conflicts of interests, including
expanding the requirement for seeking shareholders’ approval to cover directors’
employment contracts which exceed three years.
Requiring disinterested shareholders’ approval in cases where shareholders’ approval is
required for transactions of public companies and their subsidiaries.
Requiring the conduct of directors to be ratified by disinterested shareholders’ approval to
prevent conflicts of interest and possible abuse of power by interested majority shareholders
in ratifying the unauthorised conduct of directors.
Replacing the “headcount test” with a not more than 10% disinterested voting requirement
for privatisations and specified schemes of arrangement, while giving the court a new
discretion to dispense with the test (in cases where it is retained) for members’ schemes.
Extending the scope of the unfair prejudice remedy to cover “proposed acts and omissions”,
so that a member may bring an action for unfair prejudice even if the act or omission that
would be prejudicial to the interests of members is not yet effected.
52
(e) Strengthening auditors’ rights

Empowering an auditor to require a wider range of persons, to provide information or
explanation reasonably required for the performance of the auditor’s duties. This includes the
officers of a company’s Hong Kong subsidiary undertakings and any person holding or
accountable for the company or its subsidiary undertakings’ accounting records. The offence
for failure to provide the information or explanation is extended to cover officers of the
company and the wider range of persons.
4 Board committees
Topic highlights
Many companies operate a series of board sub-committees responsible for supervising specific
aspects of governance. Operation of a committee system does not clear the main board of its
responsibilities for the areas covered by the board committees.
Good use of committees seems to have had a positive effect on the governance of many
companies. It is found that committees had given assurance that important board duties were being
discharged rigorously.
The main board committees are:

 Audit committee – arguably the most important committee, responsible for liaising with
external audit, supervising internal audit and reviewing the annual financial statements and
internal controls
 Nomination committee – responsible for recommending the appointments of new directors
to the board
 Remuneration committee – responsible for advising on executive director remuneration
policy and the specific package for each director
 Risk committee – responsible for overseeing the organisation's risk response and
management strategies
Corporate governance guidance has concentrated on the work of the audit, remuneration and
nomination committees. The corporate governance report recommends that no one individual
should serve on all committees; most reports recommend that the committees should be staffed by
non-executive directors and preferably INEDs. We shall now consider the role of committees to see
why their role is deemed to be so significant.
4.1 Audit committees
Topic highlights
An audit committee can help a company maintain objectivity with regard to financial reporting and
the audit of financial statements.
Appendix 14, Section C.3 of the HK Code sets the minimum duties for the audit committee and
Section B.1 covers the remuneration committee. The HK Code further determines the role of the
audit committee and its role in monitoring the integrity of the company's financial statements as well
as being primarily responsible for the company's relationship with the external auditors, reviewing
the internal controls and recommending the appointment of external auditors. The company should
provide sufficient resources to the audit committee to discharge its duties.
A former partner of the company's existing auditing firm should be prohibited from acting as a
member of the company's audit committee for a period of one year commencing on the date of
53
Business Assurance
ceasing to be partner of the auditing firm or ceasing to have any financial interest in the auditing
firm (whichever is later).
4.1.1 Role and function of audit committees
An audit committee should be set up. It should consist entirely of non-executive directors and there
should be at least three non-executive directors on the committee. The board should satisfy
itself that at least one member of the audit committee is an independent non-executive director who
has appropriate professional qualifications, or accounting or related financial management
expertise.
The majority of the audit committee members must be independent non-executive directors, and
the chairman of the audit committee must be an independent non-executive director as well.
The exact role of an audit committee will vary from entity to an entity. The audit committee terms of
reference should be set out in writing and publicly available or described in a report.
The Code requires that the board should establish formal and transparent arrangements for
considering how it should apply the financial reporting and internal control principles for maintaining
an appropriate relationship with the company's auditors. The provisions relating to this principle are
set out below.
Code provisions relating to the audit committee in Hong Kong

Chapter 3, section 3.21 of the Main Board Listing Rules requires:
'Every listed issuer must establish an audit committee comprising non-executive directors only.
The audit committee must comprise a minimum of three members, at least one of whom is an
independent non-executive director with appropriate professional qualifications or accounting
or related financial management expertise as required under rule 3.10(2). The majority of the
audit committee members must be independent non-executive directors of the listed issuer.
The audit committee must be chaired by an independent non-executive director.'
The GEM Board (Growth Enterprise Market) has similar requirements in Chapter 5, Section
5.28 covering Audit Committees.
For further assistance the HKICPA (formerly known as the Hong Kong Society of Accountants)
published in February 2002, “A Guide for Effective Audit Committees'. Listed issuers may refer
to the terms of reference set out in this Guide, or they may adopt any other comparable terms
of reference for the establishment of an audit committee.
The main role and responsibilities should be set out in written terms of reference and should
include:
(a) To monitor the integrity of the financial statements of the company and any formal
announcements relating to the company's financial performance, reviewing significant
financial reporting issues and judgments contained in them.
The audit committee should review arrangements by which staff of the company may, in
confidence, raise concerns about possible improprieties in matters of financial reporting
or other matters. The audit committee's objective should be to ensure that arrangements
are in place for the proportionate and independent investigation of such matters and for
appropriate follow-up action.
The terms of reference of the audit committee, including its role and the authority
delegated to it by the board, should be made available. A separate section of the annual
report should describe the work of the committee in discharging those responsibilities.
(b) To review the company's internal financial controls and, unless expressly addressed by
a separate board risk committee composed of independent directors or by the board
itself, the company's internal control and risk management systems.
54
(c) To monitor and review the effectiveness of the company's internal audit function.
Where there is no internal audit function, the audit committee should consider annually
whether there is a need for an internal audit function and make a recommendation to the
board, and the reasons for the absence of such a function should be explained in the
relevant section of the annual report.
(d) To make recommendations to the board on the appointment, reappointment and
removal of the external auditors, to approve the remuneration and terms of engagement
of the external auditors and any questions of resignation or dismissal of the external
auditors (section C.3.3(a) of Appendix 14).
If the board does not accept the audit committee's recommendation, it should include in
the annual report, and in any papers recommending appointment or re-appointment, a
statement from the audit committee explaining the recommendation and should set out
reasons why the board has taken a different position.
(e) To monitor and review the external auditor's independence, objectivity and effectiveness
of the audit process in accordance with applicable standards (section C.3.3(b) of
Appendix 14).
To seek information from the external auditors on an annual basis on the external
auditors' processes for maintaining independence and monitoring compliance with
relevant requirements, including any applicable requirement on rotation of engagement
team members.
(f) To develop and implement policy on engagement of the external auditor to supply non-
audit services, taking into account relevant ethical guidance regarding the provisions of
non-audit services by the external audit firm and to report to the board, identifying any
matters in respect of which it considers that action or improvement is needed, and
making recommendations as to the steps to be taken (section C.3.3(c) of Appendix 14).
(g) The amended CP states that an audit committee should meet the external auditor at
least twice a year.
(h) To ensure co-ordination between the internal audit function (where it exists) and the
external auditors.
(i) To review the external auditors' management letter, any material queries raised by the
external auditors to management in respect of the accounting records, financial
statements or systems of control and management's response.
(j) To ensure that the board provides a timely response to the issues raised in the external
auditors' management letter.
(k) The RBP was upgraded to CP, stating that an audit committee’s terms of reference
should include arrangements for employees to raise concerns about financial reporting
improprieties; and
(l) A new RBP was introduced recommending the audit committee establish a
whistleblowing policy and system.
All these new amendments should be implemented commencing on 1 April 2012.
4.1.2 Advantages and drawbacks of audit committees

The advantages of having an audit committee are as follows:
(a) To improve the quality of financial reporting, by reviewing the financial statements on behalf
of the board.
(b) To create an ethical environment and establish controls which will act as a deterrent and
reduce the opportunity for fraud.
55
Business Assurance
(c) To enable the non-executive directors to inject their experience, expertise and an
independent judgment into the entity's affairs.
(d) To help the Chief Financial Officer, by providing a forum in which he can raise matters of
concern, and a mechanism for resolving potentially difficult issues.
(e) To work with and improve the quality and efficiency of the external auditor, by providing a
means of communication and apparatus to resolve issues of concern.
(f) To provide a framework within which the external auditor can assert his position in the event
of a dispute with management.
(g) To strengthen the status of the internal audit function, by providing a greater degree of
independence from management.
(h) To increase public confidence in the reliability and objectivity of financial statements.
Opponents of audit committees argue the following:
(a) The executive directors may not understand the purpose of an audit committee and may
perceive that it detracts from their authority.
(b) There may be difficulty selecting sufficient non-executive directors with the necessary
competence in auditing matters for the committee to be really effective.
(c) The establishment of such a formalised reporting procedure may dissuade the auditors
from raising matters of judgment and limit them to reporting only on matters of fact; and
(d) Costs may be increased.
4.2 Nomination committee

4.2.1 Role and function of nomination committee
In order to ensure that balance of the board is maintained, corporate governance codes recommend
the board should set up a nomination committee, to oversee the process for board appointments
and make recommendations to the board. The nomination committee needs to consider:
 the skills, knowledge and experience possessed by the current board
 the need for continuity and succession planning
 the desirable size of the board
 the need to attract board members from a diversity of backgrounds
New CPs have been introduced and have stated that a listed company should:
(a) establish a nomination committee with a majority of INEDs, chaired by an INED or the board
Chairman;
(b) establish a nomination committee with written terms of reference that performs the duties
described;
(c) include, as one of the nomination committee’s duties, a review of the structure, size and
composition of the board at least annually to complement the issuer’s corporate strategy;
(d) make the nomination committee’s terms of reference available on both the issuer’s and the
HKEx websites;
(e) ensure a nomination committee has sufficient resources; and
(f) enable a nomination committee to seek independent professional advice at the issuer’s
expense.
56
4.3 Remuneration committee

4.3.1 Role and function of remuneration committee
In Hong Kong, the key objectives of establishing a remuneration committee are to assist the board
of directors in maintaining a formal and transparent procedure for setting policy on directors'
remuneration, and to determine an appropriate remuneration package for all directors. The
remuneration committee should ensure that remuneration arrangements support the strategic aims
of the business, and enable the recruitment, motivation and retention of senior executives while
complying with all rules and regulations. According to the new revised rules issuers should
establish a remuneration committee with specific written terms of reference which deal clearly with
its authority and duties. A majority of the members of the remuneration committee should be
independent non-executive directors. The Chairman of the remuneration committee should be an
INED.
There should be written terms of reference for the remuneration committee. Any listed company
that fails to comply with these rules should immediately announce its reasons for not doing so and
any other relevant details. The listed company will have a three-month period to rectify its non-
compliance.
The remuneration committee should consult the Chairman and/or Chief Executive Officer about
their proposals relating to the remuneration of other executive directors. Where necessary it adds
that professional advice can be sought by the remuneration committee, however any professional
advice made available to a remuneration committee should be independent;
The remuneration committee should only perform an advisory role to the board, with the board
retaining the final authority to approve executive directors' and senior management’s remuneration.
It is suggested to remove the term “performance-based” from the CP describing executive
directors’ and senior management’s remuneration. It should ensure that the remuneration
committee’s terms of reference are available on both the issuer’s and the Hong Kong Stock
Exchange websites.
All the new revisions should be implemented commencing on 1 April 2012.
Overall, the remuneration committee plays the key role in establishing remuneration arrangements.
In order to be effective, the committee needs both to determine the organisation's general policy on
the remuneration of executive directors and specific remuneration packages for each director.
(a) Summarise the principles in the HK Corporate Governance Code relating to remuneration of
directors.
(b) Describe the main areas of concern that should be addressed by a remuneration committee.
(c) Explain the relationship between the audit committee and the public sector.
5 Management's responsibilities to comply with

The powers of directors to run the company are set out in the company's constitution or articles
of association.
Under corporate governance best practice there is a distinction between the role of executive
directors, who are involved full-time in managing the company, and the non-executive
directors, who primarily focus on monitoring. However, under Companies Law, in most
57
Business Assurance
jurisdictions the legal duties of directors apply to both executive and non-executive directors.
Section A of Appendix 14 covers the issues relating to directors.
5.1 Duties of directors

The corporate governance reports have aimed to build on the directors' duties as defined in
statutory and case law duties of directors. These include the fiduciary duties to act in the best
interests of the company, use their powers for a proper purpose, avoid conflicts of interest
and exercise a duty of care.
5.2 Composition and balance of the board

A feature of many corporate governance scandals has been boards dominated by a single senior
executive with other board members merely acting as a rubber stamp. Sometimes the single
individual may bypass the board to action his own interests. Even if an organisation is not dominated
by a single individual, there may be other weaknesses in board composition. The organisation may
be run by a small group centred round the Chief Executive and Chief Financial Officer, and
appointments may be made by personal recommendation rather than a formal, objective process.
As we shall see, the board must also be balanced in terms of skills and talents from several
specialisms relevant to the organisation's situation.
5.3 Reliability of financial reporting and external auditors

Issues concerning financial reporting and auditing are seen by many investors as crucial because
of their central importance in ensuring management accountability. They have therefore been the
focus of much debate and litigation. While focusing the corporate governance debate solely on
accounting and reporting issues is inadequate, the greater regulation of practices such as off-balance
sheet financing has led to greater transparency and a reduction in risks faced by investors.
External auditors may not carry out the necessary questioning of senior management because of
fears of losing the audit, and internal auditors do not ask awkward questions because the Chief
Financial Officer determines their employment prospects. Often corporate collapses are
followed by criticisms of external auditors, where poorly planned and focused audit work failed to
identify illegal use of client monies.
5.4 Directors' remuneration and rewards

Packages will need to attract, retain and motivate directors of sufficient quality, while at the
same time taking into account shareholders' interests as well. However, assessing executive
remuneration in an imperfect market for executive skills may prove problematic. The remuneration
committee needs to be mindful of the implications of all aspects of the package, also the
individual contributions made by each director.
Directors being paid excessive salaries and bonuses has been seen as one of the major corporate
abuses for a large number of years. It is therefore inevitable that the corporate governance codes
have targeted this issue, with such measures as:
(a) directors' remuneration should be set by independent members of the board
(b) any form of bonus should be related to measurable performance or enhanced shareholder
value; and
(c) there should be full transparency of directors' remuneration, including pension rights, in
the annual financial statements
In order for readers of the financial statements to achieve a fair picture of remuneration
arrangements, the annual report would need to disclose:
 remuneration policy; and
 arrangements for individual directors
58
Other disclosures that may be required by law or considered as good practice include the duration
of contracts with directors, and notice periods and termination payments under such
contracts. Details of external remuneration consultants employed by the remuneration
committee to advise on determining remuneration should be provided.
59
Business Assurance
Topic recap
Listed companies Compliance responsibility

required to ‘comply of the Board (possibly
or explain’ supervised by sub-committees)
Influenced by OECD Corporate Governance

Code and UK HONG KONG CODE Report (CGR)
Corporate Governance
Code
Six main areas: Distinction betweetn role
1. Directors of executive and
2. Remuneration of directors non-executive directors
and senior managers and board
evaluation
3. Accountability and audit Board responsible for
4. Delegation by the board effectiveness of controls
5. Communication with shareholders
6. Company secretary
60
Answer 1
(a) Benefits of the HK Code
Shareholders
Of key importance to the shareholders are the suggestions that the HK Code makes in
respect of the annual general meeting. In the past, particularly for large listed companies,
AGMs have sometimes been forbidding and unhelpful to shareholders. The result has been
poor attendance and low voting on resolutions.
The HK Code requires that separate resolutions are made for identifiably different items
which should assist shareholders in understanding the proposals laid before the meeting.
It also requires that director members of various important board committees (such as the
remuneration committee) be available at AGMs to answer shareholders' questions.
Internal controls
Another important area for shareholders is the emphasis placed on directors monitoring and
assessing internal controls in the business on a regular basis. While it is a statutory
requirement that directors safeguard the investment of the shareholders by instituting
internal controls, this additional emphasis on quality should increase shareholders'
confidence in the business.
Directors re-election
The requirements of the HK Code also make the directors more accessible to the
shareholders. They are asked to submit to re-election every three years. They are also
asked to make disclosure in the financial statements about their responsibilities in relation to
preparing financial statements and going concern.
Audit committee
Last, some people would argue that the existence of an audit committee will lead to
shareholders having greater confidence in the reporting process of an entity.
Other users
The key advantage to other users is likely to lie in the increased emphasis on internal
controls as this will assist the company in operating smoothly and increasing viability of
operations, which will be of benefit to customers, suppliers and employees.
(b) Voluntary code
Adherence to the HK Code is not a statutory necessity, although it is possible that in the
future, such a code might become part of company law.
Advantages
The key merit of the HK Code being voluntary for most companies is that it is flexible.
Companies can review the Code and make use of any aspects which would benefit their
business.
If they adopt aspects of the HK Code, they can disclose to shareholders what is being done
to ensure good corporate governance, and what aspects of the HK Code are not being
followed, with reasons.
This flexibility is important, for there will be a cost of implementing such a Code, and this
cost might outweigh the benefit for small or owner-managed businesses.
61
Business Assurance
Disadvantages
Critics would argue that a voluntary code allows companies that should comply with the
Code to get away with non-compliance unchallenged.
They would also argue that the type of disclosure made to shareholders about degrees of
compliance could be confusing and misleading to shareholders and exacerbate the
problems that the Code is trying to guard against.
Answer 2
(a) Remuneration levels should be sufficient to attract directors of sufficient calibre to run the
company effectively, but companies should not pay more than is necessary.
Directors should consider whether to include compensation commitments in the contracts
of service.
Companies should establish a formal and clear procedure for developing policy on
executive remuneration and for fixing the remuneration package of individual directors.
Directors should not be involved in setting their own remuneration. A remuneration
committee, staffed by non-executive directors (NEDs), should make recommendations
about the framework of executive remuneration, and should determine specific remuneration
packages. The board should determine the remuneration of NEDs.
(b) The remuneration committee should consider the following:
 Choice of criteria through which performance is measured, including the goals of the
organisation
 Time scales over which performance is measured
 The balance between the historic assessment and the potential impact of decisions
 Differentials between different members of the board
 The need to retain good quality directors
 Public perceptions of pay awarded to directors
 Shareholder perceptions of pay awarded to directors
Of particular importance is the need to align medium to long-term performance outcomes
with remuneration packages, and to avoid short-term rewards for results that may not
necessarily be in the medium to long-term interests of the company.
(c) The audit committee is an integral element of public accountability and governance. It plays a
key role with respect to the integrity of the entity’s financial information, its system of internal
controls, and the legal and ethical conduct of management and employees. An audit
committee’s responsibility will vary depending upon the entity’s complexity, size, and
requirements. Typical audit committee responsibilities include approving the overall audit
scope, recommending the appointment of the external auditor, overseeing the entity’s
financial statements and internal controls, helping to ensure that the audit is conducted in a
cost-effective manner, and risk management oversight.
Audit committees are an increasingly important component of effective accountability and

governance. An audit committee must have three important qualities in order to fulfil its
duties: independence, communication, and accountability.
Independence. In the public sector, the structure of entities does not separate the governing
authority and oversight responsibility from the day-to-day management. For example, a
public university president may be both the Chief Executive Officer and a board member.
Public sector audit committees should be independent both in fact and in appearance, and
have processes in place to ensure such independence.
62
Communication. Communication between a governing body and its finance officers can be
difficult at times. For example, external financial reporting follows standard principles;
however, budgets and expressions of policy are unique to the circumstances of the
organisation and its jurisdiction. Communication may be complicated when a governing body
approves a budget but not the financial statements. The GAO has indicated that audit
committees can provide assistance if they have the necessary technical skills in accounting
and auditing and are able to communicate with finance officers and auditors on complex
issues.
Accountability. An audit committee must be independent to contribute to the integrity of the

financial reporting process. An independent audit committee can help reinforce a culture with
zero tolerance for fraud.
63
Business Assurance
Exam practice
DREIT 25 minutes
Dummy Real Estate Investment Trust (DREIT) is a mid-size real estate investment trust listed in
Hong Kong. With a portfolio of 50 real estates comprising retail malls, commercial premises and
car park facilities, DREIT was established by a trust deed (Trust Deed).
DREIT has a manager (Manager) who has the general power to manage DREIT’s assets in the
interests of its unitholders (Unitholders) in accordance with the Trust Deed. A Board of Directors is
responsible for the Manager’s overall governance, including establishing targets for executive
management and monitoring the achievement of these targets. DREIT’s trustee (Trustee) is
responsible under the Trust Deed for the safe custody of DREIT’s assets and holds the same for
and on behalf of the Unitholders. The Manager is independent of the Trustee.
DREIT aims to produce a sustainable stream of income from its portfolio and to maximise the value
through the enhancement of its physical built structure, trade-mix, marketing and customer service.
As these enhancement projects progress, the portfolio offers customers better shopping facilities
with more choices at reasonable prices, whilst improving returns for the Unitholders.
Since its listing on the Hong Kong Stock Exchange in December 20X8, DREIT has been paying the
Unitholders at about 90% of its net income and has demonstrated consistent growth in distribution
per unit. A substantial portion of the remuneration of DREIT’s senior executives is closely linked to
the growth rate of the distribution per unit.
Certain DREIT’s financial and operating data are set out as follows:
Year ended Year ended

31 December 20Y0 31 December 20X9
Revenue HK$404 million HK$385 million

Net property income margin 35% 35%
Distribution per unit 49 cents 43 cents
Average monthly unit rent HK$26 per square foot HK$26 per square foot
Occupancy rate 91% 87%
Gearing 20% 18%
Mr Kwok is the audit director of a CPA incorporated practice in charge of the audit of DREIT’s
financial statements for the year ended 31 December 20Y0.
In April 20Y0, DREIT made an acquisition of a block of low-rise commercial premises in the New
Territories. Part of the premises suddenly collapsed in December 20Y0. There was no casualty
reported and DREIT’s manager believed that the damages are fully covered by its group insurance
policy. However, emerging evidence indicates that there was an illegal extension built on the
premises which might have caused the collapse. If it is the case, the damage could be an
uninsured loss.
(Note. DREIT is a collective investment scheme in the form of a unit trust established by a trust
deed, authorised by the Securities and Futures Commission under the Securities and Futures
Ordinance and regulated by the provisions of the Code on Real Estate Investment Trusts.)
64
DREIT has established an audit committee to comply with the Listing Rules of the Hong Kong
Stock Exchange.
Required
(a) To what extent can the establishment of an effective audit committee improve DREIT’s
corporate governance in the context of external auditing, financial reporting and internal
control? (8 marks)
(b) Describe some ways to gauge the effectiveness of DREIT’s audit committee. (6 marks)
(Total = 14 marks)
HKICPA December 2011
65
Business Assurance
66
Part B
Internal assurance
Internal assurance is an important concept linked to a good corporate governance

environment.
A discussion of internal assurance helps students to perform the environmental consideration
for assurance purposes. Internal assurance is also an input to the audit risk assessment
process.
67
Business Assurance
68
chapter 3
Internal assurance
Topic list
1 Internal control effectiveness 3 Sarbanes-Oxley Act 2002

1.1 Importance of internal control and risk 3.1 The Enron scandal
management 3.2 The Sarbanes-Oxley Act 2002
1.2 Directors’ responsibilities for internal 3.3 Detailed provisions of the Sarbanes-
control Oxley Act
1.3 Annual assessment of the internal 3.4 Impact of Sarbanes-Oxley in America
control effectiveness 3.5 International impact of Sarbanes-Oxley
1.4 Auditors’ responsibilities for internal 3.6 Impact of Sarbanes-Oxley in Hong Kong
control 3.7 Criticisms of Sarbanes-Oxley
2 Internal audit and corporate governance 4 Internal auditors
2.1 Introduction 4.1 Using the work of internal auditors
2.2 Internal audit and corporate governance 4.2 Relationship between HKSA 315
2.3 The role of internal audit in risk (Revised) and HKSA 610 (Revised 2013)
management 4.3 Internal audit function
2.4 Outsourcing the internal audit function 4.4 Evaluating the internal audit function
2.5 Managing an outsourced department 4.5 Using the work of the internal audit
function
4.6 Using internal auditors to provide direct
assistance
4.7 Documentation
4.8 Distinction between internal and external
audit
4.8 Responsibility for fraud and error
4.9 Limitations of the internal audit function
Learning focus
Internal assurance can be regarded as a key concept that underpins the whole of business
assurance. As we shall see in this chapter, internal assurance relates both to the wider
principles of corporate governance that we have discussed in the first two chapters of this
Learning Pack and also to the role of internal audit within the context of an individual entity.
69
Business Assurance
Learning outcome
Competency
level
2.09 Audit procedures 3
2.09.05 Explain the importance of internal control to auditors and the
execution of tests of control
2.11 Internal audit 2
2.11.01 Explain the relationship between internal auditors and external
auditors
2.11.02 Discuss why auditors may rely on the work of others, including
internal audit, experts and service organisations
3.05 Implications of overseas legislation such as the Sarbanes- 2
Oxley Act 2002 on Hong Kong companies and auditors
3.05.01 Explain the effect of the Sarbanes-Oxley Act 2002 on Hong
Kong companies and their auditors
70
3: Internal assurance | Part B Internal assurance
1 Internal control effectiveness

Topic highlights
It is the directors of a company who are ultimately responsible for ensuring that a company's
system of controls is effective.
1.1 Importance of internal control and risk management

The role of internal controls are to:
 safeguard the company's assets
 help to prevent and detect fraud
 protect the shareholders' investment
Good internal control systems are designed to reduce identified risks to the business. They help
deter and detect fraud. Good internal control also helps to ensure reliability of reporting, and
compliance with laws.
1.2 Directors' responsibilities for internal control

The ultimate responsibility for a company's system of internal controls lies with the board of
directors. A principle in the Code on Corporate Governance Practices (in Section C.2 of the Main
Board Listing Rules) is that:
'The board should ensure that the issuer maintains sound and effective internal controls to
safeguard the shareholders' investment and the issuer's assets.'
The board should:
 set procedures of internal control, and
 regularly monitor that the system operates effectively.
1.2.1 Setting up the internal control system

Setting up an internal control system necessitates assessing the risks faced by the business,
so that the system can be constructed to ensure that those risks are mitigated.
Internal control systems will always have inherent limitations. No system of internal control is tight
enough to eliminate totally the possibility of human error, or the chance that employees will collude
in fraud to override the controls in place which might prevent the fraudulent intentions of an
employee working alone.
1.2.2 Monitoring the internal control system

Once the directors have set up a system of internal control, they are also responsible for
monitoring it regularly to ensure it remains effective and is functioning appropriately.
In order to ensure that sound and effective internal controls are maintained, Section C of the Code
on Corporate Governance Practices (“the Code”) states that the board should, at least annually:
 conduct a review of the effectiveness of the system, and
 report to shareholders that they have done so in the Corporate Governance Report.
(By comparison in the UK the board of directors normally reports on its review of internal
controls as part of the directors' report which forms part of the annual report.)
The board may monitor the system of internal control through an internal audit department. Using
an internal audit department should send a strong message about the board's commitment to its
71
Business Assurance
governance responsibilities. An internal audit department is not essential for monitoring the system
of internal control, but provision C.2.6 of the Code states that Issuers (companies) without an
internal audit function should:
 review the need for one on an annual basis, and
 report on the outcome of this review in its Corporate Governance Report.
The annual review of the internal control system is explained in more detail below.
1.3 Annual assessment of the internal control effectiveness

There are several provisions in Section C of the Code about the annual review of the internal
control system.
The Code states that the annual review should consider in particular:
 the adequacy of resources in the accounting and financial reporting function
 the qualifications and experience of the staff of the accounting and financial reporting
function
 their training programmes and budget.
The report should comprise an assessment of internal controls and should confirm that the board
has considered all significant aspects of internal control based on its identification of business
risks. In particular, the annual review should consider in particular:
(a) Any changes since the last assessment in the nature and extent of the significant risks
faced by the company, and the company's ability to respond to changes in its business
environment.
(b) The scope and quality of the monitoring by management of risk and internal control, and
the scope and quality of the work of the internal audit function, if such a function exists in the
company.
(c) The extent and frequency of reporting to the board (or board committee) on the results of
this ongoing monitoring activity. This regular reporting enables the board or committee to
build up a cumulative assessment of the state of the controls and the effectiveness of risk
management.
(d) The incidence of any significant control failings or weaknesses that have been identified
which have a material impact on the company’s financial performance or condition, or might
have a material impact in the future.
(e) The effectiveness of the company’s processes for compliance with financial reporting
rules and Listing Rules.
Section C of the Code also requires issuers to include, as part of their Corporate Governance
Report, a narrative statement about how they have complied with the Code provisions on internal
control during the reporting period. This statement should include:
(a) the processes used by the company for identifying, evaluating and managing the risks that it
faced
(b) any additional information for understanding the company’s risk management process or
system of internal control
(c) an acknowledgement that the board of the company is responsible for the system of internal
control and for reviewing its effectiveness
(d) the process used by the company to review the effectiveness of the system of internal
control
(e) the process used by the company to deal with the material internal control aspects of any
serious problems that are disclosed in the annual report and accounts.
72
1.4 Auditors' responsibilities for internal control

The Code on Corporate Governance Practices (Appendix 14 of the Listing Rules) does not mention
specifically that the auditors have a responsibility for internal control. However, in the UK guidance
is given in Bulletin 2009/4.
The auditors should concentrate on the review carried out by the board. The objective of the
auditors' work is to ascertain whether the entity's reporting of its internal control processes is
consistent with the financial statements for the year and is supported by the documentation
prepared by the directors.
The auditors should review the statement made by the board in the financial statements and the
supporting documentation and make appropriate inquiries.
Auditors will have obtained some understanding of the entity's controls from their work on the financial
statements; however, what they are required to do by auditing standards is narrower in its scope than
the review performed by the directors. The auditors should review the statements made on internal
control in the annual report to ensure that they appear true and are not in conflict with the audited
The auditors are not required to consider whether the board's statements on internal control cover
all risks and controls, or form an opinion on the effectiveness of the company's corporate
governance procedures or its risk and control procedures.
However, it is very important for auditors to communicate quickly to the directors any material
deficiencies they do uncover, because of the requirements for the directors to make a statement on
internal control.
The directors are required to consider the material internal control aspects of any significant
problems disclosed in the financial statements. Auditors' work on this is the same as on other
aspects of the statements; the auditors are not required to consider whether the internal control
processes will remedy the problem.
The auditors may report by exception if problems such as the following arise:
(a) The board's report of the process of review of internal control effectiveness does not
reflect the auditors' understanding of that process
(b) The processes that deal with material internal control aspects of significant risk areas do
not reflect the auditors' understanding of those processes
(c) The board has not made an appropriate disclosure if it has failed to conduct an annual
review, or the disclosure made is not consistent with the auditors' understanding.
The Code on Corporate Governance Practices in Hong Kong ("the Code") clearly states the
responsibilities of the board of directors relating to internal controls.
Required
Explain the responsibilities of the board of directors relating to internal controls in the context of
principle and code provisions under the Code.
(3 marks)
HKICPA December 2012 (Amended)
73
Business Assurance
2 Internal audit and corporate governance

Topic highlights
Internal audit assists management in achieving the entity's corporate objectives, particularly in
establishing good corporate governance.
2.1 Introduction
The following definition of internal auditing was given for comparison with other forms of assurance
service and providers:
Key term
Internal auditing is an appraisal or monitoring activity established within an entity as a service to
the entity. It functions by, amongst other things, examining, evaluating and reporting to
management and the directors on the adequacy and effectiveness of components of the
accounting and internal control systems.
Internal audit is generally a feature of large companies. It is a function, provided either by

employees of the entity or sourced from an external organisation, to assist management in
achieving corporate objectives. An entity's corporate objectives will vary from company to
company, and will be found in a company's mission statement and strategic plan.
2.2 Internal audit and corporate governance

Established codes of corporate governance such as The Code on Corporate Governance Practices
(Appendix 14) in Hong Kong and the UK's Corporate Governance Code highlight the need for
boards to maintain good systems of internal control to manage the risks the company faces.
Internal audit can play a key role in assessing and monitoring internal control policies and
procedures.
The internal audit function can assist the board in other ways as well:
 By, in effect, acting as auditors for board reports not audited by the external auditors
 By being the experts in fields such as auditing and accounting standards in the company and
assisting in implementation of new standards; and
 By liaising with external auditors, particularly where external auditors can use internal audit
work and reduce the time and therefore the cost of the external audit.
Section C.3 of the Code on Corporate Governance Practices (Appendix 14 of the Listing Rules) in
Hong Kong states that the key principle for Accountability and Audit is that: “The board should
establish formal and transparent arrangements for considering how it will apply the financial
reporting and internal control principles and for maintaining an appropriate relationship with the
company's auditors. The audit committee established by an issuer pursuant to the Hong Kong
Stock Exchange Listing Rules should have clear terms of reference.”
This implies that the board should establish formal and transparent arrangements for considering
how they should apply the financial reporting and internal control principles for maintaining an
appropriate relationship with the company's auditors.
Part of achieving this principle requires the audit committee to monitor and review the effectiveness
of internal audit activities.
74
In addition, in order for the board to comply with the requirements of the Code where there is no
internal audit function:
 The audit committee should consider annually whether there is a need for this function and
make a recommendation to the board; and
 To explain in the Corporate Governance Report the absence of such a function.
The following summarises the key responsibilities of the board in relation to internal control:
 Assess the scope and effectiveness of the internal control being established by the
management
 Ensure appropriate internal control in place for monitoring compliance with related laws and
regulations
 Monitoring the process of internal audit
 Ensure the internal audit departments has sufficient resources and empowerment to perform
their work
 Approving the appointment or dismissal of the head of internal audit
 Considering the management response to the suggestions made by the internal audit
function
Role of internal audit in corporate governance
Internal audits are placed perfectly to assist management in the assessment of risks and internal
controls. The UK Internal Control: Guidance to Directors (also known as the Turnbull Report) in
particular highlights the role internal audit can have in providing objective assurance and advice on
risk and control. The following summarises the key role of internal audit, which is to assist the
board in practice:
 An objective evaluation of the existing risk and internal control framework
 Analysis of business processes and associated internal controls
 Reviews of existence and the value of assets
 Information on frauds and irregularities
 Ad hoc reviews on any other area for which the risk level is unacceptable
 Reviews on the financial and operational activities of the company
 Reviews of the compliance framework and specific compliance issues
 Recommendations for more effective and efficient uses of the company’s resources
 Assessment on the accomplishment on the company’s goals and objectives
The UK Internal Control: Guidance to Directors sets out some key guidelines for the board.
 Have a defined process for the review of effectiveness of internal control
 Review regular reports on internal control
 Consider key risks and how they have been managed
 Check the adequacy of action taken to remedy weaknesses and incidents
 Consider the adequacy of monitoring
 Conduct an annual assessment of risks and the effectiveness of internal control; and
 Make a statement on this process in the annual report
The traditional definition of internal audit given at the start of the section shows how internal audit
can help the directors achieve these objectives; the traditional purpose of internal audit was to
review controls.
The third of the above guidelines refers to risk. All companies face risks arising from their
operational activities. Risks arise in different areas.
 Risk the company will go bankrupt
 Risks arising from regulations and law; and
 Risks arising from publicity
The guidelines require that risk be managed. This gives rise to another role for the internal audit
function, risk management.
75
Business Assurance
Risk awareness and management should be the role of everyone in the organisation. The
extended role of internal audit with regard to risk is the monitoring of integrated risk management
within a company, and the reporting of results to the board to enable them to report to
shareholders.
Internal auditor relationships
Internal auditors have relationships with the following people:
 Management: by whom they are employed and may report to
 Audit committee: to whom they report; and
 External auditors: who may make use of their work
Reliance on the work of internal auditors by external auditors
HKSA The external auditors may make use of the work of internal audit. The guidance over when this is
610.13 appropriate is given to them in HKSA 610 (Revised 2013) Using the Work of Internal Auditors.
The HKSA states that the external auditors must determine whether the work of the internal audit
function can be used, and if so, in which areas and to what extent. If external auditors do use the
work of the internal audit function, they must determine whether the work is adequate for the
purposes of the audit.
In evaluating the internal audit function the following factors must be considered:
 The objectivity of the internal audit function
 Technical competence of the internal auditors
 Whether the work is likely to be carried out with due professional care
 Whether there is likely to be effective communication between the internal and external
auditors
 Nature and scope of the work
 Assessed risk of material misstatement
 Degree of subjectivity involved in the evaluation of the audit evidence gathered by the
internal auditors
We will look at HKSA 610 (Revised 2013) in detail in section 4 of this chapter.
2.3 The role of internal audit in risk management

Topic highlights
Internal audit has two key roles to play in relation to organisational risk management:
 Ensuring the company's risk management system operates effectively; and
 Ensuring that strategies implemented in respect of business risks operate effectively
The internal audit department has a two-fold role in relation to risk management.
 It monitors the company's overall risk management policy to ensure it operates
effectively; and
 It monitors the strategies implemented to ensure that they continue to operate effectively.
A significant risk management policy in companies is to implement internal controls, and here
internal audit has a key role in assessing systems and testing controls.
Internal audit may assist in the development of systems. However, its key role will be in
monitoring the overall process and in providing assurance that the systems which the
departments have designed meet objectives and operate effectively.
76
It is important that the internal audit department retains its objectivity towards these aspects of its
role, which is another reason why internal audit would generally not be involved in the assessment
of risks and the design of the system.
The UK guidance and internal audit's role in relation to risk management was touched on. In
response to this, directors need to ensure three steps are taken in their business.
 Identify risks
 Control risks
 Monitor risks
It is not internal audit's primary role to manage risk in a company. It is the responsibility of the
directors, usually delegated to individual managers in various departments.
The risks are identified and assessed, and a policy is taken in respect of each of them. This policy
is usually one of four:
 Accept risk (if it is low impact and likelihood)
 Reduce risk (by setting up a system of internal control)
 Avoid risk (by not entering market, accepting contract etc); and
 Transfer risk (by taking out insurance)
With their skills in business systems, internal auditors are ideally placed to monitor this process
and add value to it. They can:
 give advice on the best design of systems and monitor their operation
 be involved in a process that continually improves internal control systems; and
 provide assurance on systems set up in each department
The involvement of internal audit as a monitoring unit will help to ensure that the process of risk
identification and management in a business is a continual process rather than a one-off
exercise.
2.4 Outsourcing the internal audit function
Topic highlights
Internal audit departments may consist of employees of the company, or may be outsourced to
external service providers. The advantages of outsourcing the internal audit function include
speed, cost and a tailored answer to internal audit requirements. One of the main disadvantages
may include threats to independence and objectivity if the external audit service is provided by the
same firm.
2.4.1 What is outsourcing?
Key term
Outsourcing is the use of external suppliers as a source of finished products, components or
services. It is also known as sub-contracting.
While the scope of the internal auditor's work is different to that of the external auditor, there are
many features that can link them. One of the key factors is that the techniques which are used to
carry out audits are the same for internal and external auditors.
It can be expensive to maintain an internal audit function consisting of employees of the company.
It is possible that the monitoring and review required by a certain company could be done in a
small amount of time and full-time employees cannot be justified.
77
Business Assurance
It is also possible that a number of internal audit staff are required, but the cost of recruitment is
prohibitive, or the directors are aware that the need for internal audit is only short-term.
In such circumstances, it is possible to outsource the internal audit function, that is, purchase the
service from outside.
In this respect, many of the larger accountancy firms offer internal audit services. It is likely that the
same firm might offer one client both internal and external audit services. In such circumstances
the firm would have to be aware of the independence issues this would raise for the external
engagement team and implement safeguards to ensure that its independence and objectivity
were not impaired.
2.4.2 Advantages and disadvantages of outsourcing
The advantages and disadvantages of outsourcing the internal audit function are set out in the
following table:
Advantages of outsourcing Disadvantages of outsourcing

 Staff do not need to be recruited, as the  There will be independence and
service provider has good quality staff. objectivity issues if the company uses the
 The service provider has different same firm to provide both internal and
specialist skills and can assess what external audit services.
management require them to do.  The cost of outsourcing the internal audit
 Outsourcing can provide an immediate function might be high enough to make the
internal audit department. directors choose not to have an internal
audit function at all.
 Associated costs, such as staff training,
 Company staff may oppose outsourcing if it
are eliminated.
results in redundancies.
 The service contract can be for the
 There may be a high staff turnover of
appropriate time scale.
internal audit staff.
 Because the time scale is flexible, a
 The outsourced staff may only have a
team of staff can be provided if required.
limited knowledge of the company.
 It can be used on a short-term basis or
 The company will lose existing or
on a “as needed basis”.
developing in-house skills.
2.5 Managing an outsourced department

A company will need to establish controls over the outsourced internal audit department. These
would include the following:
(a) Setting performance measures in terms of cost and areas of the business reviewed and
investigating any variances
(b) Ensuring appropriate audit methodology (working papers/reviews) is maintained
(c) Reviewing working papers on a sample basis to ensure they meet internal
standards/guidelines
(d) Agreeing internal audit work plans in advance of work being performed
(e) If external auditor is used, ensuring the firm has suitable controls to keep the two functions
separate so that independence and objectivity is not impaired
78
3 Sarbanes-Oxley Act 2002

Topic highlights
The Sarbanes-Oxley legislation requires directors to report on the effectiveness of the
controls over financial reporting, limits the services auditors can provide and requires listed
companies to establish an audit committee. It adopts a rules-based approach to governance.
3.1 The Enron scandal

The most significant scandal in America in recent years has been the Enron scandal, when one
of the country's biggest companies filed for bankruptcy. The scandal also resulted in the
disappearance of Arthur Andersen, one of the Big Five accountancy firms who had audited Enron's
financial statements. The main reasons why Enron collapsed were over-expansion in energy
markets, eventually too much reliance on derivatives trading which eventually went wrong,
breaches of federal law, and misleading and dishonest behaviour. Inquiries into the scandal
exposed a number of weaknesses in the company's governance structure.
The following case study describes the details of the scandal:
Case study
The Enron case is perhaps the best-known failure of a large American corporation.
Enron Corporation was an energy company based in Houston, Texas. At its peak it was one of the
world's largest producers of electricity and gas as well as having large-scale pulp, paper and
communications businesses. At the time it filed for Chapter 11 bankruptcy (protection from
creditors' claims under US law) in 2001, Enron employed over 20,000 personnel. By the end of that
year, it had been revealed that Enron had been used as a vehicle for systematic accounting fraud,
with its major executives directly involved in the criminal activities.
Prior to the disaster, Enron had been highly successful and reputable. It had been voted America's
most innovative company on several occasions. The company's business model was one of
integration and diversification. In addition to marketing energy, Enron actually built the pipelines
and power plants (backward integration). To spread its risks beyond the energy industry, it moved
successfully into telecommunications and e-commerce as well as trading derivatives.
Once the problems were uncovered, it emerged that Enron's financial statements were completely
misleading. Its recorded assets were inflated in value and in some cases non-existent. The
company had placed debts and other obligations with offshore entities, thereby not consolidating
them in the group financial statements.
The systematic false accounting that had taken place led to a criminal investigation and the arrest
and indictment of several senior figures in the company. Several of the directors paid significant
sums of money to settle law suits against them. Jeffrey Skilling, the former Chief Executive Officer,
was sentenced to 24 years in prison on numerous charges, including fraud.
The ramifications of the Enron case were not confined to the company. Serious questions were
raised about the failure of Arthur Andersen, the external auditors of the company, to identify the
inconsistencies in the Enron financial statements. This led to the subsequent break up and
dissolution of the accounting firm.
Enron's successor company, Enron Creditors Recovery Corporation, survives today with less than
500 personnel.
The Enron scandal, together with other high profile corporate failures, led to a reappraisal of
standards of corporate governance in the USA and further afield. The Enron case was the prime
mover for the introduction in 2002 of the Sarbanes-Oxley Act in the USA, which established a
79
Business Assurance
Public Company Accounting Oversight Board (“PCAOB”) to oversee the auditors of public
companies. Its stated purpose is to “protect the interests of investors and further the public interest
in the preparation of informative, fair, and independent audit reports”. The formation of the PCAOB
greatly reinforced the laws on senior executive accountability. The Act also influenced the stock
exchanges of many countries and accelerated the creation of codes of practice to which all listed
companies are now expected to adhere.
3.1.1 Lack of transparency in the financial statements

This particularly related to certain investment vehicles that were kept off balance sheet. Various
other methods of inflating revenues, offloading debt, massaging quarterly figures and avoiding
taxes were employed.
3.1.2 Inadequate scrutiny by the external auditors

Arthur Andersen failed to spot or failed to question dubious accounting treatments. Since
Andersen's consultancy arm did a lot of work for Enron, there were allegations of conflicts of
interest.
3.1.3 Information asymmetry

That is the agency problem of the directors/managers knowing more than the investors. The
investors included Enron's employees. Many had their personal wealth tied up in Enron shares,
which ended up being worthless. They were actively discouraged from selling them. Many of
Enron's directors, however, sold the shares when they began to fall, potentially profiting from them.
It is alleged that the Chief Financial Officer of Enron, concealed the gains he made from his
involvement with affiliated companies.
3.1.4 Executive compensation methods

These were meant to align the interests of shareholders and directors, but seemed to encourage
the overstatement of short-term profits. Particularly in the USA, where the tenure of Chief Executive
Officers is fairly short, the temptation is strong to inflate profits in the hope that share options will
have been cashed in by the time the problems are discovered.
3.2 The Sarbanes-Oxley Act 2002

3.2.1 The history of the Sarbanes-Oxley Act 2002
The Oxley Bill, composed by Representative Michael Oxley, was passed in April 2002, which was
related to the accountability, responsibility and transparency of stating financial status of the
company. At the same time Senator Paul Sarbanes had another proposal on the similar lines. He
presented the bill to the Senate Banking Committee which passed the Bill with a majority.
Thereafter both the proposals made by House Representative Oxley and Senator Paul Sarbanes
were reconciled to be formed into one Act, which is now popularly known as the Sarbanes-Oxley
Act.
Sarbanes-Oxley came into force mainly due to the financial scandals committed by corporate
giants like Enron, WorldCom, etc, showing inadequacies in corporate government arrangements
causing breakdown of stock market trust. Since then the Sarbanes-Oxley Act has been the most
important piece of legislation to seriously affect the corporate governance, financial disclosures and
total accounting practice in companies.
Most companies focus their attention on Sarbanes-Oxley work in 13 specific areas. These 13 areas
are the ones where most of the financial impact is felt. Section 404 of the Sarbanes-Oxley Act is
the one that has caused most concern in the financial sector as it requires the corporate body to
enforce stricter controls over financial reporting by internal accounting personnel.
80
3.2.2 Application of the Sarbanes-Oxley Act

It has now become mandatory for US listed companies to have Sarbanes-Oxley compliance, and
to meet Sarbanes-Oxley compliance deadlines. Sarbanes-Oxley states that smaller companies and
foreign companies should meet the mandates for statements filed.
The Act applies to all companies that are required to file periodic reports with the Securities and
Exchange Commission (SEC). The Act was the most far-reaching US legislation dealing with
securities in many years and has major implications for public companies. Rule-making authority
was delegated to the SEC on many provisions.
Sarbanes-Oxley shifts responsibility for financial probity and accuracy to the board's audit
committee, which typically comprises three independent directors, one of whom has to meet
certain financial literacy requirements (equivalent to non-executive directors in other jurisdictions).
Along with rules from the Securities and Exchange Commission, Sarbanes-Oxley requires
companies to increase their financial statement disclosures, to have an internal code of ethics
and to impose restrictions on share trading by, and loans to, corporate officers.
3.3 Detailed provisions of the Sarbanes-Oxley Act

3.3.1 Public Oversight Board
The Act set up a new regulator, The Public Company Accounting Oversight Board (PCAOB), to
oversee the audit of public companies that are subject to the securities laws.
The Board has powers to set auditing, quality control, independence and ethical standards for
registered public accounting firms to use in the preparation and issue of audit reports on the
financial statements of listed companies. In particular, the Board is required to set standards for
registered public accounting firms' reports on listed company statements on their internal control
over financial reporting. The Board also has inspection and disciplinary powers over firms.
The Public Company Accounting Oversight Board (PCAOB) has powers include setting
auditing, quality control, ethics, independence and other standards relating to the preparation of
audit reports by issuers. It also has the authority to regulate the non-audit services that audit firms
can offer.
3.3.2 Auditing standards

Audit firms should retain working papers for at least seven years, and have quality control
standards in place such as second partner review. As part of the audit they should review internal
control systems to ensure that they reflect the transactions of the client and provide reasonable
assurance that the transactions are recorded in a manner that will permit preparation of the
financial statements in accordance with generally accepted accounting principles. They
should also review records to check whether receipts and payments are being made only in
accordance with management's authorisation.
3.3.3 Non-audit services

Auditors are expressly prohibited from carrying out a number of services including internal audit,
bookkeeping, systems design and implementation, appraisal or valuation services, actuarial
services, management functions and human resources, investment management, legal and expert
services. Provision of other non-audit services is only allowed with the prior approval of the
audit committee.
3.3.4 Quality control procedures

There should be rotation of lead or reviewing audit partners every five years and other procedures
such as independence requirements, consultation, supervision, professional development, internal
quality review and engagement acceptance and continuation.
81
Business Assurance
3.3.5 Auditors and audit committee

Auditors should discuss critical accounting policies, possible alternative treatments, the
management letter and unadjusted differences with the audit committee.
3.3.6 Audit committees

Audit committees should be established by all listed companies.
All members of audit committees should be independent and should therefore not accept any
consulting or advisory fee from the company or be affiliated to it. At least one member should be
a financial expert. Audit committees should be responsible for the appointment, compensation
and oversight of auditors. Audit committees should establish mechanisms for dealing with
complaints about accounting, internal controls and audit.
3.3.7 Corporate responsibility

The Chief Executive Officer and Chief Finance Officer should certify the appropriateness of the
financial statements and that those financial statements fairly present the operations and financial
condition of the issuer. If the company has to prepare a restatement of financial statements due to
material non-compliance with standards, the Chief Finance Officer and Chief Executive Officer
should forfeit their bonuses.
3.3.8 Off-balance sheet transactions

There should be appropriate disclosure of material off-balance sheet transactions and other
relationships (transactions that are not included in the financial statements but that impact upon
financial conditions, results, liquidity or capital resources).
3.3.9 Internal control reporting

Annual reports should contain internal control reports that state the responsibility of management
for establishing and maintaining an adequate internal control structure and procedures for
financial reporting. Annual reports should also contain an assessment of the effectiveness of
the internal control structure and procedures for financial reporting. Auditors should report on
this assessment.
Companies should also report whether they have adopted a code of conduct for senior financial
officers and the content of that code.
3.3.10 Whistleblowing provisions

Employees of listed companies and auditors will be granted whistleblower protection against
their employers if they disclose private employer information to parties involved in a fraud claim.
3.4 Impact of Sarbanes-Oxley in America

After the Sarbanes-Oxley Act came into force, accounting systems and financial statements
disclosed by the companies made tremendous progress. This improvement has been possible due
to rigorous requirements stated in the Sarbanes-Oxley Act, which helps to protect investor
confidence in companies and the US legislature as well. Moreover, it also helps in establishing a
Public Company Accounting Oversight Board, auditor independence, corporate responsibility and
enhanced financial disclosures.
The biggest expense as a result of compliance that companies are incurring is fulfilling the
requirement to ensure their internal controls are properly documented and tested. US companies
had to have efficient controls in the past, but they are now having to document them more
comprehensively than before, and then have the external auditors report on what they have done.
The Act also formally stripped accountancy firms of almost all non-audit revenue streams that they
used to derive from their audit clients, for fear of conflicts of interest.
82
For lawyers, the Act strengthens requirements on them to whistleblow internally on any wrongdoing
they uncover at client companies, right up to board level.
3.5 International impact of Sarbanes-Oxley

The Act also has a significant international dimension. About 1,500 non-US companies, including
many of the world's largest, list their shares in the US and are covered by Sarbanes-Oxley. There
were complaints that the new legislation conflicted with local corporate governance customs, and
following an intense round of lobbying from outside the US, changes to the rules were secured.
As America wields such significant influence worldwide, arguably Sarbanes-Oxley may influence
certain jurisdictions to adopt a more rules-based approach.
3.6 Impact of Sarbanes-Oxley in Hong Kong

There are a number of companies listed on both the Hong Kong Stock Exchange and the New
York Stock Exchange, these companies are subject to applicable Hong Kong laws and regulations,
including the Hong Kong Listing Rules, the Hong Kong Companies Ordinance, as well as
applicable US federal securities laws, including the US Securities Exchange Act of 1934, as
amended, and the Sarbanes-Oxley Act. In addition, these companies are subject to the listing
standards of the New York Stock Exchange to the extent they apply to non-US issuers. As a non-
US issuer, these companies are not required to comply with all of the corporate governance listing
standards of the New York Stock Exchange.
However, the Act has marked a new era in the Hong Kong regulatory regime which is
commensurate with international securities regulatory standards starting in 2003. Consequently,
Hong Kong and London are the places where companies are finding it easier and cheaper to list
their shares and raise capital.
3.7 Criticisms of Sarbanes-Oxley

Many commentators have criticised Sarbanes-Oxley for not being strong enough on some
issues, for example the selection of external auditors by the audit committee, and at the same time
being over-rigid on others. Directors may be less likely to consult lawyers in the first place if they
believe that legislation could override lawyer-client privilege.
In addition, they allege a Sarbanes-Oxley compliance industry has sprung up focusing companies'
attention on complying with all aspects of the legislation, significant or much less important. This
has distracted companies from improving information flows to the market and then allowing the
market to make well-informed decisions. The Act has also done little to address the temptation
provided by generous stock options to inflate profits, other than requiring possible forfeiture if
financial statements are subsequently restated.
Most significantly perhaps there is recent evidence of companies turning away from the US stock
markets and towards other markets such as London and Hong Kong. The number of initial public
listings fell in New York after the introduction of Sarbanes-Oxley and rose in stock exchanges
allowing a more flexible, principles-based, approach. An article in the Financial Times suggested
that this was partly due to companies tiring of the increased compliance costs associated with
Sarbanes-Oxley implementation.
In particular, directors of smaller listed companies have been unhappy with the requirement for
companies to report on the effectiveness of their internal control structure and procedures for financial
reporting. They have argued that gathering sufficient evidence for auditors on the internal controls
over financial reporting is expensive and less important for small companies than for large ones.
In addition, the nature of the regulatory regime may be an increasingly significant factor in listing
decisions. A rules-based approach means compliance must be absolute; the comply or explain
choice is not available.
83
Business Assurance
4 Internal auditors
Topic highlights
External auditors may make use of the work of an internal audit department when carrying out
audit procedures.
4.1 Using the work of internal auditors

HKSA 610. Although the responsibilities of internal and external auditors are different (we explore how in the
13-24 paragraphs that follow), the external auditor may be able to make use of the work of internal
auditors in forming an opinion. Often the respective roles employ the same techniques but to
different ends. HKSA 610 (Revised 2013) Using the Work of Internal Auditors requires that external
auditors should take into account the internal audit function when planning their audit, but bear in
mind that internal auditors work for management and those charged with governance so they are
not independent. Therefore, the external auditors hold sole responsibility for the audit opinion
expressed on the financial statements. The standard was revised in December 2012 with changes
effective for audits of financial statements for periods ending on or after 15 December 2013. The
standard was then revised again in May 2013 with additional provisions added where internal
auditors are used to provide direct assistance. These additional provisions are effective for audits
of financial statements for periods ending on or after 15 December 2014.
4.2 Relationship between HKSA 315 (Revised) and HKSA 610

(Revised 2013)
HKSA 315 (Revised) addresses how the knowledge and experience of the internal audit function
can inform the external auditor's understanding of the entity and its environment, as well as the
identification and assessment of risks of material misstatement. HKSA 315 (Revised) also explains
how effective communication between the internal and external auditors creates an environment in
which the external auditor can be informed of significant matters that may affect the external
auditor's work.
HKSA 610 (Revised 2013) addresses the external auditor's responsibilities when, based on the
external auditor's preliminary understanding of the internal audit function, obtained as a result of
procedures performed under HKSA 315 (Revised), the external auditor expects to use the work of
the internal audit function as part of the audit evidence obtained.
The External Auditor's Responsibility for the Audit
The external auditor has sole responsibility for the audit opinion expressed, and that responsibility
is not reduced by the external auditor's use of the work of the internal audit function on the
engagement.
4.3 Internal audit function

The term “internal auditors” is now changed to “internal audit function”.
Key term
Internal audit function. A function of an entity that performs assurance and consulting activities
designed to evaluate and improve the effectiveness of the entity's governance, risk management
and internal control processes.
84
4.3.1 Objectives and scope of internal functions

The objectives and scope of the internal audit function typically include assurance and consulting
activities designed to evaluate and improve the effectiveness of the entity's governance processes,
risk management and internal control, such as the following:
 Activities relating to governance
 Activities relating to risk management
 Activities relating to internal control
Performance of activities similar to those performed by an internal audit function may be
conducted by functions with other titles within an entity.
While the objectives of the entity's internal audit function and the external auditor differ, the internal
audit function may perform audit procedures similar to those performed by the external auditor in
an audit of financial statements.
4.4 Evaluating the internal audit function

The external auditor shall determine whether the work of the internal audit function can be used for
purposes of the audit by evaluating the following:
(a) The extent to which the internal audit function's organisational status and relevant
policies and procedures support the objectivity of the internal auditors;
The external auditor exercises professional judgment in determining whether the work of the
internal audit function can be used for the purposes of the audit, and the nature and extent
to which the work of the internal audit function can be used in the circumstances.
Objectivity refers to the ability to perform those tasks without allowing bias, conflict of
interest or undue influence of others to override professional judgments. Factors that may
affect the external auditor's evaluation include the following:
 Whether the organisational status of the internal audit function, including the
function's authority and accountability, supports the ability of the function to be free
from bias, conflict of interest or undue influence of others to override professional
judgments, e.g. whether the internal audit function reports to those charged with
governance or an officer with appropriate authority, or if the function reports to
management, whether it has direct access to those charged with governance.
 Whether the internal audit function is free of any conflicting responsibilities e.g.
having managerial or operational responsibilities outside the internal audit function.
 Whether those charged with governance oversee employment decisions related to
the internal audit function, e.g. determining the appropriate remuneration policy.
 Whether there are any constraints or restrictions placed on the internal audit
function by management or those charged with governance e.g. in communicating
findings to the external auditor.
 Whether the internal auditors are members of relevant professional bodies and
their memberships obligate their compliance with relevant professional standards
relating to objectivity.
(b) The level of competence of the internal audit function;
 Whether the internal audit function is adequately and appropriately resourced
relative to the size of the entity and the nature of its operations.
 Whether there are established policies for hiring, training and assigning internal
auditors to internal audit engagements.
85
Business Assurance
 Whether the internal auditors have adequate technical training and proficiency in
auditing.
 Whether the internal auditors possess the required knowledge relating to the
entity's financial reporting.
 Whether the internal auditors are members of relevant professional bodies that
oblige them to comply with the relevant professional standards including continuing
professional development requirements.
(c) Whether the internal audit function applies a systematic and disciplined approach,
including quality control.
Factors that may affect the external auditor's determination of whether the internal audit
function applies a systematic and disciplined approach include the following:
 The existence, adequacy and use of documented internal audit procedures or
guidance covering such areas as risk assessments, work programs, documentation
and reporting, the nature and extent of which is commensurate with the size and
circumstances of an entity.
 Whether the internal audit function has appropriate quality control policies and
procedures, for example, such as those policies and procedures in HKSQC 1
(Clarified) that would be applicable to an internal audit function (such as those relating
to leadership, human resources and engagement performance) or quality control
requirements in standards set by the relevant professional bodies for internal auditors.
4.4.1 Determining the nature and extent of work that can be used
The external auditor considers the nature and scope of the work that has been performed or is
planned to be performed by the internal audit function and assesses its relevance to the overall
strategy and plan for the external audit.
The external audit must make all significant judgments in relation to the audit and must prevent
undue use of the work of the internal auditor by performing more of the work directly. Examples of
internal audit work that might be used by the external auditor include:
 Testing of the operating effectiveness of controls
 Substantive procedures involving limited judgment
 Observations of inventory controls
 Tracing transactions through the information system relevant to financial reporting
 Testing of compliance with regulatory requirements
4.5 Using the work of the internal audit function

If the external auditor plans to use the work of the internal audit function, the external auditor shall
discuss the planned use of its work with the function as a basis for coordinating their respective
activities.
(a) Discussion and coordination with the internal audit function
In discussing the planned use of their work with the internal audit function as a basis for
coordinating the respective activities, it may be useful to address the following:
 The timing of such work
 The nature of the work performed
 The extent of audit coverage
 Materiality for the financial statements as a whole and performance materiality
86
 Proposed methods of item selection and sample sizes

 Documentation of the work performed
 Review and reporting procedures
Coordination between the external auditor and the internal audit function is effective
when, for example:
 Discussions take place at appropriate intervals throughout the period.
 The external auditor informs the internal audit function of significant matters that may
affect the function.
 The external auditor is advised of and has access to relevant reports of the internal
audit function and is informed of any significant matters that come to the attention of
the function when such matters may affect the work of the external auditor so that the
external auditor is able to consider the implications of such matters for the audit
engagement.
 The external auditor shall read the reports of the internal audit function relating to the
work of the function that the external auditor plans to use to obtain an understanding
of the nature and extent of audit procedures it performed and the related findings.
(b) Adequacy of the work of internal auditors
The external auditor shall perform sufficient audit procedures on the body of work of the
internal audit function as a whole that the external auditor plans to use to determine its
adequacy for purposes of the audit, including evaluating whether:
 The work of the function had been properly planned, performed, supervised, reviewed
and documented;
 Sufficient appropriate evidence had been obtained to enable the function to draw
reasonable conclusions; and
 Conclusions reached are appropriate in the circumstances and the reports prepared
by the function are consistent with the results of the work performed.
The procedures the external auditor may perform to evaluate the quality of the work
performed and the conclusions reached by the internal audit function include:
 Making inquiries of appropriate individuals within the internal audit function
 Observing procedures performed by the internal audit function
 Reviewing the internal audit function's work program and working papers
(c) Nature and extent of the external auditor's audit procedures
The nature and extent of the external auditor's audit procedures shall be responsive to the
external auditor's evaluation of:
 The amount of judgment involved;
 The assessed risk of material misstatement;
 The extent to which the internal audit function's organisational status and relevant
policies and procedures support the objectivity of the internal auditors; and
 The level of competence of the function. This shall include reperformance of some of
the work. Reperformance involves the external auditor's independent execution of
procedures to validate the conclusions reached by the internal audit function.
Reperformance provides more persuasive evidence regarding the adequacy of
internal audit as compared to other procedures.
87
Business Assurance
The requirement to reperform some of the internal audit work is a new requirement
included in the revised HKSA.
HKSA
610.26-35 4.6 Using internal auditors to provide direct assistance
HKSA 610 (Revised 2013) now includes guidance for situations where the external auditor uses
the internal auditors to provide direct assistance.
Key term
Direct assistance. The use of internal auditors to perform audit procedures under the direction,
supervision and review of the external auditor
4.6.1 Determining whether internal auditors can be used to provide direct

assistance
If the external auditor wishes to use the internal audit function to provide direct assistance, and this
is not prohibited by law or regulation the external auditor is required to evaluate the existence and
significance of threats to objectivity and the level of competence of the internal auditors. In making
this assessment the external auditor will consider the following:
 The extent to which the internal audit function’s organisational status and relevant policies
and procedures support the objectivity of the internal auditors
 Family and personal relationships with an individual working in, or responsible for, the aspect
of the entity to which the work relates
 Association with the division or department in the entity to which the work relates
 Significant financial interests in the entity (other than remuneration on terms consistent with
those applicable to other employees at a similar level of seniority
HKSA 610 (Revised 2013) also specifies instances where use of internal auditors to provide direct
assistance is prohibited:
 Where there are significant threats to the objectivity of the internal auditor
 Where the internal auditor lacks sufficient competence to perform the proposed work
4.6.2 Nature and extent of work that can be assigned

When determining the nature and extent of the work that can be assigned to the internal auditors
the external auditor must consider:
 The amount of judgment involved in planning and performing the procedures and evaluating
the evidence gathered
 The assessed risk of material misstatement and
 The external auditor’s evaluation of the existence and significance of threats to the objectivity
and level of competence of the internal auditors
HKSA 610 (Revised 2013) prohibits the use of internal auditors to provide direct assistance to
perform the following procedures:
(a) Those that involve making significant judgments in the audit
(b) Those that relate to work with which the internal auditors have been involved and which has
been/will be reported to management/those charged with governance
(c) Those that relate to decisions the external auditor makes regarding the internal audit function
and the use of its work or direct assistance
88
It would not be appropriate for the internal auditors to provide direct assistance in respect of the
following:
 Discussion of fraud
 Determination of unannounced audit procedures in accordance with HKSA 240
 Responsibilities regarding external confirmation requests and evaluation of results of
external confirmation procedures
The HKSA also makes the point that excessive use of internal auditors to provide direct assistance
may affect perceptions regarding the independence of the external audit.
4.6.3 Using internal auditors to provide direct assistance

Before using the internal auditors to provide direct assistance the external auditor is required to
obtain written agreement from the entity that the internal auditors will be allowed to follow
instruction from the external auditor. Written agreement from the internal auditors that they will
keep information confidential must also be obtained. The external auditor is then responsible for
ensuring that the internal auditors’ work is properly directed, supervised and reviewed.
HKSA
610.36-37 4.7 Documentation
If the external auditor uses the work of the internal audit function, the external auditor shall include
in the audit documentation:
(a) The evaluation of:
 Whether the function's organisational status and relevant policies and procedures
adequately support the objectivity of the internal auditors;
 The level of competence of the function; and
 Whether the function applies a systematic and disciplined approach, including quality
control;
(b) The nature and extent of the work used and the basis for that decision; and
(c) The audit procedures performed by the external auditor to evaluate the adequacy of the
work used.
If the internal auditors provide direct assistance the external auditors must document the following:
(a) The evaluation of the existence and significance of threats to objectivity
(b) The basis for the decision regarding the nature and extent of the work performed by the
internal auditors
(c) Who reviewed the work performed and the date and extent of that review
(d) The written agreements required (see section 4.6.3 above)
(e) The working papers prepared by the internal auditors
As the external auditors for Union Bank, you are considering relying on the work of the internal
audit functions for testing the internal control. The internal audit function is part of the accounting
and finance division and reports to the Chief Financial Officer.
Being the audit senior, you have been assigned to review the work of internal auditors prior to the
commencement of this year's audit. The following issues are discovered:
(1) For most of the audit tests, there is no detailed documentation of the work by the internal
auditors that has been completed.
89
Business Assurance
(2) There is a high staff turnover within the internal audit department. There are five staff in the
department responsible to undertake internal control testing. The new staff employed have
no audit and accounting experience.
(3) Union Bank's audit plan and programme are developed based on the firm's standard audit
plan. However, the testing of wages is not selected. Upon discussion with the internal
auditors, the auditors reveal that the financial controller has altered the instructions as he
recognises that the risk of non-compliance in the wages area is minimal.
(4) For those areas that have been documented, the results are quite clear and competently
completed. However, three compliance errors are detected in the loan approvals and there
are no follow up procedures, as the entity believes these incidents are immaterial.
Required
Demonstrate the weaknesses in the internal audit department and your consideration whether you
consider the audit firm should rely on Union Bank's internal audit function.
4.7 Distinction between internal and external audit

Topic highlights
Although many of the techniques internal and external auditors use may be similar, the basis and
reasoning of their work is different.
The external audit is focused on the financial statements, whereas the internal audit function
is focused on the operations of the entire business.
The following table highlights the differences between internal and external audit:
Internal audit External audit
Objective Designed to add value and improve An exercise to enable auditors to

an entity's operations. express an opinion on the financial
statements.
Reporting Reports to the board of directors, or Reports to the shareholders or
other people charged with members of an entity on the truth and
governance, such as the audit fairness of the financial statements.
committee. Reports are private and Audit report is publicly available to the
for the directors and management shareholders and other interested
of the entity. parties.
Scope Work relates to the operations of Work relates to the financial
the entity. statements.
Relationship Often employees of the Independent of the entity and its
organisation, although sometimes management. Usually appointed by
the function is outsourced. the shareholders.
The table demonstrates that the whole basis and reasoning of internal audit work is
fundamentally different to that of external audit work.
90
4.8 Responsibility for fraud and error
Topic highlights
It is the responsibility of management and those charged with governance to prevent and detect
fraud, and in this respect, the internal audit function may have a role to play.
Fraud is a significant business risk. It is the responsibility of the directors to prevent and detect
fraud. However, as the internal audit function plays an important role in the management of risk so
it is by implication involved in the process of managing the risk of fraud. It is not the responsibility of
the external auditors to prevent and detect fraud, although they may uncover fraud while carrying
out their audit of the financial statements, which will be undertaken with the possibility of material
misstatement through fraud in mind. We will study the external auditor's responsibilities for the
detection of fraud and error in more detail in Chapter 10.
The internal audit function can help to prevent fraud by carrying out timely reviews on the
adequacy and effectiveness of control systems and making appropriate recommendations. The
internal audit function may be able to detect fraud by being mindful to the possibility when
carrying out its work and reporting any suspicions.
Establishing an internal audit department and investing it with appropriate authority and
stature may act as a powerful deterrent to fraud in itself. Management may require the internal
auditors to undertake special projects to investigate any reported suspicions.
4.9 Limitations of the internal audit function

Although the presence of an internal audit department within an entity is indicative of good internal
control, by its very nature, there are some limitations of the internal audit function.
Internal auditors are employed by the entity and this can impair their independence and
objectivity and ability to report fraud/error to senior management because of perceived threats to
their continued employment within the entity.
To ensure transparency, best practice indicates that the internal audit function should have a dual
reporting relationship, i.e. report both to management and those charged with governance (the
audit committee). If this reporting structure is not in place, management may be able to unduly
influence the internal audit plan, scope, and whether issues are reported appropriately. This results in
serious potential conflict, and limits the scope and compromises the effectiveness of the internal audit
function.
Internal auditors are not required to be professionally qualified (as accountants are) and so there
may be limitations in their knowledge and technical expertise.
91
Business Assurance
Topic recap
Prevention and Effective system of May be outsourced

detection of fraud internal controls
Sarbanes-Oxley requires:
– directors to report on
Assists management internal control effectiveness
– limits on non-audit services
– listed companies to establish
audit committees
Part of corporate
INTERNAL AUDIT FUNCTION
governance framework
Work performed may be Organisational risk

used by external auditor management
Evaluate internal Similar Different Internal auditor Risk management Risk strategies
audit work and techniques basis and may provide direct system operates operate effectively
assess adequacy reasoning assistance effectively
Reperformance
of procedures
92
Answer to self-test question
Answer 1
The general principle of the Code on Corporate Governance Practices (“the Code”) in Hong Kong
requires the board of directors to maintain a sound and effective system of internal control to
safeguard the shareholder’s investment and the company’s assets.
In Section C of the Code, the board is required to conduct a review of the effectiveness of the
company’s system of internal controls and report to the shareholders that they have done so in
their Corporate Governance Report at least annually.
The review should cover all material controls, including financial, operational and compliance
controls and risk management functions; and consider the adequacy of resources, qualifications
and experience of staff of the company’s accounting and financial reporting functions, and their
training programmes and budget.
Answer 2
The weaknesses in the internal audit department may be identified as follows:
(1) The new staff are not competent and do not have any professional qualifications or
accounting experience. More competent staff should be engaged.
(2) The internal audit function reporting to the chief financial officer is not an independent act.
The internal auditors should report to the highest level of management such as the board or
the audit committee.
(3) There is no documentation of work performed and this is inadequate. Proper documentation
should be in place.
(4) Errors in the compliance tests have not been followed up and this shows lack of competence
and professional due care.
(5) The audit programme has been altered by the Financial Controller. Internal auditors should
not be influenced by any other management person.
Under HKSA 610 (Revised 2013), external auditors should consider the following before relying on
the work of the internal audit function:
 The extent to which the internal audit function’s organisational status and relevant policies
and procedures support the objectivity of the internal auditors
 The level of competence of the internal audit function
 Whether the internal audit function applies a systematic and disciplined approach, including
quality control.
Overall, it seems that it is not desirable to rely on internal auditing work.
93
Business Assurance
Exam practice
Stone Company Limited 23 minutes

You are the audit manager of a CPA firm and are responsible for the audit of Stone Company
Limited (“Stone”) for the year ended 31 December 20X3. The Chief Finance Officer of Stone,
Mr Chan, has informed you that at the beginning of the year the company set up an internal audit
department. He has asked you to use extensively Stone's internal audit department resources for
the purpose of carrying out the forthcoming audit. In particular, Mr Chan has suggested you rely on
the internal auditors for the following audit procedures:
(a) Attendance of year-end inventory count
(b) Determining the sample sizes; and selecting and arranging confirmation of the
company's receivables balances.
At 31 December 20X3, the inventory and receivables balances were approximately 25% and 30%
of the company's total assets, respectively. The head of the internal audit department will report to
you directly the findings of the year-end inventory count and the results of the confirmation.
Required
(a) If you plan to use the internal auditor's work, how would you assess Stone's internal audit
function before deciding to use their work? (7 marks)
(b) Explain whether you would use the work of Stone's internal auditors in the specific ways
suggested by Mr Chan. (8 marks)
(Total = 15 marks)
HKICPA February 2004 (amended)
94
Part C
Professional standards and
guidance
Professional standards and guidance are a must to have a job done properly in any
accountancy and auditing engagement. The practice of arbitrary techniques and scandals
developed from creative procedures are damaging the accountancy profession. Students are
expected to learn the Code of Ethics by heart and become a CPA of the highest calibre. They
are then more ready to face ethical dilemmas and carry out their responsibilities in a creditable
way.
95
Business Assurance
96
chapter 4
Code of Ethics
Topic list
1 Fundamental principles and the conceptual 5 Conflicts in application of the fundamental

framework approach principles
1.1 The importance of ethics 5.1 Matters to consider
1.2 The fundamental principles 5.2 Unresolved conflict
1.3 The conceptual framework 6 Code of ethics applicable to professional
1.4 Threats to compliance with the accountants in business
fundamental principles 6.1 Examples of threats for professional
1.5 Available safeguards accountants in business
2 Specific guidance: Independence 6.2 Safeguards to comply with the
2.1 Objective of the guidance fundamental principles for professional
2.2 What is independence? accountants in business
2.3 Self-interest threat 6.3 Potential conflicts
2.4 Self-review threat 6.4 Preparation and reporting of information
2.5 Advocacy threat 6.5 Acting with sufficient expertise
2.6 Familiarity threat 6.6 Financial interests
2.7 Intimidation threat 6.7 Inducements
2.8 Other assurance engagements 7 Other issues
2.9 HKSQC 1: Quality control: Independence 7.1 Client acceptance
3 Specific guidance: Confidentiality 7.2 Engagement acceptance
3.1 Duty of confidence 7.3 Changes in professional appointment
3.2 Recognised exceptions to the rule of 7.4 Marketing professional services
confidentiality 7.5 Custody of entity’s assets
3.3 Disclosure in the public interest 7.6 Integrity, objectivity and independence in
4 Specific guidance: Conflicts of interest insolvency
4.1 Conflicts between professional
accountants’ and entities’ interests
4.2 Conflicts between the interests of
different entities
Learning focus
Professional accountants are sometimes faced by ethical dilemmas. Codes of ethics, such as
that issued by the Hong Kong Institute of Certified Public Accountants, give guiding principles
to help professional accountants carry out their responsibilities to both their profession and the
wider public.
There are also a number of practical measures (safeguards) that a firm may implement to
ensure that these ethical principles are not breached.
97
Business Assurance
Learning outcomes
Competency
level
1.01 The Institute's Code of Ethics for Professional Accountants 3

1.01.01 Explain the fundamental principles and the conceptual framework
approach
1.01.02 Identify, evaluate and respond to threats to compliance with the
fundamental principles
1.01.03 Discuss and evaluate the effectiveness of available safeguards
1.01.04 Recognise and advise on conflicts in the application of fundamental
principles for Professional Accountants in practice and in business
The following summary illustrates the main parts of the chapter:
ETHICAL REQUIREMENTS
"Code of Ethics"
INDEPENDENCE CONFLICT OF INTEREST CONFIDENTIALITY
OBJECTIVITY INTEGRITY
THE FIRM CLIENT OBLIGATION FREEDOM
V V TO TO
THE CLIENT DISCLOSE DISCLOSE
CLIENT
IDENTIFY THREATS TO
INDEPENDENCE
Self-Interest Threat
Self-Review Threat
Familiarity Threat
Advocacy Threat
Intimidation Threat Provide Obligated Protect
safeguard by law the firm’s
to reduce interests
the conflict
SAFEGUARDS AGAINST
THREATS TO INDEPENDENCE
By legislation and regulation
Firm wide
Engagement specific Decline the Accept
engagement client
98
4: Code of Ethics | Part C Professional standards and guidance
It is important that you understand the topic well. Auditors are subject to ethical requirements
imposed by the accountancy bodies; in Hong Kong, it is the HKICPA.
Code of Ethics for Professional Accountants Revised June 2010; February 2012
This Code of Ethics for Professional Accountants (the Code) is effective on 1 January 2011.
It replaces the version issued in December 2005 which is effective from 30 June 2006 until
31 December 2010.
All Professional Accountants are required to comply with the Code.
Section A – GENERAL APPLICATION OF THE CODE
Section B – PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE
Section C – PROFESSIONAL ACCOUNTANTS IN BUSINESS
Section D – ADDITIONAL ETHICAL REQUIREMENTS
Section E – SPECIALISED AREAS OF PRACTICE
Professional Accountant in Professional Accountant in
Public Practice Business
Definition: Professional accountant in a Professional accountant
firm that provides professional employed or engaged in an
services executive or non-executive
capacity ie commerce, industry,
service etc
Adoption of which Parts of the Code: A,B,D,E of the Code A,C D,E of the Code
SUMMARY OF THE MAIN CHANGES IN THE Code

The Code of Ethics has been revised so that it is more consistent with the Clarity project in order to
make the Code clearer to users:
The following are the main changes in the Code:
(i) The threat to independence should be reduced to an acceptable level.
(ii) The threats to independence have been given revised descriptions and examples.
(a) The Structure of the Code has been changed by dividing it into two parts:
Independence
SECTION 290 SECTION 291

INDEPENDENCE― INDEPENDENCE―
AUDIT AND REVIEW OTHER ASSURANCE
ENGAGEMENTS ENGAGEMENTS
(b) “Listed Entities” versus “Public Interest Entities”

 The revised Code suggests that public interest entities are:
– listed entities
– an entity defined by regulation or legislation as a public interest entity
99
Business Assurance
– an entity that is required by legislation or regulation to have an audit that is as

independent as an audit of a listed entity would be; and
– any other entity that the firm determines to be a public interest entity as it has a
large number and wide range of stakeholders.
(c) Documentation
Additional guidance is given on what firms are required to document to support their
conclusions regarding compliance with independence requirements.
(d) Merger or acquisition
New guidance has been established when a firm unexpectedly becomes related to an audit
client as a result of a merger or an acquisition.
A new section has been included on the “Management responsibilities” that a firm must not
assume in respect of an audit client.
Specific guidance is provided relating to an audit firm providing internal audit services to an
audit client that is a public interest entity.
Recurring internal audit services must not be provided if they relate to:
– a significant part of the internal controls over the financial reporting
– amounts or disclosures which are material to the financial statements
– financial accounting systems generating significant information to the financial
statements
(e) Partner rotation
“Partner rotation” is now applied to all key audit partners, applying to any partner making
key decisions and judgments on significant audit matters.
(f) Joining public interest audit clients
There is now a mandatory “cooling off” period which applies before key audit partners can
join public interest audit clients in specific positions.
(g) Non-audit services
The provision of valuation services, recruiting senior management, the provision of
corporate services and the provision of IT system services are being monitored with
much stricter guidance. The Code now specifically prohibits an audit firm from assuming
management responsibilities for an audit client.
Firms are not prohibited from providing services to public interest entities where the services
relate to material areas to the financial statements. For example, internal control of the IT
system or valuation of an asset.
(h) Tax services
There are now more guidelines on tax services as, in principle, providing tax services could
create a threat to independence when there is heavy tax planning involved in an audit client.
Audit firms should not prepare material tax calculations for an audit client which is a public
interest entity except in rare situations.
(i) Fees for public interest entities
The revised Code emphasises that where a firm has an audit client which is a public interest
entity and, for two consecutive years, the total fees from the client and its related entities
represent more than 15 % of the total fees, the firm shall:
– discuss that fact with the audit committee; and
– call out engagement quality control reviews by an independent accountant
100
(j) Key audit partners

The Code reinforces that key audit partners are not permitted to be evaluated on or
compensated for selling non-assurance services to their audit clients.
(k) Network
This is defined as a larger structure:
(a) that is aimed at co-operation; and
(b) that is clearly aimed at profit or cost sharing or shares common ownership, control or
management, common quality control policies and procedures, common business
strategy, the use of a common brand-name, or a significant part of professional
resources.
101
Business Assurance
SECTION A: General application of the Code

Section A provides guidance on fundamental ethical principles where professional accountants
are required to apply this conceptual framework to identify threats to compliance with the
fundamental principles, to evaluate the significance of such threats and the safeguards to
eliminate them or reduce the threats to acceptable levels.
1 Fundamental principles and the conceptual framework

approach
Topic highlights
Professional accountants rely on the guidance of an ethical code because they hold positions of
trust, and people rely on them. In their business dealings they may encounter situations or be put
under pressure to act in ways that further their own advantage, or that of an entity, against the wider
public interest or the interest of their profession.
1.1 The importance of ethics

Professional accountants are expected to demonstrate the highest standards of ethical behaviour
and to act in the public interest. Around the world accountancy bodies have produced ethical
guidance in the form of codes of ethics in order to help professional accountants carry out their
responsibilities both to their profession and to the wider public.
In Hong Kong this guidance is given in the HKICPA’s Code of Ethics for Professional Accountants
(“the Code”) which states the following about the particular responsibilities of the professional
accountant:
'A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in
the public interest. Therefore, a professional accountant's responsibility is not exclusively to satisfy
the needs of an individual entity or employer.
The public interest is considered to be the collective well-being of the community of people and
institutions the professional accountant serves, including entities, lenders, governments, employers,
employees, investors, the business and financial community and others who rely on the work of
professional accountants.'
Two points are very clear from this: first, the key reason that professional accountants must behave
ethically is that a very wide range of people rely on them and their expertise. The second is that
the accountant has a duty to serve not only the entity who has engaged his services or his employer,
but the wider public interest – that is, he must be, and must be seen to be, independent.
Professional accountants hold positions of trust by the entities whom they serve, and the users of the
information they provide through statutory reporting. They have access to sensitive financial and
strategic information which may have a significant impact on the future direction of the business and
its stakeholders.
Undertaking these professional obligations may give rise to ethical dilemmas and conflicts of interest;
when it does the professional accountant may turn to the guidance laid down by the accountancy
bodies, such as the Hong Kong Institute of Certified Public Accountants. As it is impossible to
anticipate the very many scenarios which may give rise to these difficulties the guidance is given in
the form of fundamental principles, guidance and explanatory notes. The professional accountant is
given the freedom to use his own judgment as to how to apply the principles or may seek advice
from the HKICPA.
102
1.2 The fundamental principles

HKICPA Code of Ethics
Integrity. A professional accountant should be honest and straightforward in all professional

and business relationships. Integrity also implies fair dealing and truthfulness. Professional
accountants should not be associated with information that contains a materially false and
misleading statement or the information has been furnished recklessly.
Objectivity. A professional accountant should not be biased nor have conflicts of interest or
undue influence to override professional or business judgment. The professional accountant
should not compromise professional or business judgment due to bias. In addition, they should
avoid being exposed to situations that may impair objectivity.
Professional competence and due care. A professional accountant should be competent to
perform professional services and should act diligently and in accordance with applicable
technical and professional standards when providing professional services.
Professional competence requires both attainment and maintenance of professional competence
which requires continuing awareness and understanding of relevant technical professional and
business development.
Diligence includes the responsibility to act in accordance with the requirements of an
assignment, carefully, thoroughly and on a timely basis.
The engagement team should have appropriate training and supervision and if there are any
inherent limitations, the professional accountant should notify the entity or users of the financial
statements.
Confidentiality. A professional accountant should respect the confidentiality of information
acquired as a result of professional and business relationships and should not disclose any
information to third parties without proper and specific authority unless there is a legal or
professional right or duty to disclose. Confidential information should not be used for personal
advantage or for any third parties.
There is a need to maintain confidentiality of information within the firm or within an employing
organisation.
The duty of confidentiality continues even after the end of the relationship between the
professional accountant and the entity.
Disclosure of information is allowed only when:
 permitted by law and authorised by the entity or employer
 required by law in the course of legal proceedings or to appropriate public authorities; and
 there is a professional duty or right to disclose, ie
– To comply with technical standards and ethical requirements
– To protect professional interests of the accountant in legal proceedings
– To comply with a HKICPA practice review
– To deal with an inquiry or investigation by HKICPA or other regulatory bodies.
Additional requirements are set out in section 410 “Unlawful Acts or Defaults by Clients of
Members” and section 411 “Unlawful Acts or Defaults by or on Behalf of a Member's Employer”.
Professional behaviour. A professional accountant should comply with relevant laws and
regulations and should avoid any action that discredits the profession.
Professional accountants should not bring the profession into disrepute during its promotion.
Professional accountants should not exaggerate claims for their services that they offer, the
qualifications they possess or experience they have gained.
Professional accountants should not make disparaging references or unsubstantiated
comparisons to the work of others.
103
Business Assurance
1.3 The conceptual framework

The conceptual framework in the Code requires a professional accountant to identify, evaluate and
address threats to compliance with the fundamental principles.
A professional accountant has an obligation to evaluate any threats to compliance with the
fundamental principles. They should take into account both qualitative and quantitative factors when
considering the significance of a threat.
When the threats are identified and the threats are clearly significant, a professional accountant
should where appropriate, apply safeguards to eliminate the threats or reduce them to an acceptable
level.
A professional accountant should decline or discontinue the service if no safeguards can be
implemented.
A professional accountant shall use professional judgment in applying this conceptual framework.
1.4 Threats to compliance with the fundamental principles

There are five general sources of threat:
(a) Self-interest threats – may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family member (for example, having a
financial interest in an entity)
(b) Self-review threats – may occur when a previous judgment needs to be reviewed by the
professional accountant responsible for that judgment (for example, auditing financial
statements prepared by the firm)
(c) Advocacy threats – may occur when a professional accountant promotes a position or
opinion that subsequently objectivity may be compromised (for example, promoting shares in
a listed entity when that entity is a financial statement audit entity)
(d) Familiarity threats – may occur when due to a close relationship, a professional accountant
becomes too sympathetic to the interests of others (for example, an engagement team
member having family member at the entity)
(e) Intimidation threats – may occur when a professional accountant may be deterred from
acting objectivity by threats, actual or perceived (for example, threats of replacement due to
disagreement).
1.5 Available safeguards

There are three general categories of safeguards:
 Safeguards created by the profession, legislation or regulation
 Safeguards in the work environment
 Safeguards created by the individual
Examples of safeguards created by the profession, legislation or regulation:

(a) Educational training and experience requirements for entry into the profession
(b) Continuing professional development requirements
(c) Corporate governance code
(d) Professional standards
(e) Professional or regulatory monitoring and disciplinary procedures
(f) External review by a legally empowered third party of the reports, returns, communication or
information produced by a professional accountant
104
HKICPA issues ethical standards, quality control standards and auditing standards which work
together to ensure independence is safeguarded and quality audits are carried out.
Examples of safeguards in the work environment:
(a) Strong firm leadership to emphasise the importance of compliance with the fundamental
principles and their expectation that members of the assurance team will act in the public
interest
(b) Establish policies and procedures to implement and monitor quality control of assurance
engagement
(c) Document the firm’s independence policies including identification and evaluation of threats
(d) Document the internal policies and procedures requiring compliance with the fundamental
principles
(e) Establish policies and procedures to identify interests or relationships between the firm or
assurance team members, to monitor and manage the undue dependence on fee from a
single entity
(f) Rotate senior audit staff, partners with separate reporting lines of the provision of non-
assurance services to an entity
(g) Establish policies and procedures to prohibit non-team members influence the outcome of the
engagement
(h) Update all partners and professional staff of firm’s policies and procedures including giving
appropriate training
(i) Senior management should review the adequate functioning of the safeguarding system
(j) Advise partners and professional staff to be independent
(k) Establish disciplinary mechanism to promote compliance with the firm’s policies and
procedures
(l) Involve an additional professional accountant to review the work done or otherwise advise as
necessary
(m) Consult an independent third party, such as a committee of independent directors, a

professional regulatory body or another professional accountant
(n) Use different partners and engagement teams with separate reporting lines for the provision of
non-assurance services to entities
(o) Discuss ethical issues with those in charge of entity governance
(p) Disclose to those charged with governance the nature of services provided and extent of fees
charged
(q) Involve another firm to perform or reperform part of the engagement
Example of safeguards created by the individual:
(a) Comply with continuing professional development requirements
(b) Keep records of contentious issues and approach to decision-making
(c) Maintain a broader perspective on how similar organisations function through establishing
business relationships with other professionals
(d) Use an independent mentor
(e) Maintain contact with legal advisers and professional bodies
105
Business Assurance
SECTION B: Professional accountants in public practice

Section B provides specific ethical guidance for professional accountants in public practice.
2 Specific guidance: Independence

Professional accountants in public practice should not engage in any activities that impair or might
impair integrity, objectivity or the good reputation of the profession.
2.1 Objective of the guidance

Stage 1
Identify threats to independence
 Self-Interest Threat  Advocacy Threat
 Self-Review Threat  Intimidation Threat
 Familiarity Threat
Stage 2
Evaluate the significance of those threats
Significant or not?
Stage 3
Identify and apply safeguards to eliminate the threats
ABLE TO REDUCE TO AN UNABLE TO REDUCE TO AN

ACCEPTABLE LEVEL ACCEPTABLE LEVEL
CONTINUE OR ACCEPT DECLINE THE

THE ENGAGEMENT ENGAGEMENT
The guidance states its purpose in a series of steps. It aims to help firms and members:
Step 1
Identify threats to independence.
Step 2
Evaluate whether the threats are insignificant.
Step 3
If the threats are not insignificant, identify and apply safeguards to eliminate risk, or reduce it to an
acceptable level.
It also recognises that there may be occasions where no safeguard is available. In such a
situation, it is only appropriate to:
 eliminate the interest or activities causing the threat
 decline the engagement, or discontinue it
106
2.2 What is independence?

A provider of assurance services must be, and be seen to be, independent. What is meant by
independence?
Key terms
Independence of mind: The state of mind that permits the expression of a conclusion without being
affected by influences that compromise professional judgment, thereby allowing an individual to act
with integrity, and exercise objectivity and professional scepticism.
Independence in appearance: The avoidance of facts and circumstances that are so significant that
a reasonable and informed third party would be likely to conclude weighing all the specific facts and
circumstances that a firm’s or a member of the engagement team’s integrity, objectivity or
professional scepticism has been compromised.
Firms must evaluate the significance of any threats to independence and then put safeguards in
place, where this is possible, to reduce the threat to acceptable levels. If it is not possible to put
adequate safeguards in place, it may be better to withdraw services than to risk a conflict of interest.
Certain entities, listed companies or those deemed to be of significant public interest due to the wide
range of stakeholders involved may be subject to more stringent rules.
Section 290 Independence – Audit and review engagements

This section addresses the independence requirements for audit engagements and review
engagements, which are assurance engagements in which a professional accountant in public
practice expresses a conclusion on financial statements.
Such engagements comprise audit and review engagements to report on a complete set of financial
statements and a single financial statement. Independence requirements for assurance
engagements that are not audit or review engagements are addressed in Section 291.
Degree of independence:
The degree of independence required is less rigid for a low level assurance engagement to non-audit
clients than for audit. For example:
Audit client Non audit assurance client
Audit Must be independent * N/A

Non audit, general use Must be independent * Only the assurance team and
the firm must be independent.
Non audit, restricted use Must be independent * The assurance team and the
firm must have no material
financial interest in the client.
* Applicable to the assurance team, the firm and the network firm
Topic highlights
HKICPA’s Code of Ethics gives examples of a number of situations where independence might be
threatened and suggests safeguards to protect independence.
HKICPA’s Code gives extensive lists of examples of threats to independence and applicable
safeguards. In the rest of this chapter, these threats and some relevant factors and potential
safeguards are outlined. Definite rules are shown in bold. You should learn these.
107
Business Assurance
2.3 Self-interest threat

The HKICPA Code of Ethics highlights a great number of areas in which a self-interest threat might
arise.
Employment with entity
Close business relationships
Partner on entity board
Financial interests
Family and personal relationships
Recruitment SELF-INTEREST THREAT Gifts and hospitality
Loans and guarantees

Lowballing Percentage or
contingent fees
High percentage Overdue fees
of fees
2.3.1 Financial interests
Key term
A financial interest exists where a firm has a financial interest in an entity’s affairs, for example, the
firm owns shares in the entity, or is a trustee of a trust that holds shares in the entity.
When considering whether a financial interest in a client constitutes a self interest threat, the
significance of the threat should be considered in the light of the following factors:
 Whether the financial interest is direct or indirect
 Role of the owner
 Materiality of the interest
Examples:
 Beneficial interests in shares/other interest
 Overdue fees
 Hold shares in a company’s client
 Being trustee of a trusts that holds the shares in the company
 Having a retirement plan that owns shares in the company
 Material indirect ownership of shares
Financial interest in an audit entity may create a self-interest threat.
If a member of the engagement team, a member of that individual’s immediate family or a firm has a
direct financial interest or a material indirect financial interest in the audit client the self-interest threat
created would be so significant that no safeguards could reduce the threat to an acceptable level.
The parties listed below are not allowed to own a direct financial interest or an indirect material
financial interest in a client:
 The assurance firm
 A member of the assurance team
 An immediate family member of a member of the assurance team
108
Key terms
Direct financial interests are:
 financial interests owned directly by and under the control of an individual or entity
 beneficially owned through a collective investment vehicle such as trust over which the
individual or entity has control.
Indirect financial interests are:
 beneficially owned through a collective investment vehicle such as trust over which the
individual or entity has no control.
When a close family member has a direct financial interest or a material indirect financial interest in
the entity, a self-interest threat is created.
Safeguards available to eliminate the threat or reduce it to an acceptable level are:
(a) the close family member should dispose of all, or a sufficient amount of the financial interest,
at the earliest practical date
(b) use an additional professional accountant who did not participate in the assurance
engagement to review the work done
(c) remove the member from the engagement team
If a firm or a partner or employee of the firm or a member of that individual’s immediate family
receive the financial interest by way of inheritance, gift or through a merger, this will cause a self-
interest threat.
Safeguards available to eliminate the threat or reduce it to an acceptable level include disposing of
the financial interest at the earliest practical date.
Such matters will involve judgment on the part of the partners who are charged with making
decisions about ethical issues. For example, what constitutes a material interest? A small
percentage stake in a company might be material to its owner. How does the firm judge the
closeness of a relationship between staff and their families, in other words, what does immediate
mean in this context?
Firms should have quality control procedures requiring staff to disclose relevant financial interests for
themselves and close family members. They should also foster a culture of voluntary disclosure on
continuous basis so that any potential problems are identified in a timely manner.
2.3.2 Close business relationships

There are various ways of determining whether a firm has an inappropriately close relationship with
an entity and methods to address the issue if this is found to be the case. However, there is often a
degree of judgment involved.
For example, purchasing goods and services from an entity on an arm’s length basis does not
usually constitute a threat to independence. However, if there are a substantial number of
transactions constituting a material interest, there may be a threat to independence and safeguards
may be necessary. Whether distribution or marketing arrangements under which the firm acts as
distributor or marketer of the entity’s products or services or vice versa constitute a material interest
will also depend on the degree of involvement and the effect of the transactions on both businesses
overall.
Where a degree of judgment is involved, unless the interest is clearly insignificant, an
assurance provider should not participate in a venture with an entity.
Unless any financial interest is immaterial and the business relationship is insignificant to the firm,
the threat created would be so significant that no safeguards could reduce the threat to an
acceptable level.
109
Business Assurance
Where the significance and nature of the threat to independence involves a single individual member
(or a close relation of his), appropriate ethical behaviour would demand that the individual is
removed from the engagement team.
2.3.3 Employment with the entity

Independence may be threatened when a professional accountant is employed by both an audit firm
and a client entity during the course of his career, or even where there is the prospect of employment
at an entity. Where an accountant has been connected with an audit at an entity which subsequently
offers employment (or may offer employment):
 Objectivity might be impaired by the motivation to impress a potential future employer
 A finance director who has a background as an audit partner has too much knowledge of the
audit firm’s systems and procedures to perform independently.
Again, the significance of the threat to independence depends on the specific circumstances. In
considering the safeguards that may need to be put in place, consideration would be made of the
influence the individual held over the audit in the past, the time interval between the audit and the
acceptance of the employment and the capacity for influence the appointment gives over the subject
matter of the assurance engagement.
If a former member of the engagement team or a partner of the firm joins an audit client as a director,
officer or employee in a position to exert significant influence over the preparation of the client’s
accounting records of the financial statements and a significant connection remains between the firm
and the individual the threat would be so significant that no safeguards would reduce it to an
acceptable level. Where no connections remains the significance of the threat would depend on
factors including:
 the position taken
 the extent of involvement with the engagement team
 the length of time since the individual was a member of the engagement team
 former position of the individual in the engagement team
Safeguards which may be used include:
 modification of the assurance plan
 reassigning the engagement to another professional accountant with appropriate expertise
 involving an additional independent professional accountant to review the work performed
 carrying out a quality control review of the engagement
A firm should also have quality control procedures requiring an individual involved in serious
employment negotiations with an entity to disclose the fact that these negotiations are taking
place to the firm. The firm may then exercise its discretion and remove the individual from the
engagement.
'Cooling off' period
The revised Code requires “cooling off periods” where partners intend to join public interest entities
as follows:
 Key audit partner: one audit opinion covering a period of not less than 12 months for which
the partner was not a member of the engagement team
 Firm’s Managing Partner (or equivalent): one year
A new provision is that an individual who has moved from the firm to a client should not be entitled to
any benefits or payments from the firm unless pre-determined arrangements have been made.
110
2.3.4 Partner on entity board

A partner or employee of the firm should not serve on the board of an entity, although in some
circumstances it is permissible for a partner or employee of an assurance firm to serve as Company
Secretary, or in a similar purely administrative role.
2.3.5 Family and personal relationships

Family or close personal relationships constitute a serious threat to independence. Again, the
significance of the threat requires individual circumstances, such as those listed below, to be taken
into account:
(a) The individual’s responsibilities on the assurance engagement. This includes the degree of
influence the individual may exert over the outcomes of the audit. However, the close family
relationships with a directors, officers or employees of an entity should be monitored even if
that individual is not part of the particular assurance team).
(b) The closeness of the relationship, (see the definition given in the Code of what constitutes
immediate family).
(c) The role of the other party at the entity. This means whether they exert significant influence
over the subject matter of the assurance engagement as a director, company officer or
employee and how closely they are involved with the processes and so on being tested).
When an immediate family member of a member of the engagement team is:
(a) a director or officer of the audit client; or
(b) an employee in a position to exert significant influence over the preparation of the client’s
accounting records or the financial statements on which the firm will express an opinion
The threats to independence can only be reduced to an acceptable level by removing the individual
from the engagement team. The Code defines an immediate family member as a spouse or
dependant.
When a close family relationship is disclosed it is also usually appropriate to remove the individual
from the assurance team.
A firm should have quality control procedures under which employees should disclose if a close
family member employed by a client is promoted within the entity so increasing the risk of a
significant threat.
If a firm inadvertently violates the rules concerning family and personal relationships there are further
safeguards available: in these circumstances it is usual to conduct a quality control review or discuss
the matter with the entity’s audit committee if it is of sufficient size to have one.
2.3.6 Gifts and hospitality

This is a notoriously difficult area; in some parts of the world, offering gifts or corporate hospitality is
an accepted part of business life; in others, it falls into a grey area somewhere between inducement
and downright bribery! In general, unless the value of the gift or hospitality is trivial and
inconsequential a member of an engagement team should decline any offers which may be seen to
be intended to influence the judgment of a professional accountant.
2.3.7 Loans and guarantees

The advice on loans and guarantees is similar to that on business transactions. Where the loan or
guarantee is not made under normal lending terms safeguards are unlikely to reduce the self-interest
threat to an acceptable level.
If the loan from a financial institution, is made on an arm’s length usual commercial basis, then there
is no threat to independence. For individuals, a loan of this sort is likely to be material, such as a
mortgage, but as long as usual commercial terms apply, there is no impairment to independence. If a
loan to a firm is deemed material it is necessary to apply safeguards to reduce the risk to an
111
Business Assurance
acceptable level. One safeguard likely to be used is an independent review (by a partner from
another office in the firm).
However, the firm or an individual on the assurance engagement should never enter into any
loan or guarantee arrangement with an entity that is not a bank or similar institution.
The advice on loans and guarantees falls into two categories:
 client is a bank or similar institution
 other situations
2.3.8 Overdue fees

By allowing fees to remain overdue, the professional accountant runs the risk of effectively offering a
loan to an entity. The professional accountant may then run the risk of being in breach of the rules
set out above.
Appropriate safeguards include an independent review to ensure that the fees charged are fair for
the work performed. Policies should be in place to ensure that unpaid fees do not build up to
unfeasibly high levels. Unpaid fees should be discussed with the entity’s senior management
promptly. If the fees remain unpaid then the firm should consider resignation.
2.3.9 Percentage or contingent fees
Key term
Contingent fees are fees which are calculated on a predetermined basis relating to the outcome of
a transaction or the result of the services performed by the firm.
A firm should not enter into a contingent fee arrangement for any assurance engagement as
payment arrangements based on outcomes create self-interest and advocacy threats which cannot
be reduced to acceptable levels through the application of suitable safeguards.
Contingent fees charged on non-assurance engagement
A contingent fee charged directly or indirectly by a firm in respect of a non-assurance service
provided to an audit client may also create a self-interest threat. The threat created would be so
significant that no safeguards could reduce the threat to an acceptable level if:
 the fee is charged by the firm expressing the opinion on the financial statements and the fee
is material or expected to be material to that firm;
 the fee is charged by a network firm that participates in a significant part of the audit and the
fee is material or expected to be material to that firm; or
 the outcome of the non-assurance service, and therefore the amount of the fee, is dependent
on a future or contemporary judgment related to the audit of a material amount in the financial
statements.
All arrangements shall be prohibited.
Compensation and evaluation policies
A self-interest threat is created when a member of the engagement team is evaluated on or
compensated for selling non-assurance services to that audit client.
The significance of the threat shall be evaluated and, if the threat is not at an acceptable level, the
firm shall either revise the compensation plan or evaluation process for that individual or apply
safeguards to eliminate the threat or reduce it to an acceptable level.
A key audit partner shall not be evaluated on or compensated based on that partner’s success in
selling non-assurance services to the partner’s audit client. This is not intended to prohibit normal
profit-sharing arrangements between partners of a firm.
112
2.3.10 Undue dependence on total fees

A self-interest threat arises where the total fees generated by an entity represent a large proportion
of a firm’s total revenue.
Whether it is a situation of undue dependence may be mitigated by factors such as the size and
structure of the firm and how long it has been trading (a new firm may not have a wide enough client
base to follow the ruling emboldened above).
Similar threats may be created by situations where the fees generated by an entity represent a large
proportion of the revenue brought in by an individual partner.
Safeguards in these situations include:
 discussion of the matter with the entity’s senior management or the audit committee if it has one
 taking steps to reduce the financial dependency on the entity
 obtaining external or internal quality control reviews
 consulting a third party such as HKICPA
Audit Clients that are Public Interest Entities (new provision)
Where an audit client is a public interest entity and, for two consecutive years, the total fees from
the client and its related entities represent more than 15% of the total fees received by the firm
expressing the opinion on the financial statements of the client, the firm shall disclose to those
charged with governance of the audit client the fact that the total of such fees represents more than
15 percent of the total fees received by the firm, and discuss which of the safeguards below it will
apply to reduce the threat to an acceptable level, and apply the selected safeguard:
 A pre-issuance review – Prior to the issuance of the audit opinion on the second year’s
financial statements, a professional accountant, who is not a member of the firm expressing
the opinion on the financial statements, performs an engagement quality control review of
that engagement or a professional regulatory body performs a review of that engagement that
is equivalent to an engagement quality control review.
 A post-issuance review – After the audit opinion on the second year’s financial statements
has been issued, and before the issuance of the audit opinion on the third year’s financial
statements, a professional accountant, who is not a member of the firm expressing the opinion
on the financial statements, or a professional regulatory body performs a review of the second
year’s audit that is equivalent to an engagement quality control review.
2.3.11 Lowballing
Lowballing is the term used to describe the situation where a firm quotes a significantly lower fee
level for an assurance service than would have been charged by the predecessor firm usually in
order to gain other more lucrative business. A self-interest threat arises which must be safeguarded
against. If the firm wins the tender the following safeguards should be applied:
 Careful record keeping to demonstrate that the firm used appropriate staff, spent sufficient
time, and adhered to appropriate technical and professional standards in carrying out the
engagement;
 Demonstration that the assurance engagement complied with all applicable assurance
standards, guidelines and quality control procedures
In other words, the low generation of fee revenue must not have any adverse impact on the quality of
the review carried out. Lowballing and the significant low fee issue below carry the risks of fee
disputes, if the company is eventually forced to make a choice between losing money or
compromising on quality or if the lucrative other business the firm hoped to win on the back of the
loss-making audit does not materialise.
2.3.12 Significant low fee
A firm is entitled to charge a significant low fee for any reason but should be aware of the threat to
objectivity this creates. This fee strategy may cause a self-interest threat and call into question the
113
Business Assurance
professional competence and due care owed by the firm. Both independence and quality of work
may be compromised as it may be difficult to perform the engagement in accordance with applicable
technical and professional standards for the fee charged.
The professional accountant should consider if there is:
 any terms on securing the contract to supply other non-audit services (lowballing issue)
 any compromise on the quality of the audit work
 any restriction on senior staff working on the audit
 any possibility the entity was misled as to the basis on which fees for the current and
subsequent years were to be determined
 awareness by the entity of all the terms of the engagement and fees charged
 appropriate review to ensure work is done fully in accordance with auditing standards; and
should
 appropriate time and competent staff assigned to the engagement.
By engaging in these risky pricing strategies the firm not only threatens its independence but also
raises the risk of fee disputes and negligence claims that could do long-term damage to the
business.
2.3.13 Recruitment
Professional accountants may offer HR consultancy services (see the further discussion of this in 2.4
below). However, recruitment and assurance services offered by the same firm may result in a
conflict of interest and either the assurance business or the consultancy business should be
declined. It may be acceptable for the assurance firm to play a limited part in say, the recruitment of
a senior officer at an entity who uses their assurance services, if the final decision for the
appointment rests with another party.
2.3.14 Receiving or paying referral and commission

Paying a commission or referral fee or accepting this kind of fee is acceptable. However, accepting
a referral fee may create self-interest threat to objectivity and call into question professional
competence and due care. Safeguards should be applied:
(a) Disclose to the entity the arrangement to pay/receive a referral fee to another professional
accountant for the work passed onto them
(b) Obtain advance agreement from the entity for commission arrangements in connection with
the sale by a third party of goods or services to the entity
Kwok & Co have been the auditors of Kowloon Bank for a number of years.
(a) Kowloon Bank operates a staff scheme offering all members of staff low rate mortgage deals.
The staff rate is currently set at 3.5% below the bank prime rate. The Head of Lending of
Kowloon Bank tells the audit engagement partner at Kwok & Co, with whom he has dealt for a
number of years, that Kowloon Bank would like to extend the staff scheme in respect of low
rate mortgages to all members of staff at Kwok & Co, as a token of their appreciation of Kwok
& Co’s services.
(b) An audit assistant, who was on the audit of Kowloon Bank last year is considering resignation
from Kwok & Co to accept a trainee manager position at Kowloon Bank.
The audit engagement partner for Kowloon Bank has just become aware of this situation.
114
Required
Explain any professional and ethical issues in each of the above situations.
(11 marks)
HKICPA February 2006
2.4 Self-review threat

General other
Recent service services
with an entity
Preparing accounting records
and financial statements
Other services SELF-REVIEW THREAT Valuation services
Corporate
Internal audit Tax services
finance
services
Self-review threats arise when a professional accountant, or a firm of professional accountants, have
previously been involved in performing a service which they are then called upon to review. This
may include setting up financial systems they are then asked to review, or preparing financial
records or valuations for the financial statements they are then asked to audit. The risk is greater
when the service was performed very recently. As market competition has encouraged firms of
professional accountants to expand the range of services they may offer entities, so the risk of self-
review has increased. The table below shows a range of the services that may be provided and there
follows a discussion about how the provision of these services may impair independence.
Services provided by professional accountants
Bookkeeping
Preparation of financial statements
Tax services, although generally these are not seen to impair independence
Design and implementation of financial information systems
Appraisal, valuation services and fairness opinions
Actuarial services Risk of
self-
Internal audit services review
Management functions, but there are strict rules about the degree to which
assurance advisers may intervene in the management decisions of the entity
Human resources – such as recruitment and selection of senior management,
provision of temporary staff cover and so on
Corporate finance, broker-dealer services, accessing finance and so on
Legal services and litigation support
115
Business Assurance
The HKICPA Code gives rules about the other services firms may provide to their entities, (see
sections 2.4.2–2.4.9 below).
The distinction between listed companies, (or public interest companies), and private companies is
an important one in the provision of other services to entities. The rules are much more stringent for
listed companies and those deemed to be of public interest.
Key terms
Listed companies are those whose shares have been admitted to a recognised exchange, such as
the Stock Exchange of Hong Kong.
Public interest companies are those which for some reason (size, nature, product) are in the
“public eye”. Professional accountants should treat these as if they are listed companies.
2.4.1 Recent service

The Code sets out the following rule with regard to individuals who have completed a recent period
of service with an entity:
Individuals who have held the role of director or served as an officer of the entity, or been an
employee in a position to exert direct, significant influence over the subject matter of the
assurance engagement in the period under review or the previous two years should not be
assigned to the assurance team.
If an individual had been closely involved with the entity but outside of the time limits established
above, the assurance firm should consider the threat to independence and apply safeguards, if
appropriate.
This may be to:
 obtain a quality control review of the individual’s work on the assignment
 discuss the issue with the audit committee if the entity has one
2.4.2 General other services

Another rule which should be learned is that, where the assurance firm is providing other services for
an entity:
Professional accountants are not allowed to:
 authorise, execute or consummate a transaction
 sanction a particular course of action for the entity to pursue (this is a matter for its
own management)
 report in a management capacity to those charged with governance
However, keeping custody of an entity’s assets, supervising the entity’s employees in the
performance of their normal duties, and preparing source documents on an entity’s behalf are a
common requirement for assurance firms which could also pose significant self-review threat,
Safeguards which may be used to address this are described below:
(a) Segregation of duties: the assurance firm can make sure that different staff are used on the
assurance team to the staff engaged in the other capacity
(b) Seeking the advice of an independent professional accountant
(c) Clear quality control policies establishing what staff are and are not allowed to do on behalf of
entities
(d) Making appropriate disclosures and discussion of the matter with those charged with
governance
116
(e) Resigning from the assurance engagement

(f) Establishing policies and procedures to prohibit professional accountants from making
managerial decisions on behalf of the entity
2.4.3 Preparing accounting records and financial statements

Management is responsible for the preparation and fair presentation of the financial statements in
accordance with the applicable financial reporting framework.
Professional accountants routinely assist management with the preparation of financial statements
and give advice about accounting treatments and journal entries. A self-review threat arises if the
same firm is then asked to audit the accounting records that they have prepared.
If the firm is listed or public interest, it should not prepare accounts or financial statements for a
listed or public interest entity, unless an emergency arises.
The rules are more relaxed for small entities where a single firm is likely to be involved with the
business in a number of capacities. In these situations, firms must analyse the risks arising and put
safeguards in place to reduce the risk to an acceptable level. Safeguards include:
 using staff members other than assurance team members to carry out work
 obtaining entity approval for work and underlying assumptions undertaken
Audit clients that are not public interest entities
The firm may provide services related to the preparation of accounting records and financial
statements to an audit client that is not a public interest entity where the services are of a routine
or mechanical nature, so long as any self-review threat created is reduced to an acceptable level.
For any client, assurance firms are also not allowed to:
 determine or change journal entries without client approval
 authorise or approve transactions
 prepare source documents
Audit clients that are public interest entities
Except in emergency situations, a firm shall not provide to an audit client that is a public interest
entity accounting and bookkeeping services, including payroll services, or prepare financial
statements on which the firm will express an opinion or financial information which forms the basis of
the financial statements.
‘Emergency situations’
Accounting and bookkeeping services may be provided to audit clients in emergency or other
unusual situations when it is impractical for the audit client to make other arrangements:
 Only if the firm has the resources and necessary knowledge of the client’s systems and
procedures to assist the client in the timely preparation of its accounting records and financial
statements
 Restriction on the firm’s ability to provide the services would result in significant difficulties for
the client to comply with regulatory requirements
The following conditions must be met if professional accountants are to perform accounting and
bookkeeping services:
 Those who provide the services are not members of the engagement team;
 The services are provided for only a short period of time and are not expected to recur; and
 The situation is discussed with those charged with governance.
However, for any entity, firms are never allowed to:
(a) determine or change journal entries without entity’s approval
(b) authorise or approve transactions
117
Business Assurance
(c) prepare original source documents

(d) report on behalf of management to those charged with governance
(e) supervise an entity’s employee in performing normal activities
2.4.4 Temporary staff assignments

The lending of staff by a firm to an audit client may create a self-review threat. Such assistance
may be given, but only for a short period of time and the firm’s personnel shall not be involved in:
 providing non-assurance services that would not be permitted under the Code; or
 assuming management responsibilities.
In all situations, the audit client shall be responsible for directing and supervising the activities of
the loaned staff.
2.4.5 Valuation services
Key term
A valuation comprises the making of assumptions with regard to future developments, the
application of certain methodologies and techniques, and the combination of both in order to
compute a certain value, or range of values, for an asset, a liability or for a business as a whole.
If a firm performs a valuation to be included in the entity’s financial statements which are then
subsequently audited by the firm, a self-review threat arises.
A firm should not carry out valuations on matters:
(a) which are material to the financial statements and
(b) if the valuation is subject to high degree of subjectivity.
No safeguard is available to reduce the threat to an acceptable level under these circumstances.
If the valuation is neither material nor subject to high degree of subjectivity, the firm may apply
safeguards to ensure that the risk is reduced to an acceptable level. The following matters need to
be considered:
 The extent of the entity’s knowledge of the relevant matters in making the valuation
 The degree of judgment involved
 How much use is made of established methodologies
 The degree of uncertainty in the valuation
The firm may use the following safeguards to manage the risk:
 Second partner review
 Confirming that the entity understands how the valuation is reached and the underlying
assumptions
 Ensuring the entity acknowledges its responsibility for the valuation
 Using separate staff for the valuation and the audit
For audit clients that are public interest entities
A firm shall not provide valuation services to an audit client that is a public interest entity if the
valuations would have a material effect, separately or in the aggregate, on the financial statements
on which the firm will express an opinion.
118
You are the audit manager of a CPA firm, Yu & Yu. You are responsible for the audit of the financial
statements of a manufacturing and trading group, La’Monsa Limited (“La’Monsa”), for the year ended
31 December 20X6. The group’s principal product is clothing. In the last financial year, La’Monsa set
up a subsidiary to manufacture footwear products. They acquired a brand and set up a production
line.
When planning the audit work for the year ended 31 December 20X6, you learnt that the footwear
business had not been successful and production had been suspended.
In a meeting with Mr. Jun, the Chief Executive Officer (“CEO”) of La’Monsa, you raised your
concerns regarding valuation of the brand and production facilities in the footwear business. The
CEO believed that the brand was acquired last year and was still quite popular, and the machinery
and equipment were still workable. He also advised you that a merger of La’Monsa with another
footwear company was under negotiation. As valuation services were provided by your firm, he
suggested your firm, Yu & Yu, prepare a valuation report on the brand and the machinery and
equipment. Mr. Jun also suggested your firm use the valuation report in the audit of the financial
statements for the year ended 31 December 20X6.
Required:
(a) Discuss the general independence consideration for Yu & Yu in accepting non-assurance
engagements by its existing audit client. (5 marks)
(b) Discuss the independence consideration in the specific circumstances of La’Monsa’s
suggestion that Yu & Yu be appointed to provide valuation services. (10 marks)
(Total = 15 marks)
HKICPA May 2007
2.4.6 Taxation services

Generally, the provision of taxation services is not seen as any threat to independence.
Taxation services comprise a broad

range of services, including:
Tax return Tax calculations for the Tax planning and other Assistance in the
preparation purpose of preparing tax advisory services resolution of tax
the accounting entries disputes
Performing certain tax services creates self-review and advocacy threats.

The existence and significance of any threats will depend on:
 the system by which the tax authorities assess and administer the tax in question and the role
of the firm in that process
 the complexity of the relevant tax regime and the degree of judgment necessary for application
 the particular characteristics of the engagement
 the level of tax expertise of the client’s employees.
119
Business Assurance
Tax return preparation

Accordingly, providing such services does not generally create a threat to independence if
management takes responsibility for the returns including any significant judgments made.
Tax calculations for the purpose of preparing accounting entries
(i) Audit clients that are not public interest entities
Preparing calculations of current and deferred tax liabilities (or assets) for an audit client for
the purpose of preparing accounting entries that will be subsequently audited by the firm
creates a self-review threat.
Safeguards shall be applied when necessary to eliminate the threat or reduce it to an
acceptable level.
(ii) Audit clients that are public interest entities
Except in emergency situations, in the case of an audit client that is a public interest entity, a
firm shall not prepare tax calculations of current and deferred tax liabilities (or assets) for the
purpose of preparing accounting entries that are material to the financial statements on which
the firm will express an opinion.
Tax planning and other tax advisory services
Such services involve advising the client how to structure its affairs in a tax efficient manner or
advising on the application of a new tax law or regulation.
A self-review threat may be created where the advice will affect matters to be reflected in the
The significance of any threat shall be evaluated and safeguards applied when necessary to
eliminate the threat or reduce it to an acceptable level.
Safeguards:
 Using professionals who are not members of the engagement team to perform the
service
 Having a tax professional, who was not involved in providing the tax service, advise the
engagement team on the service and review the financial statement treatment
 Obtaining advice on the service from an external tax professional; or
 Obtaining pre-clearance or advice from the tax authorities.
Where the effectiveness of the tax advice depends on a particular accounting treatment or
presentation in the financial statements and the self-review threat would be so significant that
no safeguards could reduce the threat to an acceptable level. Accordingly, a firm shall not
provide such tax advice to an audit client.
Assistance in the resolution of tax disputes
An advocacy or self-review threat may be created when the firm represents an audit client in the
resolution of a tax dispute once the tax authorities have notified the client that they have rejected the
client’s arguments on a particular issue and either the tax authority or the client is referring the matter
for determination in a formal proceeding,
Where the taxation services involve acting as an advocate for an audit client before a public tribunal
or court in the resolution of a tax matter and the amounts involved are material to the financial
statements on which the firm will express an opinion, the advocacy threat created would be so
significant that no safeguards could eliminate or reduce the threat to an acceptable level.
120
2.4.7 Internal audit services

Internal audit activities may include:
 monitoring of internal controls
 examination of financial and operating information
 review of the economy, efficiency and effectiveness of operating activities
 review of compliance with laws, regulations and other external requirements, and with
management policies and directives
The provision of internal audit services to an audit client creates a self-review threat to
independence if the firm uses the internal audit work in the course of a subsequent external audit.
Performing a significant part of the client’s internal audit activities increases the possibility that firm
personnel providing internal audit services will assume a management responsibility.
A firm may provide internal audit services to an entity, without impairment to independence so long
as the firm ensures that the entity recognises its responsibility for establishing, maintaining and
monitoring the internal controls. Usually the following safeguards are put in place:
(a) An employee of the entity is made responsible for all internal audit activities
(b) The entity approves all of the work undertaken by the internal engagement team
Audit clients that are public interest entities
In the case of an audit client that is a public interest entity, a firm shall not provide internal audit
services that relate to:
 a significant part of the internal controls over financial reporting
 financial accounting systems that generate information that is, separately or in the aggregate,
significant to the client’s accounting records or financial statements on which the firm will
express an opinion; or
 amounts or disclosures that are, separately or in the aggregate, material to the financial
statements on which the firm will express an opinion.
2.4.8 Corporate finance

Certain aspects of corporate finance create self-review threats that cannot be reduced to an
acceptable level by safeguards. A firm is not allowed to promote, deal in or underwrite an
entity’s shares under any circumstances. Similarly, it is also not allowed for a firm to commit
an entity to the terms of a transaction or consummate a transaction. There are other corporate
finance services, formulating corporate strategies, raising capital or providing restructuring advice
which may be acceptable without impairment to independence, providing that appropriate
safeguards are in place. Such safeguards include using different teams of staff, and making sure
policies are in place to ensure that no management decisions are taken on behalf of the entity and
these are closely controlled.
The Hong Kong Takeovers and Share Repurchase Codes
A member who provides takeover services for clients is required to comply with the Codes which are
expressly applied to professional advisers as well as to those engaged in the securities market.
The Stock Exchange of Hong Kong Limited's (Stock Exchange) Rules Governing the Listing
of Securities (Listing Rules)
Members’ attention is also drawn to the Listing Rules in particular when acting as a sponsor or as an
independent financial adviser.
121
Business Assurance
2.4.9 Other services

There are other services a firm might offer to entities.
IT services
Providing systems services may create a self-review threat depending on the nature of the services
and the IT systems.
Providing services to an audit client that is not a public interest entity involving the design or
implementation of IT systems that:
(a) form a significant part of the internal control over financial reporting, or
(b) generate information that is significant to the client’s accounting records or financial
statements on which the firm will express an opinion creates a self-review threat.
In the case of an audit client that is a public interest entity, a firm shall not provide services
involving the design or implementation of IT systems that:
(a) form a significant part of the internal control over financial reporting, or
(b) generate information that is significant to the client’s accounting records or financial
statements on which the firm will express an opinion.
Temporary staff cover
Providing recruiting services to an audit client may create self-interest, familiarity or intimidation
threats.
The firm may generally provide such services as reviewing the professional qualifications of a
number of applicants and providing advice on their suitability for the post.
A firm shall not provide recruiting services to an audit client that is a public interest entity with
respect to a director or officer of the entity or senior management in a position to exert significant
influence over the preparation of the client’s accounting records or the financial statements on which
the firm relies.
Litigation support services
Providing legal services to an entity that is an audit client may create both self-review and advocacy
threats.
Acting in an advocacy role for an audit client in resolving a dispute or litigation when the amounts
involved are material to the financial statements on which the firm will express an opinion would
create advocacy and self-review threats so significant that no safeguards could reduce the threat to
an acceptable level.
The appointment of a partner or an employee of the firm as General Counsel for legal affairs of an
audit client would create self-review and advocacy threats that are so significant that no safeguards
could reduce the threats to an acceptable level.
Legal services
In each case, the firm should consider whether there are any barriers to independence and whether
these can be reduced by appropriate safeguards. Among the scenarios which might fall into this
category are where a firm is asked to design internal control IT systems, which it would later review
as part of its audit, or a professional accountant from the firm was seconded to cover the finance
director’s maternity leave. Before you read on, what would you consider to be appropriate ethical
behaviour in those two circumstances?
122
2.5 Advocacy threat

Legal services
Contingent fees ADVOCACY THREAT
Corporate finance
An advocacy threat often arises in the provision of legal or corporate finance services. To avoid this
threat firms must avoid being in the position of taking the entity’s part in a dispute or somehow acting
as their advocate in a way that threatens the appearance of independence. Examples are when a
firm has provided legal services to an entity and, perhaps defended them in a legal case. Corporate
finance examples are where the firm gives such as advice on debt reconstruction and negotiates
with the bank on the entity’s behalf or deals or acts as a promoter of shares for an entity. In these
instances a professional accountant may promote or may be seen to promote an entity’s position
to the point that objectivity may be impaired.
Again, the firm may be able to reduce the threat by using appropriate safeguards, including separate
teams and disclosures, but if the threat cannot be reduced to an acceptable level the firm must
withdraw from the engagement.
2.6 Familiarity threat

A familiarity threat often arises in conjunction with a self-interest threat. Independence is jeopardised
by the firm and its staff becoming too closely connected or too familiar with or sympathetic to the
entity and its employees. Professional scepticism may be severely impaired in circumstances.
Where there are family and personal
relationships between entity/firm
Long association with entities FAMILIARITY THREAT Employment with entity
Recent service with entity
2.6.1 Long association of senior personnel with entities

A long association with an entity may erode the independence of senior members of staff as the
length of service may mean they become too close to or too overly sympathetic to the business to
remain objective and exercise professional scepticism. Firms should continually monitor the
relationship between staff and established entities, including requirements to disclose any
promotions or changes within the entities which may introduce a new risk. Control can be
established by the use of safeguards such as rotation of senior personnel, second partner reviews,
and internal independent quality control reviews.
123
Business Assurance
In addition, the Code of Ethics goes further for listed and public interest entities with a list of specific
rules to prevent this situation from arising. It is in your interest to learn them!
The rules state that for the audit of listed or other public interest entities:
 The engagement partner should be rotated after a pre-defined period
 Other key audit partners should be rotated after a pre-defined period, normally no more than
seven years, and should not return to the engagement until a period of two years has
elapsed
 The individual responsible for the engagement quality control review should be rotated
after a pre-defined period
If an entity becomes a listed entity, the engagement partner, other key partners and quality
control personnel should only continue in those positions for another two years. Judgment
may need to be exercised for more junior staff based on the length of time they have been involved
with the audit.
Flexibility is required for smaller firms where the size constraint may mean rotation is impracticable
or reliance on a key person’s expertise would mean the risk to technical quality is greater than that
derived from the previous connection. In this case, the firm must devise suitable safeguards to make
sure independence is preserved.
(a) Listed companies and other public interest entities:
The rules state that for the audit of listed or other public interest entities:
 The engagement partner should be rotated after a pre-defined period
 Other key audit partners should be rotated after a pre-defined period, normally no
more than seven years, and should not return to the engagement until a period of
two years (or five years if returning as engagement partner) has elapsed
 The individual responsible for the engagement quality control review should be rotated
after a pre-defined period, normally no more than seven years, and should not
return to the engagement until a period of two years has elapsed.
If an entity becomes a listed entity, the engagement partner, other key partners and quality
control personnel should only continue in those positions for another two years. Judgment
may need to be exercised for more junior staff based on the length of time they have been
involved with the audit.
(b) Rotation of key audit partners
Familiarity and self-interest threats are created by using the same senior personnel on an
audit engagement over a long period of time.
Despite the above, key audit partners whose continuity is especially important to audit quality
may, in rare cases due to unforeseen circumstances outside the firm’s control, be permitted
an additional year on the engagement team as long as the threat to independence can be
eliminated or reduced to an acceptable level by applying safeguards.
When an audit client becomes a public interest entity, the length of time the individual has
served the audit client as a key audit partner before the client becomes a public interest entity
shall be taken into account in determining the timing of the rotation.
If the individual has served the audit client as a key audit partner for five years or less
when the client becomes a public interest entity, the number of years the individual may
continue to serve the client in that capacity before rotating off the engagement is seven years
less the number of years already served.
When a firm has only a few people with the necessary knowledge and experience to serve as
a key audit partner on the audit of a public interest entity, rotation of key audit partners may
not be an available safeguard.
124
2.7 Intimidation threat

An intimidation threat arises when members of the assurance team are intimidated or pressured to
act unethically by entity staff. This generally means the firm has something to lose or is under
pressure in some way which the entity is trying to push to its own advantage. Loss of business,
replacement with another auditor and litigation are some of the methods by which an entity may try
to intimidate a firm.
Close business relationships
Litigation INTIMIDATION THREAT Family and personal relationships
Assurance staff members move

to employment with entity
A professional accountant may be dissuaded from using objectivity and exercising professional
scepticism by threats, whether actual or perceived from directors of an entity.
There are three main types of threat:
(a) Loss of business: for instance, as a result of a disagreement over the application of an
accounting principle, the entity may threaten to change its auditors if they wish to modify their
report as a result of the dispute.
(b) Loss of fee revenue: for instance, the entity may apply pressure to reduce the extent of work
performed by the professional accountants unjustifiably in order to reduce the fees.
(c) Litigation: defending a claim for negligence can be time consuming, publicly damaging and
expensive, even if the assurance firm were to eventually win the case (see below).
2.7.1 Actual and threatened litigation

Litigation, threatened or real, is a very serious threat indeed for firms: not only does it involve the loss
of the immediate client, the firm may suffer further losses from the associated negative publicity and
association with negligent behaviour, even if successfully defended. The threat may lead to the firm
being put under pressure to publish an unqualified audit report although they have been qualified in
the past, for example. The risk is so great that if the litigation is at all serious, the firm should
consider resignation.
However, good control systems should be in place to prevent such situations arising. When they do,
the following considerations should be taken into account:
 The materiality of the litigation
 The nature of the assurance engagement
 Whether the litigation relates to a prior assurance engagement
The following safeguards could be applied:
 Disclosing to the audit committee the nature and extent of the litigation
 Removing specific affected individuals from the engagement team
 Involving an additional professional accountant on the team to review work
2.7.2 Second opinions

An entity may seek a second opinion from a different firm when they are unhappy with the audit
opinion given or the work performed. The second firm, as it is not officially appointed, is notable to
give a formal audit opinion on the financial statements. However, if a another firm indicates to an
entity’s management that a different audit opinion might be acceptable, the appointed firm may feel
125
Business Assurance
under pressure to change the audit opinion in order to preserve the client relationship. In effect, a
self-interest threat arises.
In practice, second opinions often cause independence issues for firms of professional accountants
and care should be taken if asked to provide one.
A company director is free to talk to a another firm about the treatment of matters in the financial
statements if he believes there is a good reason for doing so. However, new accounting standards
are increasingly prescribing a single method of treatment reducing the scope for subjectivity and the
need for this kind of second opinion. Where an opinion like this is sought, the second firm is relying
on the director to communicate all of the relevant information on which the original opinion has been
based in a factual manner ie without any bias which may lead the professional accountants to take a
view that the entity might prefer. It is usual for the second firm to request the co-operation of the
appointed firm in order to ensure they have all the information they need. If this is refused, there are
probably good reasons why the engagement should be declined.
Safeguards are:
 obtain the entity’s consent
 describe the limitations surrounding any opinion in communications with the entity
 provide the existing professional accountant with a copy of the opinion
2.8 Other assurance engagements
Section 291 Independence – Other assurance engagements

This section addresses independence requirements for assurance engagements that are not audit or
review engagements. The basic principles are the same as those set out in section 290. However,
the following additional points should be noted.
2.8.1 Employment with an audit client

The basic principles are the same as those set out in section 290 although section 291 does not
include specific “cooling off” provisions.
2.8.2 Contingent fees
The basic principle is the same as that described in section 290, ie a contingent fee should not be
charged in respect of an assurance engagement. In addition, a contingent fee should not be charged
in respect of a non-assurance service provided to an assurance client if the outcome of the non-
assurance service (and therefore the amount of the fee) is dependent on a judgment related to the
subject matter of the assurance engagement. For other contingent fee arrangements charged by a
firm for a non-assurance service to an assurance client the significance of any threat will have to be
evaluated and safeguards applied.
2.8.3 Multiple responsible parties
In some assurance engagements, whether assertion-based or direct reporting, there might be
several responsible parties. In determining whether it is necessary to apply the provisions in this
section to each responsible party in such engagements, the firm may take into account whether an
interest or relationship between the firm, or a member of the assurance team, and a particular
responsible party would create a threat to independence that is not trivial and inconsequential in the
context of the subject matter information.
2.8.4 Interpretation 2005-01 (Revised June 2010 to conform to changes

resulting from the IESBA's project to improve the
clarity of the Code)
This Interpretation focuses on the application issues that are particular to assurance engagements
that are not financial statement audit engagements.
126
Assertion-Based Assurance Engagements

In an assertion-based assurance engagement independence is required from the responsible
party, which is responsible for the subject matter information and may be responsible for the subject
matter.
Direct reporting assurance engagements
In a direct reporting assurance engagement, the professional accountant in public practice either
directly performs the evaluation or measurement of the subject matter, or obtains a representation
from the responsible party that has performed the evaluation or measurement that is not available to
the intended users.
2.9 HKSQC 1: Quality control: Independence

HKSQC 1 (Clarified) is the quality control standard issued by HKICPA and within it, there is a
particular requirement which refers to ethics.
Firm should establish policies and procedures to emphasise the compliance on principles of
professional ethics which should be enforced by:
(a) leadership of the firm
(b) training
(c) monitoring
(d) process of dealing with non-compliance
HKSQC 1.21- The standard sets out some detailed requirements with regard to independence.
23
The firm shall establish policies and procedures designed to provide it with reasonable assurance
that the firm, its personnel and, where applicable, others subject to independence requirements
(including network firm personnel), maintain independence where required by the Code. Such
policies and procedures shall enable the firm to:
(a) communicate its independence requirements to its personnel and, where applicable, others
subject to them, and
(b) identify and evaluate circumstances and relationships that create threats to independence,
and to take appropriate action to eliminate those threats or reduce them to an acceptable level
by applying safeguards, or, if considered appropriate, to withdraw from the engagement.
Such policies and procedures shall require:

(a) engagement partners to provide the firm with relevant information about client engagements,
including the scope of services, to enable the firm to evaluate the overall impact, if any, on
independence requirements
(b) personnel to promptly notify the firm of circumstances and relationships that create a threat to
independence so that appropriate action can be taken, and
(c) the accumulation and communication of relevant information to appropriate personnel so that:
(i) the firm and its personnel can readily determine whether they satisfy independence
requirements
(ii) the firm can maintain and update its records relating to independence, and
(iii) the firm can take appropriate action regarding identified threats to independence that
are not at an acceptable level.
that it is notified of breaches of independence requirements, and to enable it to take appropriate
actions to resolve such situations.
The policies and procedures shall include requirements for:
127
Business Assurance
(a) Personnel to promptly notify the firm of independence breaches of which they become aware
(b) The firm to promptly communicate identified breaches of these policies and procedures to:
(i) the engagement partner who, with the firm, needs to address the breach, and
(ii) other relevant personnel in the firm and those subject to the independence
requirements who need to take appropriate action, and
(c) Prompt communication to the firm, if necessary, by the engagement partner and the other
individuals referred to in subparagraph 23 (b)(ii) of the actions taken to resolve the matter, so
that the firm can determine whether it should take further action.
At least annually, the firm shall obtain written confirmation of compliance with its policies and
procedures on independence from all firm personnel required to be independent by the HKICPA
Code and national ethical requirements.
2.9.1 Familiarity threat

HKSQC 1.24 Last, HKSQC 1 (Clarified) sets out some specific guidance in relation to the threat of over-familiarity
with entities.
The firm shall establish policies and procedures:

(a) setting out criteria for determining the need for safeguards to reduce the familiarity threat to an
acceptable level when using the same senior personnel on an assurance engagement over a
long period of time, and
(b) requiring for audits of financial statements of listed entities, the rotation of the engagement
partner and the individuals responsible for engagement quality control review, and, where
applicable, others subject to rotation requirements after a specified period in compliance with
relevant ethical requirements.
3 Specific guidance: Confidentiality
Topic highlights
HKICPA recognises a duty of confidentiality and several exceptions to it.
3.1 Duty of confidence

A professional accountant has a duty of confidentiality to his client. This principle is encapsulated in
the HKICPA Code of Ethics which states that a professional accountant who acquires sensitive
information in the course of his work, should not use, nor appear to use, that information to his own
advantage or to the advantage of any third party with which he is connected.
It is an implied term of any agreement of engagement that that the professional accountant will not
discuss the entity’s affairs to any third party without the entity’s consent. There are a few recognised
exceptions to this rule of confidentiality discussed below.
3.2 Recognised exceptions to the rule of confidentiality

Obligatory disclosure. If a member knows or suspects the entity to have committed an offence of
treason he is obliged to disclose all the information at his disposal to a competent authority. Local
legislation may also require the firm to disclose other infringements.
128
A professional accountant must disclose information if compelled to do so by a court order (process

of law).
If a member is requested to assist the police, the tax authorities or any other authority by providing
information about an entity’s affairs in connection with inquiries being made he should first inquire
under what statutory authority the information is demanded. If the demand for information is
pressed without any statutory authority the professional accountant should seek the permission of
the entity as to whether the information should be disclosed. If it is declined, legal advice may need
to be sought. Any notice served directly to the professional accountant for obtaining documents
related to the entity, the professional accountant should read carefully and seek legal advice if
necessary.
A member should not voluntarily co-operate with the authorities by assisting with any investigations
unless he acts with the entity’s consent or is required to do so by law (see the three circumstances in
which he is compelled to do so below). If he volunteers the information, it constitutes a breach of
confidentiality.
From time to time a professional accountant may know or suspect that an entity has committed a
wrongful act and in these circumstances he must give careful thought to his own position. Even in a
criminal matter (excluding treason, money-laundering and terrorist offences),he is under no
obligation to disclose his information to the relevant authority, but he must ensure that he has not
prejudiced himself by, for example, relying on incorrect information.
However, the professional accountant may himself be chargeable with a criminal offence if he acted
directly, without lawful authority or reasonable excuse, in such a manner as to impede with intent the
arrest or prosecution of a entity whom he knows or believes to have committed an arrestable
offence.
A member should not normally appear in court as a witness against an entity unless a written court
order is served.
A member should seek legal advice to clarify the legal aspects of his position.
Voluntary disclosure. In certain cases voluntary disclosure may be made by the professional
accountant:
 to protect the professional accountant's interests (for instance, to defend in litigation against him)
 where it is in the public’s interest
 where it is authorised by statute
 to non-governmental bodies
HKICPA Code of Ethics for Professional Accountants
 to comply with technical standards and ethical requirements
 to comply with the quality review of a member or professional body
 to respond to an inquiry or investigation by a member body or regulatory body (i.e. disciplinary
actions from HKICPA)
 to enable the firm to sue for its fee
 to resist an action for negligence brought against the professional accountant by an entity
129
Business Assurance
Also, having decided that confidential information can be disclosed, professional accountants should
consider:
 whether all relevant facts are known and substantiated
 what type of communication is expected and to whom it should be addressed
 whether the professional accountant will incur any legal liability as a result of disclosure
3.3 Disclosure in the public interest

The courts have never given a definition of “the public interest”. This means that again, the issue is
left to the judgment of the professional accountant. It is often therefore appropriate for the member to
seek legal advice.
It is only appropriate for information to be disclosed to certain authorities, for example, the police.
The HKICPA’s Code states that there are several factors that the member should take into account
when deciding whether to make disclosure.
HKICPA guidance
 The size of the amounts involved and the extent of likely financial damage
 Whether members of the public are likely to be affected
 The possibility or likelihood of repetition
 The reasons for the entity's unwillingness to make disclosures to the authority
 The gravity of the matter
 Relevant legislation, accounting and auditing standards
 Any legal advice obtained
Preparation comments
If you are required to make judgments about whether such a disclosure should be made in a given
scenario, you should apply a checklist like this to the scenario to ensure you have shown evidence of
your consideration of all the relevant factors.
3.3.1 Unlawful acts or defaults by or behalf of a member’s employer

If a HKICPA member is aware that his employer or an agent may have committed an unlawful act,
he should first draw it to the attention of internal management at an appropriate level. He may
then report the offence to the board of non-executive directors, or if this option is not available, he
may make a report to an external competent authority.
No general obligation exists for a professional accountant who becomes aware of a criminal or
unlawful act to disclose this information to a third party without the prior authority from his employer.
However, a HKICPA member has a general duty to his employer to act in good faith and with a duty
of confidence.
The employed HKICPA member should not generally disclose any confidential information without
the entity’s consent.
Members’ own relations with authorities: criminal offences
A member himself commits a criminal offence:
(a) if he incites a client or anyone else to commit a criminal offence; or
(b) if he helps or encourages a client or anyone else in the planning or execution of a criminal
offence; or
130
(c) if he agrees with a client or anyone else to pervert or obstruct the course of justice by
concealing, destroying or fabricating evidence or by misleading the police by statements which
he knows to be untrue.
Members are advised not to attempt to avoid the awkward responsibility of qualifying the report
on the accounts by refusing to report and by resigning.
Members may find that they are requested in their professional capacity by the Independent
Commission Against Corruption (ICAC) to assist in investigation of certain corruption allegations,
mainly against their own clients. Such assistance usually is requested in the form of furnishing
information to ICAC officers either orally or in writing.
You are the senior manager in a medium-size CPA firm. You are responsible for the audits for the
following entity and you are reviewing the ethical issues attached to the engagement.
Johnco Co (Johnco) is a manufacturer of kitchen appliances which are exported all over the world.
The following matter has been brought to your attention by the audit senior, who has just completed
the planning of the forthcoming audit for the year ending 31 March 20X0.
During a discussion with the production manager, it was revealed that there have been some quality
control problems with the kitchen appliances manufactured in the middle of the year. It was
discovered that some of the stainless steel used in the manufacture of the entity’s products did not
comply with the international quality standards. Johnco did not recall any of the products which had
been manufactured during that time from customers, as management felt that the risk of any injury
being caused was remote.
Required
Assess the ethical issues raised, and recommend any actions necessary, in respect of the stainless
steel used by Johnco Co.
4 Specific guidance: Conflicts of interest
Topic highlights
Professional accountants should identify potential conflicts of interest as they could result in ethical
codes being breached.
A conflict of interest is a situation that may undermine the judgment of a professional accountant.
There may be too much personally at stake either for himself or for his firm for the professional
accountant to reconcile the stakeholders’ or public interest against his own. In these situations:
 principles of independence, integrity and objectivity are not satisfied
 promoting personal interest may result in adverse consequences to stakeholders
Firms should take reasonable steps to identify circumstances that could pose a conflict of interest
before they happen. A conflict of interest may result in the Code being breached (often conflicts of
interest give rise to self-interest threats).
The key principle for the firm is that it firm should not accept an engagement in which there is
likely to be a significant conflict of interest.
131
Business Assurance
4.1 Conflicts between professional accountants’ and entities’

interests
A conflict between professional accountants’ and entities’ interests may arise if a firm of professional
accountants are in direct competition with an entity, or else are involved in a joint venture with a one
of the entity’s competitors.
In the HKICPA Code of Ethics there are rules which state that members and firms should not
accept or continue engagements in which there are, or are likely to be, significant conflicts of
interest between members, firms and entities. This means any form of financial gain as a result
of an engagement other than fees for work done will always constitute a significant conflict of
interest.
Firms should evaluate the threats arising from a conflict of interest, and unless they are clearly
insignificant, they should apply safeguards. The test of whether a threat is significant is whether a
reasonable and informed third party, having knowledge of all relevant information, including the
safeguards applied, would consider the conflict of interest as likely to affect the judgment and
objectivity of the professional accountants involved.
Where any commission is earned by anyone in the firm for business introductions for advice the this
should be disclosed to the entity. Special care should be taken that any advice given is in the
entity’s best interests.
4.2 Conflicts between the interests of different entities

There is nothing improper in a firm serving two or more entities whose interests are in conflict, as
long as the work the firm is not the subject of the conflict.
Where the firm does act for two competing entities it must manage its work so that the interests of
one entity do not adversely affect the entity. Where acceptance or continuance of an engagement
would, even with safeguards, materially prejudice the interests of any entity, the appointment
should not be accepted or continued.
Material prejudice may mean information being leaked or for firms to be forced into a corner where
they have to choose between the interests of one entity or the other.
The firm must take all reasonable steps to evaluate whether any conflict exists, including implications
arising from possession of confidential information and how this may be protected.
The firm should continually review its relationships with both prospective and existing entities before
accepting or continuing engagements. If aware of possible conflicts between clients or potential
clients, the firm should introduce safeguards to try to manage them.
If the relationship ended over two years before, it would be unlikely to constitute conflict.
Where material conflict of interest is identified, the firm should disclose sufficient information to the
entity. It is then the decision of the entity as to whether to continue with the firm with the safeguards
in place or to seek an alternative provider of the firm’s services.
Particular difficulties can arise when it comes to share issues, and takeovers. Professional
accountants are often rightly involved in either situation. With regard to share issues, firms should
never underwrite an issue of shares to the public of an entity they audit. In a takeover situation, the
professional accountants audit the accounts of both offer or and target company, they must ensure
that do not
 act as the principal advisers to either party; or
 issue reports assessing the financial statements of either party other than their audit report
If they find they possess material confidential information, they should contact the competent
authority.
132
4.2.1 Managing conflicts between entities interests

Disclosure is the most important safeguard in connection with conflicts of interests between entities.
The following notifications would be among the safeguards used:
(a) Disclosing to the entity of nature of the interests/activities that may cause a conflict and
obtaining their permission to continue to act in the circumstances acknowledged.
(b) Informing all known relevant parties that the firm is acting for two or more parties in respect of
a matter where their respective interests are in conflict, and obtaining their consent.
(c) Seeking the entity’s acknowledgement that the firm does not act exclusively for any one entity
in the provision of the proposed services.
Other safeguards:
 Using separate engagement teams
 Procedures to prevent access of information (such as secure passwords and firewalls)
 Clear procedures for the respective teams on issues of security and confidentiality
 The use of confidentiality agreements signed by the partners and staff
 Regular review of the safeguards by an independent partner
 Advising one or both of the entities to obtain third party independent advice
If adequate disclosure is not possible due to confidentiality restrictions, the firm should not accept or
continue the assignment.
You are an audit manager in MKJ & Co, a local CPA firm. Your firm has been approached by a new
entity, Washington, which wants to engage your firm for both audit and advisory work.
Washington has expanded rapidly over the last few years and is planning to list in the next financial
year. Washington’s Financial Controller, Mr. Otto, is an old friend of one of your senior partners, Mr.
Man.
Mr. Otto has indicated that if Washington can successfully list its shares, the taxation and
consultancy work would be performed by your firm. Within your firm’s portfolio, you have also an
entity which is Washington’s rival.
One of your audit seniors has resigned recently to take up the post as Human Resources Manager in
Washington. Before any acceptance, Mr. Otto has invited your firm to join a very extravagant
cocktail party. Washington will distribute its prospectus during the occasion.
Required
(a) Identify and explain the ethical issues in the above situation.
(b) Give three examples for safeguards within the firm to be used for reducing the threat to
independence.
5 Conflicts in application of the fundamental principles
Topic highlights
The Code of Ethics gives some general guidance to professional accountants who encounter a
conflict in the application of the fundamental principles.
133
Business Assurance
5.1 Matters to consider

The resolution process should include consideration of:
 relevant facts
 ethical issues involved
 fundamental principles related to the matter in question
 established internal procedures
 alternative courses of action
5.2 Unresolved conflict

If the matter is unresolved, the member should consult with other appropriate persons within the firm.
They may wish to obtain advice from HKICPA or legal advisers.
If after exhausting all relevant possibilities, the ethical conflict remains unresolved, members should
consider withdrawing from the engagement, a specific assignment, or members to resign altogether
from the engagement.
6 Code of ethics applicable to professional accountants

in business
Section C of the Code applies to professional accountants in business.
A professional accountant in business is a professional accountant employed or engaged in
executive or non executive position.
He may be:
 a salaried employee, partner, director, owner, working for many organisations
 solely or jointly responsible for preparing and reporting financial and other information for
their employers or any persons relying on the information
 responsible for providing effective financial management and competent advice for investors,
creditors, employers or government departments
 has the responsibility to further legitimate aims of their employing organisation
 is expected to encourage an ethics-based culture and environment in an employing
organisation that emphasises the importance of ethical values; and
 shall not knowingly engage in any business, occupation, or activity that impairs or might impair
integrity, objectivity or the good reputation of the profession and as a result would be
incompatible with the fundamental principles.
6.1 Examples of threats for professional accountants in business

The following are examples of threat to compliance with the fundamental principles for a professional
accountant in business.
6.1.1 Self-interest threat

 Holding a financial interest in, or receiving a loan or guarantee from the employing
organisation
 Participation in incentive compensation arrangements offered by the employing organisation
 Inappropriate personal use of corporate assets
 Consideration of employment security; and
 Commercial pressure from outside the employing organisation.
134
6.1.2 Self-review threat

Consideration of appropriate accounting treatment for a business combination after performing the
research study that supported the acquisition decision.
6.1.3 Familiarity threat

 Where the professional accountant in business is responsible for the selection of the
employing organisation’s financial reporting when an immediate or close family member
employed by the entity makes decisions that would affect the entity’s financial reporting.
 Long association with business contracts affecting the business decisions, and
 A professional accountant in business accepts a material gift or hospitality, unless the value is
trivial and inconsequential.
6.1.4 Intimidation threat

 Threat of dismissal or replacement of the professional accountant in business or a close or
immediate family member over a disagreement about the application of an accounting
principle or the way in which financial information is to be reported, and
 The professional accountant in business with a dominant personality attempting to influence
the decision making process.
6.1.5 Advocacy threat

When achieving the legitimate goals and objectives of their employing organisations, professional
accountants in business may promote the organisation’s goals. If the statements made are neither
false not misleading, the actions would not create an advocacy threat.
6.2 Safeguards to comply with the fundamental principles for

professional accountants in business
Two types of safeguards are available:
 Safeguards created by the profession, legislation or regulation, and
 Safeguards in the working environment.
These include the following:
 The employing organisation’s systems of corporate oversight or other oversight structures
 The employing organisation’s ethics and conduct programmes
 Recruitment procedures in the employing organisation emphasising the importance of
employing highly competent staff
 Implementing strong internal controls
 Appropriate disciplinary processes
 Strong leadership to emphasise the importance of ethical behaviour and expecting employees
to act ethically at all times
 Set policies and procedures to implement and monitor quality of employee
 Update employees with any changes in policies and procedures
 Appropriate training education in implementing such policies
 Set policies and procedures to encourage each employee to communicate to senior levels
within the employing organisation; and
 Consult another professional accountant.
135
Business Assurance
6.3 Potential conflicts

A professional accountant in business is expected to support ethical and legitimate objectives
established by the employer and the employer’s established rules and procedures. Sometimes, there
might be conflict in between a professional accountant’s responsibilities to an employing organisation
and professional obligations to comply with the fundamental principles.
The professional accountant in business may be under pressure to:
 act contrary to law or regulation, technical or professional standards
 facilitate unethical or illegal earning management strategies
 lie to or intentionally mislead others such as auditors or regulators, and
 issue or be associated with a financial or non-financial report that materially misrepresents the
facts.
Safeguards available to eliminate the threat or reduce it to an acceptable level:
 Obtain advice from the employing organisation, an independent professional adviser or a
relevant professional body
 The existence of a formal dispute resolution process within the employing organisation, and
 Seek legal advice.
6.4 Preparation and reporting of information

A professional accountant in business should prepare or present financial and other information
fairly, honestly and comply with professional standards so that the information will be
understood in its context.
A professional accountant in business shall maintain information for which the professional
accountant is responsible so that the information:
 describes clearly the true nature of business transactions, assets and liabilities;
 classifies and records information in a timely and proper manner, and
 represents the facts accurately and completely in all material respects.
When a professional accountant in business is pressured to become associated with self-interest or
intimidation threats (for example, misleading information or misleading information through the
actions of others) safeguards may be put in place such as:
 consultation with superiors within the employing organisation or with a relevant professional
body.
If it is not possible to apply safeguards, the professional accountant should refuse to remain in
association with the information they consider to be unsafe. The professional accountant may also
consider resignation.
6.5 Acting with sufficient expertise

A professional accountant in business should not intentionally mislead an employer as to the
level of expertise or experience possessed and should seek appropriate advice and assistance when
required.
Circumstances when there is a threat to the performance of duties with the appropriate degree of
competence and due care are:
 insufficient time for properly performing or completing the relevant duties
 incomplete, restricted or otherwise inadequate information for performing the duties properly
 insufficient training, experience and education, and
136
 inadequate resources for the proper performance of the duties.

 Obtain additional advice and training
 Ensure sufficient time to complete duties, and
 Consult, where appropriate, superior, independent experts, regulatory and professional body.
When threats cannot be eliminated or reduced to an acceptable level, professional accountants in
business shall determine whether to refuse to perform the duties in question.
6.6 Financial interests

Professional accountants in business or their immediate or close family members may face self-
interest threats which would create a threat to objectivity.
Situations which may pose a problematic financial interest include the following:
 Holds a direct or indirect financial interest in the employing organisation and the value of
the financial interest could be directly affected by decisions made by the professional
accountant
 Eligible for a profit related bonus which could be directly affected by the professional
accountant’s decisions
 Holds directly or indirectly share options in the employing organisation which will be
converted, and
 Share options will be qualified when performance targets are met in the employing
organisation.
 Disclose all relevant interests and any future plans to trade in relevant shares, to those
charged with governance
 Set policies and procedures and an independent committee to determine the level or form of
remuneration of senior management
 Consult, where appropriate, with a superior, independent experts, regulatory and professional
bodies or, those charged with governance
 Internal and external audit procedures, and
 Up-to-date education on ethical issues and the legal restrictions and other regulations around
potential insider trading.
A professional accountant in business shall neither manipulate information nor use confidential
information for personal gain.
6.7 Inducements
Inducements would cause a self-interest threat and an intimidation threat. The professional
accountant in business or their immediate close family member may be offered, or may offer,
inducements such as gifts, hospitality or any other preferential advantages.
Receiving an offer
The self-interest threat (or confidentiality) occurs when an inducement is made in an attempt to:
 unduly influence actions or decisions
 encourage illegal or dishonest behaviour, and
 obtain confidential information.
137
Business Assurance
An intimidation threat (or breach of confidentiality) will occur when an inducement is accepted and
followed by threats to make that offer public and damage the reputation of the professional
accountant in business or his immediate family members.
There is no significant threat to compliance with the fundamental principles if the offer is made in the
normal course of business.
The inducement shall not be accepted when the threats cannot be eliminated or reduced to an
acceptable level through the application of safeguards.
Making an offer
A professional accountant in business should not offer an inducement to improperly influence the
professional judgment of a third party.
When an unethical inducement is offered from the employing organisation, the professional
accountant should follow the principles and guidance regarding ethical behaviour.
Actions to be taken when there is an inducement offered:
 Inform higher levels of management or those charged with governance
 Inform third parties of the offer – ie a professional body, and
 Advise immediate or close family members of the situation after receiving such inducements.
DEF is a company incorporated in Hong Kong. It is listed on the Hong Kong Stock Exchange. The
principal activities of the company are property investment, management and development.
Mr. Chan, DEF’s Chief Executive Officer (“CEO”), Chairman of the Board and major shareholder,
has asked Simon, FCPA and DEF’s financial controller, to falsify certain documents and accounting
records of DEF so that Mr. Chan can misappropriate $1 billion of DEF’s cash for his personal
investments. Mr. Chan promises to pay back the $1 billion to DEF in a month and indicates that he
will give Simon a very favourable assessment for Simon’s bonus and promotion evaluation for the
current year; otherwise, he will replace Simon with someone who will work better with him.
Required
Based on the information given above:
(a) Comment on the ethical issues; and (5 marks)
(b) Outline the possible actions Simon would need to take to address these ethical issues.
(5 marks)
(Total = 10 marks)
HKICPA May 2009
7 Other issues
7.1 Client acceptance

Topic highlights
Before accepting a new engagement, the professional accountant in public practice should consider
whether there is any threat to compliance with the fundamental principles, that is any potential
threats to integrity or professional behaviour, for example, entity involvement in illegal activities
138
The significance of any threats should be evaluated and safeguards should be applied to eliminate
them or reduce them to an acceptable level.
If it is not possible to reduce the threat to an acceptable level, the professional accountant in public
practice should decline the engagement.
For recurring entity engagement, acceptance decisions should be reviewed annually.
7.2 Engagement acceptance

A professional accountant must only accept engagement that he is competent to perform and
safeguards may be applied:
 Obtain appropriate understanding of the nature of the client’s business, complexity of the
operations, specific requirement of the engagement, the relevant industries and the scope of
work
 Obtain and be familiar with the relevant regulations or reporting requirement
 Assigning sufficient competent staff
 Consider the use of experts
 Consider the deadline, and
 Comply with quality control policies and procedures to provide reasonable assurance that
specific engagements are accepted only when they can be performed competently.
7.3 Changes in professional appointment

A professional accountant should determine whether there are any reasons for not accepting the
engagement. Safeguards may be applied such as the following:
 Discuss client’s affairs with existing accountant
 Enquire of the existing accountant regarding information of which the proposed accountant
needs to be aware before deciding whether to accept the engagement
 Before any initiation to contact the existing accountant, there must be client’s consent; and
 Any client’s information to be released by the existing client, must be with the client’s consent
or there must be a legal or ethical requirement for such disclosure.
7.4 Marketing professional services

The professional accountant should be honest and truthful and should not exaggerate any claims of
services offered, qualifications and experience or make disparaging references about the work of
another professional accountant.
139
Business Assurance
7.5 Custody of entity’s assets

A professional accountant should not keep, in custody, the entity’s monies or other assets unless
permitted to do so. If the professional accountant, for instance, is entrusted with money or other
assets belonging to others, the following safeguards should be applied:
 Keep it separately from personal and firm’s assets
 Only use the assets for intended purpose
 Keep proper accounting records for the assets
 Comply with laws and regulations
7.6 Integrity, objectivity and independence in insolvency

Receivership and liquidator appointment
When a material professional relationship with an entity exists, no partner in or employee of the firm
should accept appointment as receiver or as receiver and manager of that entity or liquidator of the
entity if the entity is insolvent or a trustee in bankruptcy.
A material professional relationship
Partner/employee of the firm is prohibited from appointment as receiver, manager, liquidator or
trustee if there has been a material professional relationship during the previous two years.
Material professional work
Audit work of such overall significance that a member’s objectivity in carrying out a subsequent
insolvency appointment could be or could reasonably be prejudiced.
If the company goes into liquidation the company’s rights remain vested in the company.
The auditor of a company which is in liquidation may be approached by the police for assistance
in inquiries (still need to consider confidentiality).
Audit following receivership
Where a partner in or an employee of a practice has been receiver of any of the assets of a company,
neither the practice nor any partner in or employee of the practice should accept appointment as
auditor of the company, or of any company which was under the control of the receiver, for any
accounting period during which the receiver acted or exercised control.
Acceptance of an insolvency appointment in relation to more than one company in a group of
companies or association may raise issues of conflict of interest.
140
Topic recap
Public interest in
accounting and auditing PROFESSIONAL ETHICS
services
• Integrity
• Objectivity
• Professional Accountant in
competence public practice
• Confidentiality
• Professional behaviour
• Self-interest Threats to
• Self-review fundamental Safeguards
• Management principles
• Advocacy
• Familiarity
• Intimidation
Specific examples
Accountant in public Accountant in business

practice
• Independence → examples • Potential conflicts

• Confidentially → duty of • Preparation of information
confidence but exceptions • Sufficient expertise
• Conflicts of interest • Financial interest
• Client acceptance • Inducements
• Changes in professional
appointment
141
Business Assurance
Answer 1
(a) In accordance with Code of Ethics the relevant threats to independence in this case relating to
acceptance of a loan are: self-interest threat and familiarity threat.
The self-interest threat occurs when a firm or a member of the assurance team could benefit
from a financial interest in, or other self-interest conflict with, an assurance client, such as a
loan or guarantee to or from an assurance client or any of its directors or officers.
The familiarity threat occurs when, by virtue of a close relationship with an assurance client,
its directors, officers or employees, a firm or a member of the assurance team becomes too
sympathetic to the client’s interests, such as by acceptance of gifts or hospitality, unless the
value is clearly insignificant, from the assurance client, its directors, officers or employees.
The revised Code requires that if a member of the assurance team or his/her immediate family
member has a material indirect financial interest in the assurance client, the self-interest threat
created would be so significant that the only safeguards available to eliminate the threat or
reduce it to an acceptable level would be:
 disposal of the indirect financial interest in total;
 disposal of a sufficient amount of it so that the remaining interest is no longer material
prior to the individual becoming a member of the assurance team; or
 removal of the member of the assurance team from the assurance engagement.
Similarly, there would be no problem if the client, whose normal course of business was to
lend, lent to audit staff members on normal commercial terms. However, the offer is a benefit
to audit and other firm staff, as the interest rate would be significantly below the market rate.
This puts it within the context of the guidelines on gifts and hospitality, because, although
strictly, it is neither, it is a benefit to staff.
Regarding gifts and hospitality, Audit staff members are entitled to accept gifts or hospitality of
trivial or inconsequential value. Clearly, what is considered trivial will vary from person to
person according to his circumstances.
However, it is important to note at this point, that, whatever the circumstances of individuals
are, the firm should decide on a rule that applies to all staff, and should not create a situation
where some staff members are entitled to the benefit and others are not.
When considering whether a benefit is trivial, the firm must consider the materiality of the
benefit to each recipient, or, in other words, the recipient to whom it would be least trivial.
In this question, the low rate would apply to the individuals over a number of years, and
represents a significant discount, much greater than that generally available to the public.
The amount is therefore unlikely to be trivial. As such, Kwok & Co should conclude that to
accept such a benefit would represent a significant threat to the objectivity of the firm, through
its staff, in relation to the audit, and should refuse the offer.
Regarding accepting loans, the audit firm could accept a loan from a client whose normal
course of business is lending on normal commercial terms. In such circumstance, it might be
wise for the audit firm to consider the need to put additional safeguards in place.
142
(b) The audit partner should consider the following issues:

First, as an employer, he should consider whether Kwok & Co wants to retain the benefit of
the training costs they have incurred to date in respect of the trainee and try to encourage the
audit assistant to stay.
Second, in terms of audit objectivity and independence, the partner should consider
whether he should take any steps in relation to the audit of Kowloon Bank should the trainee
work there. The partner should consider:
 the seniority of the engagement team member;
 the nature of the role he would take up at Kowloon Bank; and
 the need to amend the audit plan and approach for future audits.
As the audit assistant was only a junior member of the engagement team, it is unlikely that the
audit partner would need to take any steps. However, if the audit assistant is moving to the
bank’s finance department, rather than the general business, the audit partner may decide to
review the approach as a precaution, particularly if the audit assistant has seen the upcoming
audit plan and strategy.
Answer 2
(a) Section 290 of the Code of Ethics provides specific guidance on independence requirements
for audit and review engagements. Independence requires independence of mind and
independence in appearance.
Independence of mind is the state of mind that permits the expression of an opinion without
being affected by influences that compromise professional judgment, allowing an individual to
act with integrity, and exercise objectivity and professional scepticism.
Independence in appearance is the avoidance of facts and circumstances that are so
significant that a reasonable and informed third party, would be likely to conclude, weighing all
specific facts and circumstances, that a firm’s or a member of the engagement team’s integrity,
objectivity or professional scepticism have been compromised.
The provision of non-assurance services to assurance clients may create threats to the
independence of the firm, particularly with respect to perceived threats to independence
(independence in appearance).
Consequently, it is necessary to evaluate the significance of any threat created by the
provision of such services.
In some cases, it may be possible to eliminate or reduce the threat created by the application
of safeguards. In other cases no safeguards are available to reduce the threat to an
acceptable level.
(b) A valuation comprises the making of assumptions with regard to future developments, the
application of certain methodologies and techniques, and the combination of both in order to
compute a certain value for an asset.
A self-review threat may be created if Yu & Yu performs a valuation for the assets of La’Monsa
that are to be incorporated into the financial statements for the year ended
31 December 20X6.
If the valuation service involves the valuation of matters material to the financial statements
and the valuation involves a significant degree of subjectivity, the self review threat could not
be reduced to an acceptable level by the application of any safeguard. Accordingly, such
valuation services should be not provided; alternatively, the only course of action would be to
withdraw from the financial statement audit engagement.
If the brand and the machinery and equipment are material, Yu & Yu cannot accept the
engagement to provide valuation services unless they withdraw from the financial statement
audit engagement.
143
Business Assurance
It is not easy to quote a market price for the brand. The valuation may involve a significant
degree of subjectivity in the assumptions regarding future developments of the business after
merger with another company. It is not advisable to accept the valuation of the brand for
La’Monsa.
If the services are neither material to the financial statements nor involving a significant degree
of subjectivity, the self-review threat could be reduced to an acceptable level by the application
of safeguards.
The net realisable value of plant and machinery can be quoted from the market. If the value of
the machinery and equipment is not material, and net realisable value rather than value in use
(which entails a significant degree of subjectivity in the assumptions regarding future
developments of the business after merger with another company) is adopted in the valuation,
Yu & Yu could reduce the self-review threat by applying the following safeguards:
 Involving an additional professional accountant who was not a member of the
assurance team to review the work done or otherwise advise as necessary;
 Obtaining La’Monsa’s acknowledgement of responsibility for the results of the work
performed by Yu & Yu; and
 Making arrangements so that personnel providing such services do not participate in the
audit engagement.
Answer 3
Management has decided not to recall any products and this indicates problems with management
integrity. The defects in the products have potential effects on Johnco’s customers. It would still be
ethically appropriate to announce the problem, allowing customers to return potentially harmful
products. There might be still inventories that are defected in Johnco’s warehouses, waiting to be
sold. Professional accountants should try to explain to management the reasons why they should
disclose and should convince management that this is the way to proceed.
If management still refuse to make a disclosure, the professional accountants should consider their
obligatory duty of confidentiality. The HKICPA’s Code of Ethics recognises that information
discovered while performing a professional engagement must not be disclosed without the entity’s
consent unless there is a legal or professional right or duty to disclose.
In deciding whether to disclose in the public interest, the professional accountants should consider
the reasons for the entity’s unwillingness to disclose, the materiality of the matter ie the probability of
harm being caused to the customers, and the relevant laws and regulations being breached.
The professional accountants could consider the option of resigning from the audit. The firm could
inform audit committee or board of directors the reason for the resignation, including details of the
faulty products, disagreements with the management and the lack of management integrity.
Finally, the lack of management integrity also affects on the nature, extent and timeliness of audit
procedures that are currently being planned. Any defective inventory still held by Johnco should be
written off as obsolete goods, and provisions may be necessary for refunds of returned products or
future claims by customers. The financial statements may need to contain disclosures relating to
contingent liabilities, or provisions may need to be recognised in respect of damages claimed by
customers in the event of any injuries occurring and legal action being taken against Johnco.
144
Answer 4
(a) Washington – ethical issues
In accordance with the Code of Ethics, MKJ & Co should consider ethical issues in its entity
acceptance procedures. In considering accepting Washington as its client entity, MKJ & Co
should consider any relevant threats to independence which may impair the firm’s objectivity
and independence.
Self-interest threat
There are no details mentioned regarding the fee income obtained from Washington.
However, as Washington will soon list, MKJ should ensure no more than 10%of its recurring
practice income (assuming advisory work, taxation and consultancy work to be performed
annually) should be derived from Washington. Obtaining over 10% could indicate undue
dependence on an entity and objectivity would be likely to be impaired resulting in a self-
interest threat.
MKJ & Co should review its proposed fee and should consider whether it should limit other
services so that independence is not impaired. An annual review would be required on
Washington if the fee is close to 10% of its total fee.
Self-review threat
A self review threat may be created when MKJ & Co provides advisory work and consultancy
work for Washington, especially when the works are on financial accounting.
Familiarity threat
The familiarity threat may occur when there exists a close relationship with an entity, its
directors, officers or employees; a firm or a member of the assurance team becomes too
sympathetic to the entity’s interest.
In accordance with the facts, Mr. Otto, Washington’s Financial Controller is an old friend of
one of the senior partners, Mr. Man. The firm should consider whether a different partner
should take the lead on Washington’s work.
Conflict of interest
Within MKJ & Co’s portfolio, there is an entity who is also a competitor of Washington. There
is nothing improper in a firm having two or more entities whose interests are in dispute, as
long as the work the firm does is not the subject of the dispute.
In this case, MKJ & Co’s work should be managed so as to avoid the interests of one entity
adversely affecting the other. The firm should review its relationship with prospective entity ie
Washington and the rival entity before accepting/continuing the engagement. If a material
conflict of interest is identified, the firm should disclose sufficient information to entities so that
they can make an informed decision as to whether to continue with the firm.
Advocacy threat
Since Washington is about to list, if MKJ & Co agrees to attend the cocktail party, there may
be threats to independence through an advocacy threat. This occurs when the firm may be
perceived to be a promoter of shares in Washington, as the prospectus is being distributed
during the party. The firm should consider how likely this perception is, for example, whether
their name appears on the prospectus or the party invitation. In addition, they should consider
whether hospitality at an “extravagant cocktail party” is “clearly insignificant”.
145
Business Assurance
(b) Safeguards
Self-interest threat – fee
MKJ & Co should start monitoring when the fee is approaching 10% of its total fee of the firm.
If there is undue dependence on Washington, MKJ should be selective of the engagements.
MKJ & Co should install appropriate safeguards especially the firm should not act in the
management role, making managerial decisions. The rule should be strictly complied with as
Washington will be listed in next financial year.
Familiarity threat
A familiarity threat may have been created. Mr. Man should not be assigned as the
engagement partner on the audit.
One of the audit seniors has become an employee of Washington, however since the
employee is to become Human Resources Manager, there is very little direct and significant
influence over the financial accounting aspect. MKJ & Co may instruct the partner in charge to
modify the audit plan normally used as a safeguard, but this appears to be an insignificant risk.
Conflicts of interest
Some of the most common safeguards to manage this conflict of interest would be using
different engagement teams to handle Washington’s work and its rival’s work. The firm should
have standing instructions to prevent the leakage of confidential information or prevent access
to information.
Advocacy threat
MKJ & Co should not participate in any activities relating to the promotion of the shares of
Washington and should make clear to Washington’s management that they cannot be
perceived to.
146
Answer 5
(a) Ethical issues
Since Simon is a salaried employee of DEF, Simon is a professional accountant in business
and is required to comply with the Code of Ethics for Professional Accountants.
A professional accountant in business should prepare or present financial and other
information fairly, honestly and in accordance with relevant professional standards.
Financial and non-financial information should be maintained in a manner that describes
clearly the true nature of business transactions, assets or liabilities and classifies and records
entries in a timely and proper manner.
Self-interest or intimidation threats may occur where a professional accountant in business
may be pressured (either externally or by the possibility of personal gain) to become
associated with misleading information or to become associated with misleading information
through the actions of others.
In this case, Mr. Chan’s request for Simon to falsify certain documents and accounting records
of DEF in return for a favourable assessment for Simon’s bonus and promotion evaluation for
the current year represents a self-interest threat.
Also, Mr. Chan’s threat to replace Simon if Simon does not accede to the request represents
an intimidation threat.
(b) Actions to be taken
Since Mr. Chan is the CEO and major shareholder of DEF, it is inappropriate to report the
fraud or suspected fraud to other senior management who are actually Mr. Chan’s
subordinates.
As Mr. Chan is also the Chairman of the board of directors, reporting the matter to the
Chairman of the board of directors might not be desirable for Simon either.
DEF is a listed company and all listed companies in Hong Kong are required to establish an
audit committee, of which the Chairman should be an independent non-executive director.
Simon should thus report the matter to the Chairman of the audit committee.
As a last resort, Simon may consider making a report to an appropriate external authority such
as the police or the ICAC in line with the ethical guidance on the duty of confidentiality.
When in doubt, Simon is recommended to seek legal advice.
Simon should be aware that he himself commits a criminal offence if he helps Mr. Chan in the
planning or execution of his plan to misappropriate DEF’s $1 billion cash.
Simon should also be aware that he may incur civil liability to third parties if he is involved in
Mr. Chan’s unlawful conduct by assisting him in the planning or execution of the unlawful
conduct.
147
Business Assurance
Exam practice
DEL 21 minutes
Carol is a CPA working in Yvonne & Zoe CPA (“Y&Z”) as a manager in charge of the audit of Daisy
Emma Limited (“DEL”) for the year ended 30 June 20X1. DEL, which is not a public interest entity,
has recently offered Carol a part-time position as the company secretary to commence as soon as
possible.
Carol accepts DEL’s offer this week on the grounds that she will only be required to carry out routine
administrative services to support the corporate secretarial function and to make decisions in respect
of corporate secretarial matters at the annual general meeting. In addition, Carol considers that
Y&Z’s audit report on DEL’s financial statements will be signed by her audit partner, and Carol is not
an audit partner at Y&Z.
Having been formally appointed as DEL’s company secretary this week, Carol thinks she ought to
discuss the matter with Yvonne (who is Y&Z’s partner in charge of the audit of DEL) in order to
implement certain safeguards just in case of any possible conflict of interest.
Required
(a) Analyse the situation of Carol in the context of the HKICPA’s ethical requirements. (8 marks)
(b) Discuss any safeguards or actions Yvonne could implement in order to reduce the threats
against the HKICPA’s ethical requirements to an acceptable level. (4 marks)
(Total = 12 marks)
HKICPA June 2012
148
chapter 5
Framework for assurance

engagements
Topic list
1 Overview of the Hong Kong Framework for 4 Reviews and other assurance engagements
Assurance Engagements 4.1 Review engagements
1.1 Hong Kong Framework for Assurance 4.2 Assurance engagements not dealing
Engagements with historical financial information
1.2 Adherence to professional standards 4.3 Investment circular reporting
and guidance engagements
2 Assurance engagements 5 Non-assurance engagements
2.1 Purposes of an assurance engagement
2.2 Elements of an assurance engagement
2.3 Assurance engagement or not?
2.4 Types of assurance engagements
2.5 Accepting and continuing appointment
3 The purpose of external audit engagements
3.1 Objective of external audit
3.2 Materiality
3.3 Professional scepticism
Learning focus
This chapter explains the basis of auditing and the distinction between audit and other review
assignments. Students are expected to know the Framework that governs these assurance
engagements.
149
Business Assurance
Learning outcomes
Competency
level
1.02 Professional standards and guidance 3
1.02.01 Explain the importance of adherence to professional standards and
guidance
1.03 Legal and regulatory framework governing the profession 3
1.03.01 Explain the regulatory framework for assurance and non-assurance
engagements in Hong Kong
1.03.02 Explain the nature and purpose of assurance and non-assurance
engagements
150
5: Framework for assurance engagements  Part C Professional standards and guidance
1 Overview of the Hong Kong Framework for Assurance

Engagements
Topic highlights
HKICPA has adopted the Clarity standards issued by IAASB.
The Hong Kong Institute of CPAs (HKICPA) is pursuing a policy of achieving convergence with
International Standards issued by the International Auditing and Assurance Standards Board
(IAASB). Hong Kong Clarified Pronouncements on Auditing are issued in response to the IAASB's
Clarity Project to improve the understandability of auditing standards.
The following table shows the list of Hong Kong Standards on Quality Control, Auditing, Assurance
and Related Services in issue at 31 May 2013:
Hong Kong Standards on Auditing

Preface
Preface (Revised) Preface to Hong Kong Standards on Quality Control, Auditing, Review,
Other Assurance and Related Services
Glossary
Glossary (Clarified) Glossary of Terms Relating to Hong Kong Standards on Quality Control,
Auditing, Review, Other Assurance and Related Services
Hong Kong Standards on Quality Control (HKSQCs)
HKSQC 1 (Clarified) Quality Control for Firms that Perform Audits and Reviews of Financial
Statements, and Other Assurance and Related Services Engagements
Hong Kong Framework for Assurance Engagements
Framework Hong Kong Framework for Assurance Engagements
Hong Kong Standards on Auditing (HKSAs)
HKSA 200 (Clarified) Overall Objectives of the Independent Auditor and the Conduct of an
Audit in Accordance with Hong Kong Standards on Auditing
HKSA 210 (Clarified) Agreeing The Terms of Audit Engagements
HKSA 220 (Clarified) Quality Control for an Audit of Financial Statements
HKSA 230 (Clarified) Audit Documentation
HKSA 240 (Clarified) The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
Statements
HKSA 250 (Clarified) Consideration of Laws and Regulations in an Audit of Financial
Statements
HKSA 260 (Clarified) Communication with Those Charged with Governance
HKSA 265 (Clarified) Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management
HKSA 300 (Clarified) Planning an Audit of Financial Statements
HKSA 315 (Revised) Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment
HKSA 320 (Clarified) Materiality in Planning and Performing an Audit
HKSA 330 (Clarified) The Auditor's Responses to Assessed Risks
HKSA 402 (Clarified) Audit Considerations Relating to an Entity Using a Service Organisation
151
Business Assurance

HKSA 450 (Clarified) Evaluation of Misstatements Identified during the Audit
HKSA 500 (Clarified) Audit Evidence
HKSA 501 (Clarified) Audit Evidence – Specific Considerations for Selected items
HKSA 505 (Clarified) External Confirmation
HKSA 510 (Clarified) Initial Audit Engagements – Opening Balances
HKSA 520 (Clarified) Analytical Procedures
HKSA 530 (Clarified) Audit Sampling
HKSA 540 (Clarified) Auditing Accounting Estimates, including Fair Value Accounting Estimates
and Related Disclosures
HKSA 550 (Clarified) Related Parties
HKSA 560 (Clarified) Subsequent Events
HKSA 570 (Clarified) Going Concern
HKSA 580 (Clarified) Written Representations
HKSA 600 (Clarified) Special Considerations – Audits of Group Financial Statements (Including
the Work of Component Auditors)
HKSA 610 (Revised) Using the Work of Internal Auditors
HKSA 620 (Clarified) Using the Work of an Auditor's Expert
HKSA 700 (Clarified) Forming an Opinion and Reporting on Financial Statements
HKAS 705 (Clarified) Modifications to the Opinion in the Independent Auditor's Report
HKSA 706 (Clarified) Emphasis of Matter Paragraphs and Other Matter Paragraphs in the
Independent Auditor's Report
HKSA 710 (Clarified) Comparative Information – Corresponding Figures and Comparative
Financial Statements
HKSA 720 (Clarified) The Auditor's Responsibilities Relating to Other Information in Documents
Containing Audited Financial Statements
HKSA 800 (Clarified) Special Considerations – Audit of Financial Statements Prepared in
Accordance with Special Purpose Framework
HKSA 805 (Clarified) Special Consideration – Audits of Single Financial Statements and
Specific Elements, Accounts or Items of a Financial Statement
HKSA 810 (Clarified) Engagements to Report on Summary Financial Statements
Hong Kong Standards on Review Engagements (HKSREs)
HKSRE 2400 (Revised) Engagements to Review Historical Financial Statements
HKSRE 2410 Review of Interim Financial Information Performed by the Independent
Auditor of the Entity
Hong Kong Standards on Assurance Engagements (HKSAEs)
HKSAE 3000 Assurance Engagements Other than Audits or Reviews of Historical
Financial Information
HKSAE 3402 Assurance Report on Controls at a Service Organisation
HKSAE 3410 Assurance Engagements on Greenhouse Gas Statements
HKSAE 3420 Assurance Engagements to Report on the Compilation of Pro Forma
Financial Information Included in a Prospectus
152

Hong Kong Standards on Related Services (HKSRSs)
HKSRS 4400 Engagements to Perform Agreed-Upon Procedures Regarding Financial
Information
HKSRS 4410 (Revised) Compilation Engagements
Hong Kong Standards on Investment Circular Reporting Engagements (HKSIRs)
HKSIR 300 Accountants' Reports on Pro Forma Financial Information in Investment
Circulars
HKSIR 400 Comfort Letters and Due Diligence Meetings on Financial and Non-
Financial Information
These standards will be referred to later in this Learning Pack when detailed auditing issues are
introduced.
1.1 Hong Kong Framework for Assurance Engagements

The Hong Kong Framework for Assurance Engagements (“the Framework”) defines and describes
the elements and objectives of an assurance engagement. The Framework provides a frame of
reference for professional accountants in public practice when performing assurance
engagements.
Professional accountants are governed by the Code of Ethics and HKSQCs.
1.2 Adherence to professional standards and guidance

It is important for professional accountants to adhere to professional standards and guidance such
as the Code of Ethics (“the Code”), the Hong Kong Standards on Auditing (“HKSAs”) or the Hong
Kong Standards of Quality Control (“HKSQC1”) as professional accountants are seen to serve in
the public interest.
HKICPA is the statutory licensing body of CPAs in Hong Kong. It is recognised globally and is in a
position to strengthen the accountancy profession and to contribute to the development of strong
international economies by establishing and promoting adherence to high-quality professional
standards, furthering the international convergence of such standards and speaking out on public
interest issues where the profession’s expertise is most relevant.
Professional accountants are obliged to adhere to these values, which are reflected in the Code of
Ethics. By complying with professional standards, professional accountants contribute to the
efficient functioning of the economy by:
 improving confidence in the quality and reliability of financial reporting;
 encouraging the provision of high quality performance information (financial and non-
financial) within entities;
 promoting the provision of high quality services by all members of the accountancy
profession; and
 promoting the importance of adherence to the Code by all members of the accountancy
profession, including members in industry, commerce, the public sector, the not-for-profit
sector, academia, and public practice.
153
Business Assurance
2 Assurance engagements
Topic highlights
Assurance engagements may give reasonable assurance or limited assurance.
2.1 Purposes of an assurance engagement

The purposes of an assurance engagement can be defined as to:
(a) express a conclusion that provides an intended user with a level of assurance about the
subject matter
(b) enhance credibility of information about a subject matter by evaluating whether the subject
matter conforms in all material aspects with suitable criteria
(c) improve likelihood that information will meet the needs of an intended user
2.2 Elements of an assurance engagement

HK Framework
for Assurance
The definition of an assurance engagement is set out in the key term below. You should be familiar
Engagements.7 with it.
Key term
An assurance engagement is an engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria.
The outcome of the evaluation or measurement of a subject matter is the information that results
from applying the criteria to the subject matter.
2.3 Assurance engagement or not?

2.3.1 A three party relationship
An assurance engagement must involve a three party relationship and they are: practitioner,
responsible party and intended users. For example, in an audit, it involves:
INTENDED USERS
Shareholders
PRACTITIONER RESPONSIBLE PARTY

Auditor Board of Directors
Auditors (the practitioners) provide assurance to intended users (shareholders) about a subject
matter (the financial statements) that is the responsibility of a responsible party (the board of
directors).
The intended user is the person for whom the auditors prepare a report for a specific use or
purpose – usually the shareholders and others users that can be established by law.
154
The “responsible party” is the person (or persons) who is responsible for the subject matter (in a
direct reporting engagement) or subject matter information of the assurance engagement.
(Refer also to B Kwok in his book, Financial Analysis in Hong Kong, for the tripartite relationship of
audit.)
2.3.2 Subject matter

Subject matter should be:
 identified
 located in a point in time or covering a period of time
 in the form of either data, systems and processes or behaviour
 in respect of financial or non-financial performance, systems or behaviour
2.3.3 Suitable criteria
Criteria should have the following characteristics:
(a) Relevance: relevant criteria contribute to conclusions that assist decision-making by the
intended users.
(b) Completeness: criteria are sufficiently complete when relevant factors that could affect the
conclusions in the context of the engagement circumstances are not omitted. Complete
criteria include, where relevant, benchmarks for presentation and disclosure.
(c) Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the
subject matter including, where relevant, presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners.
(d) Neutrality: neutral criteria contribute to conclusions that are free from bias.
(e) Understandability: understandable criteria contribute to conclusions that are clear,
comprehensive, and not subject to significantly different interpretations.
2.3.4 Sufficient appropriate evidence

The practitioner plans and performs an assurance engagement with professional scepticism in
order to obtain sufficient appropriate evidence about whether the subject matter is free from
material misstatements. The practitioner considers materiality, assurance engagement risk, and the
quantity and quality of available evidence when planning and performing the engagement, in
particular when determining the nature, timing and extent of evidence gathering procedures.
'Sufficiency' is about the quantity of evidence.
'Appropriate' is about quality of evidence (relevance and reliability).
2.3.5 Written assurance report

An assertion-based engagement is the evaluation of the subject matter in the form of assertions
made by the responsible party.
In the context of a direct reporting engagement, this is where the reporting party expresses a
conclusion on the subject matter based on suitable criteria, regardless of whether the responsible
party has made a written assertion on the subject matter, for example, a report on the effectiveness
of internal control process.
2.3.6 Assurance engagement risk

This risk is defined as “risk that the practitioner expresses an inappropriate conclusion when the
subject matter information is materially misstated”.
The components of assurance engagement risk are:
Inherent Risk + Control Risk + Detection Risk
Inherent risk: the susceptibility of the subject matter information to a material misstatement,
assuming that there are no related controls.
155
Business Assurance
Control risk: the risk that a material misstatement that could occur will not be prevented, or
detected and corrected, on a timely basis by related internal controls. When control risk is relevant
to the subject matter, some control risk will always exist because of the inherent limitations of the
design and operation of internal control.
Detection risk: the risk that the practitioner will not detect a material misstatement that exists.
We shall look at the above risks in more detail in Chapter 8.
2.4 Types of assurance engagements
Topic highlights
HKSAE 3000 Assurance Engagements other than Audits or Reviews of Historical Financial
Information refers to two types of engagement: “reasonable assurance engagement” and “limited
HKSAE assurance engagement”. Remember that absolute assurance can never be given on an assurance
3000.2
engagement due to the inherent limitations of such engagements.
“Assurance” here means the professional accountants' satisfaction as to the reliability of the
assertion made by one party for use by another party.
2.4.1 Reasonable level of assurance

Reasonable assurance is accumulating evidence for the practitioner to conclude in relation to the
subject matter information taken as a whole.
Key term
Reasonable assurance in the context of an audit of financial statements is a high, but not an
absolute, level of assurance.
HKSA Professional accountants have gained sufficient appropriate evidence to conclude the subject
200.13m
matter conforms in all material aspects with identified suitable criteria. Professional accountants
should design the engagement so that the risk of expressing an inappropriate conclusion that
the subject to reduce risk of inappropriate conclusion respects with suitable criteria is reduced to an
acceptably low level. Reasonable assurance relates to the whole audit process.
For example, an audit provides a reasonable assurance level but not absolute assurance and the
report contains a positive assurance on assertions for example, “the financial statements give a
true and fair view of …”.
2.4.2 Limited level of assurance

Professional accountants should gain sufficient appropriate evidence to be satisfied that subject
matter is plausible in the circumstances. Auditors should design the engagement so that the risk of
expressing an inappropriate conclusion that the subject to reduce risk of inappropriate
conclusion respects with suitable criteria is reduced to limited level.
For example: A review provides limited assurance that the information subject to review is free of
material misstatement. The review is expressed in the form of negative assurance (HKSRE 2400
(Revised)).
Negative assurance is defined as “The professional accountant gives an assurance that nothing
has come to his attention which indicates that the financial statements have not been prepared
according to the framework.” (For example: “nothing has come to our attention which causes us to
be believe that the financial statements are not true and fair…”). Normal procedures would be
limited to analytical procedures and enquiries.
156
2.4.3 No level of assurance

Here, the professional accountant is giving no assurance at all for the engagement.
(a) Agreed-upon procedures (HKSRS 4400) – the professional accountant and the entity
determine the procedures to be performed and professional accountants will provide a report
of factual findings as a result of undertaking those procedures.
(b) Compilation (HKSRS 4410 (Revised)) of financial or other information – professional
accountants use their accounting expertise to collect, classify and summarise financial
information, users of the compiled information will gain some benefits because professional
accountants carry out their work with professional competence and due care.
(c) Preparation of tax returns.
(d) Management consulting and advisory services.
2.5 Accepting and continuing appointment

Topic highlights
Assurance engagements should only be accepted if the firm meets the requirements of the Code of
Ethics for Professional Accountants and HKSQC 1 (Clarified).
The standard requires that practitioners ensure they comply with the Code of Ethics for
Professional Accountants and the Quality Control Standard (HKSQC 1 (Clarified)) with regard to
the assignment.
3 The purpose of external audit engagements

Topic highlights
An external audit is a type of assurance engagement that is carried out by a professional
accountant to give an independent opinion on a set of financial statements.
3.1 Objective of external audit

3.1.1 HKSA 200 (Clarified)
HKSA 200.11 The objectives of external audit are laid out in HKSA 200 (Clarified) Overall Objectives of the
Independent Auditor and the Conduct of an Audit in Accordance with Hong Kong Standards on
Auditing.
Key term
The objectives of an audit are:
(a) to obtain reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error, thereby enabling the
auditor to express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting framework: and
(b) to report on the financial statements, and communicate as required by HKSAs, in
accordance with the auditor’s findings.
An audit of financial statements is an example of an assurance engagement.
157
Business Assurance
3.1.2 Statutory audit

Professional accountants will provide a reasonable level of assurance to the “user”, after
examination of a certain subject matter required by the entity. The most common example of an
audit is where an independent professional accountant is engaged by the board of directors of an
entity to examine the financial statements of the entity and issue an audit opinion to the
shareholders (“the users”) of the entity in accordance with Hong Kong Companies Ordinance
(Comp Ord) and the Hong Kong Auditing Standards. This is known as the statutory audit.
In Hong Kong, an audit of financial statements is mandatory for all entities incorporated under the
Hong Kong Companies Ordinance. The professional accountant is required to state in his report
as to whether the financial statements have been properly prepared in accordance with the
provisions of the Companies Ordinance and give a true and fair view (S 141 Comp Ord).
HKSA 200 (Clarified) sets out the following principles for an audit. The firm must:
(a) comply with ethical requirements
(b) conduct the audit in accordance with HKSAs and determine the audit procedures
(c) exercise professional judgment in planning and performing an audit of financial statements
(d) obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level
that is consistent with the objective
(e) plan and perform the audit with an attitude of professional scepticism
(f) not represent compliance with HKSAs unless it has really complied fully
The statutory audit can bring various advantages to the entity and shareholders. The key benefit to
shareholders is the impartial view provided by the professional accountants. However, the entity
also benefits from professional accountants reviewing the financial statements and system as part
of the audit. Advantages might include recommendations being made in relation to accounting and
control systems and the possibility that professional accountants might detect fraud and error. An
auditor's report attached to the financial statements will add credibility to the financial statements
and users will rely on the information they provide to make decisions. Audited financial statements
will invite greater reliance to be placed on them by the users.
3.1.3 Audit process

The following are the key steps of the audit process:
Step 1 Determine audit approach as required by legislation and auditing standards.
Step 2 Ascertain the accounting system and internal controls by fact finding and
recording the system in operation.
Step 3 Assess the accounting system and internal controls on their reliability and
effectiveness in practice.
Step 4 Test the accounting system and internal controls by performing tests of controls.
Step 5 Test the financial statements by carrying out substantive testing.
Step 6 Review the financial statements to determine the overall reliability of the financial
statements.
Step 7 Express an opinion in the form of an audit report.
158
3.1.4 Limitations of auditing

Audits only give reasonable assurance that the financial statements are free from material
misstatements.
The diagram below illustrates the limitations of auditing:
Audit evidence sometimes is
only probable and not certain:
Professional judgments
have to be made: • Judgment; and
• Audit option • Estimates
Audit report is issued a long time
• What to test? after the date of the statement of
• Risk assessment financial position:
• How much to test? • Up to date position is not
enhanced
Only selected items in the LIMITATIONS OF Audit report has inherent

financial statements are AUDITING limitation:
tested: • Standard format
• What to sample?
• Sampling risk
Limitations in accounting and control

systems:
• Non-routine transactions
• Human error
• Collusion and fraud
• Trade-off of cost and benefit
• Override of controls
3.1.5 True and fair
Where the professional accountant expresses an opinion on whether the financial statements are
presented fairly, in all material respects, or give a true and fair view, misstatements also include
those adjustments of amounts, classifications, presentation, or disclosures that, in the firm's
judgment, are necessary for the financial statements to be presented fairly, in all material respects,
or to give a true and fair view.
Key terms
True: Information is factual and conforms with reality. In addition, the information conforms with
required standards and law. The financial statements have been correctly extracted from the books
and records.
Fair: Information is free from discrimination and bias and in compliance with expected standards
and rules. The financial statements should reflect the commercial substance of the entity's
underlying transactions.
The professional accountant's task is to decide whether the financial statements show a true and
fair view. Professional accountants are not responsible for establishing whether the financial
statements are correct in every particular detail. This is because it can take a great deal of time and
trouble to check the accuracy of even a very small transaction and the resulting benefit may not
justify the effort. Also financial accounting inevitably involves a degree of estimation which means
that financial statements can never be completely precise.
159
Business Assurance
3.2 Materiality
HKSA 200.6 Materiality is an expression of the relative significance or importance of a particular matter in the
financial statements as a whole.
Any matter is material if its omission or misstatements would reasonably influence the economic
decisions of users. Materiality has both quantitative and qualitative aspects. A misstatement can be
quantitatively immaterial but qualitatively material eg omission of disclosure of major litigation.
The materiality level is determined at the planning stage to ensure any material misstatement in
the financial statements can be discovered. The materiality level must be considered by the auditor
in order to determine the nature, extent and timing of audit procedures and to evaluate the effect of
misstatements discovered.
Some useful guidelines for measuring the materiality level are given below:
 10% of pre-tax profits (normal criteria and applicable to most entities)
 5% of gross profits (applicable to trading entities)
 0.5–1% of revenue
 0.5–1% of total assets (applicable to asset holding companies)
Other factors should be considered.
The assurance given by the auditor is governed by the fact that the auditor uses judgment in
deciding what audit procedures to use and what conclusions to draw, and also by the limitations
of every audit.
3.3 Professional scepticism
Key term
Professional scepticism is an attitude that includes a questioning mind, being alert to conditions
HKSA 200.15 which may indicate possible misstatement due to error or fraud, and a critical assessment of audit
evidence.
Auditors should never assume the management is dishonest but should approach the audit with a
questioning mind and a critical assessment of audit evidence, being alert to conditions which may
indicate possible misstatement due to error or fraud. The professional accountant should adopt the
following behaviours:
 Plan and perform an audit with an attitude of professional scepticism
 Be aware when audit evidence contradicts other audit evidence obtained
 Raise awareness to audit evidence that casts doubt on the reliability of documents or
management representations
 Be cautious for any suspicious and unusual circumstances that may increase the risks of
misstatement of financial statements
 Avoid using unrealistic assumptions in designing audit procedures or evaluating audit
evidence
 Consider the reasonableness of responses
 Consider conditions that may indicate possible fraud
160
4 Reviews and other assurance engagements

Topic highlights
Assurance services include a range of assignments, from external audits to review
engagements.
4.1 Review engagements

As discussed earlier in this chapter, an audit can be used to give assurance to a variety of
stakeholders on many issues. However, an audit is an exercise designed to give a high level of
assurance and involves a high degree of testing and it is therefore costly. In some cases,
stakeholders may find that they receive sufficient assurance about an issue from a less detailed
engagement, for example, a review. A review can provide a cost-efficient alternative to an audit
where an audit is not required by law.
Key term
The objective of a review engagement is to obtain limited assurance, primarily by performing
HKSRE inquiry and analytical procedures, about whether the financial statements as a whole are free from
2400.14 material misstatement, thereby enabling the practitioner to express a conclusion on whether
anything has come to the practitioner’s attention that causes the practitioner to believe the financial
statements are not prepared, in all material respects, in accordance with an applicable financial
reporting framework.
The Preface to Hong Kong Quality Control, Auditing, Review, Other Assurance and Related
Services Pronouncements (The Preface) requires that HKSREs are to be applied in the reviews of
historical financial information. HKSRE 2400 (Revised) Engagement to Review Historical Financial
Statements should be applied when a professional accountant, other than the auditor of an entity,
undertakes an engagement to review historical financial statements. When an auditor of the
reporting entity undertakes the engagement to review financial statements, the auditor should apply
HKSRE 2410 Review of Interim Financial Information Performed by the Independent Auditor of the
Entity.
The major outcome for recipients of a review engagement is that the level of assurance they gain
from it is not as high as from an audit, although the procedures carried out in a review engagement
are similar to an audit. We discuss review reports in more detail in Chapter 19.
4.2 Assurance engagements not dealing with historical financial

information
It is HKSAE 3000 Assurance Engagements other than Audits or Reviews of Historical Financial
Information that governs the assurance engagement other than audit and review of historical
financial information. Examples of engagements under HKSAE 3000 are compliance engagements
and performance audits. Further details will be covered in Chapter 19.
4.3 Investment circular reporting engagements

The Preface requires that HKSIRs are to be applied in investment circular reporting engagements.
Under HKSIR 300 Accountants' Reports on Pro Forma Financial Information in Investment
Circulars, reporting accountants should include in the accountants' report a clear expression of
opinion on the pro forma financial information. HKSIR 400 Comfort Letters and Due Diligence
Meetings on Financial and Non-financial Information, has recently been revised. Further details will
be covered in Chapter 19.
161
Business Assurance
5 Non-assurance engagements
Topic highlights
No assurance is given for compilation or agreed-upon procedures engagements.
HKSRS 4400 Engagements to Perform Agreed-Upon Procedures Regarding Financial Information

applies to an agreed-upon procedures engagement where the professional accountant is to carry
out procedures of an audit nature, which the professional accountant, the entity and any
appropriate third parties have agreed and to report on factual findings.
HKSRS 4410 (Revised) Compilation Engagements governs a compilation engagement where it is
for the professional accountant to use his accounting expertise to collect, classify and summarise
financial information.
No assurance is expressed for the above engagements.
You are an audit senior of a CPA firm, Zeta & Partners (“Z&P”). Your manager has referred several
cases to you to follow up. You find that the situations are quite different from the audits you
normally perform and they are as follows:
(a) The Dutch holding company of A Limited (“A”) requires all of its subsidiaries to prepare
special six-month interim financial statements. However, A has insufficient accounting
resources to prepare the financial statements and requests Z&P to perform it for them.
(b) B Limited (“B”) is listed on the Stock Exchange of Hong Kong. Members of the audit
committee have resigned early in the financial year and have not been replaced yet. The
remaining members are not comfortable to review the interim report on their own. The audit
committee requests your firm to perform a review on the interim report.
(c) The firm of the Japanese holding company of C Limited (“C”), which is a private company
incorporated in Hong Kong, engaged in trading electronic components, send referral
instructions to Z&P and request Z&P to perform a review on the interim consolidation
package. In the referral instructions, the referring professional accountant requires Z&P to
perform the review in accordance with HKSRE 2410 Review of Interim Financial Information
Performed by the Independent Auditor of the Entity.
(d) D Limited (“D”) is a retail company. In accordance with the tenancy agreement, D should pay
the landlord a rent contingent on D's monthly sales revenue, evidenced by a sales certificate
verified by D's professional accountants. Z&P is asked by D to verify and to issue such a
sales certificate.
(e) The New York Office of Z&P has sent referral instructions to Z&P to attend an inventory
count on E Limited (“E”). E was incorporated in the United States and it has a liaison office
and a warehouse in Hong Kong. Significant amount of inventory is kept in the warehouse.
Therefore, it is a necessary procedure to perform the inventory count for obtaining audit
evidence. The referral instructions have included detailed procedures for the inventory count.
The fee will be allocated from the New York Office for this engagement.
Required
Explain to your audit manager the kind of services to be provided in each case. Where appropriate
state the responsible party, the intended users, subject matter information, criteria of the
engagements; and the relevant standards or other related guidance that should be followed when
Z&P performs the engagement.
162
Topic recap
ENGAGEMENT
Assurance Non-assurance
engagement engagement
True and fair

view
Reviews Audits conducted Agreed upon procedures,
and other under Hong Kong compilations
Companies Ordinance
Professional
scepticism
Limited Reasonable assurance

assurance
Negative Positive assurance Report factual findings

assurance
Moderate High level of assurance No assurance

assurance
163
Business Assurance
Answer
(a) The preparation of interim financial statements is not an assurance engagement. Z&P should
follow HKSQC 1 (Clarified) and HKSRS 4410 (Revised) Compilation Engagements. In
addition, the firm should consider imposing safeguards on the staff being engaged to
prepare the interim financial statements of the Company.
(b) A review of interim financial report is an example of a review of financial statements and a
form of limited/negative assurance engagement. The responsible party is the board of
directors of B and the intended users are the shareholders. The subject matter information is
the recognition, measurement, presentation and disclosure represented in the interim
financial statements. The criteria is Hong Kong Accounting Standards. Z&P should follow
Statements, and Other Assurance and Related Services Engagements, Hong Kong
Framework for Assurance Engagements and HKSRE 2400 (Revised) Engagements to
Review Historical Financial Statements.
(c) A review of an interim consolidation package is a limited assurance engagement. The
responsible party is the board of directors of C and the intended user is the auditor of C.
The subject matter information is the recognition, measurement, presentation and disclosure
represented in interim consolidation package. The criterion is the relevant accounting
standards, which may be International Accounting Standards or Hong Kong Accounting
Standards. Z&P should follow HKSQC 1 (Clarified), Hong Kong Framework for Assurance
Engagements and HKSRE 2410 Review of Interim Financial Information Performed by the
Independent Auditor of the Entity.
(d) The nature of the engagement depends on the details of the terms of engagement. Based on
the information given, the engagement is likely to be an agreed-upon procedures
engagement to provide factual findings on the amount of revenue during the period under
consideration. An agreed-upon procedures engagement is not an assurance engagement.
Z&P should follow HKSQC 1 (Clarified) and HKSRS 4400 Engagements to Perform Agreed-
Upon Procedures Regarding Financial Information.
(e) This is a referred audit work on attending an inventory count. The engagement should be
performed in accordance with the instructions. Although this is part of the audit work to be
performed for E by Z&P's office in New York, it is not an audit engagement for the purpose of
Z&P's Hong Kong office. The work should be performed in accordance with the procedures
as stated in the instructions, which are probably based on the US Auditing Standards or
ISAs. Z&P should also follow HKSQC 1 (Clarified) and HKSRS 4400 Engagements to
Perform Agreed-Upon Procedures Regarding Financial Information.
164
Exam practice
Noble Co 18 minutes
Your friend, a director of Noble Co, has written to you, in your capacity as an auditor, seeking
clarification on several audit matters. These concern the appointment of auditors to Noble Co and
the audit procedures they are likely to carry out. The following paragraphs have been extracted
from his letter to you.
'To date Noble Co has not required a formal audit and it will not do so for the foreseeable future.
However, the shareholders are now insisting that the annual financial statements must be audited
by a firm of CPAs. I need confirmation of the primary objective of the audit of a limited liability
company and also of how our shareholders and directors should benefit from an audit.'
Required
Write a letter to your friend which:
(a) states the primary objective of the audit of a limited liability company; (2 marks)
(b) outlines how the shareholders and directors of Noble Co should benefit from an audit of the
company's financial statements by a firm of Certified Public Accountants. (8 marks)
(Total = 10 marks)
165
Business Assurance
166
Part D
Assurance engagements
This Part discusses and explores different auditing techniques and standards employed in an
assurance engagement. Students are expected to have a good understanding of them and
appreciate the rationale or limitation associated. Further, students are expected to be able to
apply what they have learnt in various practical cases.
167
Business Assurance
168
chapter 6
Quality control
Topic list
1 Principles and purpose 3 Quality control on an individual audit

2 Quality control at a firm level 3.1 Leadership responsibilities
2.1 Objectives of HKSQC 1 (Clarified) 3.2 Ethical requirements
2.2 Leadership responsibilities for quality 3.3 Acceptance/continuance of entity
within the firm relationships and specific audit
2.3 Relevant ethical requirements engagements
2.4 Acceptance and continuance of client 3.4 Assignment of engagement teams
relationship and specific engagements 3.5 Engagement performance
2.5 Human resources 3.6 Monitoring
2.6 Engagement performance 3.7 Quality control regulations
2.7 Monitoring
Learning focus
Issues relating to quality control are linked with both ethics and liability. In this chapter you will
study the principles and purpose of quality control and how they can be applied at firm and
individual audit level.
169
Business Assurance
Learning outcomes
Competency
level
2.06 Quality control considerations 3
2.06.01 Explain the principles and purposes of quality control of audit and
other assurance engagements
2.06.02 Identify the features of a system of quality control relevant to a
specific firm
2.06.03 Choose and explain quality control procedures that are relevant to a
specific audit engagement
2.06.04 Assess and explain whether an engagement has been performed in
line with professional standards and whether reports issued are
appropriate
170
6: Quality control | Part D Assurance engagements
1 Principles and purpose
Topic highlights
Audit quality is not defined in law or through regulations, nor do auditing standards provide a simple
definition.
Although not defined in law or through regulations, audit quality is necessary as the firm faces a
variety of business risks in its operations, such as:
 disciplinary action against the firm from HKICPA
 litigation against the firm
 loss of entity due to competition, litigation or entity closure
 bad publicity
Although each stakeholder in the audit will give a different meaning to audit quality, at its heart it is
about delivering an appropriate professional opinion supported by the necessary evidence and
objective judgments. Note you studied the roles of different stakeholders in more detail in
Chapter 1.
Many principles contribute to audit quality including good leadership, experienced judgment,
technical competence, ethical values, appropriate entity relationships, proper working practices and
effective quality control and monitoring review processes.
The standards on audit quality provide guidance to firms on how to put these principles into
practice.
2 Quality control at a firm level
Topic highlights
In Hong Kong, it is the Hong Kong Standard on Quality Control (HKSQC 1 (Clarified)) that ensures
that the firm and its staff comply with professional standards, and regulatory and legal
requirements.
The fact that professional accountants follow accepted auditing standards (such as HKSAs)
provides a general quality control framework within which audits should be conducted. There are
also specific quality control standards.
2.1 Objectives of HKSQC 1 (Clarified)

HKSQC1.11 Objectives
The objective of the firm is to establish and maintain a system of quality control designed to provide
it with reasonable assurance that the firm and its personnel comply with professional standards and
regulatory and legal requirements, and that reports issued by the firm or engagement partners are
appropriate in the circumstances.
The quality control standard ensures all firms (regardless of size) and their staff comply with
professional standards, regulatory and legal requirements.
171
Business Assurance
Quality control policies and procedures should be implemented to maintain audit work of a high
standard. HKSQC 1 (Clarified) states that all quality control policies and procedures should be
documented and should be properly communicated to all the partners and staff.
The engagement partner should take responsibility for the overall quality on each audit
engagement to which that partner is assigned.
HKSQC 1 (Clarified) requires a firm to establish and maintain a system of quality control that
includes policies and procedures that address the issues relating to the following areas:
 Leadership responsibilities for quality within the firm
 Relevant ethical requirements
 Acceptance and continuance of entity relationships and specific engagements
 Human resources
 Engagement performance (see also below, the requirements of HKSA 220 (Clarified))
 Monitoring
2.2 Leadership responsibilities for quality within the firm

HKSQC1.18- The standard goes into some detail as to how a firm should manage its internal strategy, processes
19 and culture to firmly embed quality as an implicit principle in performing engagements. According to
the standard the firm's chief executive (or equivalent) or, the firm's managing board of partners (or
equivalent), must assume ultimate responsibility for the firm's system of quality control. It is the
actions and messages disseminated from the most senior management of the firm that ensures
specified norms of ethical behaviour, technical competence and quality service become those
promulgated throughout the firm. However, while accountability must remain with the most senior
management, responsibility for the design and implementation of formal systems of control may fall
to individuals or groups of individuals specifically appointed to undertake these tasks.
Such individuals must have:
 sufficient and appropriate experience
 the ability to carry out the job
 the necessary authority to carry out the job
Within individual teams it is the engagement partner who takes on the role of leading the team and
ensuring that the firm's prescribed quality standards and procedures are adhered to.
2.3 Relevant ethical requirements

HKSQC1.20 A firm is required to establish policies and procedures designed to provide it with reasonable
assurance that the firm and its personnel comply with relevant ethical requirements. The required
policies and procedures are discussed in Chapter 4 Section 2.9.
2.4 Acceptance and continuance of client relationship and

specific engagements
HKSQC1.26- HKSQC 1 (Clarified) requires a firm to establish policies and procedures for the acceptance and
28 continuance of client relationships and specific engagement. The detailed policies and procedures
are discussed in Chapter 7.
2.5 Human resources

HKSQC1.29- The quest for quality will necessarily involve good HR practices. Competitive terms, good
31 conditions and potential for future progression may ensure the firm can recruit and retain excellent
staff but this is only one element in achieving excellence. The firm must also ensure staff are
equipped with the technical expertise and other resources they need to fulfil their responsibilities,
that they are motivated to carry out their professional duties to the highest ethical and technical
172
standards and that they are encouraged to further their own professional development in order to
benefit, not only themselves, but their firm and their profession.
The standard states that the firm must provide itself with:
... “reasonable assurance that it has sufficient personnel with the capabilities, competence, and
commitment to ethical principles necessary to perform its engagements in accordance with
professional standards and applicable legal and regulatory requirements, and to enable the firm or
engagement partners to issue reports that are appropriate in the circumstances”.
These will cover the following issues:

 Recruitment  Performance evaluation
 Capabilities  Competence
 Career development  Promotion
 Remuneration  Forecasts of HR requirements
The firm is responsible for the ongoing excellence of its staff, through continuing professional
development, education, work experience and coaching and mentoring schemes.
2.5.1 Assignment of engagement teams

The assignment of engagement teams is a very important determinant of quality. It is the role of the
audit engagement partner to ensure the right team is brought together to fulfil a particular audit
assignment and it is the audit engagement partner who holds responsibility for the overall audit
quality of any engagements to which he is assigned.
There should be policies in place to ensure that:
(a) key members of entity's staff and those charged with governance are aware of the identity of
the audit engagement partner
(b) the engagement partner has the appropriate capabilities, competence, authority and time to
perform the role
(c) the engagement partner is aware of the responsibilities of the role he has undertaken to
perform
(d) the engagement partner is aware of the any conflicts of interest or threats to independence
which may bar a member of staff from being on the assurance team of an individual audit
The engagement partner should ensure that he assigns staff of sufficient capabilities, competence
and time to individual assignments so that he will be able to issue an appropriate report.
2.6 Engagement performance

HKSQC1.32-
The firm must take steps to ensure that engagements are performed in accordance with
47 professional standards and regulatory and legal requirements, and it is the responsibility of the
audit engagement partner to ensure that they do. Often these requirements are compiled by a firm
into a manual of standard engagement procedures which is issued to professional staff.
However, engagement performance goes beyond compliance and requires the following skills:
 Direction
 Supervision
 Review
 Consultation
 Quality control review
Many of these issues will be discussed in the context of an individual audit assignment (see below).
173
Business Assurance
2.6.1 Consultation
that:
(a) appropriate consultation takes place on difficult or contentious matters
(b) sufficient resources are available to enable appropriate consultation to take place
(c) the nature, scope and conclusions of such consultations are documented
(d) conclusions resulting from consultations are implemented
The firm may provide itself with reasonable assurance where necessary through external
consultation with other firms, or the Institute. When there are differences of opinion on an
engagement team, a report should not be issued until the disagreement has been resolved. The
conclusions reached should be documented and implemented. Sometimes, the involvement of the
quality control reviewer may be required. The firm should have procedures in place for dealing with
and resolving differences of opinion.
2.6.2 Quality control reviews
Key terms
A peer review is a review of an audit file carried out by another partner in the assurance firm.
A hot review is a peer review carried out before the audit report is signed.
A cold review is a peer review carried out after the audit report is signed.
Quality reviews usually include an appraisal of working paper preparation, audit programmes,
internal control, audit reports, staff functions, scheduling, supervision, client relations, and training.
Whether a quality review will be undertaken for a specific engagement should be determined by
criteria laid down in pre-determined policies established by the firm. Quality reviews are always
undertaken on audits of the financial statements of listed entities and it is the responsibility of the
engagement partner to find a suitable reviewer to undertake the work and ensure any contentious
matters are resolved before the auditors' report is issued. The review will include an evaluation of
any significant judgments made by the assurance team during the engagement and discussion of
any matters which arise. The firm must also have procedures in place by which it can assess
whether other engagements require review (ie those other than listed entities).
Each firm will have an established format for the quality control reviews it carries out: within this
prescribed format standards will be laid down for the nature, timing and extent of the review, what
qualifications and personal qualities need to be demonstrated by the reviewer and how the
outcomes and processes of the review should be documented.
Quality control reviews
Nature, timing and Usually the review includes discussion with the engagement partner,
extent review of the financial statements or other subject matter information
and the report. It will consider whether the final opinion is appropriate.
There may also be a review of working papers relating to the most
significant judgments made.
Eligibility The reviewer must through their technical expertise and independence
be qualified to undertake the review.
Documentation Documentation must show that the firm's criteria for a review were met,
that the review was finalised before the report was issued and include
a representation that the reviewer is not aware of any unresolved
issues.
174
Quality control reviews

All entities The review should include all the following:
 Discussion of significant matters with the engagement partner
 Review of the financial statements or other subject matter
information and the proposed report
 Review of selected engagement documentation relating to
significant judgments the engagement team made and the
conclusions it reached
 Evaluation of the conclusions reached in formulating the report and
consideration of whether the proposed report is appropriate
Listed entities  The engagement team's evaluation of the firm's independence in
relation to the specific engagement
 Whether appropriate consultation has taken place on matters
involving differences of opinion or other difficult or contentious
matters, and the conclusions arising from those consultations
 Whether working papers selected for review reflect the work
performed in relation to the significant judgments and support the
conclusions reached
2.7 Monitoring
HKSQC1.48 The standard states that firms must have policies in place to ensure that their quality control
procedures consistently meet the following criteria:
Quality control procedures are: Quality control procedures:
 Relevant, and  Operate effectively
 Adequate
Effectively the standard requires firms to continually evaluate and, where necessary, improve their
quality controls to ensure that they consistently achieve high standards, reporting to senior
management on the findings of quality monitoring.
There are two types of monitoring activity:
Ongoing evaluation of the system An ongoing evaluation might include such questions as, “has it
of quality control kept up to date with regulatory requirements”?
Periodic inspection of a sample of A period inspection cycle would usually take place over a
completed engagements period of say, three years, in which time, at least one
engagement per engagement partner would be inspected.
The staff responsible for monitoring the control system are also required to evaluate the impact of
any deficiencies identified. If the deficiencies are found to be single occurrences as a result of a
specific set of circumstances corrective action might not be needed. Monitors are more concerned
with systematic or repetitive deficiencies that require corrective action to strengthen
performance and the reliability of internal controls in the future.
From time to time monitoring may highlight evidence that suggests an inappropriate opinion might
have been issued in the auditors' report, and the firm may wish to seek legal advice. Where this is
the case, the firm should follow the recommendations of their counsel.
The firm should also have policies and procedures in place in how to deal with complaints or
allegations that the firm has failed to comply with professional standards including a process for
investigating and defending these claims. Findings should be fed back into the quality control
system to strengthen it in the future.
175
Business Assurance
Responses to identified deficiencies:

 Remedial action with an individual
 Communication of findings with the training department
 Changes in the quality control policies and procedures
 Disciplinary action, if necessary
You established your own CPA practice six years ago which has now grown into a 15-staff firm.
Your firm has been the auditor of an unlisted company, PQR Investment Limited (“PQR”), for six
years. The shareholders of PQR have recently injected HK$90 million of new capital into PQR with
a view to acquiring companies in India, Thailand and Japan.
Required
Discuss what your CPA firm should consider before continuing to serve as the auditor of PQR in
the forthcoming year. In particular, your discussion should be put in the context of PQR’s
circumstances.
(13 marks)
HKICPA June 2011
3 Quality control on an individual audit
Topic highlights
HKSA 220 (Clarified) requires firms to implement quality control procedures over individual audit
engagements.
HKSA 220 (Clarified) Quality Control for an Audit of Financial Statements sets down requirements
regarding quality control on individual audits. This HKSA applies the general principles of the
HKSQC 1 (Clarified). The engagement team should implement quality control procedures that are
applicable to the individual audit engagement under the direction of the audit engagement partner.
The objective of the auditor is to implement quality control procedures at the engagement level that
provide the auditor with reasonable assurance that the audit complies with professional standards
and applicable legal and regulatory requirements and that the auditor’s report issued is appropriate
in the circumstances.
3.1 Leadership responsibilities

HKSA 220.8 The engagement partner is required to set an example and instil a commitment in the team with
regard to the importance of quality.
The engagement partner shall take responsibility for the overall quality on each audit engagement
to which that partner is assigned.
Engagement partners should emphasise the importance of audit quality and the fact that quality is
essential in performing audit engagements to the engagement team such as:
 performing work that complies with professional, regulatory and legal requirements;
 complying with the firm's quality control policies and procedures;
176
 issuing auditor's reports that are appropriate in the circumstances; and

 the engagement team's ability to raise issues without fear of reprisals.
3.2 Ethical requirements

HKSA 220.9 - In respect of independence requirements the standard refers to the HKICPA Code of Ethics, which
11 you studied in Chapter 4.
The HKSA also contains some detailed guidance about independence in particular.
HKSA 220 (Clarified)

The engagement partner shall form a conclusion on compliance with independence requirements
that apply to the audit engagement. In doing so, the engagement partner shall:
(a) obtain relevant information from the firm and, where applicable, network firms, to identify and
evaluate circumstances and relationships that create threats to independence;
(b) evaluate information on identified breaches, if any, of the firm's independence policies and
procedures to determine whether they create a threat to independence for the audit
engagement;
(c) take appropriate action to eliminate such threats or reduce them to an acceptable level by
applying safeguards. The engagement partner shall promptly report to the firm any inability
to resolve the matter for appropriate actions.
The engagement partner should be on constant alert for evidence of non-compliance with the
ethical Code and any threats to the independence of the assurance team. Inquiry and observation
on ethical matters among the engagement partner and other members of the engagement team
may occur as often as is deemed necessary throughout the audit engagement. If matters come to
the engagement partner's attention through the firm's systems or otherwise that indicate that the
independence of a member of the engagement team is in any way compromised, the partner
should consult with other senior members of the firm to devise an appropriate course of action,
which may include removal of the individual from the team, appropriate disclosures to the entity or
other safeguards which you studied in detail in Chapter 3.
3.3 Acceptance/continuance of entity relationships and specific

audit engagements
HKSA The partner is required to ensure that the requirements of HKSQC 1 (Clarified) in respect of
220.12-13 accepting and continuing with audits are adhered to. If information emerges during the audit that
may have caused the partner to decline it he should disclose this to the firm and immediate action
may need to be taken.
If the engagement partner obtains information that indicate the firm shall decline the audit
engagement, the engagement partner is required to communicate that information promptly to the
firm, so that the firm and the engagement partner can take the necessary actions.
HKSA 220.14 3.4 Assignment of engagement teams

As discussed in the previous section, the assignment of appropriate teams is also the responsibility
of the audit engagement partner. He must ensure that the team is sufficiently qualified and
experienced as a unit to perform the particular engagement to which he has been assigned.
The engagement partner should also be satisfied that the engagement team collectively has the
appropriate capabilities, competence and time available to it to perform the audit engagement in
accordance with professional standards and regulatory and legal requirements. The overall
objective is to enable an auditor's report that is appropriate in the circumstances to be issued.
177
Business Assurance
3.5 Engagement performance

The engagement partner is required to take responsibility for the direction, supervision and
HKSA 220.15 performance of the audit engagement in compliance with professional standards and regulatory
and legal requirements; and the auditor's report being appropriate in the circumstances.
3.5.1 Direction
It is the engagement partner who gives overall direction to the audit. Other auditing standards list
among his responsibilities the requirement to holds a meeting with the engagement team to
discuss the audit scope and plan, in particular the associated risks. This standard suggests that
direction includes reminding or informing members of the engagement team of:
 their responsibilities (including objectivity of mind and professional scepticism)
 objectives of the work to be performed
 the nature of the entity's business
 risk-related issues
 problems that may arise
 the detailed approach to the performance of the engagement
3.5.2 Supervision
The audit is supervised overall by the engagement partner, but at an operational level supervision
is given by senior team members to more junior members. More experienced members of the team
will also review the work carried out by more junior members at appropriate stages during the
engagement. The reviews should include the following:
(a) Monitoring the progress of the audit engagement
(b) Reviewing the capabilities and competence of individual team members, including whether
they have sufficient time and understanding to carry out their work competently and within
the audit plan
(c) Addressing significant issues arising during the audit engagement and modifying the audit
plan if necessary
(d) Identifying matters to be referred to more experienced engagement team members
3.5.3 Review
Review includes consideration of whether the following requirements have been met:
(a) The work has been performed in accordance with professional standards and regulatory and
legal requirements
(b) Significant matters have been raised for further consideration
(c) Appropriate discussions have taken place, any conclusions have been documented and
implemented
(d) There is a need to revise the nature, timing and extent of work performed
(e) The work performed supports the conclusions reached and is appropriately documented
(f) The evidence obtained is sufficient and appropriate to support the auditor's report
(g) The objectives of the engagement procedures have been achieved
Before the audit report is issued, the engagement partner must be sure that sufficient and
appropriate audit evidence has been obtained to support the audit opinion.
3.5.4 Consultation
The engagement partner should be satisfied that members of the engagement team have
undertaken appropriate consultation on any contentious matter. This may be within the
178
engagement team, or between the engagement team and others at the appropriate level either
within or outside the firm. The technical partner or a panel of partners may be involved.
The engagement partner should be involved in these consultations and be satisfied that the
matters are resolved satisfactorily and any actions are documented and implemented.
From time to time differences of opinion may arise between the engagement partner and the team,
or between the engagement partner and the quality control reviewer. The firm should have an
established procedure for resolution of differences of opinion.
3.5.5 Quality control review

As discussed earlier, the audit engagement partner is responsible for appointing a reviewer, if the
criteria for a review is met. He is then responsible for discussing significant matters arising with the
reviewer and for ensuring the audit report is not issued until the quality control review has been
completed and any contentious matters resolved.
A quality control review should include:
(a) an evaluation of the significant judgments made by the engagement team
(b) an evaluation of the conclusions reached in formulating the audit report
HKSA 220 (Clarified) requires the evaluation to include:
(a) discussion of significant matters with the engagement partner;
(b) review the proposed auditor's report and the financial statements;
(c) review of selected audit documentation relating to the significant judgments the engagement
team made and the conclusions it reached; and
(d) evaluation of the conclusion reached for composing the auditor's report.
For listed entities' audits, an engagement quality control reviewer is required to consider the
following factors:
(a) Independence – the engagement team's evaluation of the firm's independence in relation to
the specific audit
(b) Consultation – appropriate consultation taken place on matters to resolve differences of
opinion or other difficult or contentious matters
(c) Documentation – whether audit documentation selected for review reflects the work
performed in relation to the significant judgments and support the conclusions reached
An engagement quality control reviewer shall evaluate the significant judgments made by the
engagement team for engagement quality control review of a listed entity:
(a) HKSA 315 (Revised) – significant risks identified during the engagement;
(b) HKSA 330 (Clarified) – responses to those risks;
(c) HKSA 240 (Clarified) – engagement team's assessment and responses to risks of fraud;
(d) Judgments made for materiality and significant risks;
(e) The significance and disposition of corrected and uncorrected misstatements identified
during the audits;
(f) Matters communicated to management and those charged with governance and other
parties such as regulatory bodies; and
(g) The appropriateness of the auditor's report to be issued.
179
Business Assurance
3.5.6 Differences of opinion

HKSA 220 (Clarified) requires the engagement team to follow the firm's policies and procedures for
dealing with and resolving any such differences of opinion.
3.6 Monitoring
HKSA 220.23 The audit engagement partner is required to take account of the results of monitoring the firm's
quality control systems and consider whether they have any impact on the specific audit to which
he is assigned. The engagement partner considers:
 whether deficiencies noted in that information may affect the audit engagement; and
 whether the measures the firm took to rectify the situation are sufficient in the context of that
audit.
You are an audit senior working for the firm Chan & Chan. You are currently carrying out the audit
of Kleaner Co (“Kleaner”), a manufacturer of waste paper bins. You are unhappy with Kleaner's
inventory valuation policy and have raised the issue several times with the audit manager who has
dealt with the entity for a number of years and does not see what you are making a fuss about. He
has refused to meet you on site to discuss these issues.
The former engagement partner to Kleaner retired two months ago. As the audit manager had dealt
with Kleaner for so many years, the other partners have decided to leave the audit of Kleaner in his
capable hands.
Required
What are the quality control issues arising in the situation above?
3.7 Quality control regulations

The regulations for quality control on audits are the same for all audit firms regardless of their size
and structure. However, it is logical to see that their impact on large and small firms will be
different.
A large firm may establish international quality control procedures on a global scale and certainly at
least on a national or regional basis. They are also likely to have sufficient resources in-house to
carry out its full range of control functions. Small, single-partner firms may need to make extensive
use of external experts in order to fulfil all of its obligations.
180
Topic recap
QUALITY CONTROL POLICIES

AND PROCEDURES
Firm level Audit level
HKSQC I HKSA 220
– Leadership – Direction
– Ethics – Supervision
– Acceptance / continuing – Review
– Human resources – Consultation
– Engagement performance – Quality control review
– Monitoring
181
Business Assurance
Answer 1
Statements, and Other Assurance and Related Services Engagements requires your firm to
consider and document certain matters before continuing to serve as PQR’s auditor.
Those matters include:
 the integrity of PQR (ie its shareholders, directors and management);
 whether your firm is competent to do the work; and
 whether your firm meets ethical requirements in relation to the work.
There is no clear evidence compromising the integrity of PQR even though you may question the
source of the new funding into PQR.
As your firm has been the auditor of PQR for six years, competency is not likely to be questioned.
However, the increase of PQR’s scale of activities and its forthcoming overseas acquisitions may
challenge your firm’s competency.
Challenges may include the industries, locations and sizes of those companies being acquired as
well as the forms of investments (eg equity, debt or quasi-equity) and the availability of properly
audited financial statements.
Being associated with PQR (as its auditor) for six years may indicate a close relationship. However,
it is not entirely clear if the extent of relationship may pose any familiarity threat to your firm.
You should be satisfied that appropriate procedures regarding the continuance of client relationship
and audit engagement with PQR have been followed, and that conclusions reached in this regard
are appropriate and have been documented.
Answer 2
Several quality control issues are raised in the scenario:
Engagement partner
An engagement partner is usually appointed to each audit engagement undertaken by the firm, to
take responsibility for the engagement on behalf of the firm. Assigning the audit to the experienced
audit manager is not sufficient.
The lack of an audit engagement partner also means that several of the requirements of HKSA 220
(Clarified) about ensuring that arrangements in relation to independence and directing, supervising
and reviewing the audit are not in place.
Conflicting views
In this scenario the audit manager and the audit senior have conflicting views about the valuation of
inventory. This does not appear to have been handled well, with the audit manager refusing to
discuss the issue with the audit senior.
HKSA 220 (Clarified) requires that the audit engagement partner takes responsibility for settling
disputes in accordance with the firm's policy in respect of resolution of disputes as required by
HKSQC 1 (Clarified). In this case, the lack of an engagement partner may have contributed to this
failure to resolve the disputes. In any event, at best, the failure to resolve the dispute is a breach of
the firm's policy under HKSQC 1 (Clarified). At worst, it indicates that the firm does not have a
suitable policy for resolving such disputes as required by HKSQC 1 (Clarified).
182
Exam practice
Independence and familiarity 14 minutes

(excluding case reading time)
You are the audit manager of a Hong Kong CPA firm and are currently planning the audit of ABC
Industrial Limited (“ABC”) for the year ended 31 December 20X4. ABC is a company incorporated
in Hong Kong and is engaged in the manufacture of a wide range of Chinese herbal health
products. Sales of ABC products, which consist of sixty-nine product lines, are mainly made to
major chain stores and drug retailers in Hong Kong. You and the engagement partner have been
serving ABC since its listing on the Hong Kong Stock Exchange six years ago.
After discussion with ABC's management and a review of last year's audit file, the following
information has come to your attention:
(1) Goods are manufactured centrally at ABC's factory in GuanXi, China, and are then stored in
the Company's warehouses either in GuanXi or in Hong Kong.
(2) The inventory is stored in three warehouses in Hong Kong, and two warehouses in GuanXi.
All warehouses are owned by the Company. In order to minimise operating costs, the
Company occasionally leases out its unused warehouse spaces to its customers to
temporarily store the products which it has already sold to them.
(3) ABC uses a perpetual inventory system to keep its inventory. All warehouses are closed at
the reporting date to allow a full physical inventory taking. However, production in the
GuanXi factory will not stop during the physical inventory taking.
(4) ABC uses standard costing to value its inventory. At the year-end, the inventory value will be
adjusted as and when necessary to absorb cost variances in order to approximate actual
production cost in accordance with relevant accounting standards. From previous
experience, adjustments rarely deviate more than 3% from the standard cost.
(5) Year-end inventory accounts for approximately 23% of ABC's total assets, and is expected to
be disclosed in ABC's financial statements as follows:
$'000
Raw materials 8,800
Work in progress 13,290
Finished goods 20,730
42,820
(6) Raw materials largely comprise bulk inventories of various Chinese herbs, which are stored
separately in storage containers of different sizes either at the factory or the two warehouses
nearby. ABC keeps more than 500 different herbs. Many of these raw materials are used in
more than one product and some are expensive Chinese herbs. Most have long use-by-
dates provided that they are properly stored. The identification of Chinese herbs requires
expert knowledge since many different herbs with significantly different costs and effects
have a similar appearance. The costs of different classes of the herb could vary materially
even for the same Chinese herb.
(7) Work in progress largely comprises mixed or semi-processed herbs, which are stored in
several locations throughout the factory, either in large sealed vats awaiting processing or in
sealed mixing containers attached to various machines in the factory. Therefore, it is not
possible for the staff of ABC to directly observe the conditions of the work in progress.
Production is fully automated within a sealed environment once raw materials are input.
As required by the licensing terms, ABC employs several qualified Chinese herb experts to
ensure compliance with quality standards.
183
Business Assurance
(8) A typical product of ABC has a two-year use-by-date from the date of production.
(9) Inventory levels of one product line, Series X, have increased steadily throughout the year
under review. ABC's management assured you that since this is a new line, it would take
time for the market to get used to it.
(10) The recent launch of a new product, Z, resulted in poorer than expected sales.
Consequently, ABC has excess inventory in finished goods, amounting to HK$3,800,000.
The use-by-date of this product is eleven months after the reporting date.
Required
In accordance with HKSQC 1 (Clarified) and HKSA 220 (Clarified):
(a) Explain the engagement partner's responsibility regarding compliance with the
independence requirements; and (5 marks)
(b) Determine whether the familiarity threat has been properly addressed in this audit
engagement. (3 marks)
(Total = 8 marks)
HKICPA May 2005 (amended)
184
chapter 7
Changes in auditor
appointment
Topic list
1 Reasons for change of auditors 4 Engagement letters

1.1 Why do entities change their auditors? 4.1 Purpose of sending engagement letter
2 Appointment of auditors 4.2 When to send an engagement letter
2.1 Appointment under Hong Kong 4.3 Contents of an engagement letter
Companies Ordinance 5 Books and documents
2.2 Procedures to change auditors under 5.1 Audit documentation
Hong Kong Companies Ordinance 5.2 Ownership
2.3 Auditor’s rights and duties 5.3 The right of lien
2.4 Outgoing auditors 5.4 Third party rights to information
2.5 Professional clearance 5.5 Entity’s rights to information
3 Client acceptance procedures 5.6 Assembly of the final audit file
3.1 Procedures before accepting nomination 5.7 Changes to audit documentation in
3.2 Procedures after accepting nomination exceptional circumstances after the date
3.3 Procedures for the transfer of books, of the auditor's report
papers and information following a new 5.8 Transfers of books and documents on a
appointment change of appointment decision
3.4 Issues relating to the acceptance
decision
3.5 Client screening
Learning focus
It is very important for professional accountants to understand the rules with regard to the
appointment of auditors and changes in auditors. The contents of an engagement letter can
be vitally important if there is subsequently a dispute between auditor and client as to the
nature of the engagement. Consequently, it should never be regarded as routine
correspondence.
185
Business Assurance
Learning outcomes
Competency
level
2.03 Client and engagement acceptance procedures 3
2.03.01 Explain the reasons why entities change their auditors /
professional accountants
2.03.02 Explain the requirements relating to the appointment of auditors
under the Hong Kong Companies Ordinance
2.03.03 Explain the procedure for a change of auditors
2.03.04 Explain the rights of the auditors in the process of a change of
auditors
2.03.05 Explain the professional clearance procedures
2.03.06 Explain the matters to be considered and the procedures that an
audit firm/professional accountant should carry out before
accepting a specified new client/engagement including:
2.03.06.01 Client acceptance
2.03.06.02 Engagement acceptance
2.03.06.03 Agreement of the terms of engagement
2.03.07 Identify the issues relating to the agreement of the scope and
terms of an engagement with a client
2.03.08 Explain the procedures for the transfer of books, papers and
information following a new appointment
186
7: Changes in auditor appointment | Part D Assurance engagements
1 Reasons for change of auditors

Topic highlights
Common reasons behind entities changing their auditor include audit fee, auditor not seeking re-
election and the size of entities.
1.1 Why do entities change their auditors?

Entities change their auditors for a variety of reasons. The reason may be because the entity is
seeking to access new or better quality services; or because they disagree with an opinion issued
in a report. The entity may disagree with conservative accounting treatments that in management's
opinion do not present the entity's results fairly, or there may be another reason for a deterioration
in the relationship of trust. Equally, an auditor may decline to perform audit services for a client for
ethical reasons, such as unpaid fees or a conflict of interest. Although not required to disclose the
reasons for the change, investors may be interested to know why an entity has made a change as
it sometimes acts as a signal of financial difficulties or poor governance.
The list below summarises some of the main reasons an entity may change its auditors:
(a) Fee reduction – a company may wish to reduce its audit costs and may, for example
choose to switch from a “Big Four” firm to a mid-tier firm in order to obtain a lower fee
(b) Compliance with the Code of Ethics – undue dependence on an entity, for example
(c) Competitive market. Lowballing and significant low fees (see Chapter 3) can induce clients
to change their auditors in order to make a saving
(d) Dispute with entity on accounting policies, although new accounting standards have
gone some way to redress this by giving less scope for judgment
(e) Breakdown in relationship due to audit rotation, intimidation, threatened litigation and so
on
(f) Doubt cast on the integrity of management, the auditor declines the appointment
(g) Entity's request for provision of other services or better quality services which the current
firm is unable to provide
(h) Retiring auditor not to be nominated for re-appointment
2 Appointment of auditors
Topic highlights
The Hong Kong Companies Ordinance sets out the legal requirements associated with the
appointment and removal of auditors.
2.1 Appointment under Hong Kong Companies Ordinance

At the incorporation of a new company the directors should appoint an auditor within three months
and the appointed auditor shall hold office until the conclusion of the first Annual General Meeting
(AGM) (s.131(3) Hong Kong Companies Ordinance). If the directors fail to do so, the auditors may
be appointed by the company at the first general meeting.
187
Business Assurance
Under s. 131(1) of the Hong Kong Companies Ordinance, every company must appoint an auditor
at its Annual General Meeting (AGM) to hold office from the conclusion of that meeting until the
conclusion of the next AGM. By s. 131(2) of the Hong Kong Companies Ordinance, if an auditor is
not appointed or reappointed at the AGM, any member of the company may submit an application
to the court for the appointment of auditor.
According to s. 131(5) of the Hong Kong Companies Ordinance, the directors may appoint the
auditor to fill a casual vacancy. This arises on disqualification, removal or resignation of the auditor
before the end of term. The auditor being appointed by the company must be qualified and must
not have been previously disqualified from acting as an auditor. The auditor must also hold a
practising licence issued under the Professional Accountants Ordinance.
2.2 Procedures to change auditors under Hong Kong Companies

Ordinance
Under s. 132 (1) of the Hong Kong Companies Ordinance, a special notice is required for a
resolution at an AGM to:
 appoint as auditors a person other than a retiring auditor
 fill a casual vacancy in the office of auditor
 reappoint auditors when a retiring auditor has been appointed to fill a casual vacancy
 removal of an auditor before expiration of his office (special notice and ordinary resolution)
Special notice should be sent to the affected auditor (incoming or outgoing).
2.3 Auditor's rights and duties
Topic highlights
The Hong Kong Companies Ordinance gives auditors both rights and duties. This allows auditors
to have sufficient power to carry out an independent and effective audit.
The rights and duties of auditors are set out in the Hong Kong Companies Ordinance, to ensure
that the auditors have sufficient power to carry out an effective audit.
2.3.1 Statutory duties

The auditors are required to report on every statement of financial position and statement of profit
or loss and other comprehensive income laid before the entity in a general meeting.
The auditors must consider the following:
(a) Whether the financial statements have been prepared in accordance with the relevant
legislation
(b) Whether the statement of financial position shows a true and fair view of or presents fairly
the entity's affairs at the end of the period and the statement of profit or loss and other
comprehensive income and cash flow statement show a true and fair view of the results for
the period
(c) Whether adequate accounting records have been kept
(d) Whether the financial statements are in agreement with the accounting records and returns
(e) Whether the information in the directors' report is consistent with the financial statements
(f) Whether disclosure of directors' benefits has been made in accordance with the Hong Kong
Companies Ordinance
188
2.3.2 Statutory rights

The auditors must have certain rights to enable them to carry out their duties effectively and they
are as follows:
Right to access information
According to s. 141(5) of the Hong Kong Companies Ordinance, auditors have a right to access at
all times the books and financial statements and vouchers of the client and to obtain explanations
from its officers. A holding company has a right to obtain information and explanations from a Hong
Kong subsidiary. For a subsidiary outside Hong Kong the Hong Kong holding company may
reasonably require information and explanation for the purpose of a Hong Kong audit.
Right to attend general meetings
Under s. 141(7) of the Hong Kong Companies Ordinance, auditors are entitled to attend any
general meeting of the client and receive notice of any general meeting which any member of the
company is entitled to receive. They are also entitled to be heard at any general meeting on any
part of the business which concerns them as auditors.
Right to remuneration
An auditor who is appointed under the Hong Kong Companies Ordinance has the right to
remuneration or fees. In accordance with s. 131(8) of the Hong Kong Companies Ordinance in
general, an auditor’s remuneration is fixed by the company in the general meeting. However, where
the auditor is appointed by the directors or by the court, then the fees will be fixed by them.
2.3.3 Enhancement of auditor's rights

The new Hong Kong Companies Ordinance (“the new CO”) enhances the rights of auditors.
Pursuant to s. 412 of the new CO, auditors may require information and explanation for the
performance of their duties from a wider range of persons, including persons holding or
accountable for any accounting records of the company or a Hong Kong incorporated subsidiary of
the company.
It also empowers auditors to require the company to obtain information and explanation for the
performance of their duties from persons holding or accountable for the accounting records of
a non-Hong Kong incorporated subsidiary.
A person who fails to provide the required information or explanation to auditors commits an
offence and is liable to a fine not exceeding $25,000 and, in the case of a continuing offence, a
daily fine not exceeding $700.
Section 410 of the new CO gives an auditor qualified privilege for statements made in the course of
performing duties as auditor of the company. In particular, in the absence of malice, an auditor is
not liable for defamation in respect of any cessation statement or statement of circumstances
connected with his or her cessation of office.
Under s. 425(1) of the new CO, the auditor's duty to make a statement of circumstances connected
with the cessation of office is extended from cases of resignation of auditors to the situations where
the auditor is removed from office and where a retiring auditor is not reappointed.
The new CO is expected to commence operation in 2014.
2.4 Outgoing auditors

2.4.1 Retiring auditor or auditor proposed to be removed
According to the Hong Kong Companies Ordinance, a retiring auditor or an auditor proposed to be
removed have the right to:
 make written representations to the entity
 request the written representations to be sent to all members of entity
189
Business Assurance
 require the written representations to be read in a general meeting

 attend any meetings covering matters which concern them as auditors
 receive all notices relating to such meetings concerned with the auditors
2.4.2 Removal of auditor

The removed auditor can attend general meetings concerned with the removed auditor's term of
office and can receive all notices which a member is entitled to receive on matters concerning them
as auditors.
2.4.3 Resignation of auditor

Auditors can resign by depositing a notice in writing at the registered office of the entity. The
registration is not effective unless it contains either a properly signed statement that there are no
circumstances connected with the resignation or a statement of any such circumstances as
aforesaid; and it is signed.
When the notice is deposited at the company's registered office, the auditor shall within 14 days
send a copy of the notice to the Registrar; and to every person entitled to be sent.
When the auditor resigns, the auditor must tender to the company:
 a statement of circumstances, or
 a statement that there are no circumstances connected with his resignation
On receipt of the above statements, the company or any person related, may within 14 days of the
receipt by the company of a notice containing statement, apply to the court for an order.
Additionally, the auditor can request the directors to call an extraordinary general meeting to
consider the statement for the purpose of receiving and considering explanation connected to his
resignation.
Directors are required within 21 days to proceed duly to convene a meeting for a day not more than
28 days after the date on which the notice of convening the meeting.
2.5 Professional clearance

Section 440 of the Code of Ethics – Changes in Professional Appointment
A proposed nominee should conduct professional clearance procedures before accepting the
nomination.
With the permission of the prospective client, the proposed nominee should write to the last
appointed auditor and ask if there are any unusual circumstances of which the proposed nominee
should be aware before accepting the nomination. The proposed nominee should not accept the
engagement if the prospective client fails to deal with the change of auditor in accordance with
Hong Kong Companies Ordinance or fails to give permission for communication with the last
appointed auditor.
The last appointed auditor should advise the proposed nominee immediately if there is any
professional or other reason of which the proposed nominee should be aware and in addition,
the circumstances surrounding the proposed change and disclose fully all information needed by
the proposed nominee to enable him to make decision in respect of accepting the nomination.
If the last appointed auditors have suspicions of unlawful acts by directors which have not yet
been proved, they should inform the nominee auditor of any matters that ought to be investigated.
If the replacement of the last appointed auditor is prompted by disagreement over matters such as
the truth and fairness of the entity's financial statements or the selection of accounting policies or
methods used in auditing, the proposed nominee should obtain the full views of the last appointed
auditors. In addition, the proposed nominee should discuss with the entity the areas of
disagreement. The proposed nominee should be prepared to accept nomination only if he is
satisfied it is ethically appropriate to do so.
190
This is an example of an initial communication.
Dear Sirs
We have been nominated to act as auditors of …………………….. Limited.
In order to assist us in determining whether to accept such nomination, we should be grateful if you
would advise if there are any circumstances surrounding the proposed change of which we should
be aware.
Yours faithfully,
2.5.1 Changing auditors of a listed entity

Section 441 of the Code of Ethics – Change of Auditors of a Listed Issuer of the Stock Exchange of
Hong Kong
If there are any disagreements between auditors and the client, the issues should be raised with
the audit committee so that the committee may help to resolve the issues with management and to
complete the audit.
The last appointed auditor should write a letter of resignation/termination to the audit committee
and the board of directors in the event of the resignation or refusing re-appointment, which lists any
disagreements or unresolved issues relating to the audit.
The proposed nominee should request a copy of the letter of resignation/termination and any
correspondence from the listed entity. If the entity refuses to send the proposed nominee the letter
of resignation/termination, the proposed nominee can only decline to accept nomination.
The last appointed auditor should remind the listed entity of its obligation under the Listing Rules
and should ensure the letter of resignation/termination has been brought to the attention of the
shareholders. Any disputes should be reported to the audit committee.
Engineering Materials Manufacturing Company Limited is a company listed on the Hong Kong
Stock Exchange. Engineering Materials Manufacturing Company and its subsidiaries (“EMM”), are
principally engaged in the manufacture and trading of engineering materials, including steel, iron,
aluminium, cement, timber and asphalt. EMM’s customers are mainly construction and engineering
companies in Mainland China, Hong Kong and other Asian countries. As at 31 December 20X6,
over 90% of EMM’s assets were located in Mainland China.
In view of the booming economy in Mainland China, EMM embarked on an expansion plan two
years ago to double the group’s revenue within five years. EMM plan to implement this strategy
through acquisition of other manufacturers as well as setting up new plant in strategic locations in
the Mainland. In the last two years, an increasing trend in revenue and receivables has been noted.
On 21 December 20X6, EMM succeeded in issuing debentures of US$130,000,000 at an interest
rate of 9.5% per annum. The debentures are listed on an overseas exchange. The proceeds
received were used partly to repay bank loans when they were due, while the remaining cash was
kept in banks in Mainland China.
EMM’s previous auditor, XYZ & Co, was re-appointed in April 20X6 after it reported on EMM’s
financial statements for the year ended 31 December 20X5. However, XYZ & Co resigned in
November 20X6.
XYZ & Co had proposed a fee which doubled the fee it charged EMM in the last year but EMM did
not accept the increment. According to EMM, they wanted to change auditors periodically to ensure
independence. According to XYZ & Co, the firm is prepared to rotate the engagement partner in
accordance with quality control standards.
The directors of EMM approached ABC & Co in January 20X7 and proposed to appoint them as
the auditor of EMM’s financial statements for the year ended 31 December 20X6.
191
Business Assurance
Required
Determine XYZ & Co’s ethical obligations in relation to the change in auditors.
3 Client acceptance procedures
Topic highlights
HKSQC 1 (Clarified) sets out what a firm must consider and document in relation to accepting or
continuing an engagement which is the integrity of the entity, whether the firm is competent to do
the work and whether the firm meets ethical requirements in relation to the work.
HKSQC1.26
HKSQC 1 (Clarified)
The firm shall establish policies and procedures for the acceptance and continuance of entity
relationships and specific engagements designed to provide the firm with reasonable assurance
that it will only undertake or continue relationships and engagements where it:
(a) has considered the integrity of the entity and does not have information that would lead it
to conclude that the entity lacks integrity
(b) is competent to perform the engagement and has the capabilities, time and resources to do
so, and
(c) can comply with relevant ethical requirements.
The firm should obtain such information as it considers necessary in the circumstances before
accepting an engagement with a new entity, when deciding whether to continue an existing
engagement, and when considering acceptance of a new engagement with an existing entity.
Where issues have been identified, and the firm decides to accept or continue the entity
relationship or a specific engagement, it should document how the issues were resolved.
3.1 Procedures before accepting nomination

The following procedures should be carried out before accepting nomination:
(a) Ensure that there are no ethical issues which are a barrier to accepting nomination ie
changes in auditor's independence
(b) Ensure that the auditor is professionally qualified to act and that there are no legal or
technical barriers
(c) Ensure that the existing resources are adequate in terms of staff, expertise and time
(d) Obtain references for the directors if they are not known personally to the audit firm
(e) Consult the last appointed auditors to ensure that there are not any reasons behind the
vacancy which the new auditors ought to know. This is also a courtesy to the last appointed
auditors
(f) Obtain and review available financial statements
(g) Make inquiries of third parties such as those charged with governance, or internal auditors
etc
192
(h) Consider unusual high business risk – any complex transactions, aggressive deals or
attitude towards matters such as aggressive interpretation of accounting standards or the
internal control environment
(i) Consider management's attitude towards compliance with regulatory or contractual
obligations
(j) Consider any indication of money laundering or other criminal activities committed by
management
For an existing entity, the firm should consider its ability to continue the engagement and if there is
any significant change in management/financial condition which affects the firm's ability to
continue the relationship. The firm should reassess the integrity of management if there is a
change in management.
3.2 Procedures after accepting nomination

As previously set out the firm should ensure that the last appointed auditors' removal or
resignation has been properly conducted in accordance with the Hong Kong Companies
Ordinance and that the new auditors' appointment is valid. The new auditors should obtain a
copy of the resolution passed at the general meeting appointing them as the entity's auditors. An
engagement letter should be submitted to the entity for finalising the engagement terms, which we
shall look at later.
3.3 Procedures for the transfer of books, papers and information

following a new appointment
Section 440 Code of Ethics
The last appointed auditor shall provide promptly the requested information to the newly appointed
auditors. The information shall be relevant to the entity's affairs and no charge shall be made
unless there is good reason to the contrary.
The working papers belong to the last appointed auditor who is under no legal obligation to pass
his working papers to the newly appointed auditors for review. However, the last appointed auditor
has an ethical obligation to respond to the newly appointed auditor's specific inquiries and shall
pass the working papers relating to matters of continuing accounting significance in respect of
those specific areas.
HKSQC1.28, 3.4 Issues relating to the acceptance decision

A19
HKSA220.12- HKSQC 1 (Clarified) gives a list of matters that the auditors might consider in relation to the
13 acceptance decision.
193
Business Assurance
Matters to consider
Integrity of  The identity and business reputation of the entity's principal owners, key
an entity management, related parties and those charged with governance
 Nature of the entity's operations, including its business practices
 Information concerning the attitude of the entity's principal owners, key
management, those charged with governance towards matters such as
aggressive interpretation of accounting standards/internal control
environment
 Whether the entity is aggressively concerned with keeping the firm's fees
as low as possible
 Indications of an inappropriate limitation in the scope of work
 Indications that the entity might be involved in money laundering or other
criminal activities
 The reasons for the proposed appointment of the firm and non-
reappointment of the last appointed auditors
 Identity and business reputation of related parties
Competence  Do firm personnel have knowledge of relevant industries/subject matters?
of the firm
 Do firm personnel have experience with relevant regulatory or reporting
requirements, or the ability to gain the necessary skills and knowledge
effectively?
 Does the firm have sufficient personnel with the necessary capabilities and
competence?
 Are experts available, if needed?
 Will staff need further training to do the work?
 Are individuals meeting the criteria and eligibility requirements to perform
the engagement quality control review available where applicable?
 Is the firm able to complete the engagement within the reporting deadline?
In addition, the firm needs to consider whether acceptance would create any conflicts of interest.
HKSQC1 (Clarified)
The firm shall establish policies and procedures on continuing an engagement and the client
relationship, addressing the circumstances where the firm obtains information that would have
caused it to decline the engagement had that information been available earlier. Such policies and
procedures shall include consideration of:
(a) the professional and legal responsibilities that apply to the circumstances, including whether
there is a requirement for the firm to report to the person or persons who made the
appointment or, in some cases, to regulatory authorities, and
(b) the possibility of withdrawing from the engagement or from both the engagement and the
entity relationship.
Such procedures might include discussions with the entity's management and those charged with
governance, and, if required, discussions with the appropriate regulatory authority.
There are requirements for the engagement partner in relation to specific engagements as follows:
194

The engagement partner shall be satisfied that appropriate procedures regarding the acceptance
and continuance of client relationships and audit engagements have been followed, and shall
determine that conclusions reached in this regard are appropriate.
If the engagement partner obtains information that would have caused the firm to decline the audit
engagement if that information had been available earlier, the engagement partner shall
communicate that information promptly to the firm, so that the firm and the engagement partner can
take the necessary action.
(a) You are a partner in Talent and Co (“Talent”), a firm of Certified Public Accountants. You
have just successfully tendered for the audit of Lunch Co (“Lunch”), a chain of sandwich
shops. The tender opportunity was received cold, that is, the entity and its officers are not
known to the firm. The entity has just been incorporated and has not previously had an audit.
You are about ready to accept nomination.
Required
Explain the procedures should you carry out prior to accepting nomination.
(b) In the course of your acceptance procedures you received a reference from a business
contact of yours concerning one of the five directors of Lunch, Mr Lau. It stated that your
business contact had done some personal tax work for Mr Lau ten years previously, when he
had found Mr Lau to be difficult to keep in contact with, slow to provide information and he
had suspected Mr Lau of being economical with the truth when it came to his tax affairs. As a
result of this distrust, he had ceased to carry out work for him.
Required
Comment on the effect this reference would have on accepting nomination.
195
Business Assurance
3.5 Client screening

Many firms would use a checklist to screen potential clients. Entities can be divided into
categories based on the level of risk associated with their business practices: as low risk for entities
who demonstrate a high level of effective internal control and strong performance or high risk for
entities who have a history of poor performance, lack of finance, weak internal controls, integrity
issues or unclear related party transactions. For high risk entities firms may consider employing
specialists in response to diagnosed risks to act as an independent reviewer.
The following flow chart summarises the acceptance procedures for new and existing clients:
ACCEPT THE ENGAGEMENT?

HKSQC 1 (Clarified) – Firm wide
HKSA 220 (Clarified) – Specific engagement
CONSIDER:
Ethical issues (the Code)
Legal and technical barriers; and
Management integrity
NEW CLIENT EXISTING CLIENT
PROCEDURES: PROCEDURES:
Obtain details of last appointed auditors Consider ability to serve
Consult last appointed auditors Consider any significant change
Review available financial statements Consider change in management
Inquire of a third party
ACCEPT THE ENGAGEMENT
Ensure last appointed auditors' removal or resignation have been

properly conducted
Special notice reviewed
Obtain a copy of resolution passed
Perform professional clearance
Submit engagement letter
Verify opening balances (HKSA 510 (Clarified)) (See Chapter 14)
196
4 Engagement letters
Topic highlights
Certain issues must be agreed in writing when an audit is accepted.
4.1 Purpose of sending engagement letter

Before any professional work is undertaken, an engagement letter should be issued.
Under HKSA 210 (Clarified) Agreeing the Terms of Audit Engagement, before the start of any
professional work, the auditor and its entity should agree, in writing, the scope and nature of the
work to be undertaken. This is through the engagement letter. The purposes of the engagement
letter are:
 to help avoiding misunderstanding with respect to the engagement
 to confirm auditor's acceptance of the engagement
 to confirm the objective and scope of the audit
 to clearly state the auditor's duties and responsibilities of the entity
 to state the form of report it is going to issue
 to prevent misunderstandings between the auditor and the entity
 to confirm the fee basis and any verbal arrangements in writing
HKSA 210.9 4.2 When to send an engagement letter

The engagement letter is issued or revised in the following situations:
 For new clients, the engagement letter should be sent before any professional work has
been started.
 For recurring audits, whenever there is a significant change in circumstances, a revised
engagement letter should be sent. The engagement partner should consider whether there is
a need for a new engagement letter annually.
 For group companies, the auditor will send an engagement letter relating to the group as a
whole and identifies the components for which they are appointed as auditors.
HKSA 4.3 Contents of an engagement letter

210.10,
Appendix 1 The engagement letter should state the auditor's and the client's statutory duties and
responsibilities.
The following is a list of the sections that will or might appear in an engagement letter:
(a) Objective of the financial statement audit
(b) Directors' responsibilities – keeping proper accounting records, and making them available to
the auditors
(c) Auditor's responsibilities – to form an opinion on the entity's financial statements as to
whether they show a true and fair view and comply with the Hong Kong Companies
Ordinance
(d) Scope of auditor's work – ie applicable legislation, regulations and auditing standards, review
accounting system, collection of audit evidence, and tests of internal controls
(e) Form of reports for the engagement
(f) Stating an unavoidable risk that some material misstatements may still be undiscovered due
to inherent limitations of an audit
197
Business Assurance
(g) Expectation of receiving a letter of representation from the management

(h) Any additional work required from auditor – bookkeeping, taxation or other services
(i) Irregularities and fraud – primary responsibility is on directors
(j) Fees and basis of charge
(k) The effective date of the engagement letter
(l) Letter of acknowledgement from the board

A template of the audit engagement letter is set out below:
To the directors of _______________________________:
Objective of services
1.1 You have requested that we audit the financial statements of [ABC Company Limited]. We
are pleased to confirm our acceptance and our understanding of this audit engagement by
means of this letter. Our audit will be conducted with the objective of our expressing an
opinion on the financial statements.
Responsibilities of directors
2.1 Our audit will be conducted on the basis that you acknowledge and understand that you
have responsibility:
a. To maintain proper books of account of the company;
b. For the preparation of financial statements which give a true and fair view in accordance
with [insert applicable financial reporting framework] [Hong Kong Financial Reporting
Standards][Hong Kong Financial Reporting Standard for Private Entities] and have been
prepared in accordance with the Companies Ordinance;
c. For such internal control as you determine is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or
error; and
d. To provide us with:
(i) Access to all information of which you are aware that is relevant to the preparation
of the financial statements such as company's books of account and all other
relevant records and documentation, including minutes of all management and
shareholders' meetings and other matters;
(ii) Additional information that we may request from you for the purpose of the audit;
and
(iii) Unrestricted access to persons within the company from whom we determine it
necessary to obtain audit evidence.
Responsibilities of the auditor
3.1 We have a statutory responsibility to report to the members whether in our opinion the
financial statements give a true and fair view and whether they have been properly
prepared in accordance with the Companies Ordinance. In arriving at our opinion, we are
required to consider the following matters, and to report on any in respect of which we are
not satisfied:
a. whether proper books of account have been kept by the company and proper returns
adequate for our audit have been received from branches not visited by us;
b. whether the company's balance sheet and profit and loss account are in agreement with
the books of account and returns; and
c. whether we have obtained all the information and explanations which we consider
necessary for the purposes of our audit.
198
In addition, there are certain other matters which, according to the circumstances, may need
to be dealt with in our report. For example, where the financial statements do not give
details of directors' remuneration or of loans to officers, the Companies Ordinance requires
us to disclose such matters in our report.
3.2 We have a professional responsibility to report if the financial statements do not comply in
any material respect with [insert applicable financial reporting framework] [Hong Kong
Financial Reporting Standards][Hong Kong Financial Reporting Standard for Private
Entities], unless in our opinion the noncompliance is justified in the circumstances.
In determining whether or not the departure is justified, we consider:
a. whether the departure is required in order for the financial statements to give a true and
fair view; and
b. whether adequate disclosure has been made concerning the departure.
Scope of audit
4.1 Our audit will be conducted in accordance with Hong Kong Standards on Auditing issued by
the Hong Kong Institute of Certified Public Accountants. Those standards require that we
comply with ethical requirements and plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and
disclosures in the financial statements. The procedures selected depend on the auditor’s
judgment, including the assessment of the risks of material misstatement of the financial
statements, whether due to fraud or error. An audit also includes evaluating the
appropriateness of accounting policies used and the reasonableness of accounting
estimates made by you, as well as evaluating the overall presentation of the financial
statements.
4.2 Because of the inherent limitations of an audit, together with the inherent limitations of
internal control, there is an unavoidable risk that some material misstatements may not be
detected, even though the audit is properly planned and performed in accordance with
HKSAs.
4.3 In making our risk assessments, we consider internal control relevant to the entity’s
preparation of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. However, we will communicate to you in writing
concerning any significant deficiencies in internal control relevant to the audit of the financial
statements that we have identified during the audit. Any such report may not be provided to
third parties without our prior written consent. Such consent will be granted only on the
basis that such reports are not prepared with the interests of anyone other than the
company in mind and that we accept no duty or responsibility to any other party as concerns
the reports.
4.4 As part of our audit procedures, we will request you to provide written confirmation
concerning representations which we have received from you during the course of the audit
on matters having a material effect on the financial statements. In connection with
representations and the supply of information to us generally, we draw your attention to
section 134 of the Companies Ordinance.
4.5 In order to assist us with the examination of your financial statements, we shall request sight
of all documents or statements, including the chairman's statement, operating and financial
review and the directors' report, which are due to be issued with the financial statements.
We are also entitled to attend all general meetings of the company and to receive notice of
all such meetings.
199
Business Assurance
4.6 The responsibility for safeguarding the assets of the company and for the prevention and
detection of fraud, error and non-compliance with law or regulations rests with you.
However, we shall endeavour to plan our audit so that we have a reasonable expectation of
detecting material misstatements in the financial statements or books of account (including
those resulting from fraud, error or non-compliance with law or regulations), but our
examination should not be relied upon to disclose all such material misstatements or frauds,
errors or instances of non-compliance as may exist.
4.7 (Where appropriate - Note) We shall not be treated as having notice, for the purposes of our
audit responsibilities, of information provided to members of our firm other than those
engaged on the audit (for example, information provided in connection with accounting,
taxation and other services).
4.8 Once we have issued our report we have no further direct responsibility in relation to the
financial statements for that period. However, we expect that you will inform us of any
material event occurring between the date of our report and that of the Annual General
Meeting which may affect the financial statements.
(Consolidated financial statements
5. As the auditor of the holding company we are required to report, in similar terms to those
outlined in paragraph 3.1 above, on the group's consolidated financial statements, which
comprise the financial statements of the holding company and its subsidiaries. In order to
express an opinion on group's consolidated financial statements which include the financial
information of subsidiaries, joint ventures or associated companies of which we are not the
auditor, it will be necessary for us to communicate directly with the other auditor(s)
concerned to satisfy ourselves that:
a. so far as is practicable, there is uniformity within the group in the application of
accounting policies;
b. the consolidated financial statements give the information required by the Companies
Ordinance, applicable accounting standards and any other legislation or non-statutory
requirements affecting the presentation of financial statements; and
c. all material aspects of the consolidated financial statements have been subjected to an
audit examination, the nature and extent of which is adequate and reasonable, in our
view, for the purpose of forming an opinion on the group's consolidated financial
statements.)*
Reporting
6.1 [Insert appropriate reference to the expected form and content of the auditor's report.]
6.2 The form and content of our report may need to be amended in the light of our audit
findings.
(Other services
7. You have requested that we provide other services in respect of ...... The terms under which
we provide these other services are dealt with in a separate letter.)*
Fees
8. Our fees are computed on the basis of the time spent on your affairs by the partners and
our staff and on the levels of skill and responsibility involved plus out-of-pocket expenses.
Unless otherwise agreed, our fees will be billed at appropriate intervals during the course of
the audit and will be due on presentation.
Agreement of terms
9.1 Once it has been agreed, this letter will remain effective, from one audit appointment to
another, until it is replaced. Please sign and return the enclosed copy of this letter to
indicate your acknowledgement of, and agreement with, the arrangements for our audit of
the financial statements including our respective responsibilities.
200
(9.2 Since the terms of our engagement as auditors of the subsidiaries listed in the attached
appendix are the same, we will not send separate letters to the board of directors of each
subsidiary. We would therefore be grateful if you would forward copies of this letter to the
boards of directors of each such subsidiary and confirm that these boards have also agreed
and confirmed their acceptance of this letter.)*
Yours faithfully,
ABC & Co.
Certified Public Accountants (Practising) [or Certified Public Accountants]
Date
We agree to the terms of this letter.
(Signed)
................................. Director, for and on behalf of the board of
_____________________________
Date
* Delete where not applicable.
Note
When accounting, taxation or other services are undertaken on behalf of an audit client,
information may be provided to members of the audit firm other than those engaged on the audit.
In such cases, it may be appropriate for the audit engagement letter to include this or a similar
paragraph to indicate that the auditor is not to be treated as having notice, for the purposes of the
auditor's responsibilities, of such information, to make it clear that a company would not be
absolved from informing the auditor directly of a material matter.
5 Books and documents
Topic highlights
Audit working papers belong to the auditor. Sometimes, the terms “working papers” or “work
papers” are used.
HKSA 230.5,
7-11
5.1 Audit documentation
Audit documentation refers to the record of audit procedures performed, relevant audit evidence
obtained, and the conclusions the auditor reached.
In accordance with HKSA 230 (Clarified) Audit Documentation, the auditor prepares, on a timely
basis, audit documentation that provides:
 a sufficient and appropriate record of the basis for the auditor's report
 evidence that the audit was performed in accordance with HKSAs and applicable legal and
regulatory requirements.
HKSA 230 (Clarified) requires that the auditor prepares audit documentation on a timely basis in
order to enhance the quality of the audit. This is to allow sufficient time to review and evaluate the
audit evidence obtained and conclusions reached before the auditor's report is finalised.
201
Business Assurance
5.1.1 Nature, form, content and extent of audit procedures performed

The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor
having no previous connection with the audit, to understand. It should include:
 the nature, extent and timing of the audit procedures performed to comply with HKSAs and
applicable legal and regulatory requirements
 the results of the audit procedures performed and the audit evidence obtained
 significant matters arising during the audit ie significant risks or difficulties in applying audit
procedures
5.2 Ownership
Audit working papers are owned by the auditor. In the event of auditors taking over an audit
from another firm, they are not entitled to take over all the audit files that that firm has put together
on the entity.
The HKSA states that in order to ensure continuity of an entity's affairs, the last appointed auditors
must provide the new auditors with all the reasonable carry-over information they request, and
they should do this promptly. The last appointed auditor should ensure that he transfers all the
books and documents belonging to the entity to the new auditors without delay. He is only allowed
to keep entity's books where he is entitled to exercise a lien.
5.3 The right of lien
Key term
A lien is a supplier's right to retain possession of a customer's property until the customer pays
what is owed to the supplier.
If the last appointed auditor is still owed fees by the client, he may have a right under common law
to exercise a lien over some of the client's books. General liens over property can rarely be
established. However, it may be possible for an auditor to have a particular lien when a client owes
a debt specifically in respect of that property.
A right of particular lien will only exist where the following conditions are fulfilled:
 The documents must be the property of the entity itself (not a closely related third party)
 The documents must have come into the professional accountant's possession by proper
means
 The work must have been done and a fee note rendered in respect of it
 The fee must relate to the retained documents
5.4 Third party rights to information

As discussed in Chapter 4, the auditor owes a duty of confidentiality to the client. This means that
documents containing information about the client should not be given to third parties unless:
 the client agrees to the disclosure before it is made
 disclosure is required by statute or court order
 disclosure is otherwise in accordance with the Code of Ethics
202
5.5 Entity's rights to information

Audit working papers are the property of the auditor and as such, the client has no right of
access to them. The firm may allow the client access to the working papers if it so chooses.
However, the position is more complicated when the work undertaken is something other than
audit. For example, if the firm puts together the financial statements on behalf of the client, those
financial statements will belong to the client.
With tax work, documents created in carrying out tax compliance work will belong to the client.
HKSA 230.14 5.6 Assembly of the final audit file

The auditor should assemble the audit documentation in an audit file and complete the
administrative process of assembling the final audit file on a timely basis after the date of the
auditor's report. After the assembly, the auditor should not delete or discard audit documentation of
any nature before the end of its retention period, which is no shorter than five years from the date
of the auditor's report.
There is further discussion on audit documentation in Chapter 8.
HKSA 230.16 5.7 Changes to audit documentation in exceptional

circumstances after the date of the auditor's report
If, in exceptional circumstances, the auditor performs new or additional audit procedures or draws
new conclusions after the date of the auditor's report, the auditor shall document:
 the circumstances encountered
 the new or additional audit procedures performed
 when and by who the resulting changes to audit documentation were made and reviewed
 the specific reasons for making them
5.8 Transfer of books and documents on a change of

appointment
5.8.1 Section 440 Code of Ethics
Section 440 of the Code of Ethics states the following with regards to the transfer of books and
documents following a change of appointment:
The last appointed auditor shall provide promptly the requested information to the newly appointed
auditors. The information shall be relevant to the entity's affairs and no charge shall be made
unless there is good reason to the contrary.
The working papers belong to the last appointed auditor who is under no legal obligation to pass
his working papers to the newly appointed auditors for review. However, the last appointed auditor
has an ethical obligation to respond to the newly appointed auditor's specific inquiries and shall
pass the working papers relating to matters of continuing accounting significance in respect of
those specific areas.
203
Business Assurance
Topic recap
CHANGES IN AUDITOR
APPOINTMENT
Appointment Removal / resignation
Rights and duties in

Issues to consider accordance with Hong Kong
Companies Ordinance
Ethical HKSQC I Audit documentation Belongs to the

auditor
Legal Engagement letter
Risk
– Sets out scope /
analysis
responsibilities
– Update when necessary
– Disclosure of terms
Client
screening
New Existing
client client
204
Answer 1
XYZ & Co’s ethical obligations in relation to the change in auditors of EMM are governed by the
Code of Ethics for Professional Accountants (“the Code”). In particular, XYZ & Co should comply
with the requirements of Section 441 “Change of Auditors of a Listed Issuer of the Stock Exchange
of Hong Kong” since EMM is listed on the Hong Kong Stock Exchange.
According to Section 441 of the Code, XYZ & Co should prepare a Letter of Resignation addressed
to the audit committee and the board of directors of EMM.
The Letter of Resignation should disclose all the occurrences that, in the opinion of XYZ & Co,
affect the relationship between EMM and XYZ & Co. Such occurrences include, but are not limited
to, “disagreements” and/or “unresolved issues”.
According to the Code, ABC & Co should make a request in writing to XYZ & Co to ask if there are
any unusual circumstances surrounding the proposed change which ABC & Co should be aware of,
so that ABC & Co may determine whether it should accept the nomination.
On receipt of the written request, XYZ & Co should act expeditiously. If there are no professional or
other reasons why ABC & Co should not accept the nomination, XYZ & Co should reply
accordingly without delay.
If XYZ & Co considers it appropriate to discuss EMM's affairs with ABC & Co, XYZ & Co should
request EMM’s permission to do so freely. If permission is not granted, XYZ & Co should report
that fact to ABC & Co (who should not accept the nomination).
If, in the opinion of XYZ & Co, there are matters of which ABC & Co should be made aware, XYZ &
Co should inform ABC & Co of those factors of which, in the opinion of XYZ & Co, ABC & Co
should be aware. XYZ & Co may, for example, inform ABC & Co that the reasons advanced by
EMM for the change are not in accordance with the facts.
For example, XYZ & Co may inform ABC & Co of the fact that it proposed a rotation of the
engagement partner as an appropriate safeguard against the familiarity threat to independence,
and that EMM did not accept the increase in audit fee.
If EMM are Hong Kong incorporated listed issuers, s 140A(2) of the Companies Ordinance requires
an auditor who resigns from office before the expiry of his term , if the resignation is to be effective,
to include in his resignation a statement of any circumstances connected with his resignation which
he considers ought to be brought to the notice of members or creditors of the company, or a
statement that there are no such circumstances.
205
Business Assurance
Answer 2
(a) The following procedures should be carried out:
(i) Ensure that I and my engagement team are professionally qualified to act and
consider whether there are ethical barriers to my accepting nomination.
(ii) Review the firm's overall work programme to ensure that there are sufficient resources
to enable my firm to carry out the audit.
(iii) Obtain references about the directors as they are not known personally by me or
anyone else in my firm.
(b) The auditor must use his professional judgment when considering the responses he gets to
references concerning new clients. The guidance cannot legislate for all situations so it does
not. In the circumstance given above there is no correct answer therefore, in practice an
auditor would have to make a justified decision which he would then document.
Matters to be considered
The reference raises three issues for the auditor considering accepting nomination.
(i) The issue that the director has been difficult to maintain a relationship with in the past
(ii) The issue that the director was slow to provide information in the past
(iii) The suspicion of a lack of integrity in relation to his tax affairs
The auditor must consider these in the light of several factors:
(i) The length of time that has passed since the events
(ii) What references which refer to the interim time say
(iii) The difference between accepting a role of auditing an entity and personal tax work
(iv) The director's role in the entity and therefore the audit
(v) The amount of control exercised by the director
– Relationships with other directors
– Influence
At this stage he should not be considering how highly he values the opinion of the referee.
That should have been considered before he sent the reference. At this stage he should only
be considering the implications of the reference for his current decision.
Auditing an entity is different from auditing personal affairs in terms of obtaining information
and contacting personnel. In this case, the key issue is the question over the integrity of the
director.
As we do not have information about interim references and details of the business
arrangements it is difficult to give a definite answer to this issue. However, Mr. Lau is likely to
only have limited control over decisions of the entity being one of five directors, which might
lead to the auditor deciding that the reference was insufficient to prevent him accepting
nomination. If Mr. Lau were the Chief Financial Officer, the auditor would be more inclined
not to take the nomination.
206
Exam practice
ZZZ Holding Limited 32 minutes

Initially established approximately fifteen years ago, ZZZ Holdings Limited (“ZZZ”) is a listed
company on the Main Board of the Hong Kong Stock Exchange. ZZZ’s primary business is the
manufacture and sale of a wide range of decorative and entertainment lighting. ZZZ has over 6,000
employees and four factories in Mainland China.
Ms Apple Au is the founder (and the Chief Executive Officer) of ZZZ and has always placed a great
emphasis on innovation, quality control and quality assurance. ZZZ has more than 50 research
engineers and develops over 100 new models each year. ZZZ also has a broad portfolio of
patented products and is constantly developing more innovative products with more advanced
technology. In May 20X8, ZZZ’s previous auditor (Red and Blue) retired and declined to stand for
re-appointment after reporting on the financial statements for the year ended 31 December 20X7 in
ZZZ’s annual general meeting.
In August 20X8, Ms Au invited Ms Orange Or’s firm (Gold and Silver) to be the new auditor.
Ms Au had met Ms Or (an audit partner of Gold and Silver) through her secondary school alumni
dinner in 20X7.
Gold and Silver has recently been engaged in three initial public offering exercises and is very
short of manpower. Ms Or is in the process of assessing this prospective engagement. ZZZ’s
Accounting Manager has provided Ms Or with the audited financial statements for the year ended
31 December 20X7 and the unaudited management accounts for the eight months ended
31 August 20X8.
Required
(a) Briefly explain the procedures (other than the independence consideration)
Gold and Silver should carry out before the acceptance of Ms Au’s invitation. (6 marks)
(b) Following on from part (a) above, explain how Ms Or should assess
the integrity of Ms Au and the key management of ZZZ. (6 marks)
(c) Explain the ethical obligations of Gold and Silver regarding the change in auditors. (6 marks)
(Total = 18 marks)
HKICPA September 2008
207
Business Assurance
208
chapter 8
Planning, materiality and

risk assessment
Topic list
1 Audit planning 4 Risk

1.1 The importance of planning 4.1 Audit risk
1.2 The audit strategy and the audit plan 4.2 Business risk
1.3 Agreeing the terms of audit engagement 5 Risk assessment
2 Understanding the entity and its 5.1 Identifying and assessing the risks of
environment material misstatement
2.1 Why understanding is important 5.2 Risks of material misstatement at
2.2 Impact of the internal audit function financial statement level or assertion
3 Materiality level
3.1 Applying materiality in the context of 5.3 Significant risks
financial reporting and auditing 5.4 Automation risk
3.2 Purposes for setting materiality levels in 6 Overall responses to assessed risk of
the context of an audit of financial material misstatement
statements 6.1 Overall responses to risks of material
3.3 Materiality for the financial statements as misstatement at financial statement
a whole level
3.4 Materiality for the particular classes of 6.2 Overall responses to risks of material
transactions, account balances or misstatements at assertion level
disclosures
3.5 Performance materiality
Learning focus
Audit planning is a very important part of the audit process because it sets the direction for the
audit, based on an assessment of the risks relevant to the entity.
209
Business Assurance
Learning outcomes
Competency
level
2.05 Planning and risk assessment 3
2.05.01 Identify and explain:
2.05.01.01 The need for planning an audit
2.05.01.02 The contents of the overall audit strategy and the audit plan
2.05.01.03 The relationship between the overall audit strategy and the audit
plan
2.05.02 Develop and document an audit plan
2.05.03 Explain how auditors obtain an initial understanding of the entity
and its environment including the use of preliminary analytical
review procedures
2.05.04 Explain the components of audit risk
2.05.05 Assess the risk of material misstatement at the financial
statement level and assertion level
2.05.06 Recognise and suggest overall responses to assessed risk
2.05.07 Recognise and suggest specific procedures to respond to
assessed risks
2.07 Documentation 3
2.07.01 Document an audit plan
2.08 Materiality 3
2.08.01 Define materiality and demonstrate how it should be applied in
the context of financial reporting and auditing
210
8: Planning, materiality and risk assessment | Part D Assurance engagements
1 Audit planning
Topic highlights
Auditors must plan their work so that it is undertaken in an effective manner. The auditors formulate
an overall audit strategy which is translated into a detailed audit plan for audit staff to follow.
HKSA 300.2,
4, 6
1.1 The importance of planning
An effective and efficient audit relies on proper planning procedures. The planning process is
covered in general terms by HKSA 300 (Clarified) Planning an Audit of Financial Statements which
states that the objective of the auditor is to plan the audit so that the engagement is performed in
an effective manner.
Auditors should undertake the following:
(a) Plan the audit to enable it to be carried out in the most effective and efficient manner
(b) Consider whether to continue the entity relationship in the case of an existing entity
(c) Ensure the terms of the engagement are understood
(d) Consider ethical guidance including independence
(e) Consider entity acceptance procedures and professional clearance
(f) Establish the overall audit strategy for the audit and update any changes during the course
of the audit
(g) Develop and document an overall audit strategy for the expected scope and conduct of audit
in order to reduce audit risk to an acceptably low level
(h) Develop and document an audit plan which sets out the nature, extent and timing of planned
audit procedures
The audit strategy and plan should be revised during the audit when there are changes in
conditions or unexpected results are obtained.
Adequate planning benefits the audit in the following ways:
 Helping the auditor to devote appropriate attention to important areas of the audit
 Helping the auditor identify and resolve potential problems on a timely basis
 Helping the auditor properly organise and manage the audit engagement so that it is
performed in an effective and efficient manner
 Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper assignment of
work to them
 Facilitating the direction and supervision of engagement team members and the review of
their work
 Assisting, where applicable, in co-ordination of work done by auditors of components and
experts.
Audit procedures should be discussed with the entity's management, staff and/or audit committee
in order to co-ordinate audit work, including that of internal audit. However, all audit procedures
remain the responsibility of the external auditors.
1.1.1 Preliminary engagement activities

Planning activities establish an overall audit strategy for the engagement and develop an audit
plan in order to reduce audit risk to an acceptably low level.
211
Business Assurance
HKSA 300 (Clarified) requires that, at the beginning of the current audit engagement, the auditor
must perform the following preliminary engagement activities:
 Perform procedures regarding the continuance of the client relationship and the specific
audit engagement (HKSA 220 (Clarified))
 Evaluate compliance with ethical requirements such as independence (HKSA 220
(Clarified))
 Establish an understanding of the terms of the engagement (HKSA 210 (Clarified))
Performing the preliminary engagement activities assists the auditor in identifying and evaluating
events or circumstances that may adversely affect the auditor’s ability to plan and perform the audit
engagement.
1.2 The audit strategy and the audit plan
Key term
The audit strategy sets the scope, timing and direction of the audit, and guides the development
HKSA of the more detailed audit plan.
300.7-12
Each entity is unique and an audit strategy should be adapted to suit the particular requirements
and characteristics of the entity concerned. A strategy should be derived from the audit
engagement partner's understanding of the entity and its particular environment, which indicate
where the most significant risks of misstatements lie. The audit partner's responsibilities in this
regard are set out in HKSA 315 (Revised) – see below.
However, there are common elements to all strategies which are presented in the table that
follows:
The audit strategy: matters to consider

Characteristics of the  Relevant financial reporting framework
engagement
 Industry regulation
 Expected scope of audit
 Characteristics of business segments
 Availability of internal audit staff and work performed
 Use of service organisations
 Effect of information and communications technology on audit
procedures
 Availability of entity staff and information
Reporting objectives,  Entity's timescale for reporting and accounting policies
timing of the audit and
 New accounting standards
nature of
communications  Organisation of meetings with management and those charged with
governance
 Discussions with management and those charged with governance
 Expected communications with third parties
212
The audit strategy: matters to consider

Significant factors,  Determination of materiality
preliminary
 Areas identified with higher risks of material misstatement
engagement activities,
and knowledge gained  Results of previous audits
on other engagements  Need to maintain professional scepticism
 Evidence of management's commitment to design, implementation
and maintain sound internal controls
 Volume of transactions
 Significant business developments
 Significant industry developments and conditions
 Significant changes in the financial reporting framework
 Other significant recent developments
 Any going concern issues
Nature, timing and  Selection of engagement team
extent of resources  Assignment of work to team members
 Engagement budget
Key term
The audit plan converts the audit strategy into a more detailed plan and includes the nature, timing
HKSA 300.9 and extent of audit procedures to be performed by engagement team members in order to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
The audit plan shall include the following:

(a) A description of the nature, timing and extent of planned risk assessment procedures
(b) A description of the nature, timing and extent of planned further audit procedures at the
assertion level
(c) Other planned audit procedures required to be carried out for the engagement to comply with
HKSAs
The planning for these procedures occurs over the course of the audit as the audit plan develops.
Any changes made during the audit engagement to the overall audit strategy or audit plan, and the
reasons for such changes, shall be included in the audit documentation.
1.2.1 Documenting the audit plan

The auditor should document the overall audit strategy and the audit plan, including any significant
changes made during the audit engagement.
The auditor's documentation of the audit plan is sufficient to demonstrate the planned nature,
timing and extent of risk assessment procedures, and further audit procedures at the assertion
level for each material class of transaction, account balance, and disclosure in response to the
assessed risks.
Standard audit programmes or completion checklists could be used by the auditor who should
appropriately tailor them to reflect the particular engagement circumstances.
The auditor's documentation of any significant changes to the originally planned overall audit
strategy and to the detailed audit plan includes the reasons for the significant changes and the
auditor's response to the events, conditions, or results of audit procedures that resulted in such
changes. A record of the significant changes to the overall audit strategy and the audit plan, and
213
Business Assurance
resulting changes to the planned nature, timing and extent of audit procedures, explains the overall
strategy and audit plan finally adopted for the audit and demonstrates the appropriate response to
significant changes occurring during the audit.
The form and extent of documentation depend on such matters as the size and complexity of the
entity, materiality, the extent of other documentation, and the circumstances of the specific audit
engagement.
HKSA 210.3, 6 1.3 Agreeing the terms of audit engagement

In accordance with HKSA 210 (Clarified) the objective of the auditor is to accept or continue an
audit engagement only when the basis upon which it is to be performed has been agreed, through:
 establishing whether the pre-conditions for an audit are present
 confirming that there is a common understanding between auditor and management or those
charged with governance of the terms of the audit engagement
1.3.1 Preconditions for an audit

Preconditions for an audit are the use by management of an acceptable financial reporting
framework for preparation of its financial statements and the agreement by management and
those charged with governance on which an audit is conducted.
The auditor must:
(a) determine whether the financial reporting framework to be applied in the preparation of the
financial statements is acceptable
(b) obtain the agreement of management that it acknowledges and understands its
responsibility:
 for the preparation of financial statements in accordance with the applicable financial
reporting framework
 for establishing the internal controls necessary for enabling the preparation of financial
statements free from material misstatements
 for providing the auditor with access to information, any additional information upon
request and unrestricted access to persons within the entity for audit evidence
1.3.2 Agreeing terms with management or those charged with governance

The auditor must agree the terms of the audit engagement with management or those charged with
governance. The agreed terms of the audit engagement include matters such as:
(a) the objective and scope of the audit of the financial statements;
(b) the responsibilities of the auditor and management;
(c) identification of the applicable financial reporting framework for the preparation of the
financial statements; and
(d) reference to the expected form and content of any reports to be issued by the auditor and a
statement that there may be circumstances in which a report may differ from its expected
form and content. This may be done in an engagement letter or any suitable form of written
agreement.
214
2 Understanding the entity and its environment

Topic highlights
The auditor is required to obtain an understanding of the entity and its environment in order to be
able to assess the risks of material misstatement.
HKSA 315.3 2.1 Why understanding is important

Obtaining an understanding of the entity and its environment is an essential aspect of performing
an audit in accordance with HKSAs. The main standard we are concerned with here is HKSA 315
(Revised) Identifying and Assessing the Risks of Material Misstatement through Understanding the
Entity and its Environment. This standard was revised in July 2012 and is effective for audits of
financial statements for periods ending on or after 15 December 2013. The main changes relate to
the way in which the work of the internal audit function affects the auditor’s understanding of the
entity and the risk assessment process. The additional material included in the revised HKSA is
covered in section 2.2 below.
HKSA 315 (Revised) states that the objective of the auditor is to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and assertion
levels, through understanding the entity and its environment, including the entity’s internal control,
thereby providing a basis for designing and implementing responses to the assessed risks of
material misstatement.
HKSA 315.5-6 The auditor must perform risk assessment procedures to provide a basis for the identification
and assessment of the risks of material misstatement at the financial statement and assertion
levels. These must include:
 Inquiries
 Analytical procedures
 Observation and inspection
Key term
Risk assessment procedures are audit procedures performed to obtain an understanding of the
entity and its environment, including the entity’s internal control, to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and assertion level.
The auditor must gather, review and analyse information through observation, inquiry and
discussion to create a picture of the whole entity in order to understand the particular risks the
entity faces, whether these are from its internal structure and control systems (fraud, human error,
aggressive targets putting management under undue pressure, high volume of transactions or
inexperienced staff) or the wider environment (political, technological, economic or market factors
which may expose the business to unforeseen challenges or uncertainty).
With this information, the auditor may then develop appropriate procedures in order to ascertain
where the most significant risks of material misstatement lie. Auditors may use data from prior
periods and knowledge built up from previous audits, but must evaluate the information for current
reliability.
215
Business Assurance
The following table provides a simple summary of this important point:
Obtaining an understanding of the entity and its environment
Why?  To identify and assess the risks of material misstatement in the financial statements
whether due to fraud or error other factors
 To enable the auditor to design and perform further audit procedures
 To provide a frame of reference for exercising audit judgment, for example, when
setting audit materiality and identifying special audit areas
 To evaluate sufficient and appropriate audit evidence
 To develop expectations for use when performing analytical procedures
What?  Industry, regulatory and other external factors, including the applicable financial
reporting framework
 Nature of the entity, including operations, ownership and governance, investments,
structure and financing
 Entity's selection and application of accounting policies
 Objectives and strategies and related business risks that might cause material
misstatement in the financial statements
 Measurement and review of the entity's financial performance
 Internal control
 Control environment
 Entity’s risk assessment process
 Information system
 Entity’s communication of financial reporting matters
 Control activities relevant to the audit
 Activities to monitor internal control over financial reporting
How?  Inquiries of management, the internal audit function and others within the entity
 Analytical procedures to highlight areas of high risk
 Observation and inspection of activities and operations of the entity
 Prior period knowledge
 Entity acceptance or continuance process
 Discussion by the engagement team of the susceptibility of the financial
statements to material misstatement and the application of the applicable financial
reporting framework
 Information from other engagements undertaken for the entity
 Reconsider the nature, extent and timeliness of substantive testing
Key term
Analytical procedures consist of the evaluations of financial information through analysis of
HKSA 520.4 plausible relationships among both financial and non-financial data. They also encompass such
investigation as is necessary of identified fluctuations or relationships that are inconsistent with
other relevant information or that differ from expected values by a significant amount.
216
2.2 Impact of the internal audit function

As explained in 2.1 above, the HKSA 315 (Revised) considers the way in which the internal audit
function affects this stage of the audit. The key points it makes in respect of this are as follows:
HKSA 315.A6 2.2.1 Risk assessment procedures and related activities

- A13
Inquiries of management, the internal audit function and others within the entity
 Apart from obtaining information from management and those responsible for financial
reporting, the auditor can obtain information through inquiries with the internal audit function,
if the entity has such a function, and others within the entity.
 HKSA 260 (Clarified) identifies the importance of effective two-way communication in
assisting the auditor to obtain information from those charged with governance in this regard.
 Inquiries of employees involved in initiating, processing or recording complex or unusual
transactions may help the auditor evaluate the appropriateness of the selection and
application of certain accounting policies.
 Inquiries directed towards in-house legal counsel may provide information about litigation,
compliance with laws and regulations etc.
 Inquiries of marketing or sales personnel may provide information about changes in the
entity’s marketing strategies, sales trends or contractual arrangements with customers.
 Inquiries directed to the risk management function (or those performing such roles) may
provide information about operational and regulatory risks that may affect financial reporting.
 Inquiries directed to information systems personnel may provide information about system
changes, system or control failures, or other information system-related risks.
 As obtaining an understanding of the entity and its environment is a continual, dynamic
process, the auditor's inquiries may occur throughout the audit engagement.
Inquiries of the internal audit function
If an entity has an internal audit function, inquiries of the appropriate individuals within the function
may provide information that is useful to the auditor in obtaining an understanding of the entity and
its environment, and in identifying and assessing risks of material misstatement at the financial
statement and assertion levels.
In performing its work, the internal audit function is likely to have:
 obtained insight into the entity's operations and business risks,
 findings based on its work, such as identified control deficiencies or risks, that may
provide valuable input into the auditor's understanding of the entity, the auditor's risk
assessments or other aspects of the audit.
Inquiries of particular relevance may be about matters the internal audit function has raised with
those charged with governance and the outcomes of the function's own risk assessment process.
If, based on responses to the auditor's inquiries, it appears that there are findings that may be
relevant to the entity's financial reporting and the audit, the auditor may consider it appropriate to
read related reports of the internal audit function.
In addition, according to HKSA 240 (Clarified), if the internal audit function provides information to
the auditor regarding any actual, suspected or alleged fraud, the auditor takes this into account
in the auditor's identification of risk of material misstatement due to fraud.
217
Business Assurance
Appropriate individuals within the internal audit function with whom inquiries are made are those
who, in the auditor's judgment, have the appropriate:
 knowledge
 experience
 authority
This will normally include the chief internal audit executive or, depending on the circumstances,
other personnel within the function. The auditor may also consider it appropriate to have periodic
meetings with these individuals.
Considerations specific to public sector entities
Auditors of public sector entities often have additional responsibilities with regard to internal
control and compliance with applicable laws and regulations. Inquiries of appropriate individuals in
the internal audit function can assist the auditors in identifying the risk of material non-compliance
with applicable laws and regulations and the risk of deficiencies in internal control over financial
reporting.
Audit evidence for elements of the control environment
The auditor may also consider how management has responded to the findings and
recommendations of the internal audit function regarding identified deficiencies in internal
control relevant to the audit, including whether and how such responses have been implemented,
and whether they have been subsequently evaluated by the internal audit function.
HKSA 315.A109 2.2.2 The entity's internal audit function

- A116
 If the entity has an internal audit function, obtaining an understanding of that function
contributes to the auditor's understanding of the entity and its environment, including internal
control, in particular the role that the function plays in the entity's monitoring of internal
control over financial reporting. This understanding, together with information obtained from
inquiries of management can assist the auditor in identification and assessment of the risks
of material misstatement.
 The responsibilities of an internal audit function may include performing procedures and
evaluating the results to provide assurance to management and those charged with
governance regarding the design and effectiveness of risk management, internal
control and governance processes. If so, the internal audit function may play an important
role in the entity's monitoring of internal control over financial reporting.
 The auditor's inquiries of appropriate individuals within the internal audit function may help
the auditor obtain an understanding of the nature of the internal audit function's
responsibilities. If the auditor determines that the function's responsibilities are related to
the entity's financial reporting, the auditor may obtain further understanding of the activities
performed, or to be performed, by the internal audit function by reviewing the internal audit
function's audit plan for the period, if any, and discussing that plan with the appropriate
individuals within the function.
 If the nature of the internal audit function's responsibilities and assurance activities are
related to the entity's financial reporting, the auditor may also be able to use the work of
the internal audit function to modify the nature or timing, or reduce the extent, of audit
procedures to be performed directly by the auditor in obtaining audit evidence. Auditors may
be more likely to be able to use the work of an entity's internal audit function when it
appears, for example, based on experience in previous audits or the auditor's risk
assessment procedures, that the entity has an internal audit function that is adequately and
appropriately resourced relative to the size of the entity and the nature of its operations, and
has a direct reporting relationship to those charged with governance.
218
 If, based on the auditor's preliminary understanding of the internal audit function, the auditor
expects to use the work of the internal audit function to modify the nature or timing, or reduce
the extent, of audit procedures to be performed, HKSA 610 (Revised 2013) applies.
 As is further discussed in HKSA 610 (Revised 2013), the activities of an internal audit
function are distinct from other monitoring controls that may be relevant to financial
reporting, such as reviews of management accounting information that are designed to
contribute to how the entity prevents or detects misstatements.
 HKSA 200 (Clarified) discusses the importance of the auditor planning and performing the
audit with professional scepticism, including being alert to information that brings into
question the reliability of documents and responses to inquiries to be used as audit
evidence. Accordingly, communication with the internal audit function throughout the
engagement may provide opportunities for internal auditors to bring such information to the
auditor's attention. The auditor is then able to take such information into account in the
auditor's identification and assessment of risks of material misstatement.
In performing an audit of financial statements, auditors should have or obtain knowledge of the
business sufficient to enable them to identify and understand the events, transactions and practices
that, in the auditors’ judgment, may have a significant effect on the financial statements or on the
audit or the auditors’ report.
Required
(a) State how obtaining an understanding of the entity can assist the auditor in the planning of
an audit engagement.
(b) Assume that you have been recently appointed as an auditor of a large electronic
manufacturing company in Hong Kong with subsidiary operations in Guangzhou. Discuss
some of the matters you would consider in obtaining knowledge of the business under the
following headings:
(i) General economic factors;
(ii) the industry; and
(iii) the entity
3 Materiality
Topic highlights
Materiality should be calculated at the planning stages of all audits. The calculation or
estimation of materiality should be based on experience and judgment.
Materiality should be reviewed throughout the audit and revised if necessary. An item might be
material due to its nature, value or impact on the readers of the financial statements.
Assessing whether an omission or misstatement may influence the decision-making by users,
requires consideration of the characteristics of those users and how the information may be used.
219
Business Assurance
3.1 Applying materiality in the context of financial reporting and

auditing
The objective of the auditor is to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement. Therefore, the auditor is required to
identify and assess the risks of material misstatements in the audit process.
The consideration of materiality is divided into:
HKSA 320 (Clarified) Materiality in Planning and Performing an Audit – materiality in planning and
performing an audit of financial statements; and
HKSA 450 (Clarified) Evaluation of Misstatements Identified during the Audit – materiality in
evaluating the effect of identified misstatements on the audit and of uncorrected misstatements on
The auditor has to satisfy both HKSAs.
3.1.1 Materiality in the context of an audit

The objective of the auditor is to apply the concept of materiality in planning and performing the
audit and to evaluate the effect of identified and uncorrected misstatements on the financial
statements. The auditor's determination of materiality is a matter of professional judgment.
3.1.2 Materiality in the context of financial reporting

A financial reporting framework such as the HKFRS, discusses the concept of materiality in the
context of the preparation and presentation of financial statements. The concept of materiality is
discussed differently in different financial reporting frameworks.
For example, in HKSA 1 (Revised), materiality is defined as follows:
'Omissions or misstatements of items are material if they could, individually or collectively,

influence the economic decisions that users make on the basis of the financial statements.
Materiality depends on the size and nature of the omission or misstatement judged in the
surrounding circumstances. The size or nature of the item, or a combination of both, could be the
determining factor'.
3.2 Purposes for setting materiality levels in the context of an

audit of financial statements
Key term
Materiality is an expression of the relative significance or importance of a particular matter in the
context of financial statements as a whole.
HKSA 320.2, In the context of the audit:

5-6
 Misstatements, including omissions, are considered to be material if they, individually or in
the aggregate, could reasonably be expected to influence the economic decisions of users
taken on the basis of the financial statements
 Judgments about materiality are made in the light of surrounding circumstances and are
affected by the size and/or nature of a misstatement
 Judgments about matters that are material to users of the financial statements are based on
a consideration of the common financial information needs of users (not the effect on specific
individual users)
220
Auditors need to use professional judgment in determining materiality. The level of materiality is
affected by the auditor's perception of the financial information needs of the users of the financial
statements.
The concept of materiality is applied by the auditor in:
(a) planning and performing the audit;
(b) evaluating the effect of identified misstatements on the audit;
(c) evaluating the effect of uncorrected misstatements on the financial statements ie the nature
of the uncorrected misstatements; and
(d) forming the opinion in the auditor's report.
3.2.1 Materiality in audit planning

Materiality considerations during audit planning are extremely important. The assessment of
materiality at this stage should be based on the most recent and reliable financial information and
will help to determine an effective and efficient audit approach.
Materiality assessment will help the auditors to decide:
(a) the cut off point on how much information should be obtained (quantity) and what type of
information is relevant (nature)
(b) whether to use sampling techniques
(c) what level of error is likely to lead to a qualified audit opinion. It serves the objective of audit
– ie express an opinion whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework.
The resulting combination of audit procedures should help to reduce audit risk to an appropriately
low level.
HKSA 320 (Clarified) requires an auditor to determine at least two types of materiality in planning
an audit:
(a) Materiality for the financial statements as a whole; and
(b) Performance materiality
3.2.2 Materiality and its relationship with audit risk

Auditors should consider materiality and its relationship with audit risk in conducting the audit.
Auditors should plan and perform the audits so as to provide them with sufficient (quantity)
evidence to give reasonable assurance that the financial statements are free from material
misstatement and give a true and fair view.
Auditors should consider materiality when determining the nature, extent and timeliness (NET) of
audit procedures. Auditors need to consider both materiality levels for quantity and quality factors,
therefore it is necessary to set an acceptable materiality level as the benchmark.
There is an inverse relationship between materiality and the level of audit risk – the higher the
materiality level, the lower the audit risk and vice versa.
3.2.3 Materiality in misstatements identified

Auditors should assess whether the aggregate of uncorrected misstatements that have been
identified during the audit is material in all aspects when evaluating whether the financial
statements have been prepared within an applicable financial reporting framework. We will
discuss this further when studying HKSA 265 (Clarified) in Chapter 15.
If the auditor has identified a material misstatement resulting from error, the auditor should
communicate the misstatements to the appropriate level of management and consider the need to
report it to those charged with governance in accordance with HKSA 260 (Clarified).
221
Business Assurance
3.3 Materiality for the financial statements as a whole

HKSA 320.10
HKSA 320 (Clarified) states that the auditor, using professional judgment, shall determine
materiality for the financial statements as a whole, when establishing the overall audit strategy.
Materiality at the overall statement level may be different from the assertion level depending on the
specific risks identified. A chosen benchmark such as profit before tax, gross profit or net asset
value could be taken as a starting point to determine the materiality for the financial statements as
a whole.
HKSA
320.A10
3.4 Materiality for the particular classes of transactions, account
balances or disclosures
Auditors shall determine the materiality level or levels to be applied to those particular classes of
transactions, account balances or disclosures that are expected to be influential to the users of
financial statements. Where misstatements of lesser amounts than materiality for the financial
statements as a whole could affect the economic decisions of users, materiality levels for those
particular balances must be set. In deciding whether this is necessary auditors should consider:
 whether law, regulations or the applicable financial framework affect users
 the key disclosures in relation to the industry in which the entity operates
 whether separate disclosure in the financial statements is required
3.5 Performance materiality
Key term
Performance materiality means the amount set by the auditor at less than materiality for the
HKSA 320.9 financial statements as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for the financial
statements as a whole. If applicable, performance materiality also refers to the amount or amounts
set by the auditor at less than the materiality level or levels for particular classes of transactions,
account balances or disclosures.
Planning the audit solely to detect individually material misstatements fails to take into account the
aggregated effect of individually immaterial misstatements on the overall financial statements.
The auditor is therefore required to determine performance materiality for purposes of:
(a) assessing the risks of material misstatement; and
(b) determining the nature, timing and extent of further audit procedures
It may relate to a particular class of transactions, account balance or disclosure.
As for the determination of materiality at the financial statement level, there is no single formula for
performance materiality.
The determination of performance materiality involves the exercise of professional judgment and is
affected by:
(a) the auditor's understanding of the entity, updated during the performance of the risk
assessment procedures; and
(b) the nature and extent of misstatements identified in previous audits and the auditor's
expectations in relation to misstatements in the current period.
If the auditor concludes that a lower materiality than that initially determined is appropriate for the
financial statements as a whole, the auditor must determine:
 whether it is necessary to revise performance materiality, and
 whether the nature, extent and timing of the further audit procedures remain appropriate
222
J Limited (“J”) is a listed entity with a wide spread of shareholders. The entity is engaged in the
manufacture and trading of civil engineering products. Your firm has been the auditor of J for the
past five years, and has not encountered any significant audit problems during this period. J has
been operating with its present entity structure and its basic product range for the past three-and-a-
half years. The entity has built a strong reputation in the market place based on its astute,
conservative management style and quality product range. The “geotextile” products, targeted
mainly at the road construction market, which represent 40% of J's revenue, have come under
heavy competition in the last six months, eroding J's profit margins on these products significantly.
The following is a summary of J's key financial data:
Year Revenue Operating profit Total assets Net assets
$m $m $m $m
20Y0 1,324 56 1,555 755
20X9 1,266 72 1,494 685
20X8 1,275 90 1,617 615
20X7 1,512 78 1,387 580
20X6 1,739 67 1,629 605
Required
Determine the audit planning materiality figure to be adopted in the audit of J's financial statements
for the year ended 31 December 20Y0. Discuss and justify your selection of the key financial data
used as bases for the materiality calculations and the percentages applied to these bases.
4 Risk
4.1 Audit risk
Topic highlights
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. It is a function of the risk of material misstatement (inherent
risk and control risk) and the risk that the auditor will not detect such misstatement (detection
risk).
Key term
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated.
HKSA Audit risk has two major components. One is dependent on the entity, and is the risk of material
200.13c misstatement arising in the financial statements (inherent risk and control risk). The other is
dependent on the auditor, and is the risk that the auditor will not detect material misstatements in
the financial statements (detection risk).
223
Business Assurance
Audit risk can be represented by the audit risk model:
Audit risks
Risks of material misstatement Detection risks
At financial At assertion level

statement level
Inherent risks Control risks
Auditors perform risk assessment procedures to Perform procedures in

understand the entity and its environment and response to assessed
then assess the risks (Chapter 10). risks to reduce audit
risks to an acceptably
low level (See Chapters
11, 12, 13, 14, and 15)
4.1.1 Inherent risk
Key term
Inherent risk (IR) is the susceptibility of an assertion about a class of transactions, account
HKSA balance or disclosure to a misstatement that could be material either individually or when
200.13n
aggregated with other misstatements, before consideration of any related controls.
Inherent risks exist on two levels: at the entity level and for single items or balances, where there is
a significant risk of misstatement (assertion level). The risk of misstatement may be through error
particularly in the cases of very complex transactions, an inexperienced management team or lax
internal controls. Examples include the temptation to overstate sales in order to increase revenue,
or wrongful timing of revenue recognition and so forth.
The level of inherent risk is affected by the nature of the entity; the experience and ethos of its
management; the industry within which it operates; the degree to which that industry is regulated;
and also the strategies it chooses to pursue.
The degree of inherent risk is a matter for the auditors' professional judgment which must be based
on their understanding of the entity, its management, the nature of its transactions and the
reliability of the accounting systems. Where knowledge is limited then the inherent risk is deemed
to be high.
224
Factors affecting the entity

Integrity and risk profile of Domination by a powerful individual may cause problems
senior management
Management quality and Changes in management and quality of financial management
experience
Aggressive targets put Examples include tight reporting deadlines, or market or financing
pressure on management expectations
Profile of product or service Potential problems include technological obsolescence or over-
offering dependence on single product
Industry environmental Competitive conditions, regulatory requirements, technological
factors developments, sudden drop or rise in customer demand
Information and Problems include lack of supporting documentation, concentration
communications technology of expertise in key people, or unauthorised access
Factors affecting individual account balances or transactions (assertion level)

Financial statement accounts The risk is particularly high for complex transactions or balances
prone to misstatement that require a high degree of estimation or where internal control
and systems are unreliable
Complex accounts Accounts which require expert valuations or are subjects of
current professional discussion may be considered complex
Assets at risk of being lost or Cash, inventory, portable non-current assets (such as notebook
pilfered computers)
Quality of accounting This depends on the controls over and competence and efficiency
systems of individual departments (sales, purchases, cash etc)
High volume transactions The accounting system may have problems coping with sudden
peaks in demand
Unusual transactions Transactions for large amounts, with unusual names, or which are
not settled promptly (recognition problems particularly likely if they
occur at the end of the reporting period)
Transactions processed outside of the system, which may relate
to specific entities or which are processed by particular individuals
and therefore are not subject to usual internal process controls
Staff Structural or technological changes, key people leaving, changes
to working terms or conditions may all lead to low morale and a
higher risk of fraudulent or careless behaviour
4.1.2 Control risk

The second element of the risk of material misstatement in the financial statements is control risk.
Key term
Control risk (CR) is the risk that a misstatement that could occur in an assertion about a class of
HKSA transaction, account balance or disclosure and that could be material, either individually or when
200.13n
aggregated with other misstatements, will not be prevented or detected and corrected on a timely
basis by the entity's internal controls.
225
Business Assurance
A preliminary assessment of control risk at the planning stage of the audit is required to
determine the level of controls and substantive testing to be carried out. The Canadian Institute of
Chartered Accountants’ (“CICA”) Research Study “Extent of Audit Testing” identified four major
factors affecting the level of control risk and they are as follows:
(a) Evaluation of internal control. In general, the stronger the internal controls, the lower the
risk. After the assessment of control risk, auditors should carry out tests of control to obtain
reasonable assurance that the internal controls on which they intend to rely are operating
effectively during the reporting period. Controls testing will be examined in more detail in
Chapter 11.
(b) Work performed by internal and other auditors. If the audit client has an internal audit
function and the auditors decided to rely on the work performed by the internal auditors after
the assessment, the control risk can be adjusted to lower. In addition, if the auditor can rely
on the work performed by another independent auditor in the case of subsidiaries or
branches, the control risk can also be lowered. Use of the work of others will be discussed
further in Chapter 14.
(c) The nature of audit trail. As defined by CICA, audit trail refers to the documentary evidence
either of compliance with internal control procedures or of the transfer of accounting
information from its point of origin through intermediate records to its final inclusion in the
general ledger. Lack of audit trail suggests high control risk.
(d) Computerised accounting system. The existence of such a system and the use of the
computer as an audit tool will affect the assessment of control risk made by the auditor. We
will discuss this further in Chapter 20.
4.1.3 Detection risk
Key term
Detection risk (DR) is the risk that the procedures performed by the auditor to reduce audit risk to
HKSA an acceptably low level will not detect a misstatement that exists and that could be material, either
200.13e
individually or when aggregated with other misstatements.
The third element of audit risk is detection risk. This is the component of audit risk over which the
auditors have a degree of control, because, if risk is too high to be tolerated, the auditors can carry
out more work to reduce this aspect of audit risk. Sampling risk and non-sampling risk are
relevant and will be examined later.
Detection risk relates to the inability of the auditors to examine all evidence. Audit evidence is
usually persuasive rather than conclusive so some detection risk is usually present, allowing the
auditors only to seek “reasonable assurance” not absolute assurance. Detection risk relates to the
nature, timing and extent of the auditor's procedures that are determined by the auditor to reduce
audit risk to an acceptably low level. It is therefore a function of the effectiveness of an audit
procedure and of its application by the auditor.
There is an inverse relationship between IR and CR versus DR.
HIGH
Assessed risks of material Therefore

misstatement at more audit DR
the assertion level work
IR × CR
226
4.2 Business risk
Topic highlights
Business risk is the risk arising to the entity through being in operation.
Key terms
Business risk is the risk resulting from significant conditions, events, circumstances, actions or
HKSA 315.4b inactions that could adversely affect an entity’s ability to achieve its objectives and execute its
strategies, or from the setting of inappropriate objectives and strategies. It is split into three
categories:
Financial risks are the risks arising from the financial activities or financial consequences of an
operation, for example, cash flow issues or overtrading.
Operational risks are the risks arising with regard to operations, for example, the risk that a major
supplier will be lost and the entity will be unable to operate.
Compliance risk is the risk that arises from non-compliance with the laws and regulations that
surround the business.
Business risk includes all risks facing the business. In other words, inherent audit risk may include
business risks.
In response to business risk, the directors institute a system of controls. These will include controls
to mitigate against the financial aspect of the business risk. These are the controls some of which
control risk incorporates.
Therefore, although audit risk is very financial statements focused, business risk does form part of
the inherent risk associated with the financial statements, not least, because if the risks materialise,
the going concern basis of the financial statements could be affected.
5 Risk assessment
Topic highlights
When the auditor has obtained an understanding of the entity, he shall identify significant risks and
assess the risks of material misstatement in the financial statements.
HKSA 315.25 5.1 Identifying and assessing the risks of material misstatement
HKSA 315 (Revised) says that the auditor shall identify and assess the risks of material
misstatement at the financial statement level and at the assertion level for classes of
transactions, account balances and disclosures.
It requires the auditor to take the following steps:
Step 1 Identify risks throughout the process of obtaining an understanding of the entity and its
environment.
Step 2 Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole.
Step 3 Relate the risks to what can go wrong at the assertion level.
Step 4 Consider the likelihood of the risks causing a material misstatement.
227
Business Assurance
Key term
Assertions are representations by management, explicit or otherwise, that are embodied in the
HKSA 315.4a financial statements, as used by the auditors to consider the different types of potential
misstatements that may occur. We look at these in detail in Chapter 9.
Auditors should determine risks that require special audit consideration (“significant risks”)
and consider whether controls are implemented to mitigate these risks.
Auditors should evaluate the design of the entity's controls and should determine the
implementation of the entity's controls. If it is not possible or impracticable to reduce the risks of
material misstatement at the assertion level to an acceptably low level with audit evidence obtained
by substantive testing, then the auditor should evaluate the design and implementation of the
entity's controls.
5.2 Risks of material misstatement at financial statement level or

assertion level
As said in the previous section, under HKSA 315 (Revised), auditors should identify and assess the
risks of material misstatement at the financial statement level and at the assertion level for
classes of transactions, account balances and disclosures.
So what is the difference between the two levels? The two can be contrasted in the following table:
Differences between financial statement level and assertion level
At the financial statement level At the assertion level

 Applying to the financial statements as a  Not able to reduce the risks of material
whole misstatement to an acceptably low level with
audit evidence obtained only from
 Able to reduce audit risk to an
substantive procedures
acceptably low level
 Refer to specific classes of transactions,
 More pervasive to the financial
accounts balances
statements as a whole
 Risks arise from the particular characteristics
 Affect many assertions
of a class of transaction
 Risks from a deficient control
 Identify controls that are likely to prevent,
environment which includes
detect or correct material misstatements
management's attitudes towards good
internal control practice  Comprises of inherent risk and control risk
(Combined assessment of the risk of
 Deficiencies in controls, in particular of
material misstatement)
management's lack of competence
 Auditor would perform tests of controls to
 Aggressive business strategies
support the risk assessment
 Significant business risk: such as fraud
 Complexity of business operation
 High pressure on performance
measures and reviews
 Cannot focus on a specific risk
 Concern about the entity as a going
concern
228
Differences between financial statement level and assertion level
Factors to consider Factors to consider

 Management integrity  Accounts likely to be susceptible to
misstatements (ie required many
 Management experience and knowledge
adjustments in previous year's audit or
 Unusual pressures on management (ie accounts that include estimated amounts)
plan to go public, bonuses tied to sales
 Complexity of underlying transactions (eg
or profits)
financial instruments)
 Nature of entity's business
 Degree of judgment involved in determining
 Industry factors ie special regulations account balances (eg provision for
and reporting changes contingent liabilities and warranty expenses)
 Susceptibility of assets to loss or
misappropriation
 Completion of unusual transactions
particularly near the year end
 Transactions not subject to ordinary
processing ie special treatment of
transaction (significant risk)
5.3 Significant risks
Topic highlights
Significant risks are complex or unusual transactions that may indicate fraud, or other risks or are
unusual in their characteristics. Routine and non-complex transactions are less likely to give rise to
significant risk than unusual transactions.
Key term
Significant risks are those that require special audit consideration.
HKSA 315.4e
Significant risks are often related to:
HKSA
315.27-29  non-routine transactions
 judgmental matters
5.3.1 Significant risks relating to non-routine transactions

Non-routine transactions are transactions which occur occasionally due to either their size or
nature. They are deemed to be of significant risk because there is more:
 management intervention or overriding in accounting treatment;
 complex accounting principles or calculations;
 manual intervention for data collection and processing; and
 opportunity for control procedures not to be followed.
229
Business Assurance
5.3.2 Significant risks relating to judgmental matters

Risks of material misstatement may be greater for matters that require the use of accounting
estimates which involve a degree of uncertainty. Auditors must consider:
 whether accounting principles for accounting estimates have been followed;
 possible interpretations of revenue recognition, and how management may have construed
the transaction;
 that the judgment used may be subjective or complex (or unduly optimistic as to the
outcome!); and
 the basis for any assumptions about the effects of future events such as fair value.
Where there is a significant risk the auditor must thoroughly investigate the entity's controls
pertaining to that risk.
5.4 Automation risk

Many companies have taken advantage of the huge strides in information and communications
technology to automate the processing of routine transactions, resulting in little or no manual
intervention, with the result that there is no longer a physical audit trail. Where audit evidence
exists only in electronic form, the auditors should concentrate on tests of controls rather than
substantive procedures.
Nepco is a European entity that manufactures high quality computer components and assembles
computer parts. It has existed for some years and is part of a vertical supply chain for a well-known
brand of computer hardware. Profits are coming under increasing pressure from manufacturers in
the Far East and Asia with lower labour costs, and from rising raw material costs. Nepco is listed
on a stock exchange. There is pressure from institutional investors for better returns in the form of
dividends and the main institutional investors are considering selling a proportion of their shares in
the entity. The directors of Nepco are considering whether to move into new market areas.
Nepco has good accounting and internal control systems. Inventory is material to the financial
statements, and there is a good set of permanent inventory records. No year-end inventory count is
conducted. Operational compliance issues are important to Nepco. Many countries have inflexible
quality standards and some projects are being held up because of difficulties in obtaining approval
from regulators for new components.
All staff and directors of Nepco are remunerated (at least in part) on a performance-related basis,
some with share options. Staff are generally highly qualified and well paid. This is your first year as
auditors. Your firm has very little experience in this industry. External audit costs are tightly
controlled and your firm has agreed to a budget that will allow very little flexibility.
Required
Describe the risks relating to Nepco under the headings of inherent risk, control risk and detection
risk.
230
6 Overall responses to assessed risk of material

misstatement
Topic highlights
The overall audit strategy and detailed audit plan may need to be revised to address the assessed
risk of material misstatement.
6.1 Overall responses to risks of material misstatement at

financial statement level
HKSA 330.5 Under HKSA 330 (Clarified) The Auditor's Responses to Assessed Risks, overall responses
include issues such as emphasising to the team the importance of professional scepticism,
allocating more staff, using experts or providing more supervision.
Overall responses to address the risks of material misstatement at the financial statement level will
be changes to the general audit strategy or re-affirmations to staff of the general audit strategy in
order to reduce the audit risk to an acceptably low level. Documentation is required.
For example:
 Emphasising to audit staff the need to maintain professional scepticism
 Assigning additional or more experienced staff to the engagement team
 Providing more training to audit staff
 Providing more supervision on the audit
 Incorporating more unpredictability into the audit procedures
 Making general changes to the nature, timing or extent of audit procedures
 Consider the use of expert
 Collect more pervasive evidence
The evaluation of the control environment that will have taken place as part of the assessment of
the entity's internal control systems will help the auditor determine what type of audit approach to
take.
Some general guidelines
Risk at financial  No specific additional response

statement level is  Maintain professional scepticism
low
Risk at financial  Remind the engagement team to maintain professional scepticism
statement level is  Assign more experienced staff
normal to medium  Budget in more review and supervision
 Consider resigning from the engagement
Risk at financial  Remind the engagement team to maintain professional scepticism
statement level is  Assign more experienced staff
high  Budget more review and supervision
 Assign an expert if required, for example if computer fraud is
suspected
 Do not rely on entity's internal controls and use substantive procedures
only
 Perform audit procedures in unexpected manner
 Consider resignation from engagement
231
Business Assurance
6.2 Overall responses to risks of material misstatements at

assertion level
HKSA 330.6- HKSA 330 (Clarified) says that the auditor shall design and perform further audit procedures whose
7, 10, 18-19 nature, extent and timing are based on and are responsive to the assessed risks of material
misstatement at the assertion level.
AUDIT PROCEDURES
NATURE EXTENT TIMING

 Determine whether to  Quantity of a specific  Perform further audit
perform tests of controls or audit procedures to be procedures at an
substantive testing or both performed interim stage or at
period end
 Substantive approach –  Required judgment on
perform only substantive materiality  Perform audit
testing (No effective procedures before the
 Higher risk = increase
controls); or period end – to identify
extent
significant matters at
Combined approach – use
 Use sampling approach early stage of audit
both tests of controls and
substantive testing  Higher risk = perform
substantive tests nearer
to or at period end
rather than earlier dates
or perform at
unpredictable times
6.2.1 Tests of controls
Key term
Tests of controls are audit procedures designed to evaluate the operating effectiveness of
HKSA 330.4b controls in preventing, or detecting and correcting, material misstatements at the assertion level.
When the auditor's risk assessment includes an expectation that controls are operating effectively,
the auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence
that the controls are operating in a satisfactory manner.
The auditor shall also undertake tests of controls when it will not be possible to obtain sufficient
appropriate audit evidence simply from substantive procedures alone. This might be the case if the
entity conducts its business using IT systems which do not produce documentation of the
transactions.
In carrying out tests of controls, auditors shall use inquiry, among other procedures, such as re-
performance and inspection.
When considering timing in relation to tests of controls, the purpose of the tests will be important.
For example, if the entity carries out a year-end inventory count, controls over the inventory count
can only be tested at the year-end. Other controls will operate all year round, and the auditor may
need to test that those controls have been effective throughout the period.
Some controls may have been tested in prior audits and the auditor may choose to rely on previous
evidence that they are effective. If this is the case, the auditor shall obtain evidence about any
232
changes since the controls were last tested and shall test the controls if they have changed. In any
case, controls shall be tested for effectiveness at least once in every three audits.
If the related risk has been designated a significant risk, the auditor shall not rely on testing done in
prior years, but shall perform testing in the current year.
6.2.2 Substantive procedures
Key term
Substantive procedures are audit procedures designed to detect material misstatements at the
HKSA 330.4a assertion level. They consist of tests of details of classes of transactions, account balances and
disclosures, and substantive analytical procedures.
The auditor shall always carry out substantive procedures on material items. HKSA 330
(Clarified) says that irrespective of the assessed risks of material misstatement, the auditor shall
design and perform substantive procedures for each material class of transactions, account
balance and disclosures.
In addition, the auditor shall carry out the following substantive procedures:
 Agreeing or reconciling the financial statements to the underlying accounting records
 Examining material journal entries
 Examining other adjustments made in preparing the financial statements
Substantive procedures fall into two categories: substantive analytical procedures and tests of
details. The auditor must determine when it is appropriate to use which type of substantive
procedure.
Substantive analytical procedures as substantive procedures tend to be appropriate for large
volumes of predictable transactions (for example, wages and salaries). Tests of details may be
appropriate to gain information about account balances for example, inventory or trade receivables.
Tests of details rather than substantive analytical procedures are likely to be more appropriate with
regard to matters which have been identified as significant risks, but the auditor must develop
procedures that are specifically responsive to that risk, which may include substantive analytical
procedures. Significant risks are likely to be the most difficult to obtain sufficient appropriate audit
evidence about.
233
Business Assurance
Topic recap
Must be
AUDIT PLANNING documented
UNDERSTANDING THE Inquiries

ENTITY Analytical procedures
Observation and inspection
Must identify RISK ASSESSMENT Materiality

significant risks
Financial Performance
statements as materiality
a whole
Responding to
Business risk Audit risk
assessed risk
Financial risk Risk of material

Audit strategy Detection risk
Operating risk misstatement
Compliance risk
Audit plan: At financial At assertion

detailed statement level level
procedures
Nature Inherent risk Control risk

(Tests of controls /
substantive
procedures)
Extent
Timing
234
Answer 1
(a) Understanding the entity can help the auditor in:
(i) fully understanding the client’s industry, business and organisation
(ii) assessing the engagement risks
(iii) communicating with client’s staff
(iv) assessing the reliability of written representations from management
(v) determining the appropriateness of accounting policies and disclosures
(b) (i) General economic factors include:
- general level of economic activity (eg recession, growth etc.)
- inflation
- interest rates and availability of financing
- government policies
- foreign currency rates
- commodity prices
(ii) Industry factors include:
Market competition
Changes in product technology
Business risk because of high technology
Environmental regulation and problems
(iii) The entity factors include:
Beneficial owners and related parties
Capital structure including any recent or planned changes
Acquisitions, mergers or disposal of business
Sources and methods of financing
Independence of board of directors
Answer 2
Materiality
There is no “right” answer as the determination of audit planning materiality is a judgment process
with only limited professional guidance offered.
The calculation needs to take into consideration both quantitative data (ie financial information, etc)
as well as qualitative aspects (eg users, risks, type of industry, etc).
The calculation generally involves a decision as to an appropriate base for materiality. This would
mainly be determined by the users (eg if J is listed, then profit will most likely be the key information
of interest), industry, the type of operations and other factors which affect the judgment as to which
financial information is of key importance and therefore should be the basis for the auditor's
materiality decision.
The next important decision relates to the choice of percentage. There are some generally
accepted percentage ranges (“rules of thumb”) in relation to the most common bases. The major
factor in determining the percentage used will be the overall risk of the entity.
235
Business Assurance
Some Typical % Comments

commonly ranges
accepted bases
Profit 5–10% Profit is an appropriate base since the entity has a history
HK$2.8m – 5.6m of comparatively stable profitability and is listed. The users
will consider the profit an important indicator of the
performance of the entity and a suitable basis to determine
the value of the entity's shares.
The average profit over a number of years is a reasonable
choice as the base to determine the materiality level in this
case.
Revenue 0.5–1.0% Revenue is an important measure of the activities of an
HK$6.6m – 13.2m entity, it could be a good base to determine the materiality
level particularly when the profit is not stable over the
years. However, it is a less preferred choice as compared
to the profit in this case.
Total assets 0.5–1.0% Over the last two years, the total assets were around
HK$7.8m – 15.6m 20 % more than the annual revenue, which was a rather
significant level of investment in total assets. Total assets
may therefore be a suitable base. However, like revenue, it
is a less preferred choice as compared to the profit in this
case.
Equity 1.0–2.0% Over the last few years, the total assets were more than
HK$7.6m – 15.1m twice of the equity, which indicates that the level of
(net assets)
borrowing was relatively significant. Going concern may be
an issue. Equity may be a suitable base to determine the
materiality level. However, like revenue, it is a less
preferred choice as compared to the profit in this case.
Answer 3
Risks
HKSA 315 (Revised) states that audit risk is the product of the risk of material misstatement
(inherent risk and control risk) and detection risk.
(a) The following are some of the inherent risks involved:
(i) The competition from Asian and Far Eastern entities, and rising raw material prices.
This means that there is pressure on profits and the ability to reward employees and
pay dividends to institutional shareholders which increases the pressure to manipulate
the financial statements to show good returns.
(ii) The potentially volatile market (computer components) in which new technology can
render hardware obsolete in a very short time. This means that there is an ongoing
risk to the business as a whole (a potential going concern risk), the entity must be
adaptable.
(iii) The risk that regulators may reject a product which has taken many months or years
to develop.
(iv) The pressures for returns from institutional investors which means that there may be a
temptation to manipulate the financial statements.
(v) The possible sale of shares, increasing the pressure for returns in order to get the best
possible price, which increases the pressure to manipulate the financial statements.
236
(vi) The inherent risks in diversification into unknown areas (the supply of other
customers) – but these are not current risks.
(b) Control risks: there are apparently very few except for the performance-related payment,
including share options, which provides an incentive to produce acceptable figures.
(c) Detection risk: this is the firm's first year as auditors and there are tight controls on audit
costs, which may lead to inadequate audit evidence unless the audit is properly directed,
supervised and reviewed. This is compounded by the firm's lack of experience in this area.
It is important that those with experience are employed on this audit, at least in a review
capacity.
237
Business Assurance
Exam practice
ABC Industrial Limited 18 minutes

(excluding reading time)
You are the audit manager of a Hong Kong CPA firm, Ng, Tung & Co (“NTC”), and are currently in
charge of the audit of ABC Industrial Limited (“ABC”) for the year ended 31 December 20X5. Your
firm has been the auditor of ABC since its incorporation in Hong Kong. In the audits of the financial
statements of ABC during the last five years, your firm was satisfied with the internal controls of
ABC and did not issue any modified opinion on the financial statements.
ABC is a company incorporated in Hong Kong and manufactures a wide range of medium-end
cosmetic products. Sales are mainly made to major chain stores and drug retailers in Europe and
the USA. ABC is wholly owned by the Cheung family and has a simple management structure.
Managers of the respective departments report directly to the Managing Director, Mr Paul Cheung.
During the course of the audit, the following information has come to your attention:
(1) Due to the rebound of the economy, ABC has seen a significant turnover of accounting staff
during the year under review. After six years of service with the company, the manager of
the accounts department, Ms Hung, left the company in late November 20X5 and moved to a
listed company as a financial controller.
(2) ABC has adopted a perpetual inventory system. The warehouse staff conduct an interim
physical count at the end of every month for 15 % of the stock items on a rotation basis.
Except for those which can be properly reconciled, all differences between the book and the
physical taking results are adjusted to the results of the physical taking.
(3) A full physical inventory taking was conducted at the end of the reporting period. Inventory
with a book value of approximately HK$900,000 was written off as a result of this exercise.
Members of your engagement team observed the full physical inventory taking at the end of
the reporting period and reported that it was properly conducted. However, upon further
inquiry, you discovered that all the members of ABC’s “counting team”, which was
responsible for the inventory count, were drawn from the warehouse staff. In addition, Mr
Wong, the staff member in charge of ABC’s “checking team”, which was supposed to
supervise the counting team, was the husband of ABC’s shipping and warehouse manager,
Mrs Helen Wong.
(4) During a meeting with ABC’s financial controller, Ms Guo, you were informed that Mr Wong,
a nephew of Mr Paul Cheung, had been working with ABC for more than ten years and was
considered to be trust-worthy by ABC’s management. Mr Wong was originally the manager
of ABC’s personnel and administration department, and had no involvement in either the
sales or purchases of the company previously. Mr Wong was only temporarily assigned to
the accounts department upon Ms Hung’s resignation to take over the supervision work of
that department until a suitable candidate was found, and thus inevitably became head of the
“checking team” during the physical inventory taking. The company has been diligently
looking for a replacement for Ms Hung but without any success. Based on Ms Guo’s
assessment of the current labour market, it was unlikely that ABC could recruit a suitable
accounting manager before the financial statements for the year ended 31 December 20X5
are finalised.
(5) Your audit assistant was unable to perform certain usual sales and purchases cut-off tests
as the books and records of ABC after the year-end had not been written up-to-date due to a
shortage of manpower in the accounts department. Your assistant was unable to examine
the documentary controls of inventory movements after the period end. As an alternative
238
test, your audit assistant circularised trade receivables and trade payables that showed
significant balances in the ledger at the period end, and reviewed the board minutes after the
year-end. The response rates for both the trade receivables and the trade payables
circularisation tests were considered to be satisfactory, and your assistant reported that no
material discrepancy was found from the confirmation procedures.
(6) Since March 20X5, ABC has been exploring the Mainland market by dispatching goods to a
number of drug stores in Guangdong Province on a consignment basis. Revenue from these
consignment sales is recognised on a monthly basis upon sales information supplied by the
respective drug stores, confirming the amount of goods eventually sold to the ultimate
customers. Invoices are then issued by ABC to the drug stores. The drug stores are allowed
the standard credit period of 60 days, from the invoice issuance date. According to the
records, goods with a cost of HK$5,000,000 have been sent to various drug stores on this
basis during the year. In the draft financial statements, ABC recognised revenue of
HK$6,000,000 from these consignment sales. This represents about 10 % of the sales
revenue for the year. Consignment goods of HK$2,000,000 were included as the year-end
inventory, representing about 10 % of the total inventory.
Required
Assess the risk of material misstatements at the financial statement level. You should write down
the specific circumstances of ABC that you have considered and your judgment about the risk
level.
(10 marks)
239
Business Assurance
240
chapter 9
Audit evidence, procedures,

audit methodologies and
audit sampling
Topic list
1 Audit evidence 4 Audit sampling

1.1 The need for audit evidence 4.1 Introduction to audit sampling
1.2 Sufficient appropriate audit evidence 4.2 Design of the sample
2 Financial statement assertions 4.3 Sample size and risk
2.1 Audit procedures to obtain audit 4.4 Performing audit procedures on items
evidence selected
3 Audit methodologies 4.5 Deviation or misstatements
3.1 Overview 4.6 Projecting misstatements
3.2 Risk-based audit 4.7 Evaluation of sample results
3.3 'Top-down' approach 5 Audit documentation
3.4 Systems audit versus system-based 5.1 Requirement of audit documentation
audit 5.2 Reasons for audit documentation
3.5 Balance sheet approach 5.3 Audit files
3.6 Transaction cycle approach 5.4 Standardised and automated working
3.7 Directional testing papers
3.8 Cost and performance efficiency of 5.5 Safe custody and retention of working
different audit methodologies papers
3.9 Summary of approaches 5.6 Significant matters
5.7 Assembly of the final audit file
5.8 Changes to audit documentation in
exceptional circumstances after the date
of the auditor's report
Learning focus
In this chapter you will study the different types of audit tests used to obtain audit evidence.
The tests used and evidence required will depend on the specific balances or transactions
being tested and also the areas where a higher risk of misstatement has been identified.
241
Business Assurance
Learning outcomes
Competency
level
2.04 Audit methodologies 3
2.04.01 Describe the key features of the following audit methodologies:
2.04.01.01 Risk-based auditing
2.04.01.02 Top-down auditing
2.04.01.03 System-based auditing
2.04.01.04 Systems audit
2.04.01.05 Balance sheet approach
2.04.01.06 Transaction cycle approach
2.04.01.07 Directional testing
2.04.02 Understand the cost and performance efficiency of different audit 2
methodologies
2.07 Documentation 3
2.07.02 Explain the need for and the importance of audit documentation
2.09.01 Define audit sampling
2.09.02 Explain the need for sampling
2.09.03 Apply the basic principles of sampling
2.09.04 Assess and explain the results of sampling
2.10 Audit evidence 3
2.10.01 Explain the procedures by which audit evidence may be
obtained
2.10.02 Assess the appropriate and sufficiency (relevance and reliability)
of different sources of audit evidence
2.10.03 Explain the assertions contained in the financial statements and
their use in obtaining evidence
242
9: Audit evidence, procedures, audit methodologies and audit sampling | Part D Assurance engagements
1 Audit evidence
Topic highlights
Auditors must obtain sufficient appropriate audit evidence. Audit evidence can be in the form of
tests of controls or substantive procedures.
1.1 The need for audit evidence

HKSA 500.5 Audit evidence is the proof the auditor uses to substantiate an opinion as a result of all the
procedures performed. There must be sufficient evidence of suitable quality in order for the auditor
to reach a reasonable conclusion on which to base an opinion.
Key term
Audit evidence is information used by the auditor in arriving at the conclusions on which the
HKSA 500.5c auditor’s opinion is based. Audit evidence includes both information contained in the accounting
records underlying the financial statements and other information
What constitutes audit evidence? Evidence includes the accounting data on which the balances in
the financial statements are based, and any other information sought by the auditors, such as
confirmations from third parties or management assertions. Audit evidence is cumulative in nature
and is obtained from procedures carried out during the course of the audit. It is not expected, or
realistic, that auditors might look at all the information that exists.
Under HKSA 500 (Clarified) Audit Evidence, the auditor is required to:
(a) obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on
which to base the audit opinion;
(b) ascertain the accuracy and completeness of the evidence; and
(c) use assertions for classes of transactions, account balances and presentation and
disclosures in sufficient detail to form a basis for the assessment of risks of material
misstatements.
It is management's responsibility to prepare financial statements based upon the accounting
records.
1.2 Sufficient appropriate audit evidence

HKSA 500.6, HKSA 500 (Clarified) requires that the auditor shall design and perform audit procedures that are
A4-5, A7 appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence.
“Sufficiency” and “appropriateness” are closely linked and apply to both tests of controls and
Key terms
Sufficiency is the measure of the quantity of audit evidence.
HKSA
200.13b Appropriateness is the measure of the quality or relevance and reliability of the audit evidence.
How much audit evidence is required depends on the level of risk in the area being audited, and
the quality of evidence which may be obtained. If the evidence is both highly relevant and reliable
then it may suffice. The quality of evidence can be measured by various criteria which we cover in
the paragraphs below.
243
Business Assurance
1.2.1 Relevance and reliability of audit evidence

Relevance of audit evidence may be affected by the direction of testing and deals with the logical
connection with the purpose of the audit procedures or the assertion under consideration.
Reliability of audit evidence is influenced by the source and its nature, and the circumstances
under which the audit evidence is obtained. Controls over preparation of the information and the
maintenance of the information are relevant.
To be able to form an opinion the auditor must form an opinion as to whether information provided
by the entity is sufficiently reliable for the auditor's purposes (HKSA 500 (Clarified)). This entails:
 obtaining audit evidence about the accuracy and completeness of the information
 evaluating whether the information is sufficiently accurate and detailed for the auditor's
purposes
The following checklist may help in assessing the reliability of audit evidence:
Source Quality of evidence
External Audit evidence from external sources is more reliable than that obtained from
the entity's records because it is from an independent source outside the
entity
Auditor Evidence obtained directly by auditors is more reliable than that obtained
indirectly or by inference
Entity Evidence obtained from the entity's records is more reliable when the related
control system operates effectively
Written Evidence in the form of documents (paper or electronic) or written
representations are more reliable than oral representations, since oral
representations can be retracted
Originals Original documents are more reliable than photocopies or facsimiles, which
can easily be altered by the entity
Auditors must use professional judgment and exercise professional scepticism when
evaluating the sufficiency and appropriateness of audit evidence to support the audit opinion.
1.2.2 Assessing the appropriateness and sufficiency of different sources of

audit evidence
Sources of audit evidence
The auditor can only provide reasonable assurance that the financial statements contain no
material misstatements. The auditor can use different sources and methods to obtain audit
evidence, including sampling and analytical procedures to form audit opinion.
A particular audit procedure may provide audit evidence that is relevant to a particular assertion.
Audit evidence can be collected from internal or external sources, for example:
(a) Internal sources of audit evidence include: accounting records, management reports and
documents, internal control, assets, management and other employees.
(b) External sources of audit evidence include: documents from suppliers, customers, bankers,
professionals eg lawyers, surveyors and lenders to the entity.
Performing some audit procedures such as analysing, reviewing, reperforming or reconciling can
collect audit evidence and through the performance of such audit procedures, the auditor may
determine whether the accounting records are consistent and agree to the financial statements.
Consistent audit evidence, that is obtained from different sources or a different nature, can give
more assurance than from items of audit evidence considered individually.
244
In determining the sufficiency and sources of evidence required to support the audit opinion, the
auditor normally considers the following:
(i) Relevance and reliability of information obtained;
(ii) Materiality of the items being audited;
(iii) The cost of collection of audit evidence;
(iv) The consistency of audit evidence obtained from different sources.
Sources of information
The auditor is required to consider whether the collected information from the following sources is
also relevant to identifying risks of material misstatement:
(i) Client acceptance or continuous process;
(ii) Information obtained from other engagements the engagement partner has performed for the
entity;
(iii) The auditor’s previous experience with the entity; and
(iv) Audit procedures conducted in previous audits.
Auditors should determine whether changes have occurred since the previous audit that may affect
its relevance to the current audit.
2 Financial statement assertions

Topic highlights
Audit procedures are designed to obtain evidence about the financial statement assertions.
Assertions relate to classes of transactions and events, account balances at the period-end,
and presentation and disclosure.
Key term
Assertions are representations by management, explicit or otherwise, that are embodied in the
HKSA 315.4 financial statements, as used by the auditor to consider the different types of potential
misstatement that may occur.
HKSA 315. The auditor will carry out procedures that are designed to test the assertions made by
A111
management. HKSA 315 (Revised) identifies these as follows:
Assertions used by the auditor

Assertions about Occurrence: transactions and events that have been recorded have
classes of occurred and pertain to the entity
transactions and Completeness: all transactions and events that should have been
events for the recorded have been recorded
period under audit
Accuracy: amounts and other data relating to recorded transactions and
events have been recorded appropriately
Cut-off: transactions and events have been recorded in the correct
accounting period
Classification: transactions and events have been recorded in the proper
245
Business Assurance
Assertions used by the auditor

Assertions about Existence: assets, liabilities, and equity interests exist
account Rights and obligations: the entity holds or controls the rights to assets,
balances at the and liabilities are the obligations of the entity
period-end
Completeness: all assets, liabilities and equity interests that should have
been recorded have been recorded
Valuation and allocation: assets, liabilities, and equity interests are
included in the financial statements at appropriate amounts and any
resulting valuation or allocation adjustments are appropriately recorded
Assertions about Occurrence and rights and obligations: disclosed events, transactions
presentation and and other matters have occurred and pertain to the entity
disclosure Completeness: all disclosures that should have been included in the
financial statements have been included
Classification and understandability: financial information is
appropriately presented and described, and disclosures are clearly
expressed
Accuracy and valuation: financial and other information are disclosed
fairly and at appropriate amounts
2.1 Audit procedures to obtain audit evidence
Topic highlights
Audit evidence can be obtained by inspection, observation, inquiry and confirmation, recalculation,
re-performance and analytical procedures.
HKSA The auditor obtains audit evidence by undertaking audit procedures to do the following:
500.A10-25
(a) Obtain an understanding of the entity and its environment to assess the risks of material
misstatement, whether due to fraud or misstatement, at the financial statement and assertion
levels (risk assessment procedures)
(b) Test the operating effectiveness of controls in preventing, or detecting and correcting,
material misstatements at the assertion level (tests of controls)
(c) Detect material misstatements at the assertion level (substantive procedures)
The auditor must always perform risk assessment procedures to provide a satisfactory
assessment of risks.
Tests of controls are necessary to test the controls to support the risk assessment, and are used
when there is expectation of the operating effectiveness of controls and also when substantive
procedures alone do not provide sufficient appropriate audit evidence.
Substantive procedures must always be carried out for material classes of transactions, account
balances and disclosures.
The audit procedures described in the table below can be used as risk assessment procedures,
tests of controls and substantive procedures.
246
Key terms
Tests of controls are designed to evaluate the operating effectiveness of controls preventing, or
HKSA 330.4 detecting and correcting, material misstatements at the assertion level.
Substantive procedures are audit procedures designed to detect material misstatements at the
assertion level.
They are generally of two types:
 Substantive analytical procedures
 Tests of details of classes of transactions, account balances and disclosures
Auditors obtain evidence by one or more of the following procedures.
Procedures
Inspection of Inspection of tangible assets that are recorded in the accounting records confirms
tangible assets existence, but does not necessarily confirm rights and obligations or valuation.
Confirmation that assets seen are recorded in accounting records gives
evidence of completeness.
Inspection of This is the examination of documents and records, both internal and external, in
documentation paper, electronic or other forms. This procedure provides evidence of varying
or records reliability, depending on the nature, source and effectiveness of controls over
production (if internal).
Inspection can provide evidence of existence (eg a document constituting a
financial instrument), but not necessarily about ownership or value. In addition,
inspecting an executed contract may provide audit evidence to the entity's
application of accounting policies, such as revenue recognition.
Observation This involves watching a procedure or process being performed (for example,
post opening). It is of limited use, as it only confirms the procedure took place
when the auditor was watching, and because the act of being observed could
affect how the procedure or process was performed.
Inquiry This involves seeking information from entity staff or external sources.
Strength of evidence depends on the knowledge and integrity of source of
information. Inquiry alone does not provide sufficient audit evidence to detect a
material misstatement at assertion level nor is it sufficient to test the operating
effectiveness of controls.
Confirmation This is the process of obtaining a representation of information or of an existing
condition directly from a third party eg confirmation from bank of bank balances.
Confirmations are used to obtain audit evidence about the absence of certain
conditions.
Recalculation This consists of checking the mathematical accuracy of documents or records
and can be performed through the use of IT.
Reperformance This is the auditor's independent execution of procedures or controls that were
originally performed as part of the entity's internal control.
Analytical Evaluating and comparing financial and/or non-financial data for plausible
procedures relationships. Also include the investigation of identified fluctuations and
relationships that are inconsistent with other relevant information or deviate
significantly from predicted amounts.
247
Business Assurance
In auditing various accounts, there may be a choice of the types or amounts of evidence available
to evaluate management’s assertions. For the following three accounts, describe some high quality
forms of evidence that the auditor should obtain.
(a) The net balance in accounts receivable
(b) The additions to non-current assets
(c) The accounts payable
3 Audit methodologies
3.1 Overview
Relies on analysis Efficient as limits
of audit risk substantive testing
Controls testing focused on control

environment
Directs resources to areas where Normally undertaken with risk-
there is risk of misstatement based approach
Reliance on analytical
procedures
Top-down approach Risk-based audit Balance sheet

approach
Reduced level of
detailed testing
Most common approach to

substantive audit
Considers business risk which may
lead to material misstatement AUDIT METHODOLOGIES
Systems audit Directional testing Transaction cycle

approach
Auditor predominantly tests Method of undertaking substantive Substantiates the transactions which
controls and systems testing based on double entry principle appear in the financial statements
Management Segregation of Security

policy duties
248
3.2 Risk-based audit

Topic highlights
Risk-based auditing refers to the development of an audit strategy in response to identified risk
factors in an entity’s business environment. Auditors use judgment to determine what level of risk
pertains to different areas of an entity's systems and devise appropriate audit tests which target the
most high-risk areas.
Under the risk-based approach audit resources are directed most heavily towards those areas that
have been identified as those where a misstatement is most likely to occur. This increases the
opportunities for detecting misstatements and avoids excessive time being spent testing areas
where the risk is relatively low.
The use of risk-based auditing has grown in response to two main factors:
(a) Increased complexity in the business environment augmenting the danger of fraud or
misstatement. Computerised systems where access and intervention by unauthorised
personnel are harder to detect, growing internationalisation of business and higher levels of
cross-border transactions add to the complexity.
(b) Auditors are under increased pressure to deliver an improved level of service while keeping
fee levels down.
3.3 “Top-down” approach
Topic highlights
With a “top-down” approach (sometimes known as the business risk approach) controls testing is
targeted at high level controls and the amount of substantive testing is reduced.
HKSA 315 (Revised) (which you studied in Chapter 8) requires that, as part of obtaining an
understanding of the entity and its environment, auditors consider the entity's own process for
assessing its business and environmental risks, and the potential impact that these might have on
the risk of material misstatements in the financial statements.
This “business risk” approach was developed because sometimes the risk of the financial
statements being misstated arises predominantly from the business risks of the entity, as
discussed in Chapter 8.
Auditors must consider:
 which factors lead to the problems which may cause material misstatements
 how the audit may contribute to the business pursuing its goals
The business risk audit works by repeating the risk management steps used by the directors in
running the business. The auditors will check that the financial statement objectives have been
met, through a wider investigation as to whether the entity has successfully attained its other
business objectives and through using the process of analysis as a way of furthering their own
understanding about the entity, its management and the environment in which it operates.
This approach has been called a “top-down” approach, because it starts with a high level view of
the business and its objectives and works back down to the financial statements. It is more
traditional to start with the balances themselves and work up.
249
Business Assurance
The procedures used have to be modified accordingly:
Audit procedure Effect of “top-down” approach
Tests of Controls testing is focused on the control environment and corporate

controls governance rather than the detailed procedural controls tested under
traditional approaches
Analytical Analytical procedures are used more heavily in a business risk approach
procedures as they are consistent with the auditor's desire to understand the entity's
business rather than to prove the figures in the financial statements
Detailed testing The combination of the above two factors, particularly the higher use of
analytical procedures will result in a lower requirement for detailed testing,
although substantive testing will not be eliminated completely
The other advantage of a business risk approach is there is greater opportunity for the auditor to
add value to the entity's business and to enhance risk management strategies for the business in
the future.
3.3.1 Advantages of top-down approach

There are a number of reasons why firms who use the (top-down) approach prefer it to historic
approaches:
(a) Adds more value as the approach focuses on the business as a whole
(b) Audit attention focused on high level controls and extensive use of analytical procedures
increases audit efficiency and therefore reduces cost
(c) Does not focus on routine processes, which technological developments have rendered less
prone to misstatement than has historically been the case
(d) Responds to the importance that regulators and the government have placed on corporate
governance in recent years
(e) Lower engagement risk (risk of auditor being sued) through broader understanding of the
entity's business and practices
3.4 Systems audit versus system-based audit

3.4.1 Systems audit
Topic highlights
An auditor may predominantly test controls and systems, but substantive testing can never be
eliminated entirely.
As part of any audit, auditors assess the quality and effectiveness of the accounting system.
An auditor will focus especially on the system of controls put in place by the directors and ascertain
whether they believe it is effective enough for them to be able to rely on it for the purposes of their
audit. If they believe that the system is effective, auditors will carry out tests of controls to ensure
that the control system operates and, at the same time, auditors will reduce the amount of
substantive testing.
Increasingly, auditors must take consideration of computer systems. Auditors may accept an
assurance engagement to undertake this task outside of the main audit and to report on their
findings.
250
The following are the key areas on which they are likely to concentrate in order to establish how
reliable the systems are:
Factors Questions asked

Management  Does management have a written statement of policy with regard to
policy computer systems?
 Is it compatible with management policy in other areas?
 Is it adhered to?
 Are the policies sufficient and effective?
 Is it updated when the systems are updated?
 Does it relate to the current system?
Segregation  Is there adequate segregation with regard to data input?
of duties
 Are there adequate system controls (eg passwords) to enforce
segregation of duties?
Security  Is there a security policy in place? This may include physical security
such as locked doors, access security such as passwords and data
security such as anti-virus software
 Is it adhered to?
 Is it sufficient and effective?
The system audit file usually contains the auditor's notes and procedures of the internal control and
accounting system on an entity. The documentation and the tests of controls performed may be
separately filed in a system audit file which is often assembled in the interim visit and updated in
the final visit.
3.4.2 System-based audit

System-based auditing is an audit methodology designed to check upon the adequacy and
effectiveness of internal controls in both financial and non-financial systems. This audit approach
employs a systematic method to identify core problems by examining the system in question to
identify the causes of problems and to come up with a fundamental remedy.
For example, a system-based audit would examine the overall financial system without stopping to
point out the known problems in order to reach the root cause and recommend how to address the
problems. System-based auditing focuses on the most strategic and high risk areas.
3.5 Balance sheet approach
Topic highlights
An auditor may choose predominantly to carry out substantive tests on year end balances.
3.5.1 Balance testing

The balance sheet approach is the most common approach to the substantive part of the
audit, after controls have been tested.
The statement of financial position (balance sheet) shows a “snapshot” of the financial position of
the business at a point in time. It follows that if it is fairly stated and the previous snapshot was
fairly stated then it is reasonable to undertake lower level testing on the transactions which connect
the two, for example, analytical procedures (examined in Chapter 8).
251
Business Assurance
Therefore under this approach, the auditors seek to concentrate efforts on substantiating the
closing position in the year, shown in the statement of financial position, having determined that the
closing position from the previous year (also substantiated) has been correctly transferred to be the
opening position in the current year.
3.5.2 Relationship with business risk approach

It is stated above that the substantive element of an audit undertaken under a business risk
approach is restricted due to the high use of analytical procedures. However, the element of
substantive testing which remains in a business risk approach can be undertaken under the
balance sheet approach.
In some cases, particularly small entities, the business risks may be strongly connected to the fact
that management is concentrated in one person. Another feature of small entities may be that their
statement of financial position is uncomplicated and contains one or two material items, for
example, receivables or inventory.
When this is the case, it is often more cost-effective to undertake a highly substantive
approach than to undertake a business risk assessment, as it is relatively simple to obtain the
assurance required about the financial statements from taking that approach.
3.5.3 Limitations of the balance sheet approach

When not undertaken in conjunction with a risk-based approach or systems testing, the level of
detailed testing can be high, rendering it costly.
3.6 Transaction cycle approach

Cycles testing is in some ways closely linked to systems testing, because it is based on the same
systems.
When auditors take a cycles approach, they test the transactions which have occurred, resulting in
the entries in the statement of profit or loss and other comprehensive income or statement of
financial position (for example, sales transactions, inventory purchases, asset purchases, wages
payments, and other expenses).
They would select a sample of transactions and test that each transaction was complete and
processed correctly throughout the cycle. In other words, they substantiate the transactions which
appear in the financial statements.
3.7 Directional testing
Topic highlights
Directional testing is a method of discovering misstatements and omissions in financial statements.
Directional testing is a method of undertaking detailed substantive testing. Substantive testing

seeks to discover misstatements and omissions, and the discovery of these will depend on the
direction of the test.
Broadly speaking, substantive procedures can be said to fall into two categories:
 Tests to discover misstatements (resulting in over or understatement)
 Tests to discover omissions (resulting in understatement)
252
3.7.1 Tests designed to discover misstatements

These tests will start with the financial statement records in which the transactions are recorded
and check from the entries to supporting documents or other evidence. Such tests should detect
any overstatement and also any understatement through causes other than omission.
3.7.2 Tests designed to discover omissions

These tests must start from outside the accounting records and then check back to those records.
Understatements through omission will never be revealed by starting with the financial statement itself
as there is clearly no chance of selecting items that have been omitted from the financial statement.
3.7.3 Directional testing and double entry

The concept of directional testing derives from the principle of double entry bookkeeping, in that for
every debit there is a corresponding credit, (assuming that the double entry is complete and that
the financial statement records balance). Therefore, any misstatement of a debit entry will result
in either a corresponding misstatement of a credit entry or a misstatement in the opposite
direction, of another debit entry.
By designing audit tests carefully the auditors are able to use this principle in drawing audit
conclusions, not only about the debit or credit entries that they have directly tested, but also about
the corresponding credit or debit entries that are necessary to balance the books.
So, by performing the primary tests the auditors obtain audit assurance in other audit areas.
Successful completion of the primary tests will therefore result in them having tested all financial
statement areas both for overstatement and understatement.
The major advantage of the directional audit approach is its cost-effectiveness:
(a) Assets and expenses are tested for overstatement only, and liabilities and income for
understatement only, that is, items are not tested for both overstatement and understatement.
(b) It audits directly the more likely types of transactional misstatement, ie unrecorded income
and improper expense (arising intentionally or unintentionally).
3.8 Cost and performance efficiency of different audit

methodologies
As part of the planning process for any audit, the auditor must select the appropriate audit
methodology to apply in the audit, in order to deliver the objectives of the audit in the most efficient
manner possible. Possible methodologies are:
 risk-based audit
 top-down approach
 systems audit
 balance sheet approach
 transaction cycle approach
Each methodology will incur costs and will offer different levels of efficiency in terms of the hours of
work necessary to deliver the audit objectives. Remember that the auditor must decide on the
appropriate blend of system testing and substantive procedures, as in the diagram below.
253
Business Assurance
Although an audit can be carried out with 100 % substantive procedures, it is not possible to carry
out a 100 % systems audit. There must always be some substantive testing before an audit opinion
can be delivered.
We shall look at each of the methodologies in turn.
3.8.1 Risk-based audit

Risk-based audit relies on analysing audit risk into its component parts (inherent risk, control risk
and detection risk) and then choosing the appropriate volume of audit procedures to reduce
detection risk to the level necessary that audit risk is at the acceptable level.
The analysis of risk must be carried out before detailed audit work commences and will require
some hours of the time of an experienced auditor which may be expensive. But, once this analysis
has been performed, only a limited number of hours of substantive auditing is required, so this
methodology can be efficient.
3.8.2 Top-down approach

The top-down approach operates by looking at the business and its objectives and working back
down to the financial statements. This needs a detailed understanding of the business and its
strategy, requiring highly skilled analysis combined with a minimum of substantive procedures.
It will not be efficient to audit a small company using the top-down approach. Sufficient audit
evidence can be gathered more economically using a highly substantive approach. However a top-
down approach is likely to be an efficient way of auditing a large entity.
3.8.3 Systems audit

A system audit concentrates on testing the controls in operation in a business, but as mentioned
above there must always be some substantive testing. A systems audit on its own will never
produce sufficient evidence to support an audit opinion.
3.8.4 Balance sheet approach

The balance sheet approach to auditing concentrates on vouching the carrying amounts of each
of the assets and liabilities recognised in the statement of financial position by gathering evidence
to support each of the financial statement assertions embodied therein. If the closing net assets are
proved to be fairly stated and it is known that the opening net assets are fairly stated, then the
transactions linking the two (for example, sales and cost of sales) need only be tested using
analytical procedures.
254
For a small entity, the cost of auditing using the balance sheet approach will be low, since junior
auditors can be employed to carry out the work, and there will only be a moderate volume of work
to be done. Therefore this is the most efficient methodology for auditing a small entity.
For a large entity, the cost of the balance sheet approach will be prohibitive since the number of
individual assets and liability balances to be vouched will be large. Therefore, this is not an efficient
methodology for auditing a large entity.
3.8.5 Transaction cycle approach

The transaction cycle approach tests a sample of transactions to make sure that they are
processed correctly throughout each cycle of the business. For example, in the sales cycle
transactions can be tested from the first receipt of an order all the way through to despatching the
goods and receiving payment.
Once again, this would be prohibitively expensive as an audit approach in a large entity, although it
could be used as part of an efficient audit of a small entity.
In every case the auditor must use their professional judgment to decide on a methodology that will
generate sufficient audit evidence and offer value for money to the client at the same time.
3.9 Summary of approaches

Approach Key feature
Risk-based audit Directs resources most heavily towards areas where misstatements
are most likely to occur.
Top-down approach Targets controls testing at high level controls and reduces
Systems audit Focuses on systems of controls and establishing the reliability of the
system.
Balance sheet approach Concentrates efforts on substantiating the closing position at the
period end.
Transaction cycle Tests that transactions are complete and correctly processed
approach throughout the specific cycle.
Directional testing Derives from the principle of double entry bookkeeping that for every
debit there is a corresponding credit.
Note.
In many cases the audit approach will involve aspects of more than one of the methods referred to
above.
4 Audit sampling
Topic highlights
Auditors usually seek evidence from less than 100 % of items of the balance or transaction being
tested by using sampling techniques.
HKSA 500.10 HKSA 500 (Clarified) Audit Evidence requires that when designing tests of controls and tests of
details, the auditor shall determine means of selecting items for testing that are most effective in
meeting the purpose of the audit procedures.
255
Business Assurance
Some testing procedures do not involve sampling, such as:

(a) Testing 100 % of items in a population
In some circumstances, auditors may decide that it will be appropriate to test the entire
population of items. Auditors are unlikely to test 100 % of items when carrying out tests of
controls, but 100 % testing may be appropriate for certain substantive procedures. 100 %
examination may be appropriate in the following circumstances:
(i) If the population is made up of a small number of high value items;
(ii) There is a significant high risk of material misstatement and other means do not
provide sufficient appropriate audit evidence, then 100 % examination may be
appropriate; or
(iii) The repetitive nature of a calculation or other process performed automatically by
an information system makes a 100 % examination more effective.
(b) Testing specific items
The auditor may alternatively select certain items from a population because of specific
characteristics they possess. The selection is based on auditor's judgment. The results of
items selected in this way cannot be projected onto the whole population but may be used in
conjunction with other audit evidence concerning the rest of the population. Specific items
tested may include the following:
(i) High value or key items. The auditor may select high value items or items that are
suspicious, unusual or prone to misstatement;
(ii) All items over a certain amount. Selecting items this way may mean a large
proportion of the population can be verified by testing a few items;
(iii) Items to obtain information about the entity's business, the nature of transactions, or
the entity's accounting and control systems; and
(iv) Items to test procedures, to see whether particular procedures are being performed.
Testing specific items does not provide audit evidence concerning the remainder of the
population.
4.1 Introduction to audit sampling

HKSA Auditors are required to carry out audits efficiently, cost effectively and within time constraints.
530.4-5 Audit sampling offers innumerable benefits in achieving this and is common practice on most
audits. HKSA 530 (Clarified) Audit Sampling states that “the objective of the auditor, when using
audit sampling is to provide a reasonable basis for the auditor to draw conclusions about the
population from which the sample is selected.”
Key terms
Audit sampling involves the application of audit procedures to less than 100 % of the items within
HKSA a population of audit relevance such that all sampling units have a chance of selection in order to
530.5a, b, g
provide the auditor with a reasonable basis on which to draw conclusions about the entire
population.
Population is the entire set of data from which a sample is selected and about which an auditor
wishes to draw conclusions.
Statistical sampling is any approach to sampling that involves random selection of a sample, and
the use of probability theory to evaluate sample results, including measurement of sampling risk.
Non-statistical sampling is the approach to sampling where the auditor does not use statistical
methods and draws a judgmental opinion about the population.
256
4.2 Design of the sample

4.2.1 Suitable for the purpose
HKSA 530.6 HKSA 530 (Clarified) requires an auditor to consider the following when designing an audit sample:
(a) Consider the purpose of the audit procedure
Auditors must consider:
(i) the specific audit objectives and the audit procedures which are most likely to
achieve them
(ii) the nature and characteristics of the audit evidence sought, possible deviation or
misstatement conditions and the rate of expected deviation or misstatements.
This will help them to define what constitutes a misstatement or deviation and what
population to use for sampling.
(b) Consider the characteristics of the population from which the sample will be drawn:
(i) For tests of controls, the auditor should make an estimate of the expected rate of
deviation based on expectation through investigation of the relevant controls or on the
examination of a small number of items from the population. If the expected rate of
deviation is above a certain level, the auditor will normally reject further tests of
controls.
(ii) For tests of details, the auditor may decide to test a large sample size or test 100 %
if the expected misstatement is high.
4.2.2 Drawn from a well defined population
To be representative the population from which the sample is drawn must be defined suitably for
the specific audit objectives. The auditor needs to define the characteristic that he wishes to test in
order to limit the total population. How he defines them may depend on whether he is seeking to
test for overstatement or understatement and what he is believes he may detect.
The population may be divided into sampling units in many different ways. For example, for
receivables it may be an individual receivables balance or, in monetary unit sampling, $1 of the
total receivables balance. Auditors must define the sampling unit in order to obtain an efficient and
effective sample to achieve the particular audit objectives.
Key term
Sampling units are the individual items constituting a population.
HKSA 530.5f HKSA 530 (Clarified) requires that the auditor “shall select items for the sample in such a way that
each sampling unit in the population has a chance of selection”. This requires that all items in the
population have an opportunity of being selected.
257
Business Assurance
There are five selection methods available:

Random selection Ensures that all items in the population have an equal chance of selection,
eg by use of random number tables or computerised generator.
Systematic The number of sampling units in the population is divided by the sample
selection size to give a sampling interval. The auditor will need to determine the
sampling units within the population are not structured in such a way that
the sampling interval corresponds with a particular pattern in the population.
Haphazard The auditors selects the sample without following a structured technique,
selection avoiding any conscious bias or predictability and thus attempting to
ensure that all items in the population have a chance of selection. This
method is not appropriate when using statistical sampling.
Sequence or This involves selection of blocks of items from within the population. Block
block selection selection cannot ordinarily be used in audit sampling as most populations
are structured. The technique is rarely an appropriate sample selection
technique when the auditor intends to draw valid inferences about the
entire population based on the sample.
Monetary Unit The sample size, selection and evaluation results are in conclusion in
Sampling (MUS) monetary amounts. The auditor would direct his effort to the larger value
(Value-weighted items because they have a greater chance of selection as compared to
sampling) smaller sample sizes.
Key terms
Stratification is the process of dividing a population into subpopulations, each of which is a group
of sampling units, which have similar characteristics (often in monetary value).
Each sampling unit can only belong to one, specifically designed stratum, therefore reducing the
variability within each stratum. This enables the auditors to direct audit effort towards items which,
for example, contain the greatest potential monetary misstatement. Ways of dividing items into
strata include by age or by amount.
4.3 Sample size and risk

HKSA 530.7, HKSA 530 (Clarified) requires that the auditor “must determine a sample size sufficient to reduce
A10-11 sampling risk to an acceptably low level”. While inevitable and beneficial in many ways, the use of
sampling introduces an element of sampling risk. This is the risk is that the auditor’s conclusion is
skewed by the particular data selected and that a different outcome may have been reached had
the whole population been subject to the audit procedure. Ultimately, this could lead to an
assessment that a particular system of control is effective, when in fact it is not; or conversely, that
a system is not effective, when in fact, it is. The auditor must use professional judgment to assess
this risk and apply procedures to ensure it is reduced to an acceptably low level.
Key terms
HKSA 530.5c Sampling risk arises from the possibility that the auditor's conclusion, based on a sample may be
different from the conclusion if the entire population were subjected to the same audit procedure.
HKSA 530.5d Non-sampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk.
258
Sampling risk can lead to two types of erroneous conclusions:
Tests of controls  Controls are more effective than they actually are (1)
 Controls are less effective that they actually are (2)
Tests of details  Material misstatement does not exist when in fact it does (1)
 Material misstatement exists when in fact it does not (2)
(1) Auditors are most concerned with this type of erroneous conclusion as it affects audit
effectiveness and is more likely to lead to an inappropriate audit opinion.
(2) These types of erroneous conclusion affect audit efficiency as it would lead to additional
work.
Sampling risk may be reduced by increasing the sample size for both tests of control and
substantive procedures while non-sampling risk, may be reduced by effective engagement
planning, supervision and review.
How much sampling risk an auditor will tolerate depends on the degree of reliance on the results of
the procedure in question. Larger sample sizes generate lower risks and a higher degree of
tolerance.
When designing a sample, the auditor also determines tolerable rate of deviation and tolerable
misstatement for the subsequent evaluation of the results.
Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for
any reason not related to the size of the sample. For example, most audit evidence is persuasive
rather than conclusive, the auditor might use inappropriate procedures or the auditor might
misinterpret evidence or fail to recognise a misstatement or deviation.
4.4 Performing audit procedures on items selected

HKSA 530.9- HKSA 530 (Clarified) requires that the auditor shall perform audit procedures, appropriate to the
11 purpose, on each item selected. If the audit procedure is not applicable to the selected item, the
auditor is required to perform the procedure on a replacement item.
4.4.1 Unable to apply the designed audit procedures

If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures to
a selected item, the auditor is required to treat that item as a deviation from the prescribed control
in the case of tests of controls; or misstatement in the case of tests of details.
4.5 Deviation or misstatements

HKSA 530.12 Based on the sampling results, HKSA 530 (Clarified) requires the auditor to:
(a) investigate the nature and cause of any deviation or misstatements identified; and
(b) evaluate their possible effect on the purpose of the audit procedure and on other areas of
audit.
4.5.1 Possibility of fraud

In analysing the deviations and misstatements identified, the auditor may observe that many have
a common feature ie type of transactions, location, period of time.
The auditor may decide to identify all items in the population that possess the common feature in
such circumstances, and extend audit procedures to those items.
Such deviations or misstatements may be intentional and may indicate the possibility of fraud.
259
Business Assurance
4.5.2 Anomaly
Key term
Anomaly is defined as a misstatement or deviation that is demonstrably not representative of
HKSA 530.5e misstatements or deviations in a population.
In the extremely rare circumstances, when the auditor considers a misstatement or deviation
discovered in a sample to be an anomaly, the auditor shall obtain a high degree of certainty that
such misstatement or deviation is not representative of the population. The auditor shall perform
additional procedures to obtain sufficient appropriate audit evidence that the misstatement or
deviation does not affect the remainder of the population. However, for anomalies, projecting
misstatements to the population is not required.
HKSA 530.14 4.6 Projecting misstatements

(a) For tests of details HKSA 530 (Clarified) requires the auditor to project misstatements found
in the sample to the population in order to obtain a broad view of the scale of misstatement
and its effect.
Any unexpectedly high misstatement amount in a sample may cause the auditor to believe
material misstatements exist in a class of transactions or account balance; and
(b) For tests of controls, no projection of deviations is necessary since the sample deviation rate
is also the projected deviation rate for the population as a whole.
However if deviations in the way the controls are applied by the entity are identified, the
auditor should consider the direct effect of the identified deviations, what they reveal about
the effectiveness of internal controls and their effect on the audit approach, as significant
deviations will affect the amount of substantive procedures needed. An unexpectedly high
sample deviation rate may lead to an increase in the assessed risk of material misstatement.
4.7 Evaluation of sample results

4.7.1 Analysis of misstatements in the sample
HKSA 530.15 HKSA 530 (Clarified) requires the auditor to evaluate:
(a) the results of the sample; and
(b) whether the use of audit sampling has provided a reasonable basis for conclusions about the
population that has been tested.
The tolerable rate of deviation and tolerable misstatement determined during the design of the
audit sampling can be used in the evaluation of the sample results.
Key terms
HKSA 530.5j Tolerable rate of deviation is the rate of deviation from prescribed internal control procedures set
by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that
the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in the
population.
HKSA 530.5i Tolerable misstatement is a monetary amount set by the auditor in respect of which the auditor
seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is
not exceeded by the actual misstatement in the population.
260
The auditor may perform the following procedures when he concludes that audit sampling has not
provided a reasonable basis for conclusions about the population tested:
(a) Request management to investigate identified misstatements, potential misstatements and
to make necessary adjustments
(b) Modify nature, extent and timing of further audit procedures to achieve desired assurance.
When determining whether the sample provides a reasonable basis for the conclusions about the
population as a whole, the auditor should first set a level of tolerable misstatement. If when the
results of the test sample are projected for the population as a whole, and any anomalous results
taken into account, this level is exceeded, then the sample must be considered as not providing a
reasonable basis for conclusions about the population as a whole.
4.7.2 Projection of misstatements

For tests of details, the auditor should project monetary misstatements found in the sample to the
population, and should consider the effect of the projected misstatements on the audit objective
being tested and on other areas of the audit. The projected misstatements should be compared to
the tolerable misstatement.
Consider each of the following independent situations:
(a) The auditor used non-statistical (judgmental) sampling techniques to determine an
appropriate sample size of 20 in testing the proper authorisation of purchases. After
randomly selecting 20 purchase transactions, the auditor performed appropriate testing and
found that three of the 20 transactions were not properly authorised.
(b) The auditor used attribute sampling techniques to test a key authorisation control. For a 5 %
risk of over reliance, a tolerable deviation rate of 10 % and an expected population deviation
rate of zero, the auditor determined the minimum sample size to be 29. The auditor selected
29 items using a systematic sampling technique, and found that one transaction was not
properly authorised.
Required
For each of the scenarios, (a) and (b), discuss the relevant issues in determining whether the
auditor can place reliance on the key control.
5 Audit documentation
Topic highlights
It is important to document audit work performed in working papers to:
 enable reporting partner to ensure all planned work has been completed adequately;
 provide details of work done for future reference;
 assist in planning and control of future audits; and
 encourage a methodical approach.
261
Business Assurance
5.1 Requirement of audit documentation
Key term
Audit documentation is the record of audit procedures performed, relevant audit evidence
HKSA 230.6a obtained and conclusions reached. The terms “working papers” or “work papers” are also
sometimes used.
HKSA 230.5, In accordance with HKSA 230 (Clarified) Audit Documentation, the auditor prepares, on a timely
7, 8 basis, audit documentation that provides:
(a) a sufficient and appropriate record of the basis for the auditor's report; and
(b) evidence that the audit was planned and performed in accordance with HKSAs and
applicable legal and regulatory requirements.
HKSA 230 (Clarified) requires that the auditor shall prepare audit documentation on a timely basis
in order to enhance the quality of the audit and to improve the review and evaluation process of the
audit evidence obtained and conclusions reached before the auditor's report is finalised.
5.1.1 Nature, form, content and extent of audit procedures performed

HKSA 230 (Clarified) requires working papers to be sufficiently complete and detailed to provide an
overall understanding of the audit to an independent third party who had not been involved.
Auditors are not expected to record everything they consider. Therefore, judgment must be used as
to the extent of working papers, based on the following general rules.
Key term
An experienced auditor refers to an individual who has practical audit experience and a
HKSA 230.6c reasonable understanding of the audit processes, HKSAs and applicable legal and regulatory
requirements, the business environment in which the entity operates and the auditing and financial
reporting issues relevant to the entity's industry.
The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor
having no previous connection with the audit, to understand:
(a) the nature, extent and timing of the audit procedures
(b) the results of the audit procedures performed; and
(c) significant matters arising during the audit ie significant risks or difficulties in applying audit
procedures (See Section 5.6)
The form and content of working papers are affected by matters such as:
(a) the size and complexity of the entity;
(b) the nature of the audit procedures to be performed;
(c) the identified risks of material misstatement;
(d) the significance of the audit evidence obtained;
(e) the nature and extent of exceptions identified;
(f) the need to document a conclusion or the basis for a conclusion not readily determinable
from the documentation of the work performed or audit evidence obtained; and
(g) the audit methodology and tools used.
262
5.1.2 Examples of working papers

Work at different
stages in audit Information to be put in working file
Audit planning  Evidence of the planning process including audit programmes and
any changes thereto
Understanding the Information obtained in understanding the entity and its environment,
entity and its including its internal control, such as the following:
environment  Information concerning the legal documents, agreements and
minutes
 Extracts or copies of important legal documents, agreements and
minutes
 Information concerning the industry, economic environment and
legislative environment within which the entity operates
 Extracts from the entity's internal control manual
Evidence gathering  Analyses of transactions and balances
 Analyses of significant ratios and trends
 Identified and assessed risks of material misstatements
 A record of the nature, timing, extent and results of audit
procedures
 Evidence that the work performed was supervised and reviewed
 An indication as to who performed the audit procedures and when
they were performed
Communication  Evidence of the auditor's consideration of the work of internal
with internal and audit and conclusions reached
external parties
 Copies of communications with other auditors, experts and other
third parties
 Copies of letters or notes concerning audit matters communicated
or discussed with management or those charged with
governance, including the terms of the engagement and material
weaknesses in internal control
 Details of audit procedures applied regarding components whose
financial statements are audited by another auditor
 Letters of representation received from the entity
 Notes of discussions about significant matters with management
and others
Final stage of audit  Conclusions reached by the auditor concerning significant aspects
of the audit, including how exceptions and unusual matters, if any,
disclosed by the auditor's procedures were resolved or treated
 Copies of the financial statements and audit reports
 In exceptional circumstances, the reasons for departing from a
basic principle or essential procedure of an HKSA and how the
alternative procedures performed achieve the audit objective.
263
Business Assurance
5.2 Reasons for audit documentation

Audit documentation is necessary for the following reasons:
(a) It provides evidence of the auditor's basis for a conclusion including the assumptions behind
any judgments used.
(b) It demonstrates that the audit was conducted in accordance with HKSAs, HKFRSs and any
other legal and regulatory requirements.
(c) It records the plan and performance of the audit.
(d) It acts as a tool to team members responsible for supervision to direct, supervise and review
audit work as it is carried out.
(e) It enables the team to be accountable for its work.
(f) It allows a record of matters of continuing significance to be retained.
(g) It enables the conduct of quality control reviews and inspections (whether internal or
external).
5.3 Audit files

Working paper files may be classified into the following categories depending on whether their
contents are of ongoing importance or whether they relate to the current reporting period only.
Key term
An audit file is one or more folders or other storage media in physical or electronic form,
HKSA 230.6b containing the records that comprise the audit documentation for a specific engagement.
Audit files: working papers

Permanent audit files (containing  Engagement letters
information of continuing
 New client questionnaire
importance to the audit)
 The memorandum and articles of association
 Other legal documents such as prospectuses, leases,
sales agreements
 Details of the history of the entity's business
 Board minutes of continuing relevance
 Previous years' signed financial statements, analytical
review and management letters
 Accounting systems notes, previous years' control
questionnaires
Current audit files (containing  Financial statements
information of relevance to the
 Financial statements checklists
current year's audit).
 Management accounts details
These should be compiled on a
timely basis after the completion of  Reconciliations of management accounts and financial
the audit and should contain: statements
 A summary of unadjusted misstatements
 Report to partner including details of significant events
and misstatements
264
 Review notes (retain until archive)

 Audit planning memorandum
 Time budgets and summaries
 Representation letter
 Management letter
 Notes of board minutes
 Communications with third parties such as experts or
other auditors
The working paper files should also contain information covering each audit area. These should
include the following:
 A lead schedule including details of the figures to be included in the financial statements
 Problems encountered and conclusions drawn
 Audit programmes
 Risk assessments
 Sampling plans
 Analytical procedures
 Details of substantive tests and tests of controls
If it later becomes necessary to add to or modify the documentation after it has been assembled,
then the following should be noted:
 Who made the changes, when they were made, and by whom they were reviewed
 The reasons behind the change
 Whether there was any effect on the auditors' conclusions
Changes are made to an audit file after the audit report has been signed, only in exceptional
circumstances. The following should be recorded:
 The circumstances
 The audit procedures performed, evidence obtained, conclusions drawn
 When and by whom changes to audit documents were made and reviewed
5.4 Standardised and automated working papers

The use of standardised working papers, for example, checklists and specimen letters, may
improve the efficiency of audit work but they can be dangerous because they may lead to auditors
mechanically following an approach without using audit judgment.
Automated working paper packages have been developed which can make the documenting of
audit work much easier. Such programs aid preparation of working papers, lead schedules, the trial
balance and the financial statements themselves. These are automatically cross-referenced,
adjusted and balanced by the computer.
The advantages of automated working papers are as follows:
(a) The risk of misstatements is reduced
(b) The working papers will be neater and easier to review
(c) The time saved will be substantial as adjustments can be made easily to all working papers,
including those summarising the key analytical information
(d) Standard forms do not have to be carried to audit locations
(e) Audit working papers can be transmitted for review via email or fax facilities
265
Business Assurance
5.5 Safe custody and retention of working papers

Judgment may have to be used in deciding the length of holding working papers, and further
consideration should be given to the matter before their destruction. Working papers are the
property of the auditors. They are not a substitute for, nor part of, the entity's accounting records.
Auditors must follow ethical guidance on the confidentiality of audit working papers. They may, at
their discretion, release parts of or whole working papers to the entity, as long as disclosure does
not undermine “the independence or validity of the audit process”. Information should not be made
available to third parties without the permission of the entity.
After assembling the papers, the auditor should not delete or discard audit documentation of any
nature before the end of its retention period, which is no shorter than five years from the date of the
auditor's report, in accordance with HKSQC1 (Clarified).
In exceptional cases, where the auditor finds it necessary to modify existing audit documentation or
add new audit documentation after the assembly of the final audit file has been completed, the
auditor is required to document:
 the specific reasons for making them; and
 when and by whom they were made and reviewed
5.6 Significant matters

HKSA 230.A8 The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor,
having no previous connection with the audit, to understand significant matters arising during the
audit. Examples of significant matters include the following:
(a) Matters that give rise to significant risks;
(b) Results of audit procedures relating to the revision of auditor's assessment of the risks of
material misstatement and the auditor's responses to those risks;
(c) Results of audit procedures indicating the financial statements could be material misstated;
(d) Difficulties auditor faced in applying necessary audit procedures;
(e) Findings causing modification to the audit opinion or the addition of an emphasis of matter
paragraph;
(f) Discussion of significant matters to any party; and
(g) How the auditor addressed the inconsistency when information is inconsistent with auditor's
conclusion of the significant matter.
5.7 Assembly of the final audit file

HKSA HKSQC1 (Clarified) requires firms to establish policies and procedures for engagement teams to
230.14-16 complete the assembly of final engagement files on a timely basis after the engagement reports
have been finalised. For audit engagements, a time limit would ordinarily not be more than 60 days
after the date of the auditor's report.
The auditor should maintain confidentiality, safe custody, integrity, accessibility and retrievability of
the audit documentation.
266
5.8 Changes to audit documentation in exceptional

circumstances after the date of the auditor's report
HKSA 230.13 If, in exceptional circumstances, the auditor performs new or additional audit procedures or draws
new conclusions after the date of the auditor's report, the auditor shall document:
 the circumstances encountered;
 the new or additional audit procedures performed;
 when and by whom the resulting changes to audit documentation were made and reviewed;
and
 the specific reasons for making them.
267
Business Assurance
Topic recap
Relate to
Financial statement – classes of
assertions transactions
– account balances
– presentation and
disclosure
Must be AUDIT EVIDENCE

documented
Relevant Direction
Sufficient Appropriate
Reliable Source
Audit
Risk-based
methodology
Risk
Top-down assessment
Audit
procedure procedures
Systems-based/ Test of
systems audit – Inspection controls
– Observation
– Inquiry
– Confirmation Substantive Can never be
Balance sheet – Recalculation procedures eliminated entirely
approach – Reperformance
– Analytical procedure
Statistical
Transaction
cycle approach Sampling
Non-statistical
Directional
testing – Sample design
– Sample size
– Projecting
misstatements
– Evaluating results
268
Answer 1
(a) The balance of gross accounts receivable can best be assessed by the use of a receivables
circularisation. The allowance for doubtful accounts would be assessed by reviewing
management’s credit policies, ageing the accounts receivable, examining credit reports or
financial statements for major companies, and verifying subsequent remittances. Analytical
procedures would also be used.
(b) The additions to the non-current asset account can best be verified by an examination of the
client’s capitalisation policies and an examination of both the schedule of additions to non-
current assets, and a review of the repairs and maintenance expense account to ensure that
no items that should be capitalised are included as expenses. Any rental or lease agreement
should also be reviewed to ensure that nothing that should be capitalised has been
expensed.
(c) The accounts payable can be examined by the use of confirmation to test balances, or by a
reconciliation with suppliers’ statements.
Answer 2
(a) In determining reliance on this key control, the auditor has used non-statistical sampling.
Therefore, the decision as to whether or not the auditor would place reliance on this key
control without the undertaking of any further work depends on the auditor's expectations.
Such a high deviation rate would be unusual for accepting the control as operating
effectively, unless further audit evidence substantiating the initial assessment is obtained.
(b) The auditor has sampled the minimum size for zero expected deviations from the control
condition. As soon as one deviation is identified, as has occurred in this case, the auditor
cannot rely on the key control.
269
Business Assurance
Exam practice
DEF Ltd 10 minutes

DEF Ltd has a head office and sells footwear accessories through twenty retail outlets in Hong
Kong. All cash receipts in the form of cash and credit cards are recorded in the cash till of each
outlet. A cash float in the range of $8,000 to $15,000 is maintained at each outlet to provide change
for the till and cover various routine expenses. All cash takings for the previous day are banked at
the beginning of each working day. Cash till reconciliation is performed by a sales assistant and is
further reviewed by the shop supervisor at the end of each working day. The reconciliation and the
relevant supporting documents are sent to the accounts department daily for further processing.
A & B have been the auditors of DEF Ltd for a number of years. During the current year’s audit of
DEF Ltd, A & B have reviewed the internal controls on cash in hand and performed all tests of
controls they considered necessary.
In addition, DEF Ltd has received a bank loan ($10,000,000 repayable over four years) in order to
expand the business during the year. A & B have reviewed the internal controls on the bank loan
and have found that it would be more efficient to rely solely on substantive audit procedures.
Required
In the context of A & B’s audit of DEF Ltd,
(a) Explain the difference between sampling risks and non-sampling risks; (3 marks)
(b) Explain how stratification may help to increase the effectiveness of substantive audit
procedures. (3 marks)
(Total = 6 marks)
HKICPA September 2006 (amended)
270
chapter 10
Fraud and irregularities
Topic list
1 Fraud 2 Laws and regulations

1.1 What is fraud? 2.1 Legal requirements relating to an entity
1.2 Characteristics of fraud 2.2 Responsibility of management and those
1.3 Fraud and the auditor charged with governance
1.4 Risk assessment 2.3 Responsibility of the auditor
1.5 Overall responses to assessed risks 2.4 Indications of non-compliance with laws
of material misstatement due to fraud and regulations
at the financial statement level 2.5 Audit procedures when non-compliance
1.6 Fraud risk factors is identified or suspected
1.7 Misstatements indicating suspected 2.6 Communicating/reporting identified or
fraud suspected non-compliance
1.8 Overall responses to assessed risks
of material misstatement due to fraud 3 Following up illegal acts or fraud during the
at the assertion level audit
1.9 Analytical procedures performed near 3.1 HKSA 240 (Clarified)
the end of the audit 3.2 HKSA 250 (Clarified)
1.10 Unable to continue the engagement 3.3 Money laundering
1.11 Written representations
1.12 Communication to management and
those charged with governance
1.13 Documentation
Learning focus
The extent of auditors' responsibilities in relation to fraud and error is a critical element of the
public's perception of the auditor's role. The requirements of HKSA 240 (Clarified) in this
regard are core knowledge for this chapter and may have to be applied in practical scenarios.
271
Business Assurance
Learning outcomes
Competency
level
2.05 Planning and risk assessment 3
2.05.08 Explain the effect of fraud and misstatements on audit planning and
work
2.05.09 Explain the effect of laws and regulations, and non-compliance
therewith, on audit planning and procedures
2.12 Completion procedures
2.12.04 Explain the follow up on illegal act or fraud found while performing 3
an audit especially in the case of money laundering or corruption
272
10: Fraud and irregularities | Part D Assurance engagements
1 Fraud
Topic highlights
When carrying out risk assessment procedures, the auditor shall also consider the risk of fraud or
non-compliance with laws and regulations causing a misstatement in financial statements.
1.1 What is fraud?
Key term
Fraud is an intentional act by one or more individuals among management, those charged with
HKSA governance, employees or third parties involving the use of deception to obtain an unjust or illegal
240.11a
advantage.
HKSA 240.3 Fraud may be perpetrated by an individual, or colluded in, with people internal or external to the
business. When management or those charged with governance are involved in fraud, it is called
management fraud. When employees are involved it is called employee fraud.
Specifically, there are two types of fraud causing material misstatements in financial statements:
 Fraudulent financial reporting; and
 Misappropriation of assets
1.1.1 Fraudulent financial reporting
Key term
Fraudulent financial reporting involves intentional misstatements, including omissions of
HKSA 240. amounts or disclosures in financial statements, to deceive financial statement users.
A2
Management may intend to influence financial statement users' perceptions as to the entity's
performance and profitability.
This may include the following:
 Omission of amounts or disclosures in the financial statements
 Improper disclosure eg deception such as manipulation, falsification, alteration of accounting
records
 Intentional misapplication of accounting principles eg delay in recognition
 Concealing important information
 Engaging in complex transactions, leading to inability to collect audit trail
 Recording fictitious journal entries
 Improper use of assumptions or estimates in financial reporting
 Intentionally to reduce earnings for tax planning
 Manipulation, falsification or alteration of accounting records or other documentations
Such fraud may be due to pressure and incentives and may arise due to management overriding
controls and by aggressive earnings management in order to maximise bonuses. Companies
273
Business Assurance
about to list may contain higher risk in this area due to pressure to meet market expectations or a
desire to maximise compensation based on performance. The auditor should be aware if there are
matters like unsuitable revenue recognition, inappropriate accruals, liabilities, provisions and
reserves accounting or large number of immaterial breaches of financial reporting requirements.
Material misstatements due to fraudulent financial reporting are often due to revenue recognition
and this is significant risk.
1.1.2 Misappropriation of assets
Key term
Misappropriation of assets involves the theft of an entity's assets and is often perpetrated by
HKSA 240.A5 employees in relatively small and immaterial amounts.
Misappropriation of assets is often perpetrated by single employees in relatively small amounts,

although aggregated this amount may become material. However, misappropriation may also
involve collusion among a group of employees or management which often makes it more difficult
to detect. Collusion or management involvement often makes it easier to create false records to
conceal the fraudulent activity.
Misappropriation of assets is a serious threat to an entity. Even when it involves minor pilfering of
stock or cash by employees. It indicates an environment of weak internal control and possibly poor
relationships between senior management and employees. However, management may be equally
guilty and often have a greater opportunity for exploiting weaknesses in the control systems to
conceal their fraudulent activities. These activities can take the following forms:
(a) Embezzling receipts (for example, diverting them to private bank accounts)
(b) Wrongfully taking possession of physical non-current assets or intellectual property either for
personal use or to sell on (for example, stealing stock, or selling data)
(c) Creating false ledger or payroll entries to cause an entity to pay for goods which have not
been ordered or received (payments to fictitious suppliers or employees)
(d) Using an entity’s assets as collateral for a personal loan or loan to a related party
1.2 Characteristics of fraud

HKSA 240.2 Fraud involves:
(a) incentive or pressure to commit fraud – this may mean management is under pressure to
achieve unfeasible earnings or may indicate personal financial difficulties
(b) an opportunity – this may be the presence of large amounts of cash or inventory and the
ability to override an internal control without detection
(c) rationalisation of committing a fraudulent act – individuals may possess an attitude or
character that allow them knowingly and intentionally to commit a dishonest act. Poor
management-employee relations may create an attitude of disregard for internal controls.
1.3 Fraud and the auditor

HKSA 240.4, HKSA 240 (Clarified) The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
5 Statements provides guidance to auditors in this area.
1.3.1 Responsibilities of management

The primary responsibility for the prevention and detection of fraud is with both those charged with
governance and the management of an entity. It is important that management and those charged
with governance place a strong emphasis on fraud prevention and fraud deterrence.
274
This is effected by a commitment to a culture of honesty, ethical behaviour and active

oversight by those charged with governance.
Management can:
(a) implement and operate an adequate accounting and internal control system to reduce the
possibility of fraud and error
(b) acts in stewardship with regard to the property entrusted to them by shareholders
(contractual duty of care)
(c) develop a code of conduct
(d) establish an internal audit department
(e) set up an audit committee
1.3.2 Responsibilities of auditors

An auditor conducting an audit is responsible for obtaining reasonable assurance that the financial
statements taken as a whole are free from material misstatement, whether caused by fraud or error.
When planning or performing audit procedures or evaluating and reporting on results, in order to
reduce the audit risks to an acceptably low level, the auditor should consider the risks of material
misstatements in the financial statements due to fraud and error. (This is mandatory!) The
risk of not detecting material misstatements from fraud is higher than the risk of not detecting a
material misstatement due to error.
Auditors should:
 obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud.
 respond appropriately to fraud or suspected fraud identified during the audit.
 maintain an attitude of professional scepticism throughout the audit, recognising the
possibility that material misstatements due to fraud could exist, considering the honesty and
integrity of management and those charged with governance.
 evaluate the design of the entity's related controls, including relevant control activities and
determine whether they have been implemented.
The auditor cannot be held responsible for the prevention of fraud and error and the risk of not
detecting a material misstatement. The risk is greater for frauds that are due to sophisticated and
organised schemes designed to conceal it such as intentional misrepresentations made to the
auditors or deliberate failure to record transactions.
Although the auditor may suspect or identify the occurrence of fraud, the auditor does not make
legal determinations of whether fraud has actually occurred.
HKSA
240.15-18,
1.4 Risk assessment
25-26, 31 HKSA 240 (Clarified) requires a discussion among the team members that places particular
emphasis on how and where the financial statements may be susceptible to fraud.
275
Business Assurance
1.4.1 Risk assessment procedures

Risk assessment procedures to obtain information in identifying the risks of material
misstatement due to fraud shall include the following:
(a) Inquiries of management regarding:
(i) management's assessment of the risk that the financial statements may be
materially misstated due to fraud
(ii) management's process for identifying and responding to the risks of fraud
(iii) management's communication to those charged with governance in respect of its
process for identifying and responding to the risk of fraud
(iv) management's communication to employees regarding its views on business
practices and ethical behaviour
(v) knowledge of any actual, suspected or alleged fraud
(b) Inquiries of internal audit for knowledge of any actual, suspected or alleged fraud, and its
views on the risks of fraud.
(c) Obtaining an understanding of how those charged with governance oversee
management's processes for identifying and responding to the risk of fraud and the internal
control established to mitigate these risks.
(d) Inquiries of those charged with governance for knowledge of any actual, suspected or
alleged fraud and seek views on the adequacy of accounting system, management's process
for identifying risks of fraud and internal control.
(e) Evaluating whether any unusual or unexpected relationships have been identified in
performing analytical procedures that may indicate risk of material misstatement due to
fraud.
(f) Considering whether any other information may indicate risk of material misstatement due
to fraud such as information obtained from the auditor's entity acceptance and retention
processes, and experience gained on other engagements performed for the entity.
(g) Evaluating whether any fraud risk factors are present.
1.4.2 Identification and assessment of the risk of material misstatement due

to fraud
As required by HKSA 240 (Clarified), and in accordance with HKSA 315 (Revised), the auditor shall
identify and assess the risks of material misstatement due to fraud
 at the financial statement level; and
 at the assertion level for classes of transactions, account balances and disclosures.
These risks shall be treated as significant risks.
The auditor shall obtain an understanding of the entity's related controls, including control activities,
relevant to such risks.
1.4.3 Presumed risk of fraud in revenue recognition

Material misstatement due to fraudulent financial reporting relating to revenue recognition may
result in both overstatement or understatement of revenue, for example:
 recording fictitious revenue
 using aggressive revenue recognition
 improperly delaying recognition of revenue.
Therefore, HKSA 240 (Clarified) requires the auditor, based on a presumption that there are risks
of fraud in revenue recognition, to evaluate which types of revenue, revenue transactions or
assertions give rise to such risks.
276
Those entities such as listed entities that may have pressures or incentives on management to
commit fraudulent financial reporting, may face greater risks of fraud in revenue recognition.
The auditor shall document the reasons for concluding that there is no presumption that there are
risks of fraud in revenue recognition.
1.4.4 Presumed risk of control override

Management is in a unique position to perpetrate fraud because of its ability to override controls.
Because this risk is present in all entities and is therefore presumed HKSA 240 (Clarified) requires
that, irrespective of the auditor's assessment of the risks of management override of controls, the
auditor must design and perform audit procedures to respond to this risk.
The following are examples of audit procedures:
(a) Test the appropriateness of journal entries recorded in the general ledger and other
adjustments made in the preparation of the financial statements by:
(i) inquiring of individuals responsible for financial reporting process
(ii) testing collected journal entries and other adjustments made at the end of the period.
(b) Review accounting estimates for bias and evaluate whether the circumstances producing the
bias represents a risk of material misstatement due to fraud.
(i) If there is an indication of a possible management bias the auditor shall re-evaluate
the accounting estimate taken as a whole
(ii) Perform a retrospective review of management judgments and assumptions relating to
significant accounting estimates reflected in the financial statements of the prior year.
(c) For significant transactions that are outside the normal course of business for the entity, the
auditor shall evaluate whether the business rationale of the transactions suggests fraud.
The auditor should consider:
(i) whether the transactions are complex
(ii) whether management has discussed the accounting treatment with those charged
with governance
(iii) management placing more emphasis on the need for a particular accounting treatment
(iv) non-consolidated related parties that are not properly authorised
(v) unidentified related parties and the related transactions
1.5 Overall responses to assessed risks of material misstatement

due to fraud at the financial statement level
HKSA 240.32 In accordance with HKSA 330 (Clarified) The Auditor's Responses to Assessed Risks, the auditor
must determine overall responses to address the assessed risks of material misstatement due to
fraud at the financial statement level. In this regard, the auditor must:
(a) assign and supervise staff responsible taking into account their knowledge, skill and ability
ie individuals with specialised skill and knowledge;
(b) increase professional scepticism ie increase sensitivity in the selection of nature and
extent of documentation for material transactions and increase recognition of the need for
management explanations or representations for material matters;
(c) evaluate whether the accounting policies may be indicative of fraudulent financial
reporting; and
(d) incorporate unpredictability in the selection of the nature, timing and extent of audit
procedures to be performed ie adjusting the timing of audit procedures or using different
sampling methods.
277
Business Assurance
As we mentioned above, management fraud is more difficult to detect than employee fraud
because of management's ability to override controls and therefore manipulate accounting records.
HKSA 240 (Clarified) states that when auditor has to respond to the risk of management override of
controls, it is mandatory to perform procedures to:
(a) test the appropriateness of journal entries and other adjustments;
(b) review accounting estimates for bias; and
(c) for significant transactions outside the normal course of business, evaluate whether they
have been entered into to engage in fraudulent financial reporting or to conceal
misappropriation of assets.
1.6 Fraud risk factors
Key term
Fraud risk factors are events or conditions that indicate an incentive or pressure to commit fraud
HKSA or provide an opportunity to commit fraud.
240.11b
HKSA 240 HKSA 315 (Revised) states that the auditor shall evaluate whether fraud risk factors exist when
Appendix 1 collecting information from risk assessment procedures or when performing related activities.
When obtaining an understanding of the entity and its environment and the internal control, an
auditor should consider whether the information obtained indicates any fraud risk factors. However,
remember that fraud risk factors may not necessarily indicate the existence of fraud.
Auditors should exercise professional judgment in determining whether actual fraud is present.
When the following fraud risk factors appear there is a chance for fraudulent reporting to occur:
Fraud risk factors relating to fraudulent financial reporting

Operating  Missing vouchers
 Falsified documents and unsatisfactory explanations
 Evidence of dispute
 Unexplained reconciliations or incomplete accounting records
 Computer files failure – lack of records
 Significant related party transactions occurred not in the ordinary
course of business
 Dominant position in the market that may result in inappropriate or non-
arm's length transactions
 Many estimates involved in the financial statements
 Significant bank accounts or subsidiaries or branches operations in tax-
haven countries
Financial  Financial and profitability levels being threatened due to high degree of
competition, rapid changes in business environment
 Major decline in customer demand and increasing business failure
 Negative cash flow and operating losses
 New accounting/statutory/regulatory requirement
 Threat of bankruptcy/foreclosure/takeover
278
Fraud risk factors relating to fraudulent financial reporting

Pressure on  Management required to meet profitability or trend levels
management
 Entity needs to obtain additional funds by debt or equity financing
 Entity about to list, therefore required to meet exchange listing
requirement
 Meet financial targets established by those charged with governance or
listing rules
Nature of  Significant related party transactions not in the course of ordinary
entity's business
business
 Complex corporate structure
environment
 Multi-location businesses
Management  Dominance by management
style
 Non-operating internal controls – ie cut off or failure to correct
 Reluctance of management to communicate with third party
 High staff turnover
 Ineffective accounting and information systems
 Ineffective implementation of ethical standards
 Investigation by Government/Police
 Consistent failure to correct known material weaknesses in internal
controls
 Low morale among senior management
 Frequent disputes between management and auditors
 Limit of audit scope imposed by management
Analytical Auditor should consider any unusual or unexpected relationships that may
procedures indicate risks of material misstatement due to fraud.
When the following fraud risk factors appear there is a good chance for misappropriation of assets
to occur:
Fraud risk factors relating to misappropriation of assets

Employees/  Personal financial positions and ease to access to cash or other assets
management  Adverse relationships between entity and employees give motive for the
misappropriation of assets
Nature of  Circumstances occur where employees have large amount of cash on
entity's hand
business  Inventory items are small in size but are of high value
environment
 Easily convertible assets
 Non-current assets are of small size and marketable
279
Business Assurance
Fraud risk factors relating to misappropriation of assets

Internal  Inadequate internal controls over assets
controls  Inadequate segregation of duties
 Inadequate oversight of senior management and employees responsible
for assets
 Inadequate recordkeeping, authorisation and approval and physical
safeguards over cash investments
 Lack of documentation of transactions
 Lack of security in automated records
 Lack of complete and timely reconciliation of assets
 Inadequate management understanding of information technology
Management  Management disregarding the need for monitoring or reducing risks of
style misappropriation of assets
 Non-financial management's excessive participation
 Continuous disputes between management and shareholders
The size, complexity and ownership characteristics of the entity have a significant influence on the
consideration of relevant fraud risk factors. For example, a larger entity may have better internal
controls to prevent fraud.
1.7 Misstatements indicating suspected fraud

HKSA HKSA 240 (Clarified) requires the auditor to evaluate whether the misstatement identified is
240.28-29, 35 indicative of fraud and evaluate the implications of the misstatement in relation to other aspects of
the audit, particularly the reliability of management representations.
If the auditor believes the misstatements identified are the result of fraud which involved
management (ie by management collusion), the auditor shall re-evaluate the assessment of the
risks of material misstatement due to fraud and the impact on nature, extent and timing of audit
procedures.
When numerous immaterial misstatements are identified at a specific location, it may indicate there
is a risk of material misstatement due to fraud. The auditor should consider whether the fraud
involves senior management as this would affect the reliability of written representations. This may
indicate employees, management or third party's collusion.
1.7.1 Discussion among the engagement team

According to HKSA 240 (Clarified), discussion among the engagement team shall place particular
emphasis on how and where the entity's financial statements may be susceptible to material
misstatement due to fraud, including how fraud might occur.
1.8 Overall responses to assessed risks of material misstatement

due to fraud at the assertion level
According to HKSA 240 (Clarified), the auditors shall design and perform further audit procedures
by changing the nature, extent and timing of audit procedures that are responsive to the assessed
risks of material misstatement due to fraud at the assertion level.
280
The following illustrates the change in nature, extent and timing of audit procedures:
Changing the nature of  Obtain more reliable and relevant audit evidence
audit procedures
 Obtain additional corroborative evidence
 Use more physical inspection or observation
 Consider the source of audit evidence, ie more external
evidence rather internal audit evidence, ie use more external
confirmations
Changing the extent of  Increasing sample sizes
audit procedures
 Performing analytical procedures at a more detailed level
 Using CAATs for more extensive testing of electronic
transactions and account files
Changing the timing of  Modifying the timing of substantive procedures
audit procedures
 Performing substantive testing at or near the period end
 Electing to apply substantive procedures to transactions
occurring earlier in or throughout the reporting period
1.9 Analytical procedures performed near the end of the audit

HKSA 240.34 HKSA 240 (Clarified) requires the auditor when forming the overall conclusion to evaluate whether
analytical procedures that are performed near the end of the audit indicate a previously recognised
risk of material misstatement due to fraud. Auditors should consider any unusual relationships
involving year-end revenue and income. Overall, this requires professional judgment.
1.10 Unable to continue the engagement

HKSA 240.38 When the auditor encounters exceptional circumstances that affect the auditor's ability to
continue performing the audit, HKSA 240 (Clarified) requires the auditor to:
(a) determine the professional and legal responsibilities applicable in the circumstances ie
obligatory disclosure; or
(b) consider the appropriateness to withdraw from the engagement.
Examples of exceptional circumstances include the following:
(a) No appropriate action regarding fraud is undertaken by the entity, where auditor considers
necessary;
(b) The auditor considers there is significant risk of material and pervasive fraud; or
(c) The auditor has significant concern about the competence or integrity of management or
those charged with governance.
If the auditor decides to withdraw from the engagement, he shall:
(a) discuss with the appropriate level of management and those charged with governance about
the withdrawal; or
(b) determine whether there is obligatory reporting to regulatory authorities.
1.11 Written representations

HKSA 240.39 HKSA 240 (Clarified) requires the auditor to obtain written representations from management
and those charged with governance that they:
(a) acknowledge their responsibility for the design, implementation and maintenance of
internal control to prevent and detect fraud;
281
Business Assurance
(b) have disclosed to the auditor management's assessment of the risk of fraud in the financial
statements;
(c) have disclosed to the auditor their knowledge of fraud/suspected fraud involving
management, employees with significant roles in internal control, and others where fraud
could have a material effect on the financial statements;
(d) have disclosed to the auditor their knowledge of any allegations of fraud/suspected
fraud communicated by employees, former employees, analysts, regulators or others; or
(e) acknowledge the effects of those uncorrected financial misstatements aggregated as a
whole that are immaterial to the financial statements.
1.12 Communication to management and those charged with

governance
HKSA If the auditor identifies fraud or receives information that a fraud may exist, the auditor shall report
240.40-43 this on a timely basis to the appropriate level of management.
If the auditor identifies or suspects fraud involving management, employees with significant roles in
internal control, and others where fraud could have a material effect on the financial statements, he
shall communicate this on a timely basis to those charged with governance.
The auditor also needs to consider whether there is a responsibility to report to the regulatory or
enforcement authorities – the auditor's professional duty of confidentiality may be overridden
by laws and statutes in certain jurisdictions.
For material deficiencies in internal controls, the auditor should communicate with management.
1.13 Documentation
HKSA 240.44 The auditor must document:
 the significant decisions as a result of the team's discussion of fraud
 the identified and assessed risks of material misstatement due to fraud
 the overall responses to assessed risks
 results of specific audit tests
 any communications with management; or
 reasons for concluding that the presumption that there is a risk of fraud related to revenue
recognition is not applicable.
Tom is the Human Resources Manager of XXXX Limited in Hong Kong. XXXX Limited has a
number of production and management contracts with the public sector. Tom has created ten
fictitious employees in the company’s factory payroll. A number of pay cheques were issued to
these ten fictitious employees from October to December 20X6.
TUV & Co have been the auditors of XXXX Limited for the last two years, and the audit for the year
ended 31 December 20X6 is currently in progress. Before the discovery of Tom’s activities, TUV &
Co had assessed the risk of material misstatement due to fraud at the financial statement level as
low after performing the specific risk assessment procedures as required by auditing standards.
Required
(a) Explain the possible impacts of Tom’s activities on XXXX Limited’s financial statements.
(6 marks)
282
(b) Explain how Tom’s activities may affect the risk assessment and the audit work responsive
to the assessed risk of material misstatement due to fraud. (9 marks)
HKICPA May 2007
2 Laws and regulations
Topic highlights
Auditors must be aware of laws and regulations as part of their planning and must be aware of any
statutory duty to report non-compliance by the entity.
2.1 Legal requirements relating to an entity

Entities are increasingly subject to laws and regulations with which they must comply.
HKSA 250 (Clarified) Consideration of Laws and Regulations in an Audit of Financial Statements
provides guidance on the auditor's responsibility to consider laws and regulations in an audit of
The provisions of those laws or regulations have a direct effect on the entity's financial statements
in that they determine the reported amounts and disclosures in the financial statements.
Other laws or regulations are to be complied with by management but these laws and regulations
do not have a direct effect on an entity's financial statements.
Key term
Non-compliance refers to acts of omission or commission by the entity, either intentional or
unintentional, which are contrary to the prevailing laws or regulations.
HKSA 250.11 Such acts include transactions entered into by the entity, or on its behalf by its management or
employees. It does not include personal misconduct. Non-compliances may result in financial
consequences, like fines and litigation and non-financial consequences, such as loss of reputation.
2.2 Responsibility of management and those charged with

governance
HKSA 250.3 It is management's responsibility, with the oversight of those charged with governance, to ensure
that the entity complies with the relevant laws and regulations.
The following policies and procedures, among others, may be implemented by management to
assist in the prevention and detection of non-compliance with laws and regulations.
(a) Monitor legal requirements and ensure that operating procedures are designed to meet
these requirements;
(b) Institute and operate appropriate systems of internal control including internal audit and
an audit committee;
(c) Develop, publicise and follow a code of conduct;
(d) Ensure employees are properly trained and understand the code of conduct;
283
Business Assurance
(e) Monitor compliance with the code of conduct and act appropriately to discipline
employees who fail to comply with it;
(f) Engage legal advisers to assist in monitoring legal requirements; or
(g) Maintain a register of significant laws with which the entity has to comply within its
particular industry and a record of complaints.
HKSA 250.4- 2.3 Responsibility of the auditor

8, 10
As with fraud, the auditor is not, and cannot be held responsible for preventing and detecting non-
compliance. There is an unavoidable risk that some material misstatements in the financial
statements go undetected, even though the audit is properly planned and performed.
2.3.1 Categories of laws and regulations

HKSA 250 (Clarified) distinguishes the auditor's responsibilities in relation to compliance with two
different categories of law and regulation as follows:
(a) The provisions of those laws and regulations generally recognised to have a direct effect on
the determination of material amounts and disclosures in the financial statements; and
(b) Other laws and regulations that do not have a direct effect on the determination of the
amounts and disclosures in the financial statements, but compliance may be fundamental to
the business operations ie causing going concern problems or material penalties.
For those which have a direct effect the auditor is required to obtain sufficient appropriate audit
evidence regarding compliance. For other laws and regulations the auditor is required to perform
procedures to help identify non-compliance (see Section 2.3.4).
2.3.2 Obtaining an understanding of the entity and its environment

HKSA 250 (Clarified) requires the auditor to obtain a general understanding of:
(a) the legal and regulatory framework applicable to the entity, industry or the business segment
the entity operates; and
(b) how the entity is complying with that framework.
2.3.3 Ways to obtain a general understanding of the legal and regulatory

framework
Auditors may use the following ways to obtain general understanding of the legal and regulatory
framework:
(a) Use the auditor's existing understanding of the entity's industry, regulatory and other
external factors;
(b) Update the understanding of those laws and regulations that directly determine the
reported amounts and disclosures in the financial statements;
(c) Inquire of management as to other laws or regulations that may be expected to have a
fundamental effect on the operations of the entity;
(d) Inquire of management concerning the entity's policies and procedures regarding
compliance with laws and regulations; or
(e) Inquire of management the policies or procedures adopted for identifying, evaluating and
accounting for litigation claims.
284
2.3.4 Objective of the auditors

Under HKSA 250 (Clarified), the objectives of the auditor are to:
(a) obtain sufficient appropriate audit evidence regarding compliance with the provisions of
those laws and regulations generally recognised to have a direct effect on the determination
of material amounts and disclosures in the financial statements;
(b) perform specified audit procedures to help identify instances of non-compliance with other
laws and regulations that may have a material effect on the financial statements; and
(c) respond appropriately to non-compliance or suspected non-compliance with laws and
regulations identified during the audit.
2.3.5 Risks of material misstatement due to non-compliance with laws and

regulations
Certain factors will increase the risks of material misstatement due to non-compliance with laws
and regulations not being detected by the auditor.
(a) There are many laws and regulations, relating principally to the operating aspects of an
entity, that typically do not affect the financial statements and are not captured by the
entity's information systems relevant to financial reporting;
(b) Non-compliance may involve conduct designed to conceal it, such as collusion, forgery,
deliberate failure to record transactions, management override of controls or intentional
misrepresentations being made to the auditor; or
(c) Whether an act constitutes non-compliance is ultimately a matter for legal determination by a
court of law.
Laws and regulations governing a business entity can vary enormously. Whether an act constitutes
non-compliance is a legal matter that may be beyond the auditor's professional competence,
although the auditor may have a fair idea in many cases through his knowledge and training.
Ultimately such matters can only be decided by a court of law.
The further removed non-compliance is from the events and transactions normally reflected in the
financial statements, the less likely the auditor is to become aware of it or recognise non-
compliance.
2.3.6 Other laws and regulations

The auditor should recognise that certain other laws and regulations may have a fundamental
effect on the operations of the entity, ie they may cause the entity to cease operations or call into
question the entity's continuation as a going concern. For example, non-compliance with the
requirements of the entity's licence or other title to perform its operations could have such an
impact (for example, for a bank, non-compliance with capital or investment requirements).
The auditor must perform the following audit procedures to help identify instances of non-
compliance with other laws and regulations that may have a material effect on the financial
statements:
(a) Inquiring of management and, where appropriate, those charged with governance, as to
whether the entity is in compliance with such laws and regulations; and
(b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.
The auditor must request written representations from management that all known instances of
non-compliance or suspected non-compliance with laws and regulations whose effects should be
considered when preparing the financial statements have been disclosed to the auditor.
285
Business Assurance
2.4 Indications of non-compliance with laws and regulations

The auditor must remain alert throughout the audit to the possibility that other audit procedures
may bring instances of non-compliance or suspected non-compliance to the auditor's attention.
These audit procedures could include:
(a) reading minutes;
(b) making inquiries of management and in-house/external legal advisers regarding litigation,
claims and assessments; or
(c) performing substantive tests of details of classes of transactions, account balances or
disclosures.
The following factors may indicate non-compliance with laws and regulations:
(a) Investigations by regulatory authorities and government departments;
(b) Payment of fines or penalties;
(c) Payments for unspecified services or loans to consultants, related parties, employees or
government employees;
(d) Sales commissions or agents' fees that appear excessive;
(e) Purchasing at prices significantly above/below market price;
(f) Unusual payments in cash;
(g) Unusual transactions with companies registered in tax havens;
(h) Payment for goods and services made to a country different to the one in which the goods
and services originated;
(i) Payments without proper exchange control documentation;
(j) Existence of an information system that fails to provide an adequate audit trail or sufficient
evidence;
(k) Unauthorised transactions or improperly recorded transactions; or
(l) Adverse media comment.
2.5 Audit procedures when non-compliance is identified or

suspected
HKSA If the auditor becomes aware of information concerning an instance of non-compliance or
250.18-21 suspected non-compliance with laws and regulations, the auditor shall obtain:
(a) an understanding of the nature of the act and the circumstances in which it has occurred;
and
(b) further information to evaluate the possible effect on the financial statements.
2.5.1 Evaluation of the possible effect on the financial statements

Auditors should evaluate:
(a) the potential financial consequences of non-compliance with laws and regulations on the
financial statements whether fines, penalties or litigation claims;
(b) whether the potential financial consequences require disclosure; and
(c) whether the seriousness of the potential financial consequences would affect the
presentation of the financial statements.
The implications of non-compliance in relation to other aspects of the audit have to be evaluated.
The auditor should consider risk assessment, reliability of written representations, performance of
286
control activities and level of management or employees involved, especially when involving
highest authority within an entity.
When no remedial actions are taken by management and those charged with governance on the
non-compliances, auditors should consider withdrawal from the engagement and should consider
seeking legal advice first.
2.5.2 Insufficient information about suspected non-compliances

If the auditor suspects there may be non-compliance, the auditor must discuss the matter and the
findings with management and, where appropriate, those charged with governance.
The auditor must consider the need to obtain legal advice from entity's in-house legal counsel or
external legal counsel if sufficient information is not provided and the matter is material.
If it is not considered appropriate to consult with the entity's legal counsel or the auditor is not
satisfied with the opinion from the entity's legal counsel, the auditor may consider it appropriate to
consult the auditor's legal counsel.
Finally, if the auditor cannot obtain sufficient information about suspected non-compliances, the
auditor must evaluate the impact of the lack of sufficient appropriate audit evidence on the auditor's
opinion.
2.6 Communicating/reporting identified or suspected non-

compliance
HKSA The auditor shall communicate with those charged with governance, but if the auditor suspects that
250.25-28 those charged with governance are involved, the auditor shall communicate with the next higher
level of authority such as the audit committee or supervisory board. If this does not exist, the
auditor shall consider the need to obtain legal advice.
The auditor shall consider the impact on the auditor's report if he concludes that the non-
compliance has a material effect on the financial statements and has not been adequately reflected
or is prevented by management and those charged with governance from obtaining sufficient
appropriate audit evidence to evaluate whether non-compliance is material to the financial
statements. The auditor shall express a qualified opinion or disclaim an opinion on the financial
statements on the basis of a limitation on the scope of the audit under HKSA 705 (Clarified).
The auditor shall determine whether identified or suspected non-compliance has to be reported to
the regulatory and enforcement authorities. Although the auditor must maintain the fundamental
principle of confidentiality, in some jurisdictions the duty of confidentiality may be overridden by
law or statute.
3 Following up illegal acts or fraud during the audit
Topic highlights
A firm of Certified Public Accountants must establish policies and procedures in order to meet its
responsibilities in relation to money laundering.
3.1 HKSA 240 (Clarified)

HKSA Where the auditor becomes aware of a suspected or actual instance of fraud which could have a
240.40-43 material effect on the financial statements, he would:
(a) consider whether the matter may be one that ought to be reported to a proper authority in the
public interest; and where this is the case
287
Business Assurance
(b) except when he is prohibited by law from informing any party other than the proper authority
or when the matter casts doubt on the integrity of those charged with governance, discuss
the matter with those charged with governance, including any audit committee.
3.1.1 Duty to notify those charged with governance in writing

In respect of an identified suspected or actual instance of fraud which could have a material effect
on the financial statements, the auditor would make a report direct to a proper authority in the
public interest without delay and without informing those charged with governance in advance in
situations where:
(a) the auditor concludes that the matter ought to be reported to a proper authority in the
public interest; and
(b) the auditor is prohibited by law from informing any party other than the proper authority or
the matter casts doubt on the integrity of those charged with governance
An auditor who can demonstrate that he has acted reasonably and in good faith in informing an
authority of an instance of fraud which he thinks has been committed would not be held by the
court to be in breach of duty to the client even if, an investigation or prosecution having occurred,
it were found that there has been no offence.
An auditor may need to take legal advice before making a decision on whether the matter should
be reported to a proper authority in the public interest.
The implications of identified fraud depend on the circumstances. For example, an otherwise
insignificant fraud may be significant if it involves senior management. In such circumstances, the
reliability of evidence previously obtained may be called into question, since there may be doubts
about the completeness and truthfulness of representations made and about the genuineness of
accounting records and documentation. There may also be a possibility of collusion involving
employees, management or third parties.

HKSA The auditor shall obtain:
250.25-28
and
The auditor shall evaluate the implications of non-compliance in relation to other aspects of the
audit, including the auditor’s risk assessment and the reliability of written representations, and take
appropriate action.
The auditor may discuss the findings with those charged with governance where they may be able
to provide additional audit evidence.
The auditor may consider it appropriate to consult with the entity’s in-house legal counsel or
external legal counsel about the application of the laws and regulations.
The auditor evaluates the implications of non-compliance in relation to other aspects of the audit,
including the auditor’s risk assessment and the reliability of written representations.
The auditor may consider withdrawal from the engagement, where withdrawal is possible under
applicable law or regulation.
In some jurisdictions, the auditor of a financial institution has a statutory duty to report the
occurrence, or suspected occurrence, of non-compliance with laws and regulations to the
supervisory authorities.
288
3.3 Money laundering

In recent years accountants and auditors have become subject to anti-money laundering (AML)
regulations. This is largely due to the work of the inter-governmental body, the Financial Action
Task Force on Money-Laundering (FATF).
A firm of Certified Public Accountants must establish sound policies and procedures to ensure that the
firm meets its responsibilities under the relevant regulation in which the firm is operating. It is important
that everyone who is a member of an audit engagement team is aware of the regulations, the firm’s
policies and procedures, and their own responsibilities regarding money laundering activities.
Key terms
Money laundering is a process by which criminals attempt to conceal the true origin and
ownership of the proceeds of criminal activities. It is a way in which money earned from criminal
activities (“dirty money”) is transferred and transformed so it appears to have come from a
legitimate source (“clean money”). Money laundering includes a wide range of potential crimes
including possessing, dealing with, or concealing the proceeds of crime.
3.3.1 Money laundering activities and process

Money laundering activities could include the following:
 Acquiring, using or possessing the proceeds of criminal activities such as drug trafficking and
terrorist activities, or retaining control over the proceeds of tax evasion.
 Benefits obtained through bribery or corruption.
 Inciting, aiding, counselling or concealing such activities.
The three stages of the money laundering process are placement, layering and integration:
 Placement is putting money into financial products or instruments, including life policies,
pension arrangements, unit trusts, travellers cheques, and bank deposits.
 Layering is creating a series of transactions so that the original source of funds is
obscured and difficult to trace.
 Integration is converting the proceeds of money laundering into a legitimate form.
3.3.2 Accountants’ actions related to money laundering

For accountants there are specific ways that they could commit offences relating to money
laundering. These could include the following:
 Handling the proceeds of criminal activity, or advising on the use of such proceeds.
 Failure to report knowledge or suspicion of money laundering activities to the appropriate
authority.
 Making a disclosure which is likely to prejudice an investigation into money laundering
(known as “tipping off”).
 Failure to comply with the specific regulatory requirements in relation to money laundering in
the jurisdiction in which the accountant is operating.
3.3.3 Policies and procedures related to money laundering

The policies and procedures that a firm of Certified Public Accountants should establish in order to
meet its responsibilities in relation to money laundering are described below:
(a) Appointment of a Money Laundering Reporting Officer (MLRO)
The MLRO is a nominated officer who is responsible for receiving and evaluating reports of
suspected money laundering from colleagues within the firm, and making a decision as to
whether further inquiry is required and if necessary making reports to the appropriate
289
Business Assurance
external body. The MLRO should have an appropriate level of seniority and experience and
would usually be a senior partner.
(b) Customer identification procedures
This is often referred to as customer due diligence (CDD), or “know your client” (KYC)
procedures.
The point of these procedures is to ensure that the firm has verified the identity of clients
(whether the client is an individual or an entity), and has obtained evidence of that identity.
For an individual, typical evidence of identity would be a passport, driving licence, and
evidence of address such as a utility bill. For an entity evidence may include a certificate of
incorporation. The identification process for an entity would also involve identification of key
management personnel and those people in control of the entity, and an assessment as to
whether any connected individuals are politically exposed persons (PEP).
(c) Enhanced record keeping
Records must be kept of clients’ identity, the firm’s business relationship with them, and
details of transactions with the client. All records should be kept for five years after the end of
the business relationship or completion of the transactions. Internal and external reports
made in connection to money laundering should also be securely kept for five years.
(d) Communication and training
All relevant employees should receive training so that they are aware of the main provisions
of money laundering regulations, and so that they know how to recognise and deal with
activities which may be money laundering. The training programme should be offered to all
members of the firm with an involvement in audit engagements. Training should also be
provided on the firm’s internal policies and procedures with relation to money laundering.
In particular, all staff should be aware of appropriate lines of communication, and who they
should report suspicions of money laundering activities to. Training should be considered for
all staff, including support staff who do not carry out an advisory role.
(e) Internal controls, risk assessment, management and monitoring
The firm should establish systems and controls to effectively manage the risk that the firm is
exposed to in terms of money laundering activities. This could include:
 client screening procedures to minimise the risk of taking on a new client with a high
risk of money laundering activities
 systems and controls to ensure that training is taken/attended and understood by all
relevant employees
 systems that allow periodic testing that the firms’ policies and procedures comply with
legislative and regulatory requirements
All of the above contribute to the acceptance and following of firm-wide practices by all relevant
individuals and can be seen as quality control measures.
3.3.4 Money laundering in Hong Kong
The Financial Action Task Force (FATF), the international AML standard-setter, completed an
evaluation on Hong Kong’s AML regime in 2008 and concluded inter alia that we should provide
statutory backing and appropriate sanctions for customer due diligence (CDD) and record-keeping
requirements for financial institutions, and put into place an AML regulatory framework for
remittance agents and money changers.
At present, the requirements on CDD and record keeping by financial institutions are implemented
mainly through guidelines issued by the Monetary Authority (MA), the Securities and Futures
Commission (SFC) and the Insurance Authority (IA) respectively. Hong Kong is required by FATF
to implement improvement measures to address these deficiencies. Failure to do so will result in
enhanced scrutiny by FATF and could subject Hong Kong to counter measures by other FATF
members, which would hinder our development as an international financial centre.
290
In October 2012, the FATF recognised that Hong Kong had made significant progress in
addressing the deficiencies identified in the 2008 Mutual Evaluation Report. The FATF agreed that
Hong Kong should now report on any further improvements to its Anti-Money
Laundering/Combating the Financing of Terrorism (AML/CFT) system on a biennial update basis.
3.3.5 The Anti-Money Laundering and Counter-Terrorist Financing (Financial

Institutions) Ordinance
The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance
(“the Ordinance”) was gazetted on 8 July 2011. The Ordinance came into effect on
1 April 2012. The Ordinance provides for the imposition of requirements relating to customer due
diligence and record-keeping on specified financial institutions, and provides for the powers of the
relevant authorities.
The Ordinance seeks to improve Hong Kong's anti-money laundering regime by better alignment of
the financial sector with prevailing international standards.
The major proposals adopted by the Ordinance include the following:
(a) Codifying the customer due diligence requirements, which refer to the measures enabling
financial institutions to establish the identity of each customer, and record-keeping
requirements in line with the prevailing international standards as promulgated by the FATF;
(b) Subjecting specified financial institutions, namely banks and deposit-taking companies
(collectively referred to as authorised institutions), licensed corporations in the securities
sector, authorised insurers, appointed insurance agents, authorised insurance brokers,
money service operators and the Postmaster General to the statutory requirements provided
in the new legislation;
(c) Empowering the Monetary Authority (MA), the Securities and Futures Commission (SFC),
the Insurance Authority (IA) and the Customs and Excise Department (C&ED) as the
respective relevant authorities to supervise compliance with the statutory requirements by
the specified financial institutions;
(d) Providing for supervisory and criminal sanctions for contravention of the statutory customer
due diligence and record-keeping requirements;
(e) Putting in place a licensing regime for money service operators to be administered by C&ED;
and
(f) Establishing an independent review tribunal to review decisions made by the relevant
authorities to impose supervisory sanctions and decisions related to money service operator
licensing matters.
The statutory customer due diligence and record-keeping requirements largely reflect the existing
requirements set out in the administrative guidelines issued by MA, SFC and IA.
Provision of criminal sanctions in addition to supervisory sanctions will ensure that Hong Kong has
an effective AML regime. Many jurisdictions, including the UK, the US, Singapore, Italy and Norway,
have provided for criminal offences under their AML legislation in dealing with breaches of CDD
and record-keeping requirements.
291
Business Assurance
Topic recap
Attitude of RISK ASSESSMENT

professional PROCEDURES
skepticism
RISK OF RISK OF MONEY

RISK OF FRAUD
NON-COMPLIANCE LAUNDERING
WITH LAWS
AND REGULATIONS
Auditor’s – Client screening

Intentional Sufficient Appropriate Theft
understanding – Appoint MLRO
misstatements
and responsibility – Risk indicators
– Types of offence
– Tipping off
Search for
indication of
Management Auditor Risk Responses Reporting non-compliance
responsibilities responsibilities assessment
procedures
Action on
discovery of
Presumed risk non-compliance
of fraud in
revenue recognition
292
Answer 1
(a) The possible impacts of Tom’s activities on the financial statements of XXXX Ltd for the year
ended 31 December 20X6 are as follows:
 XXXX Ltd’s bank and cash were misappropriated via the payments to ten fictitious
employees.
 Staff costs are overstated, and, therefore, XXXX Ltd’s overall expenditure. XXXX Ltd’s
profit is understated.
 Staff benefits or staff-related costs/deductions are overstated, eg employees’
insurance and severance payment provisions.
 If staff costs are capitalised in inventories or other forms of assets (eg development
expenditure), the reported amount of those assets is overstated.
 In cases where XXXX Ltd has cost-plus contracts with its customers (ie cost-
reimbursement plus margin arrangement), an overstatement of staff costs may
overstate the amount of revenue (reimbursement from customers).
 A contingent liability may arise due to a possible breach of contract if one of the
purposes of overstating the headcount is to fulfil contract requirements (eg headcount
requirements as set out in contracts with the Government).
 There may be a going concern issue due to the violation of contractual requirements
and other regulations for XXXX Ltd to carry on operating (and winning contracts) in the
public sector outsourcing market.
 TUV & Co’s risk assessment at the financial statement level (as low) may not be
appropriate as the internal controls of XXXX Ltd on its payroll may be weak or subject
to management manipulation. This could cause material misstatements in other
aspects of XXXX Ltd’s financial statements to exist.
(b) Before the discovery of Tom’s activities, TUV & Co had assessed the risk of material
misstatement due to fraud at the financial statement level as low after performing the specific
risk assessment procedures as required by HKSA 240 (Clarified).
Tom’s activities indicate there are weaknesses in how those charged with governance
exercise oversight of management processes for identifying and responding to the risks of
fraud in the entity and also weaknesses in the overall control environment.
As the HR Manager of XXXX Ltd, Tom holds a senior position. Management override of
controls exists.
TUV & Co should also consider whether or not there is any evidence suggesting the
susceptibility of XXXX Ltd to management fraud and the competence and integrity of
management.
The insertion of fictitious employees into the payroll indicates a lack of controls in XXXX Ltd’s
payroll and cheque payment procedures. The internal controls that management has
established to mitigate these risks are proved to be ineffective.
Depending on the pervasiveness of the audit evidence, TUV & Co may need to revise its
assessment of the risk of material misstatement at the financial statement level to medium or
high.
293
Business Assurance
If TUV & Co obtains evidence indicating that the misappropriation of assets (pay cheques) is
restricted to Tom for the last three months of the year ended 31 December 20X6 and if the
amount of cash misappropriated is material to XXXX Ltd, TUV & Co may need to revise its
assessment of the risk of material misstatement of the occurrence of staff costs and the
existence of bank and cash to medium or high.
TUV & Co may also need to assess the risk of material misstatement of the completeness
assertion of staff costs and bank & cash (due to possible misappropriation of cheques or
cash by Tom to genuine employees) as medium or high. [Some candidates may argue that
the payment to fictitious employees is based on payroll records which are false. Therefore,
the controls in bank & cash may well be effective, but the controls in payroll records had
broken down so that Tom could create fictitious employees and working/attendance records.]
According to HKSA 330 (Clarified), TUV & Co’s responses to address the assessed risks of
material misstatement due to fraud at the assertion level should include changing the nature,
timing, and extent of audit procedures.
Changing the nature of audit procedures
As the key risks include the existence of employees, the occurrence of staff costs and the
existence and completeness of bank and cash, substantive procedures may become more
important, eg physical verification meetings with individual employees, physical observation
of pay cheque distribution, matching the payroll to personnel files and vouching clock cards
or time sheets.
Without Tom’s activities, TUV & Co may rely on the internal controls of XXXX Ltd and carry
out more tests of controls in the payroll and pay cheque procedures.
Changing the timing of audit procedures
In some cases, audit work at an interim date can make the year end audit more effective.
However, Tom’s activities took place during the last three months of the year ended
31 December 20X6, and any audit conclusions reached based on audit procedures
completed at an interim date may not be extended to the year end.
Therefore, it is not effective to carry out any substantial amount of audit work at an interim
date.
Changing the extent of audit procedures
TUV & Co may increase sample sizes when performing tests of details eg physical
verification meetings with individual employees, physical observation of pay cheque
distribution, matching payroll to personnel files and vouching clock cards or time sheets.
TUV & Co may perform analytical procedures at a more detailed level, eg comparison of
wages and salaries, MPF, staff-related costs/deductions of different periods, and among
different shifts, product lines and factories. Without Tom’s activities, TUV & Co may perform
these analytical procedures at the company level only.
294
Exam practice
ABC Limited 36 minutes

ABC Limited (“ABC”) is a company incorporated in Hong Kong. ABC’s business was very
successful during the period 20X5-X8, and most of its customers are financial institutions based in
the US. Mr Kwok is a CPA (Practising) and has just started planning the audit of ABC’s financial
statements for the year ended 30 June 20X9. Ms. Chan, the Chief Executive Officer of ABC, has
discussed the following matters with Mr. Kwok:
(1) Notwithstanding the recent US sub-prime mortgage crisis, Ms. Chan does not think
customers in the US will have any difficulties in settling trade debts. However, a general
allowance at 1% of the outstanding balances has been maintained as a contingency reserve
against losses from irrecoverable and doubtful receivables.
(2) Ms. Chan provides certain figures from ABC’s accounting records to Mr. Kwok as follows:
Unaudited Audited
Year ended 30 Jun 20X9 Year ended 30 Jun 20X8
$'million $'million
Trade receivables from customers in the US 27 20
Trade receivables from other customers 6 5
Total trade receivables 33 25
$'million $'million
Sales to customers in the US 110 100
Sales to other customers 55 50
Total sales 165 150
(3) Ms. Chan expects ABC to be ready for listing on the Hong Kong Stock Exchange in the near
future in order to stay competitive.
(4) Ms. Chan explains that ABC has recently changed the remuneration package for senior
managerial staff linking it more directly to ABC’s sales.
(5) Ms. Chan explains that ABC has recently established an affiliated entity in the US to provide
certain support services for ABC’s main products.
Required
(a) Define the auditor’s responsibility towards the risks of fraud in financial statements.
(3 marks)
(b) Define fraud risk factors and describe the three conditions that are generally present when
fraud exists.
(3 marks)
295
Business Assurance
(c) Explain four main fraud risk factors identified from the audit of ABC’s financial statements for
the year ended 30 June 20X9. (8 marks)
(d) Explain how, as part of the audit of ABC’s financial statements, Mr. Kwok may identify any
unusual or unexpected relationships amongst the figures provided by Ms. Chan (point (2)
above) that may indicate risks of material misstatement due to fraud. (6 marks)
(Total = 20 marks)
HKICPA May 2009
T&F Limited 29 minutes

Trading & Factory Limited (“T&F”) has been producing and selling outdoor furniture and garden
ornaments to North America for about ten years. T&F’s founder, Mr. Lee, has occupied the roles of
Chairman and Chief Executive Officer for three years, and has largely dominated its board of
directors.
T&F struggled financially during 20X8-X9, but it has managed to survive through the recession and
has recently presented the unaudited management accounts for the year ended 31 December
20Y0 to its auditor. Extracted below are certain key financials for the years 20X9 and 20Y0.
Extracts from Extracts from
unaudited management accounts audited financial statements
for the year ended for the year ended
31 December 20Y0 31 December 20X9
HK$'000 HK$'000
Sales 482,100 254,300
Gross margin 30% 29%
Net profit before tax 98,100 16,200
Current ratio 0.9 1.2
Following the recent revival in performance, Mr. Lee has expressed T&F’s desire to go for a listing
within a year or two.
Due to the lack of financial expertise on the board and without a separate audit committee, T&F’s
board has been relying on the management letter from its auditor to monitor the operating
effectiveness of its internal controls.
Required
(a) Explain the auditor’s responsibilities for the prevention and detection of fraud in financial
statements and describe the three pre-requisites generally present when a fraud takes place.
(6 marks)
(b) Identify and explain three fraud risk factors (other than any weaknesses in T&F’s corporate
governance) from the perspective of T&F’s auditor.
(10 marks)
(Total = 16 marks)
HKICPA June 2011
296
chapter 11
Internal control and tests of

controls
Topic list
1 Internal control systems 4 Internal controls in a computerised

1.1 Control environment environment
1.2 Entity's risk assessment process 4.1 General controls
1.3 Information system relevant to financial 4.2 Application controls
reporting 4.3 Documentation
1.4 Control activities 4.4 Testing of automated controls
1.5 Monitoring of controls 5 Communicating deficiencies in internal
1.6 Controls for significant risks control
1.7 Limitations of accounting and control 5.1 Meaning of deficiencies
systems 5.2 Requirement of auditor
2 The use of internal control systems by 5.3 Action taken by management and those
auditors charged with governance
2.1 Recording accounting and control
systems
3 Tests of controls
3.1 Confirming understanding
3.2 When to perform tests of controls
3.3 Reliance on evidence obtained in prior
periods
3.4 Increase the extent of tests of controls
3.5 Evaluating the operating effectiveness of
controls
Learning focus
Auditors should evaluate the internal control system in order to determine whether to rely on
the entity's internal controls in order to reduce the level of substantive testing.
297
Business Assurance
Learning outcomes
Competency
level
2.09.05 Explain the importance of internal control to auditors and the
execution of tests of control
2.09.06 Explain how auditors identify weaknesses in internal control
systems and how those weaknesses limit the extent of auditors'
reliance on those systems
2.10.04 Explain the need to modify the audit strategy and audit plan
following the results of tests of control
2.13 Reporting 3
2.13.01 Discuss and provide examples of how the reporting of internal
control weaknesses and recommendations to overcome those
weaknesses are provided to management
4.02 Categories and types of controls 3
4.02.01 State examples of controls in a computerised system
4.02.02 Define and give examples of general and application controls
298
11: Internal control and tests of controls | Part D Assurance engagements
1 Internal control systems
Topic highlights
The auditors must understand the accounting system and control environment in order to
determine their audit approach.
Key term
Internal control is the process designed, implemented and maintained by those charged with
governance, management, and other personnel to provide reasonable assurance about the
HKSA 315.4c
achievement of the entity's objectives with regard to reliability of financial reporting, effectiveness
and efficiency of operations and compliance with applicable laws and regulations.
HKSA 315 (Revised) Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment deals with the whole area of controls.
Internal control has five elements:
 The control environment;
 The entity's risk assessment process;
 The information system relevant to financial reporting;
 Control activities; and
 Monitoring of controls.
HKSA 315 (Revised) requires that the auditor shall obtain an understanding of internal controls
relevant to the audit. Most controls relevant to the audit are likely to relate to financial reporting but
there might be controls relevant to operations and compliances objectives. It is a matter of the
auditor’s professional judgment whether a control, individually or in combination with others, is
relevant to the audit.
In obtaining an understanding of internal control, the auditor must understand and evaluate the
design of the internal control (ie is it capable of preventing, detecting and correcting material
misstatements?) and the implementation of that control (ie has it been operated correctly in that
year?) by performing procedures in addition to inquiry of the entity’s personnel. In the following
sub-sections, we look at each of the elements of internal control in turn.
1.1 Control environment
Key term
The control environment is the framework within which operational controls operate. Its
effectiveness is very much determined by management's attitudes, awareness of risk and actions
and the importance placed on internal control within the entity.
1.1.1 Effect of control environment on auditor's risk assessment

HKSA 315.14 The control environment sets the tone for an organisation. It provides discipline and structure and
strongly influences the control consciousness of the people within the organisation. A strong control
environment, supported by a clear and effectively communicated commitment from senior
management influences the auditor's assessment of the effectiveness of other controls.
299
Business Assurance
It does not, on its own, guarantee the effectiveness of the overall control system, but reduces the
risks of material misstatement. A weak control environment can undermine the effectiveness of
specific operational controls.
Controls are more likely to operate well in an environment where they are regarded as being of
importance, that is, in entities where the ethos is set at the most senior levels of the company that
honest and transparent behaviour is paramount and deviations from ethical practice will not be
accepted. The responsibility for individual areas is then cascaded down through tiers of
management in the form of operational controls. The auditors, will perform procedures to ascertain
whether certain controls exist and are routinely adhered to. For example, the auditor may check
that a particular payment has been made to a supplier on an approved list.
HKSA 315 (Revised) states that auditors must understand an entity's control environment. The
types of check described above are relatively easy to perform as walk-through tests but auditors
must also use observation and inquiry to assess whether:
 management, with the oversight of those charged with governance, has created and
maintains a culture of honesty and ethical behaviour
 the strengths in the control environment provide an adequate foundation for the other
elements of internal control and whether those elements are weakened by deficiencies in the
control environment.
The following table illustrates this:
Control environment
Management's integrity  Essential elements which influence the effectiveness of the
and ethical values design, administration and monitoring of controls; and
 Overall attitude, awareness and actions of management on
the internal control system
Commitment to  Management's assessment of the competency levels for
competence particular roles and how those levels translate into requisite
skills and knowledge
Participation by those  Independence from management
charged with  Experience and stature
governance
 Extent of involvement and scrutiny of activities
 Type of difficult questions resolved in between internal and
external auditors
 Whether they understand the entity's business transactions
Management's  Approach to taking and managing business risks
philosophy and  Attitudes and actions towards financial reporting
operating style
 Attitudes towards information processing and accounting
functions and personnel
Organisational The framework within which an entity's activities for achieving its
structure objectives are planned, executed, controlled and reviewed
(including segregation of duties, job rotation and so on)
Assignment of authority How authority and responsibility for business activities are
and responsibility allocated and how reporting lines and authorisation controls are
organised
Human resource How recruitment, induction, training, performance monitoring and
policies and practices career progression plans, work place counselling, remuneration,
and grievance and discipline matters are conducted
Finally, the auditor should form a conclusion as to whether the control environment is strong or
weak.
300
1.2 Entity's risk assessment process

HKSA 315.15 HKSA 315 (Revised) says that the auditor must understand and evaluate the internal processes of
an entity for the following:
 identification of the business risks which may affect financial reporting objectives
 estimating their significance
 assessing their likelihood
 responding effectively to the issues identified.
The entity's risk assessment process assists the auditor in identifying risks of material
misstatement. If the auditor believes the process fails to reflect the risk position of the entity, the
auditor then evaluates whether this is because of any serious weakness in internal control.
If there is no process for risk identification in place at all, the auditor should discuss with
management whether the business risks relevant to the financial reporting objectives have been
assessed and addressed appropriately. The auditor shall evaluate whether the absence of a
documented risk assessment process is appropriate in the circumstances, or determine whether it
represents a significant deficiency in overall internal control.
1.3 Information system relevant to financial reporting
Key term
The information system relevant to financial reporting is a component of internal control that
includes the financial reporting system, and consists of the procedures and records established to
initiate, record, process and report entity transactions (as well as events and conditions) and to
maintain accountability for the related assets, liabilities and equity.
HKSA The auditor must obtain an understanding of the information system relevant to financial reporting
315.18-19 objectives, and the following in particular:
(a) The classes of transactions in the entity's operations that are of most significance to the
(b) The procedures, within both computerised and manual systems, by which those transactions
are initiated, recorded, processed, corrected, and transferred to the general ledger and
reported in the financial statements
(c) The underlying accounting records, supporting information, and specific accounts in the
financial statements, in respect of initiating, recording, processing and reporting transactions
(d) How the information system records events and conditions, other than transactions, that are
significant to the financial statements
(e) The financial reporting process used to prepare the entity's financial statements, including
significant accounting estimates and disclosures
(f) Controls surrounding journal entries, including non-standard journal entries used to record
unusual one-off transactions or adjustments
The auditor should also obtain an understanding of how the entity communicates financial
reporting roles and responsibilities and significant matters relating to financial reporting to
management and those charged with governance or regulatory authorities.
301
Business Assurance
You are the audit senior responsible for the audit of Supreme Food Limited, a Hong Kong
company that runs a chain of fast food stores.
The major risk in this industry is always related to food quality which might result in damage claims
by customers.
After the risk assessment conducted at the interim audit on the company’s internal control system
regarding the purchases of food and its preparation process, you consider the risk to be low.
However, during your final audit you discover that an incident happened one month before the
year-end. A customer took legal action against the company for personal injury caused by food
poisoning, claiming an amount of $200,000 in compensation. This amount is material to the stated
profit of the company, but management believes that the company has a good defense against the
claim.
(i) State TWO controls that the company should have in place to reduce the risk associated
with purchases of food and its preparation in the kitchen; and
(ii) State TWO audit procedures you should carry out during controls testing to satisfy yourself
that control risk in this area is low.
1.4 Control activities
Key term
Control activities are the policies and procedures that help ensure that management directives
are carried out.
HKSA HKSA 315 (Revised) states that the auditor shall obtain an understanding of control activities
315.20-21 relevant to the audit. This includes an understanding of how the entity has responded to risks
arising from IT. By relevant the standard means those the auditor deems it necessary to
understand in order to assess the risks of material misstatement at the assertion level, and which
are necessary to design further audit procedures responsive to the assessed risks.
Control activities that are relevant to the audit are:
(a) Control activities that relate to significant risks or relate to risks for which substantive
procedures alone do not provide sufficient appropriate audit evidence; or
(b) Those that are considered to be relevant in the judgment of the auditor.
302
Examples include activities relating to authorisation, information processing, performance reviews,

physical controls and segregation of duties.
Examples of control activities

Authorisation  Transactions should be approved by an appropriate person. For
example, overtime should be approved by departmental managers
Information  General IT controls – policies and procedures that relate to many
processing applications such as program change controls
 Application controls – applying to the processing of individual
applications
Performance  Reviews and analyses of actual performance versus budgets,
review forecasts
 Comparing different sets of data by analysing of the relationships
and investigate the difference
 Comparing internal data with external sources of information
 Review of functional or activity performance
Physical  Physical security of assets for prevention of theft of assets
controls
 Authorisation for access to computer programs and data files
 Periodic counting and comparison with amounts shown on control
records
Segregation  Segregation implies a number of people being involved in the
of duties accounting process
 Segregation of function. The key functions that should be
segregated are the carrying out of a transaction, recording that
transaction in the accounting records and maintaining custody of
assets that arise from the transaction
 The various steps in carrying out the transaction should also be
segregated
1.5 Monitoring of controls
Key term
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time. It involves assessing the effectiveness of controls on a timely basis and taking
necessary remedial actions.
HKSA HKSA 315 (Revised) requires that the auditor shall obtain an understanding of the major activities
315.22-24 that the entity uses to monitor internal control over financial reporting, including those related to the
control activities relevant to the audit, and how the entity initiates corrective actions to deficiencies
in its controls. The entity will use ongoing monitoring activities that are often built into the entity's
routine operations, including regular management and supervisory activities or separate
evaluations or a combination of the two.
Monitoring control is also used to ensure that controls continue to operate effectively over time.
If the entity has an internal audit function, the auditor shall assess whether the internal audit
function is relevant to the audit through obtaining an understanding of the nature of its
303
Business Assurance
responsibilities and how the internal audit function fits in the organisational structure, and the
activities performed/to be performed.
The auditor shall also obtain an understanding of the sources of the information used in the
monitoring activities and the basis on which management considers it reliable.
Some of the monitoring controls are:
 supervision of others – checking by others
 comparison of actual performance to budgets and analysis of the variances
 relationship of financial or operational data – sensitivity analysis
 ratio analysis
 review reconciliations
 internal auditors' evaluation
1.6 Controls for significant risks

HKSA 315.29 HKSA 315 (Revised) requires that if the auditor has determined that a significant risk exists, the
auditor shall obtain an understanding of the entity's controls relevant to these significant risks.
Auditors should consider whether management has specifically responded to these significant risks
by:
 implementing control activities such as a review of assumptions by experts or senior
management;
 documenting the processes for estimation; and
 approval by those charged with governance.
Be aware, any failure by management to implement controls to significant risk is an indicator of a
significant deficiency in internal control.
1.7 Limitations of accounting and control systems

An internal control system can provide reasonable assurance but not absolute assurance that the
objectives are reached, because there are inherent limitations.
(a) The costs of control not outweighing their benefits
(b) The potential for human error
(c) Collusion between employees
(d) The possibility of controls being by-passed or overridden by management
(e) Controls being designed to cope with routine but not unusual transactions
These limitations indicate why auditors are unable to obtain all their audit evidence from tests of the
systems of internal control. Human error and potential for fraud are the most serious challenges
to any internal control system, as any system is only as reliable as the people who operate it. An
entity may be sensitive to the warning signs and can encourage good working practices such as
segregation of duties and rotation of staff, ensuring all holiday is taken and so on. However, if
employees decide to commit frauds by collusion, or management commit frauds by overriding
systems, they probably do so in the knowledge that they can manipulate the accounting system to
conceal their fraudulent activity.
304
2 The use of internal control systems by auditors
Topic highlights
The auditors shall assess the adequacy of the systems as a basis for the financial statements and
shall identify risks of material misstatements to provide a basis for designing and performing
further audit procedures.
Auditors are only concerned with assessing policies and procedures which are relevant to the
financial statements. Auditors shall:
 assess the adequacy of the accounting system as a basis for preparing the financial
statements;
 identify the types of potential misstatements that could occur in the financial statements;
 consider factors that affect the risk of misstatements; and
 design appropriate audit procedures.
The assessment of the controls of an entity will have an impact on that risk assessment.
Risks arising from poor control environments are unlikely to be confined to particular assertions
in the financial statements, and, if severe, may even raise questions about whether the financial
statements are capable of being audited, that is, if control risk is so high that audit risk cannot be
reduced to an acceptable level.
On the other hand, some control procedures may be closely connected to an assertion in the
financial statements, for example, controls over the inventory count are closely connected with the
existence and completeness of inventory in the financial statements.
There may be occasions where substantive procedures alone are not sufficient to address the risks
arising. Where such risks exist, auditors shall evaluate the design and determine the
implementation of the controls, that is by controls testing. This is most likely to be the case in a
system which is highly computerised and which does not require much manual intervention.
2.1 Recording accounting and control systems
Topic highlights
The auditors must keep a record of the entity's systems which must be updated each year. This
can be done through the use of narrative notes, flowcharts, questionnaires or checklists.
There are several techniques for recording the assessment of control risk, that is, the system. One
or more of the following may be used depending on the complexity of the system:
 Narrative notes  Questionnaires
 Flowcharts  Checklists
Whatever method of recording is used, the record will usually be retained on the permanent file and
updated each year. We will look at the use of questionnaires in a little more detail here. There are
two types, each with a different purpose:
 Internal Control Questionnaires (ICQs) are used to ask whether controls exist which meet
specific control objectives. Although there are many different forms of ICQ in practice, they
all conform to the following basic principles:
305
Business Assurance
(a) They comprise of a list of questions designed to determine whether desirable controls
are present
(b) They are formulated so that there is one to cover each of the major transaction cycles.
Since it is the primary purpose of an ICQ to evaluate the system rather than to describe it,
one of the most effective ways of designing the questionnaire is to phrase the question so
that all the answers can be given as “YES” or “NO” with a “NO” answer indicating a
deficiency in the system.
Example
Are purchase invoices checked to goods received notes
before being passed for payment? YES/NO/COMMENT
A “NO” answer to the question clearly indicates a deficiency in the company’s payment procedures.
 Internal Control Evaluation Questionnaires (ICEQs) are used to determine whether there
are controls which prevent or detect specified errors or omissions. This is achieved by
reducing the control criteria for each transaction stream down to a handful of key questions
(or control questions). The characteristic of these questions is that they concentrate on the
significant errors or omissions that could occur at each phase of the appropriate cycle if
controls are deficient.
Example
Is there reasonable assurance that:
Receipt of goods or services is required in order to establish a liability?
Each key control question is supported by detailed points to be considered.
Example
Is segregation of duties satisfactory?
Are controls over relevant master files satisfactory?
Is there a record that all goods received have been checked for weight or number and quality and
damage?
3 Tests of controls
Topic highlights
If the auditors believe the system of controls is strong, they may choose to test controls to assess
whether they can rely on the controls having operated effectively.
Key term
Tests of controls are the audit procedures designed to evaluate the operating effectiveness of
HKSA 330.4b controls in preventing, or detecting and correcting, material misstatements at the assertion level.
306
3.1 Confirming understanding

In order to confirm their understanding of the control systems, auditors will often carry out walk-
through tests. This is where they pick up a transaction and follow it through the system to see
whether all the key controls identified during inquiry of relevant parties were in operation with
regard to that transaction.
For any material deficiencies in the internal control system, the auditor must communicate to:
 those charged with governance; and
 management of an appropriate level of responsibility.
3.2 When to perform tests of controls

HKSA 330.10 Under HKSA 330 (Clarified) The Auditor's Responses to Assessed Risks, tests of controls are
tests performed to obtain audit evidence about the effectiveness of the:
 design of the accounting and internal control systems as documented during the risk
assessment process, ie whether they are suitably designed to prevent, or detect and correct,
material misstatement at the assertion level; and
 operation of the internal controls identified throughout the period of intended reliance.
Auditors should consider the following to obtain audit evidence about the operating effectiveness of
the controls:
 How controls were applied;
 The consistency with which they were applied during the period; and
 By whom and by what means they were applied.
When should auditors perform tests of controls?
When auditor's risk assessment When substantive procedures alone do

includes an expectation of the not provide sufficient appropriate audit
operating effectiveness of control, the evidence, the auditor is required to
auditor is required to test those controls perform tests of controls to obtain audit
to support the risk assessment. evidence about their operating
effectiveness.
3.2.1 Auditor's responsibility for tests of controls

The auditor should identify and assess the risks of material misstatements at the financial
statement level and at the assertion level for classes of transactions, account balances and
disclosures.
The auditor should determine risks that require special audit consideration and consider whether
the controls are implemented.
If it is not possible or practicable to reduce the risks of material misstatement at the financial
statement level to an acceptably low level with audit evidence obtained by substantive testing, then
the auditor should evaluate the design and implementation of the entity's controls.
For some circumstances, it may be necessary to obtain audit evidence supporting the effective
operation of indirect controls ie reviewing exception reports or reviewing controls over the
accuracy of the information in the reports.
307
Business Assurance
3.2.2 Methods to perform tests of controls

HKSA 330 (Clarified) requires that, in designing and performing tests of controls, the auditor shall
perform other audit procedures such as the following to obtain audit evidence about the operating
effectiveness of the controls.
Other audit procedures may include:
(a) Inspection of documents supporting controls or events to gain audit evidence that internal
controls have operated properly, eg verifying that a transaction has been authorised;
(b) Inquiries about internal controls which leave no audit trail, eg determining who actually
performs each function not merely who is supposed to perform it;
(c) Reperformance of control procedures, eg reconciliation of bank accounts, to ensure they

were correctly performed by the entity;
(d) Examination of evidence of management views, eg minutes of management meetings;
(e) Testing of internal controls operating on computerised systems or over the overall IT
function, eg access controls; and
(f) Observation of controls to consider the manner in which the control is being operated.
Deviations in the operation of controls (caused by change of staff or similar) may increase control
risk and tests of controls may need to be modified to confirm effective operation during and after
any change.
The use of computer-assisted audit techniques (CAATs) may be appropriate and these are
discussed in detail in Chapter 20.
In a continuing engagement, the auditor will be aware of the accounting and internal control
systems through work carried out previously but will need to update the knowledge gained and
consider the need to obtain further audit evidence of any changes in control.
3.3 Reliance on evidence obtained in prior periods

HKSA The auditor performs audit procedures to establish the continuing relevance of audit evidence
330.13-15 obtained in prior periods when the auditor plans to use the audit evidence in the current period.
In determining whether it is appropriate to use audit evidence about the operating effectiveness of
controls obtained in previous audits, the auditor shall consider the following:
(a) The effectiveness of other elements of internal control, including the control environment, the
entity’s monitoring of controls, and the entity’s risk assessment process;
(b) The risks arising from the characteristics of the control, including whether it is manual or
automated;
(c) The effectiveness of general IT controls;
(d) The effectiveness of the control and its application by the entity, including the nature and
extent of deviations in the application of the control noted in previous audits, and whether
there have been personnel changes that significantly affect the application of the control;
(e) Whether the lack of a change in a particular control poses a risk due to changing
circumstances; and
(f) The risks of material misstatement and the extent of reliance on the control.
For example, in performing the prior audit, the auditor may have determined that an automated
control was functioning as intended. The auditor obtains audit evidence to determine whether
changes to the automated control have been made that affect its continued effective functioning,
for example, through inquiries of management and the inspection of logs to indicate what controls
have been changed.
308
Consideration of audit evidence about these changes may support either increasing or
decreasing the expected audit evidence to be obtained in the current period about the operating
effectiveness of the controls.
3.3.1 Audit evidence from tests of controls

When the auditor intends to use audit evidence about the operating effectiveness of controls
obtained in prior audits, the auditor should obtain audit evidence about whether changes in those
specific controls have occurred subsequent to the previous audit. To do so, the auditor should
make enquiries in combination with observation or inspection procedures.
If the auditor plans to rely on controls that have changed since they were last tested, the auditor
should test the operating effectiveness of such controls in the current audit. Changes may affect
the relevance of the audit evidence obtained in prior periods such that there may no longer be a
basis for continued reliance.
The auditor considers testing the controls, if any, over the entity's preparation of information used
by the auditor in applying analytical procedures. When such controls are effective, the auditor has
greater confidence in the reliability of the information and, therefore, in the results of analytical
procedures. Alternatively, the auditor may consider whether the information was subjected to audit
testing in the current or prior period.
3.3.2 Significant risks

For any controls intended to mitigate any significant risk related to the assessed risk of material
misstatement at the assertion levels, auditor must obtain audit evidence about the operating
effectiveness of those controls from tests of controls performed in the current period. The auditor
cannot rely on evidence obtained from prior period.
3.3.3 Tests on controls for an interim period

When auditor has performed tests of controls during an interim period, the auditor should obtain
audit evidence about significant changes to those controls subsequent to the interim period and
determine what additional audit evidence should be obtained for the remaining period.
3.3.4 Audit evidence from substantive testing

The use of audit evidence from the performance of substantive procedures in a prior audit is not
sufficient to address a risk of material misstatement in the current period. In most cases, audit
evidence from the performance of substantive procedures in a prior audit provides little or no audit
evidence for the current period. In order for audit evidence obtained in a prior audit to be used in
the current period as substantive audit evidence, the audit evidence and the related subject matter
must not fundamentally change.
As required by HKSA 500 (Clarified), if the auditor plans to use audit evidence obtained from the
performance of substantive procedures in a prior audit, the auditor performs audit procedures
during the current period to establish the continuing relevance of the audit evidence.
When relevant to the audit, the auditor also considers other information such as:
 information obtained from the auditor's client acceptance or continuance process
 experience gained on other engagements performed for the entity, for example,
engagements to review interim financial information.
3.3.5 Communication of deficiencies in internal control

Significant deficiencies in internal controls shall be communicated in writing to those charged with
governance in a report to management in accordance with HKSA 260 (Clarified) and HKSA 265
(Clarified).
Such a report would be issued at the conclusion of the interim audit or at the conclusion of the final
audit if no interim audit is undertaken.
309
Business Assurance
3.4 Increase the extent of tests of controls

HKSA 330.9 HKSA 330 (Clarified) requires that, in designing and performing tests of controls, the auditor shall
obtain more persuasive audit evidence, the greater the reliance the auditor places on the
effectiveness of a control.
The auditor shall consider the following factors when determining the extent of tests of controls:
(a) Frequency of the performance of the control;
(b) Length of time during the audit period that the auditor is relying on the operating
effectiveness of internal controls;
(c) The expected rate of deviation in internal controls;
(d) Relevance and reliability of the audit evidence regarding the operating effectiveness of the
control at assertion level; and
(e) Extent of audit evidence from tests of other controls.
The auditor may use sampling techniques when performing tests of controls and the sample size
for tests of controls may be affected by:
 auditor's risk assessment;
 tolerable rate of deviation;
 expected rate of deviation of the tested population; and
 auditor's desired level of assurance.
The auditor's assessed risk of material misstatement would increase when there is an
unexpectedly high sample deviation rate of tests of controls.
3.5 Evaluating the operating effectiveness of controls

HKSA 330.17 HKSA 330 (Clarified) requires that if deviations from controls upon which the auditor intends to rely
are detected, the auditor shall determine whether:
 any additional tests of controls are necessary;
 substantive testing is needed to be performed to address the potential risks of misstatement;
and to
 consider whether the tests of controls performed provide an appropriate basis for auditors to
rely on the controls.
The auditor shall evaluate whether misstatements that have been detected by substantive
procedures indicate existence of a significant deficiency in internal control.
A proper understanding of internal controls is essential to auditors in order that they understand the
business and are able to effectively plan and execute tests of controls and an appropriate level of
You are the auditor of an investment entity, Charter Great Limited ("Charter Great"), that pays its
staff payroll by bank auto transfer and in cash. The entity also uses a small stand-alone computer
for maintaining its payroll records.
Required
For the payroll charges and payroll balances (including cash) in the financial statements of Charter
Great:
(a) describe the external auditor audit's objectives;
310
(b) list the tests of controls and substantive procedures that will be applied in order to achieve
the audit objectives identified in (b) (i) above.
4 Internal controls in a computerised environment
Topic highlights
There are special considerations for auditors when a system is computerised. IT controls comprise
general and application controls.
The overall objective and scope of an audit do not change in a computer environment. However, as
the means of processing of transactions and the media of storage of data are different from those
of a manual system.
The internal controls in a computerised environment include both manual procedures and
procedures designed into computer programs. Such control procedures comprise two types of
control, general controls and application controls. (The impact of IT on the audit process is
covered in more detail in Chapter 20.)
Key terms
General controls are policies and procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper operation of
information systems. General controls commonly include controls over data centre and network
operations; system software acquisition, change and maintenance; access security; and application
system acquisition, development and maintenance. Examples include IT policies, standards, and
guidelines pertaining to IT security and information protection, application software development
and change controls, segregation of duties, service continuity planning, IT project management,
etc.
Application controls are manual or automated procedures that typically operate at a business
level. Application controls can be preventative or detective in nature and are designed to ensure
the integrity of the accounting records. Accordingly, application controls relate to procedures used
to initiate, record, process and report transactions or other financial data. Examples include system
edit checks of the format of entered data to help prevent possible invalid input, system enforced
transaction controls that prevent users from performing transactions that are not part of their
normal duties, and the creation of detailed reports and transaction control totals that can be
balanced by various units to the source data to ensure all transactions have been posted
completely and accurately.
4.1 General controls

The overall audit objective in reviewing the general controls is to ensure that the controls and
procedures are adequate to provide secure, effective and efficient day-to-day operation of the
computer facilities. Examples of controls and procedures which together form the general controls
are shown in the following table.
311
Business Assurance
General controls Examples

Development of computer Standards over systems design, programming and
applications documentation
Full testing procedures using test data
Approval by computer users and management
Segregation of duties so that those responsible for design
are not responsible for testing
Installation procedures so that data is not corrupted in
transition
Training of staff in new procedures and availability of
adequate documentation
Prevention or detection of Segregation of duties
unauthorised changes to
Full records of program changes
programs
Password protection of programs so that access is limited to
computer operations staff
Restricted access to central computer by locked doors,
keypads
Maintenance of programs logs
Virus checks on software: use of anti-virus software and
policy prohibiting use of non-authorised programs or files
Back-up copies of programs being taken and stored in other
locations
Control copies of programs being preserved and regularly
compared with actual programs
Stricter controls over certain programs (utility programs) by
use of read-only memory
Testing and documentation Complete testing procedures
of program changes
Documentation standards
Approval of changes by computer users and management
Training of staff using programs
Controls to prevent wrong Operation controls over programs
programs or files being
Libraries of programs
used
Proper job scheduling
Controls to prevent Password protection
unauthorised amendments
Restricted access to authorised users only
to data files
Authorisation of jobs prior to processing (eg authorised data
input forms)
312
General controls Examples

Controls to ensure Storing extra copies of programs and data files off-site
continuity of operation
Protection of equipment against fire and other hazards
Back-up power sources
Disaster recovery procedures, eg availability of back-up
computer facilities
Maintenance agreements and insurance
The auditors will wish to test some or all of the above general controls, having considered how they
affect the computer applications significant to the audit.
General controls that relate to some or all applications are usually interdependent controls, ie their
operation is often essential to the effectiveness of application controls. As application controls may
be useless when general controls are ineffective, it will be more efficient to review the design of
general controls first, before reviewing the application controls.
4.2 Application controls

The purpose of application controls is to establish specific control procedures over the
accounting applications in order to provide reasonable assurance that all transactions are
authorised and recorded, and are processed completely, accurately and on a timely basis.
Before evaluating the application controls, it will be necessary for an auditor to obtain a reasonable
understanding of the system. The auditor will obtain an understanding of the following:
(i) indicating the major transactions;
(ii) describing the transaction flow and main output;
(iii) indicating the major files maintained; and
(iv) providing approximate figures for transaction volumes.
Application control requirements may be divided into:
(i) Input control
(ii) Processing control
(iii) Master/ Standing Data File control
(iv) Output control
Application controls include the following:
Application Examples
controls
Controls over input: Manual or programmed agreement of control totals
completeness
Document counts
Edit checks of input data
Numerical sequence checks with manual follow-up of exception
reports
One-for-one checking of processed output to source documents
Programmed matching of input to an expected input control file
Procedures over resubmission of rejected controls
313
Business Assurance
Application Examples
controls
Controls over input: Programs to check data fields (for example, value, reference
accuracy number, date) on input transactions for plausibility:
 Digit verification (reference numbers are as expected)
 Reasonableness test (sales tax to total value)
 Existence checks (customer name)
 Character checks (no unexpected characters used in reference)
 Necessary information (no transaction passed with gaps)
 Permitted range (no transaction processed over a certain value)
Manual scrutiny of output and reconciliation to source
Agreement of control totals (manual/programmed)
Controls over input: Manual checks to ensure information input was:
authorisation
 authorised
 input by authorised personnel
Controls over Similar controls to input must be in place when input is completed, for
processing example, batch reconciliations
Screen warnings can prevent people logging out before processing is
complete
Controls over One-to-one checking
master files and
Cyclical reviews of all master files and standing data
standing data
Record counts (number of documents processed) and hash totals
(for example, the total of all the payroll numbers) used when master
files are used to ensure no deletions
Controls over the deletion of accounts that have no current balance
Controls may be carried out by IT personnel, users of the system, a separate control group and
may be programmed into application software. The auditors may wish to test the following
application controls:
Testing of application controls

Manual controls If manual controls exercised by the user of the application system are
exercised by the capable of providing reasonable assurance that the system's output is
user complete, accurate and authorised, the auditors may decide to limit
tests of controls to these manual controls.
Controls over If, in addition to manual controls exercised by the user, the controls to
system output be tested use information produced by the computer or are contained
within computer programs, such controls may be tested by examining
the system's output using either manual procedures or computers.
Such output may be in the form of magnetic media, microfilm or
printouts. Alternatively, the auditor may test the control by performing it
with the use of computers.
Programmed In the case of certain computer systems, the auditor may find that it is
control procedures not possible or, in some cases, not practical to test controls by
examining only user controls or the system's output. The auditor may
consider performing tests of controls by using computers, reprocessing
transaction data or, in unusual situations, examining the coding of the
application program.
314
As we have already noted, general controls may have a pervasive effect on the processing of
transactions in application systems. If these general controls are not effective, there may be a risk
that misstatements occur and go undetected in the application systems. Although weaknesses in
general controls may preclude testing certain application controls, it is possible that manual
procedures exercised by users may provide effective control at the application level.
4.3 Documentation
Adequate documentation of both general and application controls is crucial. Proper documentation
by the entity ensures that adequate and up-to-date system documentation is maintained. The entity
should have procedures to ensure that:
(i) system documentation is sufficiently comprehensive;
(ii) documentation is updated to reflect system amendments; and
(iii) a back-up copy of the documentation is held.
Without good documentation, it will be difficult to ensure that controls operate on a continuous
basis and there will also be greater likelihood of error. Good documentation procedures reduce the
risk of users making mistakes or exceeding their authority. A review of comprehensive, up to date
documentation should aid the auditor in gaining an understanding and may help to identify
particular audit risks.
You are the audit senior on the XYZ Limited (“XYZ”) audit. XYZ is a distributor of hair care products
including shampoos, conditioners and mousses. XYZ uses an online computer system. No goods
are manufactured in-house. XYZ maintains an inventory of raw materials and subcontracts the
manufacture of its products to third parties. Approximately 50 suppliers and ten sub-contractors are
used and all have proven themselves to be reliable. All finished goods are sent to customers
directly from the sub-contractors, who send a weekly statement to XYZ. Your assistant has
prepared the following notes about the inventory system.
Purchase orders are automatically generated by the computer when inventories of any raw material
fall below 70 % of the prior month's usage. The purchase orders contain the following details:
 Date
 Supplier name and address
 Raw materials needed
Three copies of the purchase order are produced and distributed as follows:
Copy 1 – to warehouse to enable follow up of late orders
Copy 2 – filed by accounts clerk in date order
Copy 3 – sent to supplier
When raw material inventories are received, the bar code attached to the delivery boxes by the
supplier is scanned into the system. A two-part Goods Received Note (“GRN”) is then produced:
Copy 1 – matched to warehouse copy of purchase order by stores staff
Copy 2 – filed by accounts clerk in date order
The scanning process is aborted if the codes do not match those on the master file. Production
orders are generated on receipt of a firm order from customers.
The inventory master file contains details of existing inventory items including code and warehouse
location; and approved suppliers and sub contractors.
Orders will only be generated to suppliers and sub-contractors recorded on the master file.
315
Business Assurance
Required
(a) Identify any deficiencies in the internal controls of XYZ. Discuss the implications of each of
the deficiencies you have identified.
(b) Assume that your Computer Information System “CIS” audit division is to perform tests of
controls for the inventory systems described. Make a list for the CIS audit manager of the
key tests that you recommend him to perform.
4.4 Testing of automated controls

An automated control can be expected to function consistently unless the program is changed. In
order to determine the automated control continues to function effectively, the auditor could test:
 changes in program controls;
 effectiveness of general IT controls; and
 the record of IT security.
The auditor may obtain audit evidence by inquiry or inspection to determine whether changes to
the automated control have been made that affect its continued effective functioning.
5 Communicating deficiencies in internal control
Topic highlights
Auditors have responsibility to communicate appropriately to those charged with governance and
management deficiencies in internal control that the auditor has identified in an audit of financial
statements.
HKSA 265 (Clarified) Communicating Deficiencies in Internal Control to those Charged with
Governance and Management deals with the auditor's responsibility to communicate
appropriately to those charged with governance and management deficiencies in internal
control that the auditor has identified in an audit of financial statements. The HKSA states that
significant deficiencies in internal control must be communicated to those charged with
governance.
The auditor may identify and discuss the deficiencies in internal control not only during this risk
assessment process but also at any other stage of the audit. This HKSA specifies which identified
deficiencies the auditor is required to communicate to those charged with governance and
management.
For significant deficiencies, the appropriate level is likely to be the chief executive officer or chief
financial officer (or equivalent) as these matters are also required to be communicated to those
charged with governance.
For other deficiencies in internal control, the appropriate level may be operational management
with more direct involvement in the control areas affected and with the authority to take appropriate
remedial action.
316
5.1 Meaning of deficiencies
Key terms
Deficiency in internal control – This exists when a control is designed, implemented or operated
HKSA 265.6 in such a way that it is unable to prevent, or detect and correct, misstatements in the financial
statements on a timely basis; or a control necessary to prevent, or detect and correct,
misstatements in the financial statements on a timely basis is missing.
Significant deficiency in internal control – A deficiency or combination of deficiencies in internal
control that, in the auditor's professional judgment, is of sufficient importance to merit the attention
of those charged with governance.
HKSA Significant deficiencies or not

315. A6
Significance of the deficiencies depends on whether a misstatement has actually occurred, the
likelihood that a misstatement could occur and the potential magnitude of the misstatement.
Indicators of significant deficiencies in internal control
Evidence of ineffective aspects of the control environment include:
(a) Significant transactions that management is financially interested in but not being
appropriately scrutinised by those charged with governance
(b) Management fraud not prevented by the entity's internal control
(c) Management's failure to implement appropriate remedial action on significant deficiencies
previously communicated
(d) Absence of an expected risk assessment process within the entity
(e) Evidence of failure of entity risk assessment process
(f) Evidence of an ineffective response to identified significant risks
(g) Misstatements detected by audit procedures but not prevented, detected or corrected by
entity's internal control
(h) Restatement of previous financial statements due to misstatements or fraud
(i) Management's inability to review the preparation of the financial statements
A deficiency in internal control on its own may not be sufficiently important to constitute a significant
deficiency. However, a combination of deficiencies affecting the same account balance or
disclosure, relevant assertion, or component of internal control may increase the risks of
misstatement to such an extent as to give rise to a significant deficiency.
In some jurisdictions, the auditor may have responsibility to report directly to regulators in regulated
industries. In addition, for listed entities in certain jurisdictions, those charged with governance may
need to receive the auditor's written communication before the date of approval of the financial
statements in order to discharge specific responsibilities in relation to internal control for regulatory
or other purposes.
5.2 Requirement of auditor

HKSA 265.7, HKSA 265 (Clarified) requires the auditor to determine whether, on the basis of the audit work
8, 9, 10 performed, the auditor has identified one or more deficiencies in internal control and if so, on the
basis of the audit work performed, auditors should consider whether, individually or in combination,
they constitute significant deficiencies.
317
Business Assurance
5.2.1 Discussion with management and those charged with governance

The auditor shall discuss the relevant facts and circumstances of his findings on deficiencies in
internal control with the appropriate level of management and those charged with governance as
this would provide an opportunity for the auditor to alert management on a timely basis to the
existence of deficiencies.
The level of management with whom it is appropriate to discuss the findings is one that is familiar
with the internal control area concerned and that has the authority to take remedial action on any
identified deficiencies in internal control.
5.2.2 Communication in writing

HKSA 265 (Clarified) requires that the auditor shall communicate in writing significant
deficiencies and other deficiencies in internal control identified during the audit to those charged
with governance and management at an appropriate level of responsibility on a timely basis.
The content of the written communication of significant deficiencies in internal control includes:
(a) The description of the deficiencies and explanation of their potential effects (no quantification
of those effects are needed);
(b) The written communication of significant deficiencies in internal control should explain:
(i) the purpose of the audit was for the auditor to express an opinion on the financial
statements;
(ii) the consideration of internal control by auditor is not for the purpose of expressing an
opinion on the effectiveness of internal control;
(iii) the reported deficiencies that the auditor has identified during the audit and that the
auditor has concluded are of sufficient importance to merit being reported to those
charged with governance;
(c) Suggestions for remedial action on the deficiencies;
(d) Management's actual or proposed responses to these deficiencies;
(e) Verifications whether management's responses have been implemented;
(f) Regulatory authorities that require the auditor or management to furnish a copy of the
auditor's written communication on significant deficiencies;
(g) The possibility of identifying more deficiencies if more extensive procedures on internal
control have been performed;
(h) Communication for those charged with governance; and
(i) The relevant industry knowledge and practice in respect of the deficiencies.
The level of detail at which to communicate significant deficiencies is a matter of the auditor's
professional judgment in the circumstances. The communication of other deficiencies in internal
control that merit management's attention need not be in writing, but may be oral.
5.3 Action taken by management and those charged with

governance
HKSA Management and those charged with governance may already be aware of significant deficiencies
265.A16 that the auditor has identified during the audit and may have chosen not to remedy them because
of cost or other considerations. The responsibility for evaluating the costs and benefits of
implementing remedial action rests with management and those charged with governance.
If a previously communicated significant deficiency remains, the current year's communication may
repeat the description from the previous communication, or simply reference the previous
318
communication. Auditors may have to inquire why the significant deficiency has not yet been
remedied.
Certain identified significant deficiencies in internal control may call into question the integrity or
competence of management. Without remedying the deficiencies, auditors may have further doubt
on management's integrity.
Nevertheless, the failure of management to remedy other deficiencies in internal control that have
been previously communicated may become a significant deficiency requiring communication with
those charged with governance.
Lewis (Clothing) Limited (“Lewis”) is a retailer of clothing and accessories. It operates in many
Asian countries and has expanded steadily from its base in Hong Kong. The company has a year
end of 31 December 20X0.
In the past, the company has ordered its clothing and accessories in bulk twice a year. From
experience, slow-moving goods and obsolete goods would be written off if these goods failed to
meet the key fashion trends.
The company has recently adopted a just in time ordering system. The fashion purchasers make
an assessment one year in advance as to what the key trends are likely to be.
The following describes the purchasing cycle of Lewis:
Ordering process
The purchasing manager from each country decides on the initial inventory levels for each store,
without consulting the sales manager or store managers. All the orders are communicated to the
central buying department at the head office in Hong Kong. An ordering clerk consolidates all the
orders and passes them to the purchasing director to review and authorise.
When the inventories are required to be re-ordered, it is the store manager's responsibility to re-
order the goods through the purchasing manager; they are prompted weekly to review inventory
levels as although the goods are just in time, it can still take up to at least five weeks for goods to
be received in store. All orders must be made through the purchasing manager. The store
managers cannot place orders independently. There is no centralised inventory system enabling
individual stores to check the availability of an item at other locations. Customers who require a
specific item of clothing which is not available in a particular store, have to contact other branches
themselves or search through the Lewis’s main website.
Goods received and Invoicing
Goods received are delivered directly from the suppliers to the individual stores. Upon receiving the
goods, the quantities are checked by the shop’s sales assistant against the supplier's delivery note,
and then the assistant produces a goods received note (GRN).
The checked GRNs are sent to head office for matching with purchase invoices.
The current system is very time-consuming as purchase invoices are manually checked with the
GRNs from the stores. Once the invoice has been agreed then it is sent to the purchasing director
for authorisation. It is at this stage that the invoice is entered onto the purchase ledger.
Required
As the external auditors of Lewis, identify and explain the deficiencies in the purchasing system
and describe the possible implication of each deficiency. Recommendations should be made to
address each deficiency identified.
(16 marks)
319
Business Assurance
Topic recap
INTERNAL CONTROL
– Control environment Auditor required to

– Risk assessment record the system:
process – Narrative notes
– Information system – Flowcharts
– Control activities – Questionnaires
– Monitoring – Checklists
Auditor to assess May include

adequacy of IT controls:
Testing of
system and – General
automated
identity risk of controls
controls
material – Application
misstatement controls
System assessed System assessed

as weak as strong
Substantive
Test of controls
approach
Significant
deficiencies: Results Result
communicate to unsatisfactory satisfactory
those charged
with governance
Other
deficiencies Extend tests of Substantive Auditor places
in internal controls testing reliance on controls
control
320
Answer 1
Controls that the company has in place to reduce the risk associated with purchases of food and its
preparation in the kitchen, together with relevant audit procedures on controls testing, would
Controls Audit Procedures

(i) Overall authority for food purchasing should be Review the company’s organisation chart and
in the hands of a designated person to ensure identify the person with overall responsibility for
that the food purchased is of the desired food purchasing.
quality.
Discuss with management his or her
background and expertise.
(ii) There should be a list of approved suppliers to Examine the list of approved suppliers of food
ensure that the food comes from sources and check that there are no purchases of food
known for their quality. from other parties.
(iii) On receipt of food, whether meat, fish, or Examine a sample of GRNs to ensure that all
vegetables and fruit, it should be carefully bear an approved signature indicating that food
inspected by informed people, including those has been inspected for quality on receipt.
responsible for food preparation.
This would be to ensure that it was of the
desired quality (as well as quantity). A goods
received note (GRN) should be signed to
provide evidence of receipt and inspection.
(iv) Food purchased should be kept in a clean Examine the food storage areas, including
place and refrigerated, if necessary. This refrigerators, on a surprise basis to ensure they
would be to ensure that it has kept its quality. are clean and tidy.
Ensure that the refrigerators are maintained at
the correct temperature. Another test in this
area might be to examine reports of local
authority and other inspectors to ensure they
were happy that the food was being properly
stored.
(v) Strict adherence to use-by dates to ensure Check that there is no food on the premises
that no poor quality food is prepared. which is past its use-by date.
Discuss with management what happens to
food which is past its use-by date, that is, how it
is disposed of.
Additionally someone in the company should have responsibility for health and safety and should
have the relevant training.
321
Business Assurance
Answer 2
Audit objectives, tests of controls and substantive procedures
Objective: Existence: of assets and liabilities such as cash on hand and in the bank, and of
the liability to pay staff and the associated tax and social insurance liabilities.
Tests of controls and substantive procedures
Testing controls over the security of cash to ensure that they are operating effectively
throughout the relevant period.
Performing cash counts, with reconciliations to the records and observing cash payments to
staff, ensuring that appropriate signatures are obtained and that unclaimed cash is promptly
re-banked, for example. Making checks on the physical existence of staff to ensure that the
related expenses and liabilities are genuine. Checking after date payments to staff and for
tax and social insurance contributions.
Objective: Completeness: there are no unrecorded assets or liabilities (such as those noted
under “existence”, above) or transactions (such as payroll payments) or undisclosed items
(such as unrecorded payroll liabilities).
Manually checking the accuracy of payroll calculations to ensure that correct payments and
deductions are being made in accordance with approved pay rates and approved deduction
rates for tax and social insurance. Reviewing evidence of authorisation controls to ensure
that the payroll has already been checked.
Performing starters and leavers tests to ensure that staff are not paid before they join the
entity and are not paid after they leave – this involves checking the payroll for two separate
periods and examining entries relating to starters and leavers in the intervening period.
Objective: Occurrence: payroll transactions occurred during the relevant accounting period.
Performing cut-off tests to ensure that payroll costs incurred during the period have been
recorded during the period by examining entries in the payroll records just before and just
after the period-end and checking back to source documentation, such as time sheets or
clock cards.
Objective: Presentation and disclosure: an item is disclosed and described in accordance
with accounting standards and legislation.
Reviewing the financial statements with the aid of a disclosure checklist to ensure that
disclosure requirements have been met.
Reviewing the overall presentation of payroll transactions and balances.
322
Answer 3
(a)
Internal control deficiencies Implications
Order of raw materials is based on prior Purchase orders could have been sent for raw
month's usage and computer generated materials not required or insufficient for
purchase orders are not reviewed prior production in the current or coming months or
to being sent. raw materials could have been ordered in times
of tight cash flows when insufficient funds are
available to pay for them. However, this
weakness rebounds more on the efficient
operation of the entity. It does not have much
direct bearing on financial statement
assertions, but would in remote cases that the
purchase of raw materials is so excessive that it
may materially affect the valuation assertions of
inventories.
Neither Goods Received Notes It will be difficult to follow up unfulfilled orders

(“GRNs”) nor purchase orders are or account for missing/spoilt documents without
numbered. numbering. Liability for raw materials orders
may have not been recorded in a timely
manner.
No checking of goods received Records of inventory may not accurately reflect
inside of boxes to ensure that the the actual status of inventory on hand.
product type, quality and quantities are
correct.
Lack of procedures if scanning process There may be unrecorded items/untimely
aborted. recording of items.
No records of raw materials held by sub- Raw materials may have to be reclassified as
contractor and no system to follow up work-in-progress. Valuation of any long
any long outstanding raw materials held outstanding raw materials held by
by sub-contractors. subcontractors may need to be adjusted.
(b) Key tests that CIS auditors should perform are on controls which are difficult to test using
manual methods. This will be the most efficient use of their limited time. Given the high level
of reliance placed on computer-generated data, controls tested may include those designed
to ensure that:
 suppliers and sub-contractors used are selected only from the list of approved
suppliers and sub-contractors maintained on the master file;
 codes scanned on goods received match those on the master file; and
 password access is functioning as expected and staff only have access to the
functions they need.
323
Business Assurance
Answer 4
Deficiency 1
The purchasing manager decides on the inventory levels for each store without consulting with
store or sales managers. The purchasing manager may not have the appropriate knowledge of the
local market and the inventories level for a particular store. This may result is inventory lines being
purchased which are unpopular with customers and therefore do not sell. In appropriate amounts of
inventory may be purchased resulting in stock-outs or high levels of unsold inventory.
The purchasing manager should initially communicate with the local store managers to understand
the market needs and sales volumes before placing the orders.
Deficiency 2
The purchasing director reviews and approves the purchase orders in a wholly aggregated manner.
Without the details of the orders, it will be difficult for the purchasing director to assess whether
overall the correct buying decisions are being made.
A purchasing senior manager should review the information prepared for each country and discuss
with local purchasing managers the specifics of their orders. These should then be authorised and
passed to the purchasing director for final review and sign off.
Deficiency 3
The re-ordering process is reliant on the store managers placing an order with the purchasing
manager.
As the re-ordering process can take up to five weeks, any delay by the store managers in placing
the orders could result in stock-outs, causing loss of income and reputation.
Automatic re-order levels should be set up in the inventory management systems.
Deficiency 4
There is no centralised inventory system connecting all the stores, therefore it is not possible for a
store to order goods from other local stores to serve the customers promptly. Instead customers
are told to contact the stores themselves, or use the company website.
Customers are less likely to make an effort to contact individual stores themselves and this could
result in the company losing out on valuable sales.
A centralised inventory system should be maintained which allows inter-branch transfers between
stores.
Deficiency 5
The sales assistants are only instructed to check the suppliers’ delivery notes to the actual
quantities delivered, without checking the quality. In addition there is no checking procedure for
goods received against purchase orders.
The stores are receiving goods without checking that the quantity matches the amount ordered and
that the quality is adequate. Inaccurate quantity of goods and poor quality of goods may be
accepted. Lewis may receive and pay for goods not ordered.
Deliveries from suppliers should only be accepted when the goods have been checked on arrival
for quantity and quality prior to acceptance from the supplier. A responsible official at each store
should produce the GRN from the supplier's delivery information.
A copy of the authorised order form should be sent to the store. This should then be checked to the
GRN. Once checked the order should be sent to head office and logged as completed. On a
regular basis the purchasing clerk should review the order file for any outstanding items.
(Any further deficiency can be suggested)
324
Exam practice
Control activities 9 minutes

In a recent dialogue with the internal audit, you understand that the internal audit has issued an
unsatisfactory report on the bank reconciliation process of your client. The internal audit report
indicated that there was significant control deficiency over the cash management process, and that
the management processes and controls were not properly exercised by the operation team.
Required
Explain the meaning of control activities and the required procedures relating to control
understanding in addressing significant risks.
(5 marks)
HKICPA December 2012 (amended)
325
Business Assurance
326
chapter 12
Substantive procedures,
including analytical
procedures
Topic list
1 Substantive procedures 2 Analytical procedures

1.1 Types of audit tests 2.1 Analytical procedures as risk
1.2 Substantive analytical procedures or assessment procedures
tests of details or both 2.2 Substantive analytical procedures
1.3 External confirmation as substantive 2.3 Analytical procedures at the overall
audit procedures review stage
1.4 Types of substantive testing 2.4 Practical techniques
1.5 Extent of substantive procedures
1.6 Timing of substantive procedures
1.7 Evaluate the audit evidence obtained
Learning focus
Substantive procedures are designed to ensure that the balances in the financial
statements are not materially misstated, that is, to detect whether there are any material
errors in the financial statements which have not been prevented by the entity’s internal
controls. Auditors should consider whether they should use analytical procedures as
substantive testing or use only tests of details or even a combination of the two.
327
Business Assurance
Learning outcomes
Competency
level
2.09.07 Explain the types of substantive procedures and the issues in
evaluating the results obtained
2.09.08 Explain what is meant by analytical review and how analytical
review procedures are used in an audit
328
12: Substantive procedures, including analytical procedures | Part D Assurance engagements
1 Substantive procedures
Topic highlights
Auditors need to obtain sufficient appropriate audit evidence to support the financial statement
assertions. Substantive procedures can be used to obtain that evidence.
HKSA 330 (Clarified) The Auditor’s Responses to Assessed Risks requires that auditors shall
design and perform substantive procedures for each material class of transactions, account
balance and disclosure, irrespective of the assessed risks of material misstatement as the risk
assessment is judgmental and may not identify all risks of material misstatement and there are
always inherent limitations to internal control.
In relation to any assessed risk of material misstatement at the assertion level that is a significant
risk, the auditor must plan and perform substantive procedures that are specifically responsive
to that risk in addition to tests of controls. When the approach to a significant risk consists of
only substantive procedures, those procedures shall include tests of details.
1.1 Types of audit tests

HKSA 330.4 Substantive procedures are tests to obtain audit evidence to detect material misstatements in the
financial statements at the assertion level. They are generally of two types:
 Substantive analytical procedures; and
 Tests of details of transactions, account balances and disclosures.
The auditor’s substantive procedures should include:
 agreeing the financial statements to the underlying accounting records; and
 examining journal entries and other adjustments made during the course of preparing the
The auditor should consider the nature, extent and timing of substantive procedures.
1.2 Substantive analytical procedures or tests of details or both
Topic highlights
Substantive tests are designed to discover errors or omissions.
The auditor may determine whether to:

 perform only substantive analytical procedures and consider whether it will be sufficient to
reduce audit risk to an acceptably low level;
 perform only tests of details; or
 perform a combination of substantive analytical procedures and tests of details to be most
responsive to the assessed risks.
When should auditors use substantive analytical procedures or test of details or should both be
used?
329
Business Assurance
The following table demonstrates the application of the two:
Substantive  More applicable to large volumes of transactions that tend to be

analytical predictable over time
procedures
 Auditors should investigate any unusual items deviated from
expectation
 Auditors should consider any expected relationships and obtain
adequate explanations and appropriate corroborative evidence
 Documentation is required
 Consider any relationships from known conditions
 To apply analytical procedures, information needs to be
sufficiently complete and accurate
 Should be applied when controls are reliable
Tests of details  For testing certain assertions of classes of transactions and
account balances ie existence and valuations
 Objective to obtain sufficient and appropriate audit evidence at
the assertion level
Substantive testing
Substantive analytical procedures Test of details
Use when Use when

 less risky, predictable results  more risky and subject to more
 high turnover; lots of transactions verification
Substantive testing on statement of financial position's financial assertions
Account balances
Existence Completeness
Rights and Presentation and Valuation and

obligations disclosure allocations
330
Substantive testing on statement of profit or loss and other comprehensive income's

assertions
Classes of transactions
Occurrence Completeness
Cut off Accuracy Classification and

understandability
1.3 External confirmation as substantive audit procedures

HKSA HKSA 330 (Clarified) requires that the auditor shall consider whether external confirmation
330.21, A51 procedures are to be performed as substantive audit procedures.
External confirmations may provide relevant audit evidence to some of the assertions. For
example, a bank confirmation may request information relevant to other financial statement
assertions. However for some assertions, external confirmations provide less relevant audit
evidence.
The auditors shall consider the following factors to determine whether external confirmation
procedures are to be performed as substantive audit procedures:
 The confirming party’s knowledge of the subject matter to be confirmed
 The ability or willingness of the intended confirming party to respond
 The independence of the intended confirming party
In addition, factors affecting the reliability of confirmations include the following:
 The control the auditors exercise over confirmation requests and responses;
 The characteristics of the respondents; and
 Any restrictions included in the response or imposed by management.
1.3.1 External confirmation for significant risks

External confirmations can provide high level of reliable audit evidence to respond to significant
risks of material misstatement, whether due to fraud or error as the external confirmations are
received directly by the auditor and are from appropriate confirming parties.
External confirmations may provide both financial and non-financial audit evidence and could be
performed in conjunction with inquiries.
331
Business Assurance
1.4 Types of substantive testing

The types of substantive tests carried out to obtain evidence about various financial statement
assertions are outlined in the table below:
Audit assertion Type of assertion Typical audit tests
Completeness Classes of (a) Review subsequent events

transactions (b) Cut-off testing
(c) Analytical review
Account balances
(d) Confirmations
Presentation and (e) Reconciliations to control accounts
disclosure
Rights and Account balances (a) Reviewing invoices for proof that item
obligations belongs to the entity
Presentation and
disclosure (b) Confirmations with third parties
Valuation and Account balances (a) Matching amounts to invoices
allocation
Presentation and (b) Recalculation
disclosure
(c) Confirming accounting policy consistent and
reasonable
(d) Review of post year-end payments and
invoices
(e) Expert valuation
Existence Account balances (a) Physical verification
(b) Third party confirmations
(c) Cut-off testing
Occurrence Classes of (a) Inspection of supporting documentation
transactions
(b) Confirmation from directors that transactions
Presentation and relate to business
disclosure
(c) Inspection of items purchased
Accuracy Classes of (a) Recalculation of correct amounts
transactions (b) Third party confirmation
(c) Analytical review
Presentation and
(d) Valuation by expert
disclosure
Classification and Classes of (a) Confirming compliance with laws and
understandability transactions accounting standards
Presentation and (b) Reviewing notes for understandability
disclosure
Cut-off Classes of (a) Cut-off testing
transactions (b) Analytical review
Use the following model for drawing up an audit plan:

 Agree opening balances with previous year's working papers
 Review general ledger for unusual records
 Agree entity schedules to/from accounting records to ensure completeness
 Carry out analytical procedures
 Test transactions in detail
 Test balances in detail
 Review presentation and disclosure in financial statement
332
1.5 Extent of substantive procedures

The basic concept is that the greater the risk of material misstatement, the greater the extent of
substantive procedures is required.
The extent of substantive procedures may depend on the results from tests of controls ie if tests
of controls are unsatisfactory, the extent may need to be increased. In designing tests of details,
the extent of testing is ordinarily related to sample size when using a sampling technique.
The factors that the auditor may consider when determining the sample size for tests of details:
(a) Auditor’s assessment of the risk of material misstatement. The higher the inherent risk and
control risk, the more tests of details have to be performed to reduce the risk of non-
detection. Therefore, a larger sample is required.
(b) Auditor’s desired level of assurance. The higher the level of assurance required, the greater
the sample size will be.
(c) The use of other substantive procedures to test the same assertion. An increase in the use
of other substantive procedures may reduce the sample size.
(d) Other factors such as the level of tolerable misstatement and the appropriate use of
stratification would affect the sample size.
HKSA 530 (Clarified) Audit Sampling requires the auditor when performing tests of details to
project misstatements found in the sample to the population as a whole to evaluate the results of
sampling. When a misstatement has been established as an anomaly, it may be excluded when
projecting misstatements to the population.
The most common methods of sample selection which will allow a sample representative of the
population are as follows:
(a) Random selection is a sample selection procedures whereby each sampling unit making up
the account balance or class transactions has a known chance of selection; often each item
has an equal chance of selection. The concept of random selection requires that the auditor
selecting the samples does not influence or bias the selection either consciously or
unconsciously.
(b) Systematic selection involves selecting every nth item in the population, the interval being
determined by dividing the number of items in the population by the sample size, and
selecting a random starting point.
(c) Haphazard sampling involves the auditor selecting sampling units without any conscious
bias, and in a manner that can be expected to be representative of the population.
1.6 Timing of substantive procedures

1.6.1 Substantive testing at interim date
HKSA The auditor may choose to perform substantive procedures at an interim date and to compare and
330.20, 22 reconcile information concerning the balance at the period end for any unusual amounts identified.
When the auditor has performed substantive testing at an interim date, the auditor must perform
further substantive procedures (possibly in combination with tests of controls) to cover the
remaining period to provide a reasonable basis for extending the audit conclusions after the
interim date. Auditors can use prior year substantive audit evidence only when there is no
fundamental change.
For any material misstatements detected at an interim date, HKSA 330 (Clarified) requires that the
auditor shall evaluate whether he needs to modify the risk assessment and the nature, extent and
timing of substantive procedures covering the remaining period.
Auditors can use prior year substantive audit evidence only when there is no fundamental change.
Generally, audit evidence obtained from the previous audit’s substantive procedures provide little
333
Business Assurance
or no audit evidence for the current period unless the related subject matter has not
fundamentally changed.
1.6.2 Substantive procedures related to the financial statement closing

process
HKSA 330 (Clarified) requires that the auditor shall perform the following procedures related to the
financial statement closing process:
(a) Agree and reconcile the financial statements with the underlying accounting records; and
(b) Examine material journal entries and other adjustments made during the course of preparing
1.7 Evaluate the audit evidence obtained

HKSA HKSA 330 (Clarified) requires that the auditor shall evaluate the audit evidence obtained and
330.24-27 consider whether the assessment of risk of material misstatement at the assertion level remains
appropriate.
The auditor should conclude whether sufficient appropriate audit evidence has been obtained to
reduce audit risk to an acceptable low level. Some of the factors that may influence the auditor’s
judgement as to what constitutes sufficient and appropriate audit evidence, include the following:
 The significance of the potential misstatement in the assertion and the likelihood of its having
a material effect on the financial statements both individually or in aggregate
 Source and reliability of the available evidence
 Persuasiveness of the audit evidence
 Effectiveness of management’s responses and internal controls to address the risks
 Results of audit procedures performed
 Understanding of the entity and its environment
Further audit evidence should be obtained if the auditor has not obtained sufficient appropriate
audit evidence. If still the auditor is unable to obtain sufficient appropriate audit evidence, the
auditor should qualify the auditor’s report.
1.7.1 Evaluating sampling results for tests of details

Any unexpected high misstatements found in a sample may cause the auditor to believe that a
class of transactions or an account balance is materially misstated. The auditor should consider
whether the sample results provide a reasonable basis for conclusions about the population and
should further consider the likeliness of actual misstatement in the population.
The auditor should consider the results of other audit procedures in order to assess the risk of
actual misstatements in the population. The auditor may further request management to investigate
the identified misstatements and consider whether management shall make any necessary
adjustments. In addition, the auditor shall reconsider the nature, extent and timeliness of further
audit procedures.
1.7.2 Evaluation of overall presentation

The auditor shall perform audit procedures to evaluate whether the overall presentation of the
financial statements, including disclosures, is in accordance with the applicable financial reporting
framework an appropriate classification and description of financial information.
The flow chart on the following page illustrates the relationship between tests of control and
334
You should bear in mind that the chart attempts to generalise and show a simplified depiction of the
flow and decision-making points in an audit approach. Audit approaches are bound to differ from
client to client in practice, depending on the nature of the business and the nature and level of risk
and so on. So the chart below should not be regarded as prescriptive.
HKSA 315 (REVISED) IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENTS
THROUGH UNDERSTAND THE ENTITY AND ITS DEVELOPMENT
[1. Accounting system 2. Control system 3. Control procedures]
Procedures: Walk-through test, inquiries, review documents, observation, inspection
DEVELOP OVERALL AUDIT PLAN
WALK-THROUGH TESTS TO CONFIRM UNDERSTANDING OF INTERNAL CONTROL
DOCUMENT UNDERSTANDING ON INTERNAL CONTROL SYSTEM
HKSA 315 (REVISED) PRELIMINARY ASSESSMENT OF CONTROL RISK

(Assessment of control risk should always be high) unless auditors are able to identify
internal controls likely to prevent and correct a material misstatement + HKSA 330 (CLARIFIED)
THE AUDITOR’S RESPONSE TO ASSESSED RISK for planning to perform tests of
control to support assessment
HIGH RISK MEDIUM RISK LOW RISK
NO TESTS OF CONTROL Extend understandingof internal

(ONLY SUBSTATIVE controls, ie monitor controls, computer
TESTING or applications controls–confirming
which controls are effective
TEST OF CONTROL
INTERNAL CONTROLS OPERATING

EFFECTIVELY
Perform minimum substantive

Perform appropriate substantive testing – testing – ie confirm preliminary
consider (NET) – nature, extent and timing assessment and perform only
analytical procedures
335
Business Assurance
2 Analytical procedures
Topic highlights
Analytical procedures are used at all stages of the audit, including as substantive procedures.
When using analytical procedures as substantive tests, auditors should consider the information
available, assessing its availability, relevance and comparability.
Key term
Analytical procedures means evaluations of financial information through analysis of plausible
HKSA 520.4 relations among both financial and non-financial data. Analytical procedures also encompass such
investigation as is necessary of identified fluctuations or relationships that are inconsistent with
other relevant information or that differ from expected values by a significant amount.
HKSA 520.3 The objectives of the auditors as specified in HKSA 520 (Clarified) Analytical Procedures are:
(a) To obtain relevant and reliable audit evidence when using substantive analytical procedures;
and
(b) To design and perform analytical procedures near the end of the audit that assist the auditor
when forming an overall conclusion as to whether the financial statements are consistent
with the auditor’s understanding of the entity.
According to HKSA 520 (Clarified) analytical procedures include the following:
(a) Comparisons of data such as:
(i) comparable information from previous reporting periods
(ii) forecast results using budgets or estimates
(iii) predictions extrapolated from current data and their understanding of the entity
prepared by the auditors
(iv) data derived from wider industry information, secondary research and so on
(b) Ratio analysis to test the relationship of those elements of financial information that are
expected to conform to a predicted pattern because of past behaviour. This may be the
relationship of gross profit to sales, for example
(c) Comparing financial information and relevant non-financial information where there should
be an obvious link, such as the relationship of payroll expenses to number of employees
(d) Sensitivity analysis.
Analytical procedures can be used throughout the audit but their use in some circumstances is
stated in HKSA 315 (Revised) and HKSA 520 (Clarified) as essential:
(a) As risk assessment procedures to obtain an understanding of the entity and its
environment
(b) Towards the end of the audit to help inform the overall conclusion as to the
reasonableness of the financial statements assertions.
They may also be used as substantive procedures, either alone or in combination with tests of
details.
336
2.1 Analytical procedures as risk assessment procedures

HKSA 315.6b HKSA 315 (Revised) requires that the risk assessment procedures shall include analytical
procedures as well as inquiries of management and individuals within the internal audit function,
observation and inspection. Analytical procedures performed as risk assessment procedures may
include both financial and non-financial information and may identify aspects of the entity of which
the auditor was unaware. The auditor should focus on areas where problems have occurred in
past audits and assess the results of developments in the entity’s business. The auditor should
then design and implement responses to the assessed risks.
However, analytical procedures only provide a broad initial indication about whether a material
misstatement may exist.
Analytical procedures may help to identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. This may assist
the auditor in identifying risks of material misstatement, especially risks of material misstatement
due to fraud.
The auditor can gain understanding and evaluate the analytical procedures by considering other
information gathered and results of such analytical procedures.
The auditor should obtain from entity the possible sources of information for analytical
procedures such as:
 entity’s interim financial information
 entity’s management accounts
 updated budgets
 industry information that is related to entity’s business
 relevant information related to current industry conditions
 board minutes
 any external correspondence
 non-financial information
2.2 Substantive analytical procedures

HKSA 520.5 HKSA 520 (Clarified) states that auditors must decide whether using available analytical
procedures as substantive procedures in conjunction with tests of details, will be effective and
efficient in reducing detection risk for specific financial statement assertions. Auditors may
efficiently use analytical data produced by the entity itself, provided they are satisfied that it has
been properly prepared. It is based on the auditor’s judgment to whether to use analytical
procedures or not.
The auditor will ordinarily inquire of management about the availability and reliability of
information needed to apply substantive analytical procedures and the results derived. It may be
efficient to use analytical data prepared by the entity, provided the auditor is satisfied that such
data is properly prepared.
2.2.1 Factors to consider before performing substantive analytical

procedures
When designing and performing substantive analytical procedures, the auditor is required to
consider the following factors:
(a) Determine the suitability of particular substantive analytical procedures of certain
assertions, ie
(i) Auditors will also consider the plausibility and predictability of the relationships
being tested. Some relationships are strong, for example between selling expenses
and sales in business where the salesforce is mainly paid by commission.
337
Business Assurance
(ii) In general, substantive analytical procedures are more applicable to large volumes of
transactions that tend to be predictable over time and where an expectation of
relationship among data exists.
(b) Develop an expectation of recorded amounts or ratios and evaluate whether the
expectation is sufficiently precise by considering:
(i) the accuracy with which the expected results of substantive analytical procedures can
be predicted;
(ii) the degree to which information can be disaggregated; and
(iii) the availability of financial and non-financial information.
(c) Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or
ratios is developed. For example:
(i) When controls are effective, auditors have greater confidence in the reliability of the
information and therefore, in results of analytical procedures;
(ii) The controls over non-financial information can often be tested in conjunction with
tests of accounting-related controls. For example, in establishing controls over the
processing of sales invoices, a business may include controls over unit sales
recording. The auditors could therefore test the controls over the recording of unit
sales in conjunction with tests of controls over the processing of sales invoices; and
(d) Determine the amount of any difference of recorded amounts from expected values that is
acceptable without further investigation. This is influenced by:
(i) materiality and consistency with the desired level of assurance
(ii) the possibility a misstatement may cause the financial statement to be materially
misstated
(iii) the persuasiveness of audit evidence
According to HKSA 330 (Clarified) when information produced by the entity is used by the auditor
in audit procedures, the auditor should obtain audit evidence about the accuracy and completeness
of the information.
2.2.2 Drawing conclusions from substantive analytical procedures

Before drawing any conclusions from substantive analytical procedures, auditors should consider
the following factors:
(a) Materiality levels
Auditors cannot solely rely on analytical procedures to draw audit conclusions.
(b) Other audit procedures
Auditors should perform other audit procedures in conjunction with analytical procedures
such as performing tests of details – vouching to supporting invoices or tracing to ledger
(c) Accuracy of expected results of analytical procedures
(d) Frequency of a relationship – ie consider if there is a monthly pattern or an annual pattern
Analytical procedures are generally less detailed and less costly than substantive procedures.
However, where internal controls are weak and control risk is high, the auditor may have to rely
more on tests of details in order to obtain sufficient, appropriate evidence.
2.2.3 Relationship between assessment of inherent and control risks

Both inherent risk and control risk fall into the category of risk of material misstatement at
assertion level. HKSA 200 (Clarified) considers both inherent and control risk. No matter how well
the internal control system is designed and operated, it can only reduce but not eliminate risks of
material misstatements due to inherent limitations.
338
HKSAs often refer to a combined assessment of the “risks of material misstatement” rather than
referring to inherent risk and control risk separately. However, the auditor may make separate or
combined assessments of inherent and control risk depending on preferred audit techniques or
methodologies and practical considerations.
2.3 Analytical procedures at the overall review stage

HKSA HKSA 520 (Clarified) requires that the auditor shall design and perform analytical procedures near
520.6, 7 the end of the audit that assist the auditor when forming an overall conclusion as to whether the
financial statements are consistent with the auditor’s understanding of the entity.
The auditor shall compare the results of analytical procedures with other corroborate conclusions
drawn from other audit procedures. This is intended to assist the auditor in drawing reasonable
conclusions for the audit opinion. The results of analytical procedures may lead the auditor to
revise his assessment of the risks of material misstatement and modify his audit procedures.
2.3.1 Investigating significant fluctuations or unexpected relationships

According to HKSA 520 (Clarified), when analytical procedures identify significant fluctuations or
relationships that are inconsistent with other relevant information or that deviate from predicted
patterns, the auditor should investigate and obtain adequate explanations and appropriate
corroborative evidence.
Investigations will start with inquiries of management and then corroboration of management's
responses:
(a) By comparing them with the auditors' knowledge of the entity's business and with other
evidence obtained during the course of the audit; or
(b) If the analytical procedures are being carried out as substantive procedures, by undertaking
additional audit procedures, where appropriate, to confirm the explanations received.
If explanations cannot be given by management, or if they are insufficient, the auditors must
determine which further audit procedures to undertake to explain the fluctuation or relationship.
2.4 Practical techniques

Ratio analysis can be a useful technique. However, ratios mean very little when used in isolation.
They should be calculated for previous periods and for comparable entities. This may involve a
certain amount of initial research, but subsequently it is just a matter of adding new statistics to the
existing information each year. The permanent file should contain a section with summarised
financial statements and the chosen ratios for prior years.
In addition to looking at the more usual ratios the auditors should consider examining other ratios
that may be relevant to the particular entity’s business.
Other analytical techniques include the following:
(a) Examining related accounts in conjunction with each other. Often revenue and expense
accounts are related to accounts in the statement of financial position and comparisons
should be made to ensure relationships are reasonable;
(b) Trend analysis. Sophisticated statistical techniques can be used to compare this period with
previous periods; or
(c) Reasonableness test. This involves calculating the expected value of an item and
comparing it with its actual value, for example, for straight-line depreciation.
(Cost + Additions – Disposals)  Depreciation % = Charge in statement of profit or loss and
other comprehensive income
339
Business Assurance
Some comparisons and ratios, measuring liquidity and longer-term capital structure, will assist in
evaluating whether the entity is a going concern, in addition to contributing to the overall view of the
financial statements. Declining ratios may indicate going concern problems.
The working papers must contain the completed results of analytical procedures. They should
include:
 the outline programme of the work;
 the summary of significant figures and relationships for the period;
 a summary of comparisons made with budgets and with previous years;
 details of all significant fluctuations or unexpected relationships considered; and
 details of the results of investigations into such fluctuations/relationships.
Green Life Limited (“Green”) sells garden furniture from five retail stores. All sales are made either
in cash or by credit cards, mainly from customers living in New Territories who have properties with
gardens.
All items purchased are delivered to the customer using Green’s own delivery trucks as most
customers could not transport these goods in their own motor vehicles. The directors of Green
indicate that the company has had a difficult year, but are optimistic to present some acceptable
results to the shareholders.
The statements of profit or loss for the last two financial years are shown below:
STATEMENT OF PROFIT OR LOSS
31 March 20Y0 31 March 20X9
HK$'000 HK$'000
Revenue 7,482 6,364
Cost of sales (3,520) (4,253)
Gross profit 3,962 2,111
Operating expenses
Administration (1,235) (1,320)
Selling and distribution (981) (689)
Interest payable (101) (105)
Investment income 145 -
Profit/(loss) before tax 1,790 (3)
Extract from Statement of Financial Position

Cash equivalents 253 (950)
Required
With reference to HKSA 520 Analytical Procedures explain the different types of analytical
procedures available to the auditor. (3 marks)
Using analytical procedures as part of risk assessment procedures for Green, identify and provide
a possible explanation for unusual changes in the statement of profit or loss. (10 marks)
(Total = 13 marks)
340
Topic recap
AUDIT PROCEDURES
Substantive
Test of controls procedures at the Includes external
assertion level confirmation
See Chapter II
Must be used as risk Analytical Test of details Sampling

assessment procedures
procedures and
at end of audit
Extent depends on
results of tests of
Normally combined
controls and
with test of details
analytical procedures
341
Business Assurance
Answer 1
Types of analytical procedures
Under HKSA 520 (Clarified), analytical procedures can be used as:
 Comparison of comparable information to prior periods to identify unusual changes or
fluctuations in amounts.
 Comparison of actual or anticipated results of the entity with budgets and/or forecasts, or the
expectations of the auditor in order to determine the potential accuracy of those results.
 Comparison to industry information either for the industry as a whole or by comparison to
entities of similar size to the client to determine whether receivable days, for example, are
reasonable.
Net profit
Overall, Green’s result has changed from a net loss to a net profit. Given that sales have only
increased by 17% and that expenses, and in particular administration expenses, appear low, then
there is the possibility that expenditure may be understated.
Sales – increase 17%
According to the directors, Green has had a “difficult year”. Reasons for the increase in sales
income must be ascertained as the change does not appear to agree with the directors’ comments.
It is possible that the industry as a whole has been growing allowing Green to produce this good
result.
Cost of sales – fall 17%
A fall in cost of sales is unusual given that sales have increased significantly. This may have been
caused by an incorrect inventory valuation and the use of different (cheaper) suppliers. If quality
has been compromised this may cause problems with poor customer satisfaction or faulty goods in
the next year.
Gross profit (GP) – increase 88%
This is a significant increase with the GP% changing from 33% last year to 53% in 20Y0.
Identifying reasons for this change will need to focus on the change in sales and cost of sales.
Administration – fall 6%
A fall is unusual given that sales are increasing and so an increase in administration to support
those sales would be expected.
Expenditure may be understated, or there may have been a decrease in the number of
administration staff.
Selling and distribution – increase 42%
This increase does not appear to be in line with the increase in sales – selling and distribution
would be expected to increase in line with sales. There may be a mis-allocation of expenses from
administration. Alternatively if the age of Green’s delivery trucks is increasing this may have
resulted in additional service costs.
342
Interest payable – small fall

Given that Green has a considerable cash surplus this year, continuing to pay interest is surprising.
Reasons why this might be the case include the timing of when the surplus cash was generated.
Also there may be loans which cannot be repaid early. The amount may be overstated – reasons
for lack of fall in interest payments must be determined.
Investment income – new this year
This is expected given the cash surplus at the year end. The amount of investment income does
appear high indicating possible errors. Alternatively, there may be other income generating assets
not disclosed in the extract of the statement of financial position.
343
Business Assurance
Exam practice
Sources of evidence 22 minutes

In each of the four following situations, the auditors face two sources of evidence resulting from
their audit procedures.
Source A Source B
Situation 1 Observation of the client’s physical Confirmation of the client’s inventories

counting of inventories at the year- held at an independent warehouse by
end. requesting a confirmation from the
warehouse management.
Situation 2 Observation of the client’s Observation of the client’s inventories
inventories composed primarily of composed primarily of metal sheets.
sophisticated electronic equipments.
Situation 3 Review of all payments made to Request for suppliers’ confirmations at
suppliers after the year-end to the year-end for all significant suppliers
determine if they were properly from which the client made purchases
recorded as trade payables at the during the year.
year-end.
Situation 4 Confirmation of the client’s bank Checking the balance of the client’s
balance at the year-end direct with bank accounts with bank statements
the bank. kept by the client.
Required
(a) For each of the four situations, state the most important financial statement assertion(s)
which are being tested by the described audit procedures. (4 marks)
(b) For each of the four situations, identify which of the two sources gives more persuasive
evidence, and briefly explain your reasoning. (8 marks)
(Total = 12 marks)
344
chapter 13
Specific audit procedures

Topic list
1 Tangible non-current assets 5 Bank and cash

1.1 Audit objectives for tangible non-current 5.1 Bank confirmation procedures
assets 5.2 Confirmation requests
1.2 Internal control considerations 5.3 Common audit procedures
1.3 Audit procedures for tangible non-current 5.4 Auditing cash
assets 6 Trade payables and accruals
1.4 Long-term investments 6.1 Audit procedures
2 Intangible non-current assets 6.2 Confirmation of trade payables
2.1 Audit risks in auditing intangible non- 7 Non-current liabilities
current assets 8 Impairment losses and contingencies
2.2 Auditing goodwill, research and 8.1 Litigation and claims
development and other intangibles 8.2 Any impairment loss?
2.3 Auditing the existence and valuation 9 Audit of provisions
assertions of intangibles 10 Capital and other issues
3 Inventory 11 Segment information
3.1 Audit objectives for inventory 11.1 Segment information
3.2 Audit procedures for inventory 12 Sales
3.3 Physical inventory count 12.1 Special sales
3.4 Additional procedures for physical 12.2 Consignment sales
inventory counting conducted other than 13 Purchases
at the date of the financial statements 13.1 Internal controls
3.5 Physical inventory count not possible – 13.2 Substantive procedures
alternative procedures 14 Wages and salaries
3.6 Valuation of inventory 14.1 Internal controls
3.7 Inventory held by third party 14.2 Substantive procedures
4 Receivables 15 Financial instruments
4.1 The receivables' confirmation 15.1 Purposes of HKAPG 1000
4.2 Positive v negative confirmation 15.2 Controls relating to financial instruments
4.3 Sample selection 15.3 Audit considerations relating to financial
4.4 Other uses of external confirmations instruments
4.5 Follow-up procedures 15.4 Other relevant audit considerations
4.6 Evaluation and conclusions
4.7 Impairment loss for irrecoverable debt
Learning focus
In this chapter you will study the audit procedures you would perform to confirm specific
assertions in an entity's financial statements. You should understand why a specific procedure
is performed. We will examine the substantive audit of trade payables and accruals, long-term
liabilities and impairment losses and end with a brief look at capital. Sales are considered in
conjunction with trade receivables and purchases are considered in conjunction with the audit
of trade payables.
345
Business Assurance
Learning outcomes
Competency
level
2.09.09 Explain the appropriate audit tests for:
2.09.09.01 Tangible non-current assets
2.09.09.02 Intangible non-current assets
2.09.09.03 Inventory
2.09.09.04 Receivables
2.09.09.05 Bank and cash
2.09.09.06 Trade payables and accruals
2.09.09.07 Non-current liabilities
2.09.09.08 Provisions and contingencies
2.09.09.09 Capital and other issues
2.09.09.10 Long-term investments
2.09.09.11 Segment information
2.09.09.12 Revenue
2.09.09.13 Purchases
2.09.09.14 Wages and salaries
2.09.09.15 Financial instruments
346
13: Specific audit procedures | Part D Assurance engagements
1 Tangible non-current assets
Topic highlights
These are key areas when testing tangible non-current assets:
 Confirmation of ownership
 Inspection of non-current assets
 Valuation by third parties
 Adequacy of depreciation rates
1.1 Audit objectives for tangible non-current assets

Financial statement assertion Audit objective
Existence and occurrence  Additions represent assets acquired in the year
and disposals represent assets sold or scrapped
in the year
 Recorded assets represent those in use at the
year-end
Completeness  All additions and disposals that occurred in the
year have been recorded
 Balances represent assets in use at the year-end
Rights and obligations  The entity has rights to the assets purchased and
those recorded at the year-end
Accuracy, classification and  Non-current assets are correctly stated at cost
valuation less accumulated depreciation
 Additions and disposals are correctly recorded
Assertions relating to presentation  Disclosures relating to cost, additions and
and disclosure (occurrence and rights disposals, depreciation policies, useful lives and
and obligations, completeness, assets held under finance leases are adequate
classification and understandability, and in accordance with accounting standards
accuracy and valuation)
1.2 Internal control considerations

The non-current asset register is a very important aspect of the internal control system. It
enables assets to be identified, and comparisons between the general ledger, non-current asset
register and the assets themselves provide evidence that the assets are completely recorded.
Another significant control is procedures over acquisitions and disposals, that acquisitions and
disposals are properly authorised, and proceeds are accounted for.
Other significant aspects are whether:
 security arrangements over non-current assets are sufficient
 non-current assets are maintained properly
 depreciation is reviewed every year
 all income is collected from income-yielding assets
347
Business Assurance
1.3 Audit procedures for tangible non-current assets

AUDIT PLAN: TANGIBLE NON-CURRENT ASSETS
Completeness  Obtain or prepare a summary of tangible non-current assets showing
how:
– gross book value
– accumulated depreciation
– net book value
reconcile with the opening position.
 Compare non-current assets in the general ledger with the non-
current assets register and obtain explanations for differences.
 For a sample of assets which physically exist agree that they are
recorded in the non-current asset register.
 If a non-current asset register is not kept, obtain a schedule showing
the original costs and present depreciated value of major non-current
assets.
 Reconcile the schedule of non-current assets with the general ledger.
Existence  Confirm that the entity physically inspects all items in the non-current
asset register each year.
 Inspect assets, concentrating on high value items and additions in-
year. Confirm that items inspected:
– exist
– are in use
– are in good condition
– have correct serial numbers
 Review records of income-yielding assets.
 Reconcile opening and closing assets by numbers as well as amounts.

Valuation  Verify valuation to valuation certificate.
 Consider the source of valuation, reviewing:

– experience of valuer
– scope of work
– methods and assumptions used
– valuation bases are in line with accounting standards
 Reperform calculation of revaluation surplus.
 Confirm whether valuations of all assets that have been revalued have
been updated regularly by inquiries of the Chief Financial Officer and
inspection of previous financial statements.
 Inspect draft financial statements to check that entity has recognised
in the statement of profit or loss and other comprehensive income
revaluation losses unless there is a credit balance in respect of that
asset in equity, in which case it should be debited to equity to cancel the
credit. All revaluation gains should be credited to equity.
348
 Review depreciation rates applied in relation to:

– asset lives
– residual values
– replacement policy
– past experience of gains and losses on disposal
– consistency with prior years and accounting policy
– possible obsolescence
 Review non-current assets register to ensure that depreciation has
been charged on all assets with a limited useful life.
 Examine depreciation policies and ensure they are correctly and
consistently applied in accordance with HKASs.
 Verify that the revaluation of assets is recorded properly.
 For revalued assets, ensure that the charge for depreciation is based
on the revalued amount by recalculating it for a sample of revalued
assets.
 Reperform calculation of depreciation rates to ensure it is correct.
 Compare ratios of depreciation to non-current assets (by category)

with:
– previous years
– depreciation policy rates
 Scrutinise draft financial statements to ensure that depreciation
policies and rates are disclosed in the financial statements.
 Review insurance policies in force for all categories of tangible non-
current assets and consider the adequacy of their insured values and
check expiry dates.
Rights and  Verify title to land and buildings by inspection of:
obligations
– title deeds
– land registry certificates
– leases
 Obtain a certificate from lawyers/bankers:
– stating purpose for which the deeds are being held (custody only)
– stating deeds are free from mortgage or lien
 Inspect registration documents for vehicles held, confirming that they
are in entity's name.
 Confirm all vehicles are used for the entity's business.
 Examine documents of title for other assets (including purchase

invoices, architects' certificates, contracts, hire purchase or lease
agreements).
 Review for evidence of charges in statutory books and by company
search.
349
Business Assurance
 Review leases of leasehold properties to ensure that entity has fulfilled

covenants therein.
 Examine invoices received after year-end, orders and minutes for
evidence of capital commitments.
Additions These tests are to confirm rights and obligations, valuation and
completeness.
 Verify additions by inspection of architects' certificates, solicitors'
completion statements, suppliers' invoices etc.
 Review capitalisation of expenditure by examining for non-current
assets additions and items in relevant expense categories (repairs,
motor expenses, sundry expenses) to ensure that:
– capital/revenue distinction is correctly drawn
– capitalisation is in line with consistently applied entity's policy
 Inspect non-current asset accounts for a sample of purchases to
ensure they have been properly allocated.
 Check purchases have been authorised by directors/senior
management by reviewing board minutes.
 Ensure that appropriate claims have been made for grants, and grants
received and receivable have been received, by inspecting claims
documentations and bank statements.
 Check additions have been recorded by scrutinising the non-current
asset register and general ledger.
Disposals These tests are to confirm rights and obligations, completeness,
occurrence and accuracy.
 Verify disposals with supporting documentation, checking transfer of
title, sales price and dates of completion and payment.
 Recalculate profit or loss on disposal.
 Check that disposals have been authorised by reviewing board

minutes.
 Consider whether proceeds are reasonable.
 If the asset was used as security, ensure release from security has
been correctly made.
Classification and  Agree opening balances with prior years.
understandability
 Review non-current asset disclosures in the financial statements to
ensure they meet HKAS 16 Property, Plant and Equipment criteria.
 For a sample of fully depreciated assets, inspect the register to
ensure no further depreciation is charged.
 Inspect draft financial statements to ensure that depreciation policies
and rates are correctly disclosed.
350
You are the external auditor of Convenient Motor Limited (“CML”), a Hong Kong listed entity which
has a year end 31 March. You have been the auditor since CML's listing. CML has purchased over
70 trucks for hiring to CML's customers for transporting goods. Normally, the hiring time ranges
from one week to three months.
In the main, all the vehicles are running anywhere in Hong Kong except when some of them have
broken down the vehicles will be returned to CML's car park for repairs. Full details of all vehicles
are maintained in a non-current assets register.
CML will receive telephone orders or e-mail orders where the booked truck would be ready for
collection the next day. Standard hiring amounts are allocated to each booking depending on the
amount of time for which the vehicle is being hired.
The net book value of the trucks is $37.5 million as at the year end and it represents 35 % of CML's
total assets.
Required
Describe the audit procedures the auditor should perform on the net book value of CML's trucks at
the year end.
Note that inspection of a building's title deeds does not give audit evidence about existence and if
there is doubt that a building actually exists, the auditors should physically inspect it.
1.4 Long-term investments

When long-term investments are material to the financial statements, the auditor should obtain
sufficient and appropriate audit evidence regarding their valuation and disclosure.
The key audit issues to consider are:
(a) whether the entity has the ability to continue to hold the investments on a long-term
basis
Audit procedure: Discuss with management and obtain written representations
(b) whether to write down the investments to market values
Audit procedure: Obtain market quotations and compare with the carrying amounts of the
investment
2 Intangible non-current assets
Topic highlights
Key assertions for intangible non-current assets are existence and valuation.
The key assertions relating to intangibles are existence (not so much “do they exist?”, but “are
they genuinely assets?”) and valuation. They will therefore be audited with reference to criteria laid
down in the financial reporting standards. As only purchased goodwill or intangibles with a readily
ascertainable market value can be capitalised, audit evidence should be available (purchase
invoices or specialist valuations). The audit of amortisation will be similar to the audit of
depreciation.
351
Business Assurance
2.1 Audit risks in auditing intangible non-current assets

It is difficult to audit intangible non-current assets such as intellectual property products.
The reasons are as follows:
(a) It is difficult to identify whether and when there is an identifiable asset that will generate
expected future economic benefits.
(b) It is difficult to determine the cost of the asset reliably as the cost of generating the intangible
asset internally may not be distinguishable from the cost of maintaining or enhancing the
entity or of running day-to-day operations.
(c) There is difficulty in auditing the estimates used in determining the amount of expected
future economic benefits.
2.2 Auditing goodwill, research and development and other

intangibles
AUDIT PLAN: INTANGIBLE NON-CURRENT ASSETS
Goodwill  Agree the consideration to sales agreement by inspection.
 Consider whether asset valuation (including assumptions) is reasonable.
 Agree that the calculation is correct by recalculation.
 Review the impairment test and discuss with management
 Ensure valuation of goodwill is reasonable/there has been no
impairment not adjusted through discussion with management.
 Check purchased goodwill is calculated correctly (it should reflect the
difference between the fair value of the consideration given and the
aggregate of the fair values of the separable net assets acquired).
Research and  Confirm that capitalised development costs conform to HKAS 38 criteria
development costs by inspecting details of projects and discussions with technical
managers.
 Confirm feasibility and viability by inspection of budgets.
 Recalculate amortisation calculation, to ensure it commences with
production/is reasonable.
 Inspect invoices to verify expenditure incurred on research and
development projects.
Other intangibles  Agree purchased intangibles to purchase documentation agreement by
inspection.
 Inspect specialist valuation of intangibles and ensure it is reasonable.
 Review amortisation calculations and ensure they are correct by
recalculation.
352
2.3 Auditing the existence and valuation assertions of intangibles

Substantive procedures should be performed including substantive analytical procedures and tests
of details. However, it is difficult to design any meaningful analytical procedures on intangible
assets. Therefore, it is more efficient to carry out substantive work mainly consisting of tests of
details as detailed in the table below:
Existence and valuation of intangibles

Existence assertion  Obtain an understanding of the entity's systems and the
related intangible assets by reviewing internal
documentation prepared by the entity to ensure that the
intangible assets exist
 Involve experts in ensuring the technical feasibility of the
intangible assets
 Review past history for the existing intangible assets to
ensure that a market exists for the intangible assets
 Review subsequent sale and use of the intangible assets
 Review the entity's application process of relevant
accreditation and review the status of accreditation of all its
intangible assets
Valuation and allocation  Review costs capitalised
assertion
 Vouch to source documents to ensure that they are directly
attributable to the creation, production and preparation of
the intangible assets
 Obtain entity's estimates of future economic benefits
 Review and test the process used by the entity to develop
the estimates
 Evaluate data and consider the assumptions on which the
estimate is based. For example, by comparing estimates
made for prior periods with actual results of those periods
 Review entity's approval process for activities, capitalisation
of expenses and development of estimates for the intangible
assets
 Review the appropriateness of entity's estimates in
establishing its impairment policy
 Review impairment testing and assess the reasonableness
of the calculation of a recoverable amount
You are the auditor of CC Limited (“CC”). CC acquired DD Limited during the year and recorded
goodwill of HK$300 million and intangible assets such as trade mark, patent and customer
relationships of HK$500 million. Management of CC engaged X Limited to value the intangible
assets and advise on the business valuation of the transaction. Based on the business valuation
performed by X Limited, CC developed its goodwill impairment assessment and concluded that no
goodwill impairment is necessary.
353
Business Assurance
Required
(a) Evaluate and explain the risk of material misstatement relating to the valuation assertion of
CC Limited’s goodwill and intangible assets.
(b) Suggest and discuss the audit procedures you would perform on goodwill and intangible
assets respectively in response to the assessed risk of material misstatement in part (a).
3 Inventory
Topic highlights
There are five key assertions relating to inventory:
 Existence
 Completeness
 Rights and obligations
 Valuation
 Cut-off
Inventory is often a major area of importance for the auditor and, historically, has been the
component of the statement of financial position that creates more problems than any other. There
are a number of reasons for this including the reasons stated below:
 Inventory is usually a significant balance in the calculation of profit and a material component
of the statement of financial position;
 The determination of year-end quantities can be problematic;
 There are different approaches to its valuation and estimation and subjective assessment is
usually required; and
 There is an increased risk of manipulation and fraud by management and relevant parties.
3.1 Audit objectives for inventory

The following table demonstrates the audit objectives for inventory and the related financial
statement assertions. The audit procedures described in the remainder of this section are
undertaken to provide audit evidence to support these assertions.

Existence and occurrence  Recorded purchases and sales represent inventories
bought and sold.
 Inventory on the statement of financial position
physically exists.
Completeness  All purchases and sales are recorded.
 All inventory at year-end is included on the statement of
financial position.
Rights and obligations  The entity has rights to inventory recorded in the period
and at the year-end.
354

Accuracy, classification  Costs are accurately determined in accordance with
and valuation accounting standards.
 Inventory is recorded at year-end at the lower of cost
and net realisable value.
Cut-off  All purchases and sales of inventories are recorded in
the correct period.
Assertions relating to  Inventory is properly classified in the financial
presentation and disclosure statements.
(classification and  Disclosures relating to classification and valuation are
understandability, completeness, adequate and in accordance with accounting standards.
accuracy and valuation)
3.2 Audit procedures for inventory

The following table sets out audit procedures to test year-end inventory:
AUDIT PLAN: INVENTORY

Existence  Observe the physical inventory count (see Section 3.3 for
details).
Completeness  Complete the disclosure checklist to ensure that all the
disclosures relevant to inventory have been made.
 Trace test counts to the detailed inventory listing.
 Where inventory is held in third party locations, physically
inspect this inventory or review confirmations received from the
third party and match to the general ledger.
 Compare the gross profit percentage to the previous year or
industry data.
Rights and obligations  Verify that any inventory held for third parties is not included in
the year-end inventory figure by being appropriately segregated
during the inventory count.
 For any “bill-and-hold” inventory (ie where the inventory has
been sold but is being held by the entity until the customer requires
it), identify such inventory and ensure that it is segregated during
the inventory count so that it is not included in the year-end
inventory figure.
 Confirm that any inventory held at third party locations is
included in the year-end inventory figure by reviewing the inventory
listing.
 Inquire of management and review any loan agreements and
board minutes for evidence that inventory has been pledged or
assigned.
 Inquire of management about warranty obligation issues.
355
Business Assurance

Accuracy,  Obtain a copy of the inventory listing and agree the totals to the
classification and general ledger.
valuation
 Cast the inventory listing to ensure it is mathematically correct.
 Vouch a sample of inventory items to suppliers' invoices to ensure
it is correctly valued.
 Where standard costing is used, test a sample of inventory to
ensure it is correctly valued.
 For materials, agree the valuation of raw materials to invoices and
price lists.
 Confirm that an appropriate basis of valuation (eg FIFO) is being
used by discussing with management.
 For labour costs, agree costs to wage records.
 Review standard labour costs in the light of actual costs and
production.
 Reconcile labour hours to time summaries.
 Make inquiries of management to ascertain any slow-moving or
obsolete inventory that should be written down.
 Examine prices at which finished goods have been sold after the
year-end to ascertain whether any finished goods need to be
written down.
 If significant levels of finished goods remain unsold for an unusual
period of time, discuss with management and consider the need to
make allowance.
 Compare the gross profit percentage to the previous year or
industry data.
 Compare raw material, finished goods and total inventory turnover
to the previous year and industry averages.
 Compare inventory days to the previous year and industry
average.
 Compare the current year standard costs to the previous year after
considering current conditions.
 Compare actual manufacturing overhead costs with budgeted or
standard manufacturing overhead costs.
Cut-off  Note the numbers of the last Goods Despatched Notes (GDNs)
and Goods Received Notes (GRNs) before the year-end and the
first GDN and GRN after the year-end and check that these have
been included in the correct financial year.
356

Assertions relating to presentation and disclosure
Accuracy  Obtain a copy of the inventory listing and cast it, and test the
mathematical extensions of quantity multiplied by price.
 Trace test counts back to the inventory listing.
 If the entity has adjusted the general ledger to agree with the
physical inventory count amounts, agree the two amounts.
 Where a continuous (perpetual) inventory system is
maintained, agree the total on the inventory listing to the
continuous inventory records, using computer-assisted auditing
techniques (CAATs).
Classification and  Review the inventory listing to ensure that inventory has been
understandability properly classified between raw materials, work-in-progress and
finished goods.
 Read the notes to the financial statements relating to inventory to
ensure they are understandable.
Completeness,  Review the financial statements to confirm whether the cost
accuracy and valuation method used to value inventory is accurately disclosed.
 Read the notes to the financial statements to ensure that the
information is accurate and properly presented at the appropriate
amounts.
3.3 Physical inventory count
Topic highlights
Physical inventory count procedures are vital as they provide evidence which cannot be obtained
elsewhere or at any other time about the quantities and conditions of inventories and work-in-
progress.
HKSA 501.4 HKSA 501 (Clarified) Audit Evidence – Specific Considerations for Selected Items provides
guidance to auditors on attending the physical inventory count. It states that where inventory is
material, auditors must obtain sufficient appropriate audit evidence regarding its existence and
condition by attending the physical inventory count, unless this is impracticable and perform audit
procedures over the entity's final inventory records to determine whether they accurately reflect
actual inventory count results.
Procedures performed during attendance at physical inventory counting may serve as tests of
control or substantive procedures depending on the auditor's risk assessment, audit approach
and the specific procedures carried out.
It is always management's responsibility to ensure inventory figures in the accounts both
represent inventory that exists and that is actually owned by the entity.
3.3.1 The inventory count

A business may count inventory by one or a combination of the following methods:
(a) Physical inventory counts at the year-end
From the viewpoint of the auditor this is often the best method.
357
Business Assurance
(b) Physical inventory counts before or after the year-end

This will provide audit evidence of varying reliability depending on:
(i) the length of time between the physical inventory count and the year-end (the greater
the time period, the less the value of audit evidence)
(ii) the business's system of internal controls
(iii) the quality of records of inventory movements in the period between the physical
inventory count and the year-end
(c) Continuous (or perpetual) inventory where management has a programme of inventory-
counting throughout the year (see next sub-section).
3.3.2 Continuous (or perpetual) inventory

If continuous inventory counting is used, auditors will verify that management does the following:
(a) Ensures that all inventory lines are counted at least once a year.
(b) Maintains adequate inventory records that are kept up-to-date. Auditors may compare
sales and purchase transactions with inventory movements, and carry out other tests on the
inventory records, for example, checking casts and classification of inventory.
(c) Has satisfactory procedures for inventory counts and test-counting. Auditors should
confirm the inventory count arrangements and instructions are as rigorous as those for a
year-end inventory count by reviewing instructions and observing counts.
Auditors will be particularly concerned with cut-off, that there are no inventory movements
while the count is taking place, and inventory records are updated up until the time of the
inventory count.
(d) Investigates and corrects all material differences. Reasons for differences should be
recorded and any necessary corrective action taken. All corrections to inventory movements
should be authorised by a manager who has not been involved in the detailed work. These
procedures are necessary to guard against the possibility that inventory records may be
adjusted to conceal shortages. Auditors should check that the procedures are being
operated.
The audit work when continuous inventory counting is used focuses on tests of controls rather
than substantive audit work. Nevertheless, the auditor will also need to do some further substantive
audit work on completeness and existence at the year-end.
Attendance at an inventory count gives evidence of the existence (though not necessarily
ownership) of inventory and in identifying obsolete, damaged or ageing inventory. It also gives
evidence of the completeness of inventory, as do the follow-up tests to ensure all inventory sheets
were included in the final count.
358
3.3.3 Planning attendance at inventory count

Before the physical inventory count the auditors should ensure audit coverage of the count is
appropriate, and that the entity's count instructions have been reviewed.
AUDIT PLAN: PLANNING INVENTORY COUNT
 Review of previous year's arrangements.

 Discussion with management regarding inventory count arrangements and significant
changes.
 The nature and volume of the inventory.
 Risks relating to inventory.
 Identification of high value items.
 Method of accounting for inventory.
 Location of inventory and how it affects inventory control and recording.
 Internal control and accounting systems to identify potential areas of difficulty.
 How to ensure a representative selection of locations, inventory and procedures are
covered.
 How to ensure sufficient attention is given to high value items.
 Arrangements to obtain from any third parties' confirmation of inventory they hold.
 Consideration of the need for expert help.
 Supervision by senior staff including senior staff not normally involved with inventory.
 Tidying and marking inventory to help counting.
 Restriction and control of the production process and inventory movements during the count.
 Identification of damaged, obsolete, slow-moving, third party and returnable inventory.
 Systematic counting to ensure all inventory is counted.
 Teams of two counters, with one counting and the other checking or two independent
counts.
 Serial numbering, control and return of all inventory sheets.
 Inventory sheets being completed in ink and signed.
 Information to be recorded on the count records (location and identity, count units, quantity
counted, conditions of items, stage reached in production process).
 Recording of quantity, conditions and stage of production of work-in-progress.
 Recording of last numbers of goods inwards and outwards records and of internal transfer
records.
 Reconciliation with inventory records and investigation and correction of any differences.
3.3.4 Attendance at inventory count

During the count the auditors should check the count is being carried out according to
instructions, carry out test counts, and watch for third party and slow moving inventory and
cut-off problems.
359
Business Assurance
AUDIT PLAN: ATTENDANCE AT INVENTORY COUNT
 Observe whether the entity's staff are following instructions as this will help to ensure the
count is complete and accurate.
 Perform test counts to ensure procedures and internal controls are working properly, ie the
application of appropriate control activities.
 Ensure that the procedures for identifying damaged, obsolete and slow-moving inventory
operate properly; the auditors should obtain information about the inventory's condition, age,
usage and in the case of work-in-progress, its stage of completion to ensure that it is later
valued appropriately.
 Confirm that inventory held on behalf of third parties is separately identified and accounted
for so that inventory is not overstated.
 Conclude whether the count has been properly carried out and is sufficiently reliable as a
basis for determining the existence of inventories.
 Consider whether any amendment is necessary to subsequent audit procedures.
 Gain an overall impression of the levels and values of inventories held so that the auditors
may, in due course, judge whether the figure for inventory appearing in the financial statements
is reasonable.
When carrying out test counts the auditors should select items from the management's count
records and from the physical inventory and check one to the other, to confirm the accuracy of the
count records. These two-way tests provide evidence for completeness and existence. The
auditors should concentrate on high value inventory. If the results of the test counts are not
satisfactory, the auditors may request that inventory is recounted.
The auditors' working papers should include:
 details of their observations and tests
 the manner in which points that are relevant and material to the inventory being counted or
measured have been dealt with by the entity
 instances where the entity's procedures have not been satisfactorily carried out
 items for subsequent testing, such as photocopies of (or extracts from) rough inventory
sheets
 details of the sequence of inventory sheets
 the auditors' conclusions
3.3.5 After the inventory count

There are a number of follow up procedures once the inventory count has taken place. Among
these are the preparation of a memorandum for the working papers and a summary of the results
of the observations, test counts and so on, giving an overall conclusion on the effectiveness of the
entity's physical inventory activities and the auditor's satisfaction with them. The table goes into
more detail:
AUDIT PLAN: FOLLOWING UP THE INVENTORY COUNT
 Trace items that were test counted to final inventory sheets.

 Observe whether all count records, including consignment inventories if they are held, have
been included in final inventory sheets.
 Inspect the final inventory sheets to ensure they are consistent with count records.
360
AUDIT PLAN: FOLLOWING UP THE INVENTORY COUNT
 Ensure that continuous inventory records have been adjusted to the amounts physically
counted or measured, and that the reasons for the differences have been identified.
 Confirm there is a consistent cut-off by checking sales invoices and supplier invoices are
recorded in the proper period.
 Review replies from third parties about inventory held by or for them and check all
consignment inventory is included in the final valuation and against the detailed records held by
the entity.
 Confirm the entity's final valuation of inventory has been calculated correctly.
 Follow up queries and notify any problems to management.
3.3.6 Risk factors – existence and valuation

When some of these risk factors appear, they will cause higher risk of material misstatements and
the following table shows the risks in relation to the most relevant assertions – existence and
valuation.
Existence
 Inventories at multi-locations
 Inventories of small size but high value
 Manufactured goods require identification of raw materials, work-in-progress
 Inventories with similar appearance
 Inventories requiring special storage
 Inventories are highly desirable and movable, ie the susceptibility of assets to loss or
misappropriation is high. For example, fraudulent schemes may be used to disguise the
unaccounted for portion of inventories
Valuation
 Inventories with similar appearance
 Inventories requiring special knowledge to value
 Inventories purchased in bulk – difficult to allocate costs
 Inventories of high value – wrong identification is material error
 Inventories requiring special storage – increased chance of obsolescence
 Inventories with fluctuating net realisable value
 Manufactured goods – allocation of costs
3.4 Additional procedures for physical inventory counting

conducted other than at the date of the financial statements
HKSA 501.5 Irrespective of whether management determines inventory quantities by an annual physical
inventory counting or maintains a perpetual inventory system, the physical inventory counting may
be conducted at a date or dates other than the date of the financial statements.
HKSA 501 (Clarified) requires the auditor shall additionally perform audit procedures to obtain audit
evidence about whether changes in inventory between the count date and the date of the
financial statements are properly recorded. The auditor could consider the effectiveness of the
design, implementation and maintenance of controls over changes in inventory.
361
Business Assurance
3.5 Physical inventory count not possible – alternative

procedures
3.5.1 Rollback exercise
If physical inventory count on planned date is not possible, the auditor should take or observe
some physical counts on an alternative date and perform, if necessary, other audit procedures on
intervening transactions (ie rollback). For the rollback, it is necessary to ascertain that entity's
records of inventory movements in the intervening period can be readily examined and
substantiated. A physical inventory count carried out after the year end could only be possible if
such records are available and found to be reliable.
The greater the interval between the financial statement date and the physical count date, the more
difficult the inventory rollback exercise will be. A rollback exercise will be highly dependent on the
soundness of the internal control system, in particular on inventories, and satisfactory maintenance
of inventory records.
Note details of the movement of inventory just prior to, during and after the count so that the
accounting for such movements can be checked at a later date. Auditors should assess the overall
results of the inventory rollback exercise and conclude whether they provide satisfactory evidence
as to the physical existence and conditions of entity's inventories as at the date of the financial
statements.
3.5.2 Other alternative procedures

When a physical inventory count (ie due to nature and location of the inventory) is impracticable
and a rollback exercise is also not possible, the auditors should perform other alternative
procedures to obtain sufficient appropriate audit evidence regarding the existence and
condition of inventory before considering modifying the auditor's report under HKSA 705
(Clarified) Modifications to the Opinion in the Independent Auditor's Report as a result of the scope
limitation.
If the nature of work in progress is such that its existence cannot be verified by a physical count
then alternative procedures may include: examining supporting costing records, work tickets,
evidence of purchases and sales and testing the internal controls, as well as physical inspection.
Auditors can also compare the current activity between the physical count date and the date of
financial statement to activity of the equivalent period in the preceding year and investigate unusual
fluctuations. In addition, auditors can review the sales records and investigate the authenticity of
any unusually large sales made in the period prior to the inventory count date.
Auditors can determine whether any inventory is pledged as collateral or subject to any liens and
inspect the open purchase order file at the end of the reporting period for significant commitments
that should be considered for disclosure.
3.6 Valuation of inventory
Topic highlights
The valuation and disclosure rules for inventory are laid down in HKAS 2 Inventories. Inventory
should be valued at the lower of cost and net realisable value.
The auditor needs to consider the valuation of inventories by reviewing whether:

 the entity has followed HKAS 2 when accounting the value for inventories (ie lower of cost or
net realisable value)
 the entity has allocated the overheads appropriately
 the entity has applied the method of accounting for inventories consistently
362
3.6.1 Valuation of manufacturing inventories

(a) Raw materials
The auditor should check the value of raw materials by vouching to suppliers' invoices.
Standard costs can be used and auditor should check the basis of standards, compare
standard costs with actual costs and confirm proper treatment of variances.
(b) Work-in-progress and finished goods
The auditor should check on the method used by the entity to value work-in-progress and
finished goods, the system of internal control and the reasonableness of the valuation of
finished goods and work-in-progress.
The auditor should use analytical procedures.
3.6.2 Identification of slow-moving inventories or obsolete items

Audit procedures should determine whether slow moving or obsolete items have been included
in inventory. This may be done by the following methods:
(a) Review the perpetual records (or inventory cards) for slow-moving items.
(b) Discuss the quality of the inventory (in terms of turnover rate, sales prospect, demand of the
market etc) with management.
(c) Ask questions of production personnel during physical inventory observation about the extent of
the use or non-use of inventory items.
(d) Make observations during the physical inventory of rust, damaged inventory, inventory in
unusual locations, and unusual amounts of dust on the inventory.
(e) Be aware of inventory that is tagged obsolete, spoiled, or damaged, or is set aside because it is
obsolete or damaged.
(f) Examine obsolescence reports, scrap sales, and other records in subsequent periods that may
indicate the existence of inventory that should have been excluded from the physical inventory
or included at a reduced cost.
(g) Calculate inventory ratios, by type of inventory if possible, and compare them with previous
years or industry standards.
3.7 Inventory held by third party

HKSA 501.8 HKSA 501 (Clarified) requires that if the entity has inventory that is held by third parties or in public
warehouses and is material to the financial statements, the auditor shall obtain sufficient
appropriate audit evidence regarding the existence and condition of that inventory by performing
the following procedures:
(a) Obtaining direct confirmation (HKSA 505 (Clarified) External Confirmations) relating to
quantities and ownership by writing directly to the custodian
(b) Perform inspection or other audit appropriate procedures such as:
(i) observing physical counts of the inventory or arranging for the third party's
auditors to do so, if practicable
(ii) obtaining a report on the adequacy of the third party's internal control
(iii) inspecting documentation regarding inventory held by third parties
(iv) requesting confirmation from other parties when inventory has been pledged as
collateral
363
Business Assurance
Summary of audit procedures for auditing existence and valuation of inventories

Existence
 Consider whether inventories are material in the statement of financial position.
 Perform physical count.
 Assess the independence and competence of the counting team, eg whether entity's staff
other than from the warehouse have been sufficiently involved and whether the inventory
taking is supervised by an appropriately experienced and qualified staff member.
 Trace items selected from the records to the physical inventory and items selected from the
physical inventory to the count records.
 Check from the entity's inventory records to auditor's test data for the location and items to be
traced at later stage.
 Perform cut-off procedures on the details of the movement of inventory just prior to, during and
after the count.
 Obtain expert confirmation about the identification of specialist inventory.
 For inventories situated at different locations, consider at which locations attendance is
appropriate, taking into account the materiality of inventory and the risk of material
misstatement at different locations.
 Consider the procedures of recording the inventory count results onto the financial statements.
Valuation
 Obtain a full list of inventory. Recalculate the total gross amount and match the recalculated
result to the amount in the statement of financial position.
 Use sampling to sample some expensive inventories and confirm with experienced staff of
entity that the actual type or class of these samples agree with the records.
 Obtain an independent expert's confirmation about the type or class of the inventories in the
sample and their valuation.
 Investigate entity's inventory accounting policy, particularly that relating to overhead allocation,
to consider whether the policy complies with relevant accounting standards. Reperform some
overhead cost allocations. Ask entity's management about any deviations from the policy.
 Trace some inventory items in the inventory sheets back to original purchase invoices to agree
the cost.
 Ask entity's management about the process for identification of obsolete and slow moving
inventories.
 Perform analytical procedures, eg compare finished goods to turnover ratios of current and
prior years, to consider whether the inventory holdings are reasonable.
 Obtain or prepare an inventory ageing analysis.
 Review subsequent sales and purchases.
 Trace inventory items to post-year end sales to determine the realisable value of inventory.
 Reconcile test counts recorded during the physical inventory observation to the inventory
listing.
 Review an analysis of inventory turnover, variances and overheads.
364
Gourmet Limited (“Gourmet”) manufactures and distributes canned food for supermarkets and
groceries. It operates a perpetual inventory system where accurate records of quantities and costs
can be retrieved at any point of time. The sales and purchases transactions are interrelated with
this inventory system. No year-end inventory count takes place and production will continue even
when there is an inventory count in progress. All the inventories are stored in large warehouses in
Hong Kong.
Your firm has been the external auditor for Gourmet for three years. You are now performing the
audit of inventories which comprise mainly raw materials and finished goods. Your firm wishes to
rely on Gourmet's perpetual inventory system to provide the basis of the figure to be included in the
financial statements for inventories.
Your firm does not wish to ask the entity to conduct a year-end inventory count.
Required
Describe the audit tests that you would perform on the perpetual inventory system during the year
in order to determine whether to rely on it as a basis for the raw materials and finished goods
figures to be included in the financial statements. No work has to be performed on work-in-progress.
4 Receivables
Topic highlights
Existence, completeness and valuation are key assertions relating to the audit of receivables.
Audit procedures for receivables are set out in the table below. This covers the audit of sales and
prepayments as well as trade receivables. Receivables are often tested in conjunction with sales.
The key assertions for sales are occurrence, completeness and accuracy.
AUDIT PLAN: RECEIVABLES

Completeness  Agree the balance from the individual sales ledger accounts to the aged
receivables' listing and vice versa.
 Match the total of the aged receivables' listing to the sales ledger control
account.
 Cast and cross-cast the aged trial balance before selecting any samples
to test.
 Trace a sample of shipping documentation to sales invoices and into the
sales and receivables' ledger.
 Complete the disclosure checklist to ensure that all the disclosures
relevant to receivables have been made.
 Compare the gross profit percentage by product line with the previous
year and industry data.
 Compare the level of prepayments to the previous year to ensure the
figure is materially correct and complete.
365
Business Assurance

Existence  Perform a receivables' circularisation on a sample of year-end trade
receivables (see Section 4.1 for details of how to undertake the
receivables' circularisation).
 Follow up all balance disagreements and non-replies to the receivables'
confirmation.
 Perform alternative procedures for any exceptions and non-replies to the
receivables' confirmation.
 Review after-date cash receipts by inspecting bank statements and cash
receipts documentation.
 Examine the customer's account and customer correspondence to
assess whether the balance outstanding represents specific invoices
and confirm their validity.
 Examine the underlying documentation (purchase order, despatch
documentation, duplicate sales invoice etc).
 Inquire from management explanations for invoices remaining unpaid
after subsequent ones have been paid.
 Observe whether the balance on the account is growing and if so, find
out why by discussing with management.
Rights and  Review bank confirmation for any liens on receivables.
obligations
 Make inquiries of management, review loan agreements and review
board minutes for any evidence of receivables being sold (eg to factors).
Valuation and  Compare receivables' turnover and receivables' days to the previous
allocation year and/or to industry data.
 Compare the aged analysis of receivables from the aged trial balance to
the previous year.
 Review the adequacy of the allowance for uncollectable accounts
through discussion with management.
 Compare the bad debt expense as a percentage of sales to the previous
year and/or to industry data.
 Compare the allowance for uncollectable accounts as a percentage of
receivables or credit sales to the previous year and/or to industry data.
 Examine large customer accounts individually and compare to the
previous year's balances.
 For a sample of old debts on the aged trial balance, obtain further
information regarding their recoverability by discussions with
management and review of customer correspondence.
 For a sample of prepayments from the prepayments' listing, recalculate
the amount prepaid to ensure that it has been accurately calculated.
366

Cut-off  For a sample of sales invoices around the year-end, inspect the dates
and compare with the dates of despatch and the dates recorded in the
ledger for application of correct cut-off.
 For sales returns, select a sample of returns documentation around the
year-end and trace to the related credit entries.
 Perform analytical procedures on sales returns, comparing the ratio of
sales returns to sales.
 Review material after-date invoices, credit notes and adjustments and
ensure that they are recorded correctly in the relevant financial period.
Classification  Take a sample of sales invoices and examine for proper classification
into revenue accounts.
Accuracy  For a sample of sales invoices, compare the prices and terms to the
authorised price list and terms of trade documentation.
 Test whether discounts have been properly applied by recalculating
them for a sample of invoices.
 Test the correct calculation of tax on a sample of invoices.
Occurrence  For a sample of sales transactions recorded in the ledger, vouch the
sales invoice back to customer orders and despatch documentation.
Occurrence and  Determine, through discussion with management, whether any
rights and receivables have been pledged, assigned or discounted and whether
obligations such items require disclosure in the financial statements.
Classification and  Review the aged analysis of receivables for any large credits, non-trade
understandability receivables and long-term receivables and consider whether such items
require separate disclosure.
 Read the disclosure notes relevant to receivables in the draft financial
statements and review for understandability.
Accuracy and  Read the disclosure notes to ensure the information is accurate and
valuation properly presented at the appropriate amounts.
4.1 The receivables' confirmation
Topic highlights
A confirmation of receivables is a major procedure, usually achieved by direct contact with
customers. There are two methods of confirmation: positive and negative.
4.1.1 Objectives of confirmation

HKSA External confirmation is a major substantive test used in the audit of accounts receivable balances.
505.7, 8
The external confirmation is a direct written response to the auditor from a third party. The
auditor designs and performs such procedures to obtain relevant and reliable audit evidence.
External confirmations can satisfy the financial assertions of existence, completeness and
rights and obligations and in addition can provide audit evidence about the absence of certain
conditions. External confirmation will produce audit evidence from each respondent whether the
amount owed by them to the entity at the date of confirmation is correct.
367
Business Assurance
From an independent source (external parties), it is reliable audit evidence. It would satisfy the
criteria of “appropriate” for evidence. Therefore, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to individual
entries in an account balance.
The confirmation of receivables on a test basis should not be regarded as replacing other audit
procedures, such as the testing in-depth of sales transactions, but the results may influence the
scope of such tests.
4.1.2 External confirmation procedures

HKSA 505 (Clarified) External Confirmations requires that the auditor shall maintain control over
external confirmation requests when using external confirmation procedures such as:
 determining the information to be confirmed or requested
 selecting the appropriate confirming party
 designing the confirmation requests
 sending the requests including follow-up procedures
4.1.3 Timing of confirmation

Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the statement of financial position. However, time constraints
may make it impossible to achieve this ideal.
In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before the year-end and internal
controls are strong.
4.1.4 Management's refusal to allow the auditor to send a confirmation

request
Confirmation is essentially an act of the entity, who alone can authorise third parties to divulge
information to the auditors.
HKSA 505 (Clarified) outlines what the auditors' response should be when management refuses
permission for the auditors to contact third parties for evidence. Note that this applies to all such
external confirmations, not just trade receivables' confirmations.
If management asks the auditor not to seek the confirmation, the auditor should inquire of
management the reasons for the refusal and consider if there are valid reasons for the request and
obtain evidence to support this.
If the auditor agrees not to seek external confirmations, other alternative procedures should be
carried out to obtain sufficient appropriate audit evidence. The auditor should consider the integrity
of management and possible reasons for any concealment.
In addition, the auditor should evaluate the implications of management's refusal especially
whether it is related to fraud and the implication on nature, extent and timing of audit procedures. If
management’s request is unreasonable, this may indicate a fraud risk factor that requires
evaluation in accordance with HKSA 240 (Clarified) The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements.
If the auditor does not accept the validity of management's request and is prevented from
undertaking the confirmations, the auditor shall communicate this with those charged with
governance under HKSA 260 (Clarified) Communication with Those Charged with Governance.
The auditor also shall determine the implications for the audit and the auditor's opinion in
accordance with HKSA 705 (Clarified) Modification to the Opinion in the Independent Auditor's
Report.
368
4.2 Positive v negative confirmation

When confirmation is undertaken, the method of requesting information from the customer may be
either positive or negative.
4.2.1 Positive confirmation

A positive external confirmation request asks the confirming party to reply to the auditor by either:
 indicating the confirming party's agreement with the given information, or
 by asking the confirming party to provide information
Though a positive confirmation request is expected to provide reliable evidence, there is a risk that
a confirming party may reply to the confirmation request without verifying whether the information is
correct. The auditor may ask the responding party to fill in the amount or furnish further information.
The positive method is generally preferable as it is designed to encourage definite replies from
those contacted. It is normally used when there is a small number of material accounts. However,
positive confirmation is more time-consuming and generally results in a lower response rate.
4.2.2 Negative confirmation

Negative confirmation request is a request that the confirming party responds directly to the auditor
only if the confirming party disagrees with the information provided in the request.
Negative confirmations provide less persuasive audit evidence than positive confirmations and the
auditor shall not use negative confirmation requests as the sole substantive audit procedure unless
all the following factors are present:
 The auditor has assessed the risk of material misstatement as low
 The entity has effective internal controls
 The population of items comprises a large number of small accounts
 A very low exception rate is expected
 The auditor is not aware of circumstances or conditions that would cause recipients of
negative confirmation requests to disregard the requests
Alternatively, in some circumstances, say where there is a small number of large accounts and a
large number of small accounts, a combination of both methods may be appropriate.
The statements will normally be prepared by the entity's staff, from which point the auditors, as a
safeguard against the possibility of fraudulent manipulation, must maintain strict control over the
preparation and despatch of the statements.
Precautions must also be taken to ensure that undelivered items are returned, not to the entity, but
to the auditors' own office for follow-up by them.
4.3 Sample selection

Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a
meaningful result it must be based upon a complete list of all accounts receivable. In addition,
when constructing the sample, the following classes of account should receive special attention:
 Old, unpaid accounts
 Accounts written-off during the period under review
 Accounts with credit balances
 Accounts settled by round sum payments
 Accounts with nil balances
 Accounts which have been paid by the date of the examination
369
Business Assurance
4.4 Other uses of external confirmations

External confirmations can be used in the following situations:
 Confirm bank balances and other information relevant to banking relationships
 Accounts receivable/payable and terms
 Consignment inventories
 Property title deeds held by lawyers or financiers for safe custody or as security
 Investment purchased but not delivered
 Loan balances including terms of repayment and restrictive covenants
HKSA
505.10, 12, 14
4.5 Follow-up procedures
4.5.1 Doubts about the reliability of responses to confirmation requests
There is always some risk regardless of the form of the response. Factors that indicate doubts
about the reliability of a response include that it:
 was received by the auditor indirectly
 appeared not to come from the originally intended confirming party ie responses received
electronically as it is difficult to identify the sender of information
If the auditor identifies factors that give rise to doubts about the reliability of the response to a
confirmation request, the auditor shall obtain further audit evidence to resolve those doubts. The
auditor may request to contact the confirming party and in addition, the auditor shall evaluate the
implications on the assessment of the relevant risks of material misstatement, including the risk of
fraud.
4.5.2 Non-responses
Topic highlights
Non-response is a:
 failure of the confirming party to respond or fully respond, to a positive confirmation request
 confirmation request returned undelivered
HKSA 505 requires the auditor shall perform alternative audit procedures to obtain relevant and
reliable audit evidence. Though oral response to a confirmation request does not meet the
definition of external confirmation, the auditor may request the confirming party to respond in
writing directly to the auditor. If the auditor is unable to obtain sufficient and appropriate audit
evidence, the auditor shall determine the implications for the audit and consider qualification of
auditor's opinion.
In certain situations, the auditor may consider a positive confirmation request is necessary to obtain
sufficient appropriate audit evidence especially when:
 the information available to corroborate is only available outside the entity
 specific fraud risk factors prevent the auditor from relying on evidence from the entity
A non-response to a confirmation request may indicate a previously unidentified risk of material
misstatement.
The auditor may need to revise the assessed risk of material misstatement at the assertion level,
and modify planned audit procedures.
370
4.5.3 Exceptions
Key term
Exceptions are responses that indicate a difference between information requested to be
HKSA 505.6e confirmed, or contained in the entity's records, and information provided by the confirming party.
The auditor shall investigate exceptions to determine whether or not they are indicative of
misstatement or indicative of fraud. Finally, exceptions also may indicate a deficiency or
deficiencies in the entity's internal control over financial reporting.
Auditors may use the following table to consider the reasons for exceptions:
Reasons for exceptions

There is a dispute between the entity and the customer. The reasons for the dispute would have to
be identified, and impairment losses made, if appropriate, against the debt.
Cut-off problems exist, because the entity records the following year's sales in the current year or
because goods returned by the customer in the current year are not recorded in the current year.
Cut-off testing may have to be extended (see below).
The customer may have sent the monies before the year-end, but the monies were not recorded
by the entity as receipts until after the year-end. Detailed cut-off work may be required on receipts.
Monies received may have been posted to the wrong account or a cash-in-transit account.
Auditors should check if there is evidence of other mis-posting. If the monies have been posted to a
cash-in-transit account, auditors should ensure this account has been cleared promptly.
Customers who are also suppliers may net-off balances owed and owing. Auditors should check
that this is allowed.
Teeming and lading, stealing monies and incorrectly posting other receipts so that no
particular customer is seriously in debt is a fraud that can arise in this area. If auditors suspect
teeming and lading has occurred, detailed testing will be required on cash receipts, particularly on
prompt posting of cash receipts.
4.5.4 Unreliable responses

When an auditor concludes that the response of the confirmation is unreliable, the auditor may
need to revise the risk of material misstatement at the assertion level and modify planned audit
procedures accordingly, in accordance with HKSA 315 (Revised). For instance, an unreliable
responses might indicate a fraud risk factor that requires evaluation in accordance with HKSA 240
(Clarified).
4.6 Evaluation and conclusions

HKSA 505 (Clarified) requires that the auditor shall evaluate whether the results of the external
confirmation procedures provide relevant and reliable audit evidence, or whether further audit
evidence is necessary.
The auditor may categorise such results as follows:
 A non-response
 A response indicating agreement with the information provided in the confirmation request
 A response indicating an exception
 A response deemed unreliable
371
Business Assurance
4.7 Impairment loss for irrecoverable debt

The amount shown in the trade receivables in the statement of financial position should be
“Outstanding amount on trade receivable less impairment loss for irrecoverable debt”. It is related
to the valuation and allocation assertion. Remember the impairment loss is management's estimate
so auditors need to refer to HKSA 540 (Clarified) Auditing Accounting Estimates, including Fair
Value Accounting Estimates and Related Disclosures.
Specific procedures for auditing the valuation and allocation of trade receivables:
(a) The auditors should understand, ascertain and evaluate the effectiveness of the internal
controls over credit policy and control.
(b) The auditors should understand and ascertain the ageing of the trade receivable balances.
(c) Based on the aged analysis of trade receivables as at the reporting date, the auditors could
perform analytical procedures, such as comparing the trade receivable turnover with
previous years', similar entities, or the industry average.
(d) The auditors should investigate outstanding trade receivable balances, especially for
unusual and/or material amounts, and obtain satisfactory explanation from the entity.
Account balances involving related party transactions require special attention.
(e) The auditors should identify and investigate any account balance exceeding the maximum
credit limit and obtain satisfactory explanation from the entity.
DEF Trading Limited (“DEF”) is principally engaged in purchasing different types of goods from
overseas manufacturers and reselling them to retailers in Hong Kong. Since trade receivables is a
material item in the statement of financial position of DEF, Wong & Co. (Wong), DEF’s auditor, is
planning to use external confirmation to verify the account balance of trade receivables as at
31 March 20X0.
Wong sent out trade receivables confirmation requests to all its major debtors and has received the
following replies from four major debtors:
(i) Debtor A replied, “Sorry, we can’t answer your request for confirmation of our account unless
you provide details of all outstanding invoices”.
(ii) Debtor B replied, “Yes, the outstanding balance of HK$488,000 agreed to our accounting
record”. However, Debtor B did not sign the response.
(iii) Debtor C replied, “The balance of HK$580,000 was paid on 15 March 20X0.”
(iv) Debtor D replied, “The amount should be HK$400,000 because the remaining HK$300,000
was for goods we received after 31 March 20X0.”
Required
(a) Evaluate the effectiveness of using external confirmation to obtain relevant and reliable audit
evidence at the existence, valuation and completeness assertion level of trade receivables.
(5 marks)
372
(b) Design additional audit procedures Wong should perform based on the replies from the
following four debtors:
(i) Debtor A (2 marks)
(ii) Debtor B (2 marks)
(iii) Debtor C (5 marks)
(iv) Debtor D (3 marks)
(Total = 17 marks)
5 Bank and cash
Topic highlights
Bank balances are usually confirmed directly with the bank in question.
5.1 Bank confirmation procedures

The audit of bank balances will need to cover completeness, existence, rights and obligations
and valuation. All of these assertions can be audited directly by obtaining third party confirmations
from the entity's banks and reconciling these with the accounting records, having regard to cut-off.
This type of audit evidence is valuable because it comes directly from an independent source
and, therefore, provides greater assurance of reliability than that obtained solely from the entity's
own records. The bank confirmation is mentioned as a source of external third party evidence in
HKSA 505 (Clarified).
5.2 Confirmation requests
Topic highlights
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
The auditors should decide from which bank or banks to request confirmation, having regard to
such matters as size of balance, volume of activity, degree of reliance on internal controls,
and materiality within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking confirmation of balances or other information from the bank:
 Listing balances and other information, and requesting confirmation of their accuracy and
completeness
 Requesting details of balances and other information, which can then be compared with
the entity's records
373
Business Assurance
In determining which of the above approaches is the most appropriate, the auditors should weigh
the quality of audit evidence they require in the particular circumstances against the practicality
of obtaining a reply from the confirming bank.
Difficulty may be encountered in obtaining a satisfactory response even where the entity submits
information for confirmation to the confirming bank. It is important that a response is sought for all
confirmation requests. Auditors should not usually request a response only if the information
submitted is incorrect or incomplete.
5.2.1 Preparation and despatch of requests and receipt of replies

Control over the content and despatch of confirmation requests is the responsibility of the auditors.
However, it is necessary for the request to be authorised by the entity. Replies should be returned
directly to the auditors and to facilitate such a reply, a pre-addressed envelope should be enclosed
with the request.
5.2.2 Content of confirmation requests

The form and content of a confirmation request letter will depend on the purpose for which it is
required and on local practices.
The most commonly requested information is in respect of balances due to or from the entity on
current, deposit, loan and other accounts. The request letter should provide the account
description number and the type of currency for the account.
It may also be advisable to request information about nil balances, and accounts which were
closed in the twelve months prior to the chosen confirmation date. The entity may ask for
confirmation not only of the balances on accounts but also, where it may be helpful, other
information, such as the maturity and interest terms on loans and overdrafts, unused facilities, lines
of credit/standby facilities, any offset or other rights or encumbrances, and details of any collateral
given or received.
The entity and its auditors are likely to request confirmation of contingent liabilities, such as those
arising on guarantees, comfort letter, bills and so on.
Banks often hold securities and other items in safe custody on behalf of customers. A request
letter may therefore ask for confirmation of such items held by the bank.
Auditor should state clearly the year end date on the confirmation. The auditors should check that
the bank has answered all the questions on the confirmation. If there is no reply, auditor should
follow up. Confirmation should be set in a standard form and any additional questions should be
attached with the confirmation.
5.2.3 Additional local guidance on bank confirmation requests

Additional local guidance is provided in HKSA 505 (Clarified) Appendix 1, which deals with
communication with banks but also applies to confirmations requested of other financial institutions,
for example, deposit-taking companies.
The auditor should send bank confirmation requests when the entity's banking activities, including
treasury operations, are significant to the audit.
The use of a standard bank request form is considered to be of benefit to both the banks and the
auditor for the confirmation or provision of information which is customarily held by banks.
When the auditor requires information of matters not covered by the standard request form, a
separate letter would be sent to cover the particular matter.
The auditor will review the bank's reply. The auditor may need to carry out additional tests on
matters relating to the entity's banking relationship.
374
5.2.4 Bank cut-off

Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window dressing in this context is usually manifested as an attempt to overstate the liquidity of the
entity by:
(a) keeping the cash book open to take credit for remittances actually received after the year-
end, therefore enhancing the balance at bank and reducing receivables
(b) recording cheques paid in the period under review which are not actually despatched until
after the year-end, thus decreasing the balance at bank and reducing liabilities.
5.3 Common audit procedures

AUDIT PLAN: BANK
 Obtain standard bank confirmations from each bank with which the entity conducted
business during the audit period.
 Reperform arithmetic of bank reconciliation.
 Trace cheques shown as outstanding from the bank reconciliation to the cash book prior to
the year-end and to the after-date bank statements and obtain explanations for any large or
unusual items not cleared at the time of the audit.
 Compare cash book(s) and bank statements in detail for the last month of the year, and
check items outstanding at the reconciliation date to bank statements.
 Review bank reconciliation previous to the year-end bank reconciliation and check that all
items are cleared in the last period or taken forward to the year-end bank reconciliation.
 Obtain satisfactory explanations for all items in the cash book for which there are no
corresponding entries in the bank statement and vice versa by discussion with finance
staff.
 Verify contra items appearing in the cash books or bank statements with original entry.
 Verify by inspecting paying-in slips that uncleared bankings are paid in prior to the year-end.
 Examine all lodgements in respect of which payment has been refused by the bank; ensure
that they are cleared on representation or that other appropriate steps have been taken to effect
recovery of the amount due.
 Verify balances per the cash book according to the bank reconciliation by inspecting cash
book, bank statements and general ledger.
 Verify the bank balances with reply to standard bank letter and with the bank statements.
 Inspect the cash book and bank statements before and after the year-end for exceptional
entries or transfers which have a material effect on the balance shown to be in-hand.
 Identify whether any accounts are secured on the assets of the entity by discussion with
management.
 Consider whether there is a legal right of set-off of overdrafts against positive bank balances.
 Determine whether the bank accounts are subject to any restrictions by inquiries with
management.
 Review draft financial statements to ensure that disclosures for bank are complete and
accurate and in accordance with accounting standards.
375
Business Assurance
5.4 Auditing cash
Topic highlights
Cash balances should be verified if they are material or irregularities are suspected.
Auditors will be concerned that the cash exists, is complete, and belongs to the entity (rights and
obligations) and is stated at the correct value.
Where the auditors determine that cash balances are potentially material they may conduct a cash
count, ideally at the period-end. Rather like attendance at an inventory count, the conduct of the
count falls into three phases: planning, the count itself, and follow-up procedures.
Some of the common procedures are as follows:
 Count cash balances held and agree to petty cash book or other record:
– Count all balances simultaneously
– All counting to be done in the presence of the individuals responsible
– Inquire into any IOUs or cashed cheques outstanding for a long period of time
 Obtain certificates of cash-in-hand from responsible officials.
 Confirm that bank and cash balances as reconciled above are correctly stated in the
6 Trade payables and accruals

Topic highlights
The largest figure in current liabilities is usually trade accounts payable which are generally
tested by the comparison of suppliers' statements with purchase ledger accounts.
6.1 Audit procedures

As with accounts receivable, accounts payable are likely to be a material figure in the statement of
financial position of most entities. The tests of controls on the purchases cycle will have also
provided the auditors with some assurance as to the completeness of liabilities.
However, when conducting their work on the statement of financial position, auditors should be
particularly aware of the risk that an entity may wish to understate its liabilities in order to improve
its liquidity ratios and enhance profits (by understating the corresponding purchases). The auditors
will want reasonable assurance therefore that liabilities existing at the period end have been
completely and accurately recorded.
For trade payables, auditors will seek assurance on the two following points:
 Is there an effective cut-off between goods received and invoices received, so that
purchases and trade payables are recognised in the correct period?
 Do trade payables represent the actual amounts owed by the entity?
Generally, the inherent risks of material misstatement in completeness of accounts payable would
be deemed to be normal/medium. If the auditor is satisfied by the entity's internal controls he may
reduce the combined risks, (inherent risk and control risk) of material misstatement to low.
Before you look at how the auditors may design and conduct their tests with regards to accounts
payable, you need to appreciate why the list of balances is important and how this information is
used.
376
The following table sets out audit procedures to test trade payables and accruals:
AUDIT PLAN: TRADE PAYABLES AND ACCRUALS
Completeness  From a listing of trade payables reconcile the total to the

general ledger by casting and cross-casting.
 Consider whether there could be significant unrecorded
liabilities by inquiries of management; examine post year-end
transactions.
 Select a sample of suppliers' statements and trace these back
to the supplier's accounts.
 Examine files of unmatched purchase orders and supplier
invoices for any unrecorded liabilities.
 Perform a confirmation of trade payables for a sample (see
Section 6.2 for details of the trade payables' confirmation).
 Complete the disclosure checklist to ensure that all the
disclosures relevant to liabilities have been made.
 Perform comparisons of the following data to check for
reasonableness:
– Current year balances for trade payables and accruals to the
previous year.
– The amounts owed to a sample of individual suppliers in the
trade payables listing to amounts owed to these suppliers in
the previous year.
– The payables' turnover and payables' days to the previous
year and industry data.
Existence  Vouch selected amounts from the trade payables listing and
accruals schedule to supporting documentation (purchase
orders and suppliers' invoices and so on).
 Reconcile a selection of suppliers' statements to the relevant
suppliers' accounts.
 Perform a confirmation of trade payables for a sample.
 Perform analytical procedures which compare current period
balances to the previous period to test reasonableness. Use
ratios to calculate payables' turnover and compare the results to
the previous year.
Rights and obligations  Vouch a sample of balances to supporting documentation to
obtain audit evidence on rights and obligations.
377
Business Assurance
AUDIT PLAN: TRADE PAYABLES AND ACCRUALS
Valuation and allocation  Vouch selected samples from the trade payables listing and
accruals listing to the supporting documentation (purchase orders,
minutes authorising expenditure and suppliers' invoices etc).
 Select suppliers' statements and reconcile these to the relevant
suppliers' accounts.
 For accruals, recalculate the amount of the certain accrual to
ensure the calculation is correct.
Perform the following comparisons:
 the current period balances for trade payables and accruals to
the previous period.
 the amounts owed to a sample of individual suppliers in the
trade payables listing to amounts owed to these suppliers in the
previous year.
 the payables' turnover and payables' days to the previous year
and industry data.
Cut-off  For a sample, compare the actual dates with the dates they
were recorded in the ledger to check cut-off has been applied
correctly.
 Test transactions either side of the period end to determine
whether amounts have been correctly recognised.
 Perform analytical procedures on purchase returns, by
comparing the purchase returns as a percentage of sales or
cost of sales to the previous year.
Accuracy  Recalculate the sample of suppliers' invoices to confirm the
amounts due are correct.
Occurrence  For a sample of vouchers, inspect supporting documentation
such as authorised purchase orders.
Classification and  Review the trade payables listing to identify any large debits
understandability (which should be reclassified as receivables or deposits) or
long-term liabilities which should be disclosed separately.
 Review the disclosure notes on liabilities in the draft financial
statements: understandability is important.
Accuracy and valuation  Read the disclosure notes to ensure the information is accurate
and properly presented at the appropriate amounts.
6.2 Confirmation of trade payables

Confirmation of trade payables is not often used in practice because the auditor can test trade
payables by examining reliable, independent evidence in the form of suppliers' invoices and
suppliers' statements. However, it may be used where an entity's internal controls are weak, and
suppliers' statements are available where other internal documentation is not. Confirmation of trade
payables provides evidence primarily for the completeness assertion.
What confirmations will take place will depend on the auditor's assessment of internal control:
(a) Where the entity has strong internal controls and the auditor has reasonable assurance
that all liabilities are recorded, the confirmation will focus primarily, if not entirely, on large
balances.
378
(b) Where the auditor suspects there may be unrecorded liabilities, regular suppliers who
have small or zero balances on their accounts and a sample of other accounts will be
confirmed in addition to any large balances.
Auditors use a positive confirmation (referred to as a blank or zero-balance confirmation). This
means the confirmation does not state the amount owed but requires the supplier to provide a
detailed statement of the account, including the balance owed at the period end. When the
confirmation is received back, the amount must be reconciled with the entity's records.
7 Non-current liabilities
Topic highlight
Non-current liabilities are usually authorised by the board and should be clearly documented.
In this section we focus on non-current liabilities such as debentures, loan stock and other loans
repayable at a date more than one year after the year-end.
Auditors will primarily try to determine the following:
(a) Completeness: whether all non-current liabilities have been adequately recognised
(b) Accuracy: whether interest payable has been calculated correctly and included in the
correct accounting period
(c) Classification and understandability: whether long-term loans and interest have been
correctly disclosed in the financial statements. The risk of material misstatement in
classification of bank loans is usually low, since the terms of bank loans are clearly set out in
the loan agreements.
The main issue for the auditors is that debenture and loan agreements often stipulate conditions
with which the entity must comply, which may mean restrictions on the entity's total borrowings or
adherence to specific borrowing ratios.
A minimal level of substantive procedures usually suffices unless there are new loans raised during
the reporting period, and tests will consist of substantive analytical procedures and obtaining
confirmation from the banks.
AUDIT PLAN: NON-CURRENT LIABILITIES
 Either obtain or prepare a schedule of loans outstanding at the reporting date. For each
loan information should be given about the name of the lender, the date of the loan, the
maturity date, the interest date, the interest rate, the balance at the end of the period and
what the terms are regarding security.
 Compare opening balances to previous year's records.
 Test the clerical accuracy of the analysis.
 Compare balances to the general ledger.
 Agree name of lender etc, to register of debenture holders or equivalent (if kept).
 Trace additions and repayments to entries in the cash book.
 Confirm repayments are in accordance with loan agreement.
 Examine cancelled cheques and memoranda of satisfaction for loans repaid.
 Ascertain that borrowing restrictions imposed by agreements are not exceeded.
 Read signed board minutes relating to new borrowings/repayments.
379
Business Assurance
AUDIT PLAN: NON-CURRENT LIABILITIES
 Obtain direct confirmation from lenders of the amounts outstanding, accrued interest
and what security they hold.
 Verify interest charged for the period and the adequacy of accrued interest.
 Confirm assets charged have been entered in the register of charges and notified to
the Registrar.
 Review any restrictive covenants in loan agreements and impairment losses relating to
default:
– Review any correspondence relating to the loan
– Review confirmation replies for non-compliance
– In the event of a default, determine its effect, and record findings
 Review minutes and cash book to confirm that all loans have been recorded.
 Review draft financial statements to ensure that disclosures for non-current liabilities
are correct and in accordance with relevant accounting standards. Elements repayable
within one year should be classified under current liabilities.
8 Impairment losses and contingencies
Topic highlight
The accounting treatments for impairment loss and contingencies are complex and involve
judgment and this can make them difficult to audit.
Examples of the principal types of contingencies disclosed by entities are:

 guarantees (for group entities, of staff pension schemes, of completion of contracts)
 discounted bills of exchange
 uncalled liabilities on shares or loan inventory
 lawsuits or claims pending
 options to purchase assets
8.1 Litigation and claims

HKSA Part of HKSA 501 (Clarified) Audit Evidence –Specific Considerations for Selected Items covers
501.10, 11, 12 contingencies relating to litigation and legal claims, which represent the major part of audit work on
contingencies. Litigation and claims involving the entity may have a material effect on the financial
statements, and so are required to be disclosed or accounted for in the financial statements.
The auditor should carry out procedures in order to become aware of any litigation and claims
involving the entity which may have a material effect on the financial statements. Such procedures
would include the following:
(a) Make appropriate inquiries of management and others within the entity including in-
house legal counsel
(b) Review minutes of meetings of those charged with governance and correspondence with
the entity's lawyers
(c) Examine legal expense accounts
(d) Use any information obtained regarding the entity's business including information obtained
from discussions with any in-house legal department
380
8.1.1 Litigation and claims identified

When litigation or claims have been identified or when the auditor believes they may exist, the
auditor should seek direct communication with the entity's external legal counsel. This will help to
obtain sufficient appropriate audit evidence as to whether potential material litigation and claims are
known and management's estimates of the financial implications, including costs, are reliable.
When the auditor determines that the risk of material misstatement is a significant risk in which
this case relates to litigation and claims, the auditor shall evaluate the design of the entity's related
controls and determines whether they have been implemented. The communication may be in
writing and should be consented by management due to confidentiality.
8.1.2 Letter to the entity's external legal counsel

HKSA 501 (Clarified) discusses the form of the direct communication: communication should be
“through a letter of inquiry, prepared by management and sent by the auditor, requesting the
entity's external legal counsel to communicate directly with the auditor”.
A letter of general inquiry requests the entity's external legal counsel to inform the auditor of:
 any litigation and claims of which counsel is aware
 assessment of the outcome of the litigation and claims
 estimate of the financial implications, including costs
If it is thought unlikely that the entity's external legal counsel will respond appropriately to a general
inquiry, the letter of specific inquiry should specify the following:
(a) A list of litigation and claims
(b) Management's assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved
(c) A request that the entity's external legal counsel confirm the reasonableness of
management's assessments and provides the auditor with further information if the list is
considered by counsel to be incomplete or incorrect
The auditors must consider these matters up to the date of their report and so a further, updating
letter may be necessary.
8.1.3 Disagreement between management and the entity's external legal

counsel
A meeting between the auditors and the entity's external legal counsel may be required, for
example where a complex matter arises, or where there is a disagreement between management
and the entity's external legal counsel. Such meetings should take place only with the permission of
management, and preferably with a management representative present.
8.1.4 Management refuses permission to communicate

HKSA 501 (Clarified) states the auditor shall perform alternative audit procedures when law,
regulation or any professional body prohibits the entity's external legal counsel from communicating
directly with the auditor.
The auditor shall modify the auditor's report in accordance with HKSA 705 (Clarified) by giving
limitation on scope or a disclaimer of report in the event of either of the following:
(a) Management refuses to give the auditor permission to communicate or meet with the entity's
external legal counsel or the entity's external legal counsel refuses to respond appropriately
to the letter of inquiry or is prohibited from responding
(b) Auditor is unable to perform alternative audit procedures in order to obtain sufficient
appropriate audit evidence
381
Business Assurance
8.1.5 Written representations

HKSA 501 (Clarified) requires that the auditor shall request management or those charged with
governance to provide written representations that all known actual or possible litigation and
claims whose effects should be considered when preparing the financial statements have been
disclosed to the auditor have been:
 accounted for
 disclosed in accordance with the applicable financial reporting framework
8.2 Any impairment loss?

The auditor should consider whether management has recognised any impairment loss in the
financial statements for litigation and claims. If not, the auditor should consider whether it is
necessary to do so. The auditor should perform audit procedures such as those described in the
table below.
AUDIT PLAN: IMPAIRMENT LOSSES/CONTINGENCIES

 Obtain details of all impairment losses which have been included in the financial statements
and all contingencies that have been disclosed.
 Obtain a detailed analysis of all impairment losses showing opening balances, movements
and closing balances.
 Determine for each material impairment losses whether the entity has a present obligation as
a result of past events by:
– review of correspondence relating to the item
– discussion with the directors. Have they created a valid expectation in other parties that
they will discharge the obligation?
 Determine for each material impairment loss whether it is probable that a transfer of
economic benefits will be required to settle the obligation through the following procedures:
– Checking whether any payments have been made in the post year-end period in respect of
the item by reviewing after-date cash
– Review of correspondence with solicitors, banks, customers, insurance company and
suppliers both pre- and post year-end
– Sending a letter to the legal counsel to obtain his views (where relevant)
– Discussing the position of similar past impairment losses with the directors. Were these
impairment losses eventually settled?
– Considering the likelihood of reimbursement
 Recalculate all impairment losses made.
 Compare the amount provided with any post year-end payments and with any amount paid in
the past for similar items.
 In the event that it is not possible to estimate the amount of the impairment loss, check that a
contingent liability is disclosed in the financial statements.
 Consider the nature of the entity's business. Would you expect to see any other
eg impairment losses warranties?
 Consider the adequacy of disclosure of impairment losses and contingent liabilities in
accordance with HKAS 37 Provisions, Contingent Liabilities and Contingent Assets.
382
9 Audit of provisions
Topic highlight
The key issues in the audit of provisions are existence and valuation.
The approach to auditing provisions is similar to that for the audit of contingencies.
AUDIT PLAN: PROVISIONS/CONTINGENCIES

 Obtain details of all provisions which have been included in the financial statements.
 Obtain a detailed analysis of all provisions showing opening balances, movements and
closing balances.
 Determine for each material provision whether the company has a present obligation as
a result of past events by:
– review of correspondence relating to the item
– discussion with the directors. Have they created a valid expectation in other parties
that they will discharge the obligation?
 Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
– checking whether any payments have been made in the post balance sheet period in
respect of the item.
– review of correspondence with solicitors, banks, customers, insurance company and
suppliers both pre and post year end.
– sending a letter to the solicitor to obtain their views (where relevant).
– discussing the position of similar past provisions with the directors. Were these
provisions eventually settled?
– considering the likelihood of reimbursement.
 Recalculate all provisions made.
 Compare the amount provided with any post year end payments and with any amount
paid in the past for similar items.
 In the event that it is not possible to estimate the amount of the provision, check that this
contingent liability is disclosed in the accounts.
 Consider the nature of the client's business. Would you expect to see any other
provisions eg warranties?
 Consider adequacy of disclosure of provisions.
10 Capital and other issues

Topic highlights
The audit of share capital and reserves is mainly concerned with the entity's compliance with
legal and regulatory requirements.
383
Business Assurance
The auditor must agree the issued share capital as stated in the financial statements to the total
recorded in the share register.
Where an entity handles its own registration work an examination of share transfers on a test basis
should be performed. Where independent registrars carry out the work on behalf of an entity, the
auditors will normally examine the reports submitted by them to the entity, and obtain from them a
certificate of the share capital in issue at the period end.
Auditors should carry out careful checks as to whether entities have complied with local legislation
regarding the issue or purchase of their own shares. Auditors should take particular care if there
are any movements in reserves that cannot be distributed, and should confirm that these
movements are valid.
AUDIT PLAN: CAPITAL AND RELATED ISSUES

Share equity  Agree the authorised share capital with the entity's Articles and
capital Memorandum
 Agree any changes to authorised share capital with properly authorised
resolutions.
Issue of shares  Verify any issue of share capital or other changes during the year with
general and board minutes.
 Ensure issue or change is within the terms of the constitution, and
directors possess appropriate authority to issue shares.
 Confirm that cash or other consideration has been received or
receivable(s) is included as called-up share capital not paid.
Transfer of  Verify transfers of shares by reference to:
shares – correspondence
– completed and stamped transfer forms
– cancelled share certificates
– minutes of directors' meetings
 Review the balances on shareholders' accounts in the register of
members and the total list with the amount of issued share capital in the
general ledger.
Dividends  Agree dividends paid and proposed to authority in minute books and
check calculation with total share capital issued to ascertain whether
there are any outstanding or unclaimed dividends.
 Agree dividend payments with documentary evidence such as the
returned dividend warrants.
 Check that dividends do not breach the distribution legislation.
 Check that imputed tax has been accounted for to the taxation authorities
and correctly treated in the financial statements.
Reserves  Agree movements on reserves to supporting authority.
 Ensure that movements on reserves do not contravene the legislation
and the entity's constitution.
 Confirm that the entity can distinguish distributable reserves from those
that are non-distributable.
 Ensure appropriate disclosures of movements on reserves are made in
the entity's financial statements by inspection of the financial statements.
384
11 Segment information
Topic highlights
The entity may be required or permitted to disclose segment information in the financial statements
according to the applicable financial reporting framework.
HKSA 501.13 The auditor is not required to perform audit procedures that would be necessary to express an
opinion on the segment information presented on a stand alone basis but rather the auditor has
responsibility regarding the presentation and disclosure of segment information in relation to the
financial statements taken as whole.
According to HKSA 501 (Clarified) Audit Evidence – Specific Considerations for Selected Items,
when segment information is material to the financial statements, the auditor should obtain
sufficient appropriate audit evidence regarding its presentation and disclosure of segment
information in accordance with the applicable financial reporting framework (ie HKAS) by:
(a) performing analytical procedures or other appropriate audit procedures appropriate in the
circumstances;
(b) obtaining an understanding of the methods used by management in determining segment
information; such as:
(i) evaluating whether such methods are likely to result in disclosure in accordance with
the applicable financial reporting framework; and
(ii) where appropriate, testing the application of such methods.
Requirement of disclosure of segment information
The entity may be required or permitted to disclose segment information in the financial
statements, depending on the applicable financial reporting framework.
The auditor's responsibility regarding the presentation and disclosure of segment information is in
relation to the financial statements taken as a whole.
Non-requirement of expression of opinion
Accordingly, the auditor is not required to perform audit procedures that would be necessary to
express an opinion on the segment information presented on a standalone basis.
11.1 Segment information

When obtaining an understanding of the methods used by management in determining segment
information and whether such methods are likely to result in disclosure in accordance with the
applicable financial reporting framework, auditors can perform or examine the following:
(a) Sales, transfers and charges between segments, and elimination of inter-segment amounts
(b) Comparisons with budgets and other expected results, for example, operating profits as a
percentage of sales
(c) The allocation of assets and costs among segments
(d) Consistency with prior periods, and the adequacy of the disclosures with respect to
inconsistencies.
385
Business Assurance
12 Sales
Topic highlights
For verification of sales, auditors have to be aware of special sales and consignment sales.
Sales is a material figure in the financial statements where the auditor devotes special attention.
In most cases, an auditor would perform analytical review at the beginning in order to predict the
relationship of sales in relation with other figures in the financial statements.
The auditor wants to ensure the sales are completely and accurately recorded.
For financial statement assertions that are relevant to sales, the auditor would concentrate on:
completeness, accuracy and cut-off.
The audit procedures are listed below:
AUDIT PLAN: SALES

Completeness Analytical procedures
 Compare current year's sales level with last year.
 Consider the effect on sales value of changes in quantities sold or
products or prices.
 Check the level of goods returned, sales allowances and discounts.
 Calculate the gross profit margin and record the reasons for
changes.
 Perform a detailed analysis of the gross profit margin.
Vouching and tracing
 Trace from goods despatch notes or till rolls to sales.
 Ensure sales invoices and despatch notes are all pre-numbered.
Cut-off  Obtain details of the last serial numbers of despatch notes issued
before the commencement of any inventory count.
 Ensure the entity has recorded all movement of inventory within the
period.
 Consider the last goods received notes and despatch notes prior to
and after the inventory count.
 Observe whether correct cut-off procedures are being followed in
the despatch and receiving areas.
 Check invoices and credit notes are dated in the correct period.
 Check invoices and credit notes are posted to the sales ledger and
general ledger in the correct period.
 Reconcile entries in sales ledger around the year end to daily batch
totals to ensure posting is correct and ensure the liability has been
recorded in the correct period.
 Review sales ledger control account around year end for unusual
items.
 Review material after-date invoices, credit notes and adjustments.
 Review shipment terms for goods in transit.
386
AUDIT PLAN: SALES

 Test inventory received and sales after period-end and items in
transit.
 Examine sales transactions and supporting documentation for a
period before the physical inventory count and determine that
goods shipped before the physical inventory count have been
included in sales and cost of sales, and that goods included in
inventory are not included in sales and cost of sales.
 Determine that inventory received after period-end for which title
had passed as of the reporting date was reflected in goods in
transit and in accounts payable.
 Determine that recorded goods in transit were received after
period-end.
Accuracy  Cast the additions on invoices and check the pricing calculations.
 Check calculations of discounts.
 Check any purchase tax has been added appropriately.
 Trace any debits in the sales account.
 Review reconciliations of sales ledger control account and
investigate on any unusual items.
 Review whether entity is following HKAS, Companies Ordinance,
and applies the accounting policies consistently throughout the
periods ie consistently following revenue recognition.
 Specific review on sales with higher discount or longer repayment
terms is required to ensure that the corresponding sales together
with the receivables should be accounted for at fair value in
accordance with HKAS 18 Revenue, HKAS 39 Financial
Instruments: Recognition and Measurement and HKFRS 9
Financial Instruments.
 Ensure compliance with HKAS 18 Revenue which requires that
revenue be measured at the fair value of the consideration received
or receivable, and the related accounting policies be disclosed in
the notes to the financial statements.
 Direct confirmation (positive or negative confirmation) meaning
verification of the accuracy from independent third party.
 Check to ensure that the sales have been properly authorised and
reviewed.
 Review sales budget and forecast.
12.1 Special sales

Apart from the above procedures that should be performed by auditors for normal sales, the entity
may have performed some special sales during the year. Auditors should perform additional
procedures as listed below:
(a) Inquire of entity's management their justification for recognising special sales on delivery to
customer
387
Business Assurance
(b) Evaluate compliance in accordance with HKAS 18 to determine whether they had applied
HKAS 18 appropriately in accounting for the special sales
(c) Inspect, or reperform the procedures to obtain a list of special sales made during the year
(d) Perform substantive analytical procedures on the list of special sales to determine the
completeness and accuracy of the information
(e) Inspect, or reperform, the calculations of the amounts of (a) special sales made during the
year, (b) returned during the year and (c) goods delivered under special sales
12.2 Consignment sales

12.2.1 Risks related to consignment sales
When the entity has consignment sales in the financial statements, the risk of material
misstatement will be higher.
Consignment sales recognition would have the following risks:
Completeness
Consignees may not have a good accounting system to report in a timely way to the consignor
when the consignment goods are sold to third party customers. As it may take considerable time
for the consignees to prepare and provide the consignor with information on the consignment
goods that have been sold, a delay may result in the recognition of consignment sales.
Occurrence
Consignment sales may not be properly identified and separated from normal sales. This may
result in early recognition of consignment sales at the time when goods are delivered to the
consignee even before the risks and rewards associated with the ownership of goods have been
substantively transferred to third party customers.
Accuracy
The entity's accounting staff may not be familiar with the relevant accounting standards for revenue
accounting and may not be able to apply these correctly to the consignment sales of goods
transactions.
12.2.2 Audit procedures on consignment sales

AUDIT PLAN: CONSIGNMENT SALES
 Discuss with local management the internal controls that are in place to:
– identify the existence of consignment sales
– ensure proper recognition of consignment sales
 Obtain an understanding of consignor's arrangements for consignment sales by reviewing
its consignment sales agreements with major consignees.
 Perform walkthrough tests to confirm the auditors' understanding of the entity's system and
perform compliance tests on key internal controls.
 Perform cut-off tests on goods sold by the consignees before and after the year-end.
 Perform an analytical review of the consignees' payables balances and review subsequent
payment movement by vouching for relevant supporting documents to note any cut-off
errors.
 Review correspondence with consignees, particularly in relation to the consignment sales
and/or consignment sales returns and look for any delay in sales recognition.
 Review periodic consigned goods reports provided by the consignees to match the entity's
internal documentation. Ensure that any variance found was properly explained.
388
AUDIT PLAN: CONSIGNMENT SALES

 Review and obtain explanations for any long outstanding receivables by the consignees,
which may indicate early recognition of consignment sales.
 Attend an inventory count to ensure the existence of consignment inventories if the amount
is material. Review the entity's consignment inventory reports and compare them to the
inventory count results to ensure the accuracy of the entity's consignment inventory
balances.
 Perform direct circularisation to selected consignees for sales transactions balances and
consignment inventories balances in any particular time frame to ensure the accuracy of
record-keeping between entity and consignees.
13 Purchases
Topic highlights
For verification of purchases, auditors may consider trade payables from the point of directional
testing.
The objectives for purchases and trade payables imply that:

(a) goods and services should only be ordered in the correct quantity, quality and at the best
terms after appropriate requisition and approval
(b) all suppliers' invoices should be examined against proper authorised purchase orders
(c) all goods and services invoiced should be properly recorded in the accounting records on a
timely basis
(d) all purchases and trade payables should be properly classified in the financial statements
13.1 Internal controls

Auditors shall perform tests of controls by searching the following key internal controls:
(a) Requisition forms should be pre-numbered and should be approved by authorised persons.
Any blank forms should be controlled and recorded and the purchase department should not
be allowed to raise purchase requisitions
(b) Purchase orders should be pre-numbered and be created only based on approved items of
the requisition forms. Again blank form should be controlled and recorded
(c) Order procedures should involve tendering and receiving quotations from suppliers
(d) Sequence checks of purchase orders should be performed regularly
(e) Goods received notes and debit notes should be pre-numbered and should be sent
separately to different departments
(f) Proper controls should be placed on different types of documents such as suppliers'
invoices, vouchers and purchase ledgers
(g) Budgetary techniques should be used to control all goods and services purchased
(h) Proper cut-off procedures should be established
389
Business Assurance
13.2 Substantive procedures

After obtaining understanding and ascertaining the effectiveness of the internal controls over
purchases and trade payables, the auditors shall determine the extent and timing of substantive
procedures.
Auditors should check the occurrence, completeness and cut-off assertions for all purchase
transactions. Valid reasons should be ascertained for the purchase transactions.
The following are the audit procedures to test the relevant financial statement assertions:
AUDIT PLAN: PURCHASES

Occurrence and  Perform analytical procedures such as compare the level of purchase
completeness and expenses of this year with previous year's level.
 Consider the ratio of trade payable to purchases and the ratio of trade
payable to inventory as compared with last year.
 Review the voucher register and purchase ledger for large or unusual
items.
 Consider the effect on purchase value of changes in quantities
purchased or products or prices.
 Check purchases and other expenses recorded in the purchase or
general ledger or cash to supporting documents such as approved
requisition forms, goods received notes or suppliers' invoices etc to
ensure all the purchases are valid and are allocated to the correct
purchase ledger.
 Consider reasonableness of deductions and subsequent events.
 Test the arithmetical accuracy ie by recalculating the amounts on
suppliers' invoices, voucher register and purchase ledger.
 Consider any credit balances for purchases.
 Ensure payables are properly measured in accordance with HKAS 39.
 Perform external confirmations for trade creditors' balances.
 Perform procedures to search for unrecorded liabilities.
AUDIT PLAN: PURCHASES
Cut-off  Check prenumbering of goods received notes before year end to
ensure invoices are posted to purchase ledger prior to year end or
included in accruals.
 Ensure last year accruals are not expenses again in the current year.
 Check goods returned notes prior to year end.
 Review large invoices credit notes after the year end.
 Review outstanding purchase orders for purchases completed but not
invoiced.
 Select goods received notes before and after year-end and check
against invoices entered in purchases, inventory and creditor accounts
for correct cut-off.
 Perform external confirmations for trade creditors' balances.
 Reconcile entries in sales ledger around the year end to daily batch
totals to ensure posting is correct and ensure the liability has been
recorded in the correct period.
 Review the control account around the year end for unusual items.
390
14 Wages and salaries
Topic highlights
Controls testing will normally be a key part of the audit of wages and salaries.
Payroll is an area where misappropriation through fraud is a risk.
14.1 Internal controls

Auditors shall perform tests of controls by searching the following key internal controls:
(a) Employee records or files should be maintained for each employee ie by the human
resources department.
(b) Employment procedures should be specified and documented ie employing and dismissing
an employee.
(c) Duty reporting records ie time-sheets or clock card records should be maintained.
(d) Output or piecework records for the employee salaried on their piecework performed should
be properly controlled and evidenced.
(e) A senior officer should be appointed to review independently the payroll records.
(f) Preparation of payroll should be performed by independent staff who are not involved in
employment duties.
(g) Proper control and documentation are required for check payment, cash payment and direct
debits.
(h) Deductions of Mandatory Provident Fund (MPF) or other pension contributions should be
properly reviewed and remitted.
(i) Independent review and comparison should be performed on a regular and on surprise basis.
(j) Comparison between the actual and budgeted payroll should be performed regularly.
Other tests of controls that could be done are:
(a) review payroll costs ie checking authorisation
(b) attend wages payoff and observe the procedures in operation
(c) review records of employees
14.2 Substantive procedures

Analytical procedures are a good start to audit wages and salaries, that is, compare this year's
figures with last year, consider the wage rate changes and the sales/profits per employee.
For more specific procedures to test the financial statement assertions, please refer to the
following:
391
Business Assurance
AUDIT PLAN: WAGES AND SALARIES

Occurrence  Examine personnel records, employment contracts to verify each
individual remuneration.
 Attend wage payout on an irregular basis.
 Investigate long outstanding payroll checks.
 Inspect tax records.
 Confirm with HR department.
 Conduct analytical procedures such as comparing payroll expenses
with prior years.
Accuracy  Check calculations of remuneration by re-computing.
 Check any deductions from salary such as pension or MPF.
Completeness  Cast check payroll records.
 Test commission expenses.
 Scrutinise payroll and investigate unusual items.
 Agree net pay to payroll ledger.
The following are independent situations. All items involved are material.
(a) The impairment loss for warranty account has a balance of HK$800,000 which is the same
as that of last year.
(b) A subsidiary engaged in importing has been audited by the Customs and Excise Department
which alleges that the entity has been avoiding customs duty on products it is importing.
Management has indicated that it disagrees with this contention and will strenuously defend
the subsidiary's position. The entity has instructed its external legal counsel to handle the
dispute.
(c) You have sent confirmation requests to four major customers and the responses received
are as follows:
(i) 'Sorry, can't answer request unless you supply details of all invoices outstanding.'
(ii) 'Our balance of amount due to you at 31 December 20Y0 was HK$170,000. We have
paid your invoice dated 15 December 20Y0 of HK$160,000 last week on 23 February
20Y1. The remaining HK$10,000 is for your invoice dated 24 December 20Y0. We
don't know where your extra HK$20,000 came from'. (In your client's receivables
ledger, the balance at 31 December 20Y0 was HK$190,000.)
(iii) 'Balance agreed to our record' (However, the response was not signed).
(iv) 'Our balance due to you at 31 December 20Y0 was HK$310,000' (In your client's
receivables ledger, the balance at 31 December 20Y0 was HK$200,000.)
Your staff have not performed any other work in this area to date.
Required
In each of the above situations (a) to (c), describe the additional audit procedures you would
perform in order to obtain sufficient appropriate audit evidence.
392
15 Financial Instruments
Topic highlights
“Hong Kong Auditing Practice Guidance” (HKAPG) - HKAPG 1000 conforms with IAPN 1000 and
it provides important practical assistance to auditors when addressing valuation and other
considerations pertaining to financial instruments.
Financial instruments may be used by financial and non-financial entities of all sizes for a variety of
purposes. Some entities have large holdings and transaction volumes while other entities may only
engage in a few financial instrument transactions. Some entities may take positions in financial
instruments to assume and benefit from risk while other entities may use financial instruments to
reduce certain risks by hedging or managing exposures. This Hong Kong Auditing Practice
Guidance (HKAPG) is relevant to all of these situations.
15.1 Purposes of HKAPG 1000

The purpose of the HKAPG1000 is to provide:
(a) Background information about financial instruments; and
(b) Discussion of audit considerations relating to financial instruments
HKAPGs provide practical assistance to auditors. This HKAPG is relevant to entities of all sizes,
as all entities may be subject to risks of material misstatement when using financial instruments.
The guidance on valuation in this HKAPG is likely to be more relevant for financial instruments
measured or disclosed at fair value, while the guidance on areas other than valuation applies
equally to financial instruments either measured at fair value or amortized cost. This HKAPG is also
applicable to both financial assets and financial liabilities. This HKAPG does not deal with
instruments such as:
(a) The simplest financial instruments such as cash, simple loans, trade accounts receivable
and trade accounts payable;
(b) Investments in unlisted equity instruments; or
(c) Insurance contracts.
This HKAPG has been written in the context of general purpose fair presentation financial reporting
frameworks, but may also be useful, as appropriate in the circumstance, in other financial reporting
frameworks such as special purpose financial reporting frameworks.
This HKAPG focuses on the assertions of valuation, and presentation and disclosure, but also
covers, in less detail, completeness, accuracy, existence, and rights and obligations.
15.2 Controls relating to financial instruments

Normally, it is the role of those charged with governance to set the tone regarding, and approve
and oversee the extent of use of, financial instruments while it is management’s role to manage
and monitor the entity’s exposures to those risks.
An entity’s internal control over financial instruments is more likely to be effective when
management and those charged with governance have:
(a) Established an appropriate control environment, active participation by those charged
with governance in controlling the use of financial instruments
393
Business Assurance
(b) Established a risk management process relative to the size of the entity and the complexity
of its financial instruments
(c) Established information systems that provide those charged with governance with an
understanding of the nature of the financial instrument activities and the associated risks,
including adequate documentation of transactions
(d) Designed, implemented and documented a system of internal control
(e) Established appropriate accounting policies, including valuation policies, in accordance
with the applicable financial reporting framework.
An expectation that controls are operating effectively may be more common when dealing with a
financial institution with well-established controls, and therefore controls testing may be an effective
means of obtaining audit evidence.
Entities with a high volume of trading and use of financial instruments may have more sophisticated
controls, and an effective risk management function, and therefore the auditor may be more likely
to test controls in obtaining evidence.
When an entity has relatively few transactions involving financial instruments, it may be relatively
easy for the auditor to obtain an understanding of the entity’s objectives for using the financial
instruments and the characteristics of the instruments.
15.3 Audit considerations relating to financial instruments

Certain factors may make auditing financial instruments particularly challenging:
It may be difficult for both management and the auditor to understand the nature of financial
instruments.
 Market sentiment and liquidity can change quickly.
 Evidence supporting valuation may be difficult to obtain.
 Individual payments associated with certain financial instruments may be significant, which
may increase the risk of misappropriation of assets.
 The amounts recorded in the financial statements relating to financial instruments may not
be significant, but there may be significant risks and exposures associated with these
financial instruments.
A few employees may exert significant influence on the entity’s financial instruments transactions.
These factors may cause risks and relevant facts to be obscured, which may affect the auditor’s
assessment of the risks of material misstatement. Therefore the auditor needs to use professional
scepticism when assessing audit evidence and remain alert for possible indications of management
bias.
15.3.1 Planning consideration for auditing financial instruments

The auditor’s focus in planning the audit is particularly on:
 Understanding the accounting and disclosure requirements;
 Understanding the financial instruments to which the entity is exposed, and their purpose
and risks;
 Determining whether specialised skills and knowledge are needed in the audit;
 Understanding and evaluating the system of internal control in light of the entity’s financial
instrument transactions and the information systems that fall within the scope of the audit;
 Understanding the nature, role and activities of the internal audit function;
394
 Understanding management’s process for valuing financial instruments, including whether

management has used an expert or a service organisation; and
 Assessing and responding to the risk of material misstatement.
15.3.2 Assessing and responding to the risks of material misstatement

The use of more complex financial instruments, such as those that have a high level of uncertainty
and variability of future cash flows, may lead to an increased risk of material misstatement,
particularly regarding valuation.
There would also be fraud risk factors related to financial instruments, for example:
 Incentives for fraudulent financial reporting by employees may exist where compensation
schemes are dependent on returns made from the use of financial instruments.
 Difficult financial market conditions may give rise to increased incentives for management or
employees to engage in fraudulent financial reporting: i.e. to protect personal bonuses.
 Misappropriation of assets and fraudulent financial reporting may often involve override of
controls.
The auditor’s risk assessment process may lead the auditor to identify one or more significant
risks relating to the valuation of financial instruments, when there are:
 High measurement uncertainties related to the valuation of financial instruments
 Lack of sufficient evidence to support management’s valuation of its financial instruments
 Lack of management understanding of its financial instruments or expertise necessary to
value such instruments properly
 Lack of management understanding of complex requirements in the applicable financial
reporting framework relating to measurement and disclosure of financial instruments
 The significance of valuation adjustments made to valuation technique outputs
15.3.3 Audit procedures on assertions of financial instruments

(a) Procedures that may provide audit evidence to support the completeness, accuracy,
and existence assertions include:
 External confirmation of bank accounts, trades, and custodian statements.
 Reviewing reconciliations of statements or data feeds from custodians with the entity’s
own records.
 Reviewing journal entries and the controls over the recording of such entries.
 Reading individual contracts and reviewing supporting documentation of the entity’s
financial instrument transactions, including accounting records.
 Testing controls, for example by reperforming controls.
 Reviewing the entity’s complaints management systems.
 Reviewing master netting arrangements to identify unrecorded instruments.
(b) Procedures that may provide audit evidence to support the valuation assertion
The auditor should evaluate whether the valuation techniques used by an entity are
appropriate in the circumstances, and whether controls over valuation techniques are in
place,
In accordance with HKSA 540 (Clarified), the auditor considers the entity’s valuation policies
and methodology for data and assumptions used in the valuation methodology.
395
Business Assurance
In testing how management values the financial instrument and in responding to the
assessed risks of material misstatement in accordance with HKSA 540 (Clarified), the
auditor should:
 Test how management made the accounting estimate and the data on which it is
based (including valuation techniques used by the entity in its valuations)
 Evaluate whether the assumptions used by management are reasonable
 Test the operating effectiveness of the controls over how management made the
accounting estimate, together with appropriate substantive procedures.
 Develop a point estimate or a range to evaluate management’s point estimate
 Determine whether events occurring up to the date of the auditor’s report provide audit
evidence regarding the accounting estimate
 Evaluate the appropriateness of management’s expert’s work. This assists the auditor
in assessing whether the prices or valuations supplied by a management’s expert
provide sufficient appropriate audit evidence to support the valuations
(c) Procedures that may provide audit evidence to support the presentation and
disclosure assertion
The auditor’s focus may need to be on the disclosures relating to risks and sensitivity
analysis. Information obtained during the auditor’s risk assessment procedures and testing
of control activities may provide evidence in order for the auditor to conclude whether or not
the disclosures in the financial statements are in accordance with the requirements of the
applicable financial reporting framework.
Consideration of the appropriateness of presentation, for example on short-term and long-
term classification, in substantive testing of financial instruments is relevant to the auditor’s
evaluation of the presentation and disclosure.
15.4 Other relevant audit considerations

HKSA 580 (Clarified) Written representations
HKSA 540 (Clarified) requires the auditor to obtain written representations from management
and, where appropriate, those charged with governance whether they believe significant
assumptions used in making accounting estimates are reasonable.
HKSA 260 (Clarified) Communication with those charged with governance
The auditor may communicate the nature and consequences of significant assumptions used in
fair value measurements, the degree of subjectivity involved in the development of the
assumptions, and the relative materiality of the items being measured at fair value to the financial
statements as a whole. In some cases, auditors may be required, or may consider it appropriate, to
communicate directly with regulators or prudential supervisors, in addition to those charged with
governance, regarding matters relating to financial instruments.
396
AUDIT PROCEDURES
Topic recap
Non-current Inventory Receivables Cash Trade payables Provisions Sales and Wages and
assets purchases salaries
Completeness Existence Existence Completeness Completeness Existence Completeness Occurrence

Existence Completeness Completeness Existence Accuracy Completeness Accuracy Accuracy
Valuation Rights and Valuation Rights and Cut-off Valuation Cut-off Completeness
Rights and obligations obligations
obligations Valuation Valuation
Cut-off
– Physical Planning External – Bank confirmation Supplier statement – Discussion with Analytical – Controls testing
inspection attendance and confirmation – Review of bank reconciliations management procedures – Analytical
– Recalculation review reconciliations – Review of legal procedures
management correspondence
inventory count
procedures
Positive Positive
Attendance at
inventory count
Test count
procedures
397
Business Assurance
Answer 1
Audit work on the trucks
For a sample of new additions in the non-current asset register:
Existence assertion
Agree to the physical asset to confirm existence of the trucks. For trucks out on hire during the
audit visit, obtain alternative evidence of existence such as payment from customer near year end
for hire or send confirmations.
Check the physical condition of the vehicle to ensure that repairs and renewal expenditure is not
being understated (Existence of repair expenditure).
Completeness assertion
For a sample of vehicle purchases during the year, trace details to the non-current assets register.
For a sample of sold/scrapped vehicles during the year, ensure asset has been removed from the
non-current assets register.
Valuation assertion
Obtain non-current asset register from entity and cast the cost, depreciation and net book value
columns of the register and agree to final figures appearing on the statement of financial position.
Recalculate depreciation in the non-current asset register, ensuring that the rates used are those
disclosed in the financial statements.
Review profits and losses generated on sale of vehicles and ensure these are not excessive.
Check the accuracy of the depreciation rates used as this may indicate over or under charge of
depreciation.
Rights and obligations assertion
Agree details to purchase invoice or similar document for evidence of ownership ie annual licence.
Occurrence assertion
Examine board minutes or similar documentation for evidence of authority to purchase vehicles.
Compare sales income to sale of similar vehicles with similar mileage and ensure comparable for a
sample of disposals during the year.
Check calculation of profit or loss on disposal of trucks.
Agree receipt on sale to the cash book.
Presentation and classification assertion
Agree totals in non-current asset register to the financial statements, ensuring vehicles are
disclosed separately in the non-current assets note (material item).
Ensure that the accounting policy for depreciation is clearly stated in the financial statements and is
the same as last year.
398
Answer 2
(a) The valuation of goodwill and intangible assets may be materially misstated if:
 improper business and intangible asset valuation prepared by X Limited due to wrong
assumptions, business data and valuation methodology used;
 certain intangible assets are not identified from the acquisition;
 useful lives of the intangible assets are over-estimated; and
 goodwill impairment assessment was not properly prepared by management with
reference to inappropriate business data and assumptions.
(b) CC Limited’s auditor should consider the below audit procedures on goodwill:
 Inspect the selling and purchase agreement and agree the consideration to the selling
and purchase agreement;
 Assess the reasonableness of the business valuation performed by X Limited by
reviewing the valuation methodology, data and assumptions used;
 Assess the competence, objectivity and independence of X Limited to ensure X
Limited has the expertise on advising the business valuation and intangible assets;
 Recalculate the purchase price allocation among assets acquired and liabilities
assumed, intangible assets identified and goodwill allocated;
 Check purchased goodwill is calculated correctly. It should reflect the difference
between the fair value of the consideration given and the aggregate of the fair values
of the separable net assets acquired; and
 Review the goodwill impairment assessment performed by CC Limited. Discuss with
management the reasonableness of assumptions and data used and appropriateness
of the assessment model.
CC Limited’s auditor should consider the below audit procedures on purchased intangible
assets:
 Inspect the selling and purchase agreement and agree purchased intangibles as to
the selling and purchase agreement;
 Inspect the valuation report prepared by X Limited to ensure the valuations of the
intangibles are reasonable;
 Assess the reasonableness of the useful lives of the intangible assets estimated by
X Limited and management; and
 Recalculate the amortisation calculations of the intangibles prepared by management.
Answer 3
In order to rely on the system as a basis for the figure in the financial statements, the auditor would
need to ensure that management had an accurate and up-to date system for ensuring that each
item of inventory was counted at least once a year.
Auditors would therefore visit the warehouses during the year, possibly on a rotational basis, to
ensure that the system was being operated in a normal manner.
Auditors would ask management about the procedures for inventory counting and review the
related documentation, including inventory counting instructions, and form a view as to whether the
system was adequate.
Auditors would test check records of goods received and goods despatched and trace them
through the inventory system to ensure that records were accurate and input on a timely basis.
399
Business Assurance
Analytical procedures would be performed to establish which warehouses to visit for testing.
Warehouses likely to be visited include warehouses where large volumes of inventories were held,
warehouses that were experiencing problems or had experienced problems in the past, or
warehouses that were considered high risk for other reasons.
Auditors would perform own test checks of inventory and compare with Gourmet's test count
results. Using CAATs (computer-assisted audit techniques), including test data and audit software
may be necessary.
All exception reports produced by the system should be reviewed to see if there were any recurring
or old items and to ensure that all errors and exceptions were being dealt with on a timely basis.
Answer 4
(a) The auditor uses assertions in assessing risks and designing and performing audit
procedures in response to the assessed risks. HKSA 315 (Revised) categorises assertions
into those relating to classes of transactions, account balances, and disclosures.
While external confirmations may provide audit evidence regarding these assertions, the
ability of an external confirmation to provide audit evidence relevant to a particular assertion
varies.
External confirmation of trade receivable provides reliable and relevant audit evidence
regarding the existence of the account and customer as at a certain date, eg, 31 March 20X0
for DEF.
However, external confirmation of trade receivable does not ordinarily provide all the
necessary audit evidence relating to the valuation assertion because it is not practicable to
ask the debtor to confirm detailed information relating to its ability to pay the account.
External confirmation of trade receivable also does not ordinarily provide all the necessary
audit evidence relating to unrecorded trade receivable balances (the completeness
assertion).
(b) Wong should perform the following additional audit procedures:
(i) Wong should ask DEF to follow up Debtor A’s response by providing the outstanding
statement with all necessary details to Debtor A after checking. It is unlikely that this
additional audit procedure is impractical.
(ii) Wong should verify the source and contents of the response in a telephone call to the
purported sender of Debtor B, and document oral confirmations in the audit
documentation file. Where practicable, Wong should return this response to Debtor B
for signature after asking DEF to communicate the issue with Debtor B.
(iii) Wong should check with DEF if the balance was actually received. Wong should verify
it with the bank statement. Wong has to obtain DEF’s explanation on the reply of
Debtor C’s confirmation.
If the HK$580,000 was received and credited to the wrong customer account, Wong
should investigate whether this is a clerical error. To assure both accounts have been
properly stated, the account originally credited should be reconfirmed unless the
customer has already questioned the propriety of the credit.
If there is no receipt evidence in DEF, Wong has to ask DEF to obtain the payment
evidence and sort out the issue with Debtor C. Wong needs to verify evidence once
the issue is sorted out. Wong should be alert if there is an unreasonable time lag
between the cheque receipt date and the bank-in date, it may be a teeming and lading
fraud and Wong should re-assess the audit risk and take necessary action.
(iv) Debtor D has effectively confirmed a balance of HK$400,000. The remaining
HK$300,000 goods in transit should be analysed to determine whether there is any
cut-off error. Wong should check when the goods were sent to and received by Debtor
400
D. The remaining HK$300,000 should be recognised as trade receivable if the arrival

date to the seller’s port/airport (for FOB shipping point) is on or before 31 March 20X0
and the arrival date to the buyer’s port/airport (for FOB destination) is on or before
31 March 20X0.
Answer 5
(a) Given that the impairment loss for warranty account balance is material, audit steps in
accordance with HKSA 540 (Clarified) Audit of Accounting Estimates should be undertaken
to obtain sufficient appropriate audit evidence to conclude whether the accounting estimates
for warranty impairment loss made by the management is reasonable in the circumstances
and whether the impairment loss is appropriately disclosed.
In this case, it is appropriate for the auditor to review and test the process used by
management to develop the estimate. Given that impairment losses for warranty claims
usually take time to realise, it is unlikely that review of subsequent transactions may provide
the auditor with further audit evidence regarding an accounting estimate made by
management. (However, this does not mean that the auditors need not perform normal
procedures on subsequent events, for example, inquire of management whether the claim
levels have changed unexpectedly after the year-end.) It is also unlikely that an independent
estimate for comparison with that prepared by management is necessary.
In reviewing and testing the process used by management, the auditor would ordinarily
perform the following steps:
(i) Ensure the impairment loss satisfies the recognition criteria under the relevant HKASs
(ii) Evaluate the data and consider the assumptions on which the impairment loss
warranty is based
(iii) Review and/or reperform the calculations involved in the estimate
(iv) Compare last year's estimates with the actual warranty costs incurred to determine
whether last year's estimate was accurate
(v) Consider management's approval procedures and obtain management
representations
(b) HKSA 501 (Clarified) states that when the auditor believes a risk of material misstatement
regarding litigation or claims may exist, the auditor should seek direct communication with
the entity's legal counsel. Normally, the communication would be in the form of a letter to the
external legal counsel that specifies:
(i) a list of litigation and claims
(ii) management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved
(iii) a request for the solicitors to confirm the reasonableness of management's
assessment of the outcome of the claim and its estimate of the financial implications,
including costs involved
The letter, which should be prepared by management and sent by the auditor, should
request the entity's legal counsel to communicate directly with the auditor.
Where necessary, the auditor would meet with the entity's legal counsel to discuss the likely
outcome of litigation and claims.
(c) (i) Where time allows, send to the customers details of the outstanding invoices for
confirmation. Where this is not practicable, perform appropriate alternative
procedures. For example, trace balance to any subsequent cash receipt and agree
unpaid amounts to invoices and proof of delivery.
401
Business Assurance
(ii) The debtor has effectively confirmed a balance of HK$170,000. The auditor should
trace the remaining HK$20,000 to subsequent payment or, invoices and proof of
delivery.
The exception may indicate a misstatement in the entity's records. In such a case, the
auditor determines the reasons for the misstatement and assesses whether it has a
material effect on the financial statements. If an exception indicates a misstatement,
the auditor reconsiders the nature, timing and extent of audit procedures necessary to
provide the audit evidence required.
(iii) Verify the source and contents of a response in a telephone call to the purported
sender, and document oral confirmations in the working papers. Where practicable
this response should be returned to the debtor for signing.
(iv) The balance of HK$310,000 should be reconciled to the entity's record of HK$200,000
by verifying any differences in recording payments, invoices and delivery of goods.
The exception may indicate a misstatement in the entity's records. In such a case, the
auditor determines the reasons for the misstatement and assesses whether it has a
material effect on the financial statements. If an exception indicates a misstatement,
the auditor reconsiders the nature, timing and extent of audit procedures necessary to
provide the audit evidence required.
402
Exam practice
X Limited 21 minutes
C Limited is a customer of X Limited. In X Limited’s accounting records, HK$2,589,000 is shown
as an outstanding balance receivable from C Limited as at 30 June 20Y0. C Limited and X Limited
have recently been disputing over the quality of some products delivered from X Limited to
C Limited.
Required
You are the auditor of X Limited. Explain how you would evaluate the valuation and allocation
assertion of the overall trade receivables balance, in which HK$2,589,000 due from C Limited is
under dispute, in X Limited’s accounting records.
(12 marks)
HKICPA June 2011
Z Construction 27 minutes
A CPA (Practising), Benny, and his team are carrying out the audit of the financial statements for a
mid-size construction company called Z Construction. Today, Benny receives the bank
reconciliation at the financial year-end date from Z Construction’s Financial Controller and the bank
confirmation reply from Z Construction’s banker. Benny has also asked the financial controller to
arrange to send a confirmation letter to Z Construction’s lawyer.
Required
(a) List out the audit procedures that Benny and his team should conduct in respect of the bank
reconciliation.
(7 marks)
(b) In addition to the balances of current and deposit accounts, explain two more particular items
for the construction industry that Benny and his team should seek to ascertain or confirm
from the bank confirmation reply.
(4 marks)
(c) Explain what Benny and his team should seek to ascertain or confirm from the lawyer’s
confirmation letter.
(4 marks)
(Total = 15 marks)
HKICPA June 2012
Inventory 27 minutes
You are working on an audit engagement for a client who owns over 150 chain shoe stores in Hong
Kong. Your client owns five different shoe brands and each of the brands specialises in a different
style of shoe product. During the course of the audit, you look into the inventory ledger and find
that the inventory balance as at year end increased three-fold to HK$200 million compared to last
year, representing 20% of the total assets of the company as at year end, and the inventory aging
has been deteriorating significantly compared to last year.
403
Business Assurance
You therefore discuss with the management their assessment on the appropriateness of the
inventory provision. The managing director explains to you that he is very optimistic about their
future development. According to the managing director, they have just acquired three more shoe
brands and will open another 50 shoe stores in Hong Kong in the coming year and therefore the
inventory balance as at year end had tripled compared to last year. In addition, he is confident that
there will be no inventory provision required against their shoe products given that their shoe
products are always well-received by their customers in the market.
Required
(a) Assess and explain the risk of material misstatement relating to the accounting estimate over
the inventory valuation as at year end.
(5 marks)
(b) After talking to the managing director, you are not satisfied with the explanation from the
managing director on the inventory. What audit procedures would you further perform in
response to the risk of material misstatement discussed in (a)?
(10 marks)
(Total = 15 marks)
Cash and bank 18 minutes

In a recent dialogue with the internal audit, you understand that the internal audit has issued an
unsatisfactory report on the bank reconciliation process of your client. The internal audit report
indicated that there was significant control deficiency over the cash management process, and that
the management processes and controls were not properly exercised by the operation team.
Required
(a) Assess and explain the risk of material misstatement relating to the existence and accuracy
assertions of the cash and bank balance as at year end.
(3 marks)
(b) Suggest and explain the audit procedures you would perform in response to the risk of
material misstatement identified in Question (a).
(7 marks)
(Total = 10 marks)
404
chapter 14
Using the work of others
Topic list
1 Experts
1.1 Using the work of an auditor's expert
1.2 Determining the need to use the work of an auditor's expert
1.3 Effect of management's expert on the use of auditor's expert
1.4 Audit procedures on the work of an auditor's expert
1.5 Evaluating the adequacy of the auditor's expert's work
1.6 Management's expert
2 Service organisations
2.1 Considerations of the entity auditor
2.2 Obtaining audit evidence
2.3 Service organisation auditor's reports
2.4 Reporting
Learning focus
When using the work of third parties, the auditor should consider the scope, the function and
the reports involved. You should link the study of this chapter with your knowledge from the
previous chapters and should consider the involvement with third parties' work.
405
Business Assurance
Learning outcomes
Competency
level
2.10.05 Discuss why auditors may rely on the work of others, including 2
2.11 Internal audit 2
2.11.02 Discuss why auditors may rely on the work of others, including
406
14: Using the work of others | Part D Assurance engagements
1 Experts
Topic highlights
External auditors may make use of the work of both the auditor's expert or management's expert
when carrying out audit procedures to obtain sufficient appropriate audit evidence.
1.1 Using the work of an auditor's expert
Key terms
An auditor's expert is an individual or organisation possessing expertise in a field other than
HKSA 620.6 accounting or auditing, whose work in that field is used by the auditor to assist the auditor in
obtaining sufficient appropriate audit evidence. They may be either an auditor's internal expert or
an auditor's external expert.
Management's expert is an individual or organisation possessing expertise in a field other than
accounting or auditing, whose work in that field is used by the entity to assist the entity in
preparing the financial statements.
HKSA In accordance with HKSA 620 (Clarified) Using the Work of an Auditor’s Expert an auditor’s expert
620.7, A4 may be needed to assist the auditor in one or more of the following:
 Obtaining an understanding of the entity and its environment, including its internal control
 Identifying and assessing the risks of material misstatement
 Determining and implementing overall responses to assessed risks at the financial
statement level
 Designing and performing further audit procedures to respond to assessed risks at the
assertion level, comprising tests of controls or substantive procedures
 Evaluating the sufficiency and appropriateness of audit evidence obtained in forming an
opinion on the financial statements
The following list gives examples of the audit evidence which might be obtained from the use of an
auditor's expert:
(a) Valuing certain types of assets, e.g. land and buildings, plant and machinery, complex
financial instruments and so on
(b) Performing the actuarial calculation of liabilities associated with insurance contracts or
employee benefit plans
(c) Estimating oil and gas reserves
(d) Valuing environmental liabilities and site clean-up costs
(e) Interpreting contracts, laws and regulations
(f) Measuring work completed and work-in-progress on contracts-in-progress
(g) Analysing complex or unusual tax compliance issues
The objectives of the auditors are to determine whether:
 to use the work of an auditor's expert
 that work is adequate for the auditor's purposes if using the work of an auditor's expert
407
Business Assurance
HKSA 620 (Clarified) does not deal with:

 situations where the engagement includes a member with expertise in a specialised area of
accounting and auditing, which is dealt with in HKSA 220 (Clarified) Quality Control for an
Audit of Financial statements; or
 the auditor’s use of the work of an individual or organisation possessing expertise in a field
other than accounting and auditing, whose work in that field is used by the entity to assist the
entity in preparing the financial statements, which is dealt with in HKSA 500 (Clarified) Audit
Evidence.
1.2 Determining the need to use the work of an auditor's expert

HKSA 620.A8 HKSA 620 (Clarified) requires that the auditor shall determine whether to use the work of an
auditor's expert due to the auditor’s lack of expertise. Further, the auditor should consider when
and to what extent to use the work of an auditor's expert and ascertain the nature, extent and
timing of audit procedures.
The engagement partner is required to be satisfied that the engagement team and any auditor's
experts, collectively have the appropriate competence and capabilities to perform the audit
engagement.
When considering whether to use the work of an auditor's expert, the auditors should review:
 whether management has used a management's expert in preparing the financial statements
 the materiality of the financial statement item being considered
 the risks of material misstatement based on the nature and complexity of the matter
 the quantity and quality of other available relevant audit evidence
 the expected nature of procedures to respond to identified risks
1.3 Effect of management's expert on the use of auditor's expert

HKSA 620.A9 When management has used a management's expert in preparing the financial statements, the
auditor's consideration of using an auditor's expert should be based on the following factors:
 the nature, scope and objectives of the management's expert's work
 whether management's expert is an employee of the entity or is specially engaged to provide
specific engagements
 the extent that management can exert influence or control over the work of management's
expert
 the competence and capabilities of the management's expert
 the technical regulations or standards with which the management's expert has to comply
 controls within the entity over the management expert's work
Further issues related to management's expert are described in Section 1.6 in this chapter.
The auditor can still obtain a sufficient understanding of the entity's area of business, even without
the use of an auditor's expert. Ways of obtaining the understanding can be to:
 consider experience of other clients that require such expertise
 consider the auditor's education or professional development in the particular area of inquiry
 discuss with auditors who have performed similar engagements
1.4 Audit procedures on the work of an auditor's expert

HKSA 620.8- HKSA 620 (Clarified) requires that the auditor shall consider the following when determining the
9, 11 nature, extent and timing of the procedures of the work of an auditor's expert.
408
Such factors are:

 the nature of the matter to which that expert’s work relates
 the risks of material misstatement in the matter that involves the expert's work
 the significance and impact of that expert's work in the audit
 the auditor's knowledge of and experience with previous work of auditor's expert
 whether the expert is subject to the audit firm's quality control policies and procedures
1.4.1 Competence, capabilities and objectivity of the auditor's expert

HKSA 620 (Clarified) requires that the auditors shall evaluate the competence, capabilities and
objectivity of the auditor's expert to consider whether the work of the auditor's expert is adequate
for the auditor's purposes. The auditor can discuss with auditors who have performed similar
engagements or discuss with the expert.
Competence of the auditor's expert
Competence relates to the nature and level of expertise of the auditor's expert. Auditors should
consider the following:
 The expert's professional certification, or licensing by, or membership of, an appropriate
professional body
 The expert's experience and reputation in the field in which the auditors are seeking audit
evidence
Field of expertise
HKSA 620 (Clarified) requires that the auditor shall obtain understanding of the field of expertise
of the auditor's expert by considering:
 whether the expert's field has heavy impact on the audit;
 whether any professional or other standards, and regulatory or legal requirements apply;
 what assumptions and methods are used by the auditor's expert; and
 the nature of internal or external data that the auditor's expert uses.
Capabilities of the auditor's expert
Capabilities relate to the ability of the auditor's expert to exercise his competence in the engagement,
for example, factors such as geographical location, and the availability of time and resources.
Objectivity of the auditor's expert
Objectivity relates to the possible influences on the judgment of the auditor's expert causing him to
be biased, perhaps through a conflict of interest. The auditor shall consider circumstances causing
threats to independence and the possible safeguards to reduce the threats.
HKSA 620 (Clarified) requires that the auditor shall specifically inquire as to interests and
relationships that may create a threat to that expert's objectivity. Specific inquiries should be
performed on:
(a) any known interests or relationships that the entity has with the auditor's external expert that
may affect the objectivity of the auditor's expert ie financial interest in the entity, business
and personal relationships and the provision of other services
(b) the applicable safeguards that are required to reduce threats to an acceptable level
If the auditors have reservations about the competence or objectivity of the expert they may need
to carry out other procedures or obtain evidence from another expert.
Other matters that the auditor should consider include:
(a) the relevance of the auditor's expert's competence to be applied in other areas in the audit
(b) the auditor's expert's competence with respect to relevant accounting and auditing
requirements
409
Business Assurance
(c) any unexpected events, changes in considerations, or the audit evidence obtained from the
results of audit procedures
1.4.2 Agreeing in writing with the auditor's expert

HKSA 620 (Clarified) requires that the auditor shall agree, in writing on the following matters:
(a) the nature, scope and objectives of the auditor's expert's work
(b) the respective roles and responsibilities of the auditor and the auditor's expert
(c) the nature, extent and timing of communications, including types of report between auditor
and the auditor's expert
(d) confidentiality requirement imposed on the auditor's expert
1.5 Evaluating the adequacy of the auditor's expert's work

HKSA HKSA 620 (Clarified) requires that the auditor shall evaluate the adequacy of the auditor’s expert's
620.12, 14, 15 work based on the following:
Factors Details
The relevance and Auditor can use specific procedures such as:
reasonableness of
 inquire of auditor's expert
auditor's expert's
findings or conclusions  review working papers and reports of auditor's expert
 discuss with another expert with that relevant expertise
 discuss with management the report of the auditor's expert
 other procedures such as observation of expert's work or
confirming with third parties
The factors that the auditor should consider for evaluation are
whether:
 the conclusions are presented consistently and clearly in
accordance with standards of the auditor's expert's profession
 the conclusions are based on an appropriate period and have
taken into account any subsequent event
 the conclusions are subject to any limitations and restrictions
 the conclusions are based on appropriate considerations of errors
or deviations
The relevance and The auditor shall consider whether the auditor's expert has adequately
reasonableness of reviewed the assumptions and methods and in addition consider
significant assumptions any models used, whether they are accepted in the auditor's expert's
and methods used by field.
the auditor's expert
The assumptions should be generally accepted within the auditor’s

expert’s field and should conform with the requirements of the
The relevance, The auditor shall verify the origin of the data and review the data for
completeness and completeness and internal consistency.
accuracy of the source
data used by the
auditor's expert
410
1.5.1 Inadequacy in the work of the auditor's expert

When the auditor determines that the work of the auditor's expert is not adequate enough to satisfy
the auditor's purpose, the auditor shall:
(a) agree with the auditor's expert the nature and extent of further work to be performed by the
auditor's expert
(b) perform additional appropriate audit procedures
1.5.2 Audit reporting

When the auditor concludes that:
 the work of the auditor's expert is not adequate,
 additional audit procedures cannot resolve the issue, and
 the conclusion is that no sufficient and appropriate audit evidence could be obtained,
under HKSA 705 (Clarified), the auditor shall modify the audit opinion. Any reference to the
auditor's expert's work, the auditor shall indicate in the auditor's report that such reference does not
reduce the auditor's responsibility for their opinion.
The auditor shall not refer to the work of an auditor's expert in an auditor’s report when an
unmodified opinion is expressed unless required by law or regulations. If such a reference is
required the auditor must indicate that this reference does not reduce the auditor’s responsibility for
the auditor's opinion.
If the auditor makes reference to the work of an auditor’s expert in the auditor’s report because
such a reference is relevant to the understanding of a modification, the auditor shall indicate in the
auditor’s report that such reference does not reduce the auditor’s responsibility for that opinion. In
such circumstances, the auditor may need the consent from the auditor’s expert before making
such a reference.
1.6 Management's expert

HKSA 500.8 The entity may engage a management's expert who possesses expertise in a field other than
accounting or auditing in preparing the entity's financial statements. HKSA 500 (Clarified) Audit
Evidence applies when information prepared by the work of management's expert, is to be used as
evidence. In such cases, the auditor shall:
 evaluate the competence, capabilities and objectivity of that management's expert
 obtain an understanding of the work of that management's expert
 evaluate the appropriateness of that management's expert's work as audit evidence related
to the assertion
This is similar to Section 1.4 of this chapter when describing the work of an auditor's expert.
1.6.1 Threat to independence of management's expert

As the management's expert may be an employee of the entity, a threat to objectivity always exists.
Threats to independence may involve the basic five threats described in the Code of Ethics
described in detail in Chapter 4; that is the threats of self-interest, self-review, familiarity, advocacy
and intimidation.
Safeguards relating to the management's expert's profession, legislation or regulation or by the
work environment of the management's expert may be used to reduce the threats. More relevant
than safeguards may be discussion with management and the expert regarding any interests and
relationships that may give rise to such threats.
411
Business Assurance
You are an audit manager of ABC & Co and you are engaged in the audit of EX3's financial
statements for the year ended 31 December 20X0. On 1 July 20X0, EX3 acquired a 70 per cent
equity interest in Subsidiary Three Limited (“Sub-3”) for a cash consideration of HK$400,000,000.
A firm of professional surveyors, Very Professional Surveying Limited (“VPS”), was appointed by
EX3 to value the buildings of Sub-3. The fair values of the buildings of Sub-3 were, in total,
HK$50,000,000 above their carrying amounts at 1 July 20X0 after taking into account depreciation
up to 30 June 20X0. These valuation surpluses had not been adjusted in the books of Sub-3.
According to the relevant accounting standard, the buildings should be initially carried in EX3's
consolidated financial statements at fair value at the date of acquisition. The buildings have a
useful life of 50 years.
Required
(a) Explain why your firm may decide to rely on the work of VPS.
(b) Determine how your team would satisfy yourselves that VPS is a suitable candidate to rely
on.
Metropolitan Group is a company listed on the Hong Kong Stock Exchange. It is one of the large
retailing companies in the Asia-Pacific region with around 130 locations. In 20X9, Metropolitan
generated sales of HK$3,888 million and inventories of HK$420 million. Its sales brands “Metro
Boy” and “Junior Star” command leading market positions in their respective segments.
Simon, senior audit manager of Law & Co. (Law), is responsible for the financial statement audit of
the Metropolitan Group for the year ended 30 June 20X0. In accordance with the valuation report
prepared by XYZ Valuation and Professional Services Limited (XYZ), a firm of business valuers
engaged by Law, the fair value of the brand name of “Junior Star” at 30 April 20Y0 was
HK$100 million. Metropolitan Group would like to disclose this information in the notes to the
financial statements. The brand name is carried at cost of registration of HK$200,000.
Required
Assuming Law is going to rely on the valuation report prepared by XYZ, describe the audit
procedures to accept XYZ’s work as audit evidence and as consideration to express the auditors’
opinion on disclosure requirement.
(10 marks)
2 Service organisations
Topic highlights
A service organisation provides outsourced services to another entity. This raises particular
concerns for the auditor.
412
Key terms
A service organisation is a third party organisation that provides services to user entities that are
part of those entities’ information systems relevant to financial reporting.
HKSA
402.8e, i A user entity is an entity that uses a service organisation and whose financial statements are
being audited.
A type 1 report is a report on the description and design of a service organisation’s controls.
A type 2 report is a report on the description and design of a service organisation’s controls and
their operating effectiveness.
For auditors whose client uses a service organisation to outsource its non-core activities HKSA 402
(Clarified) Audit Considerations Relating to an Entity using a Service Organisation provides
guidance as to how to audit this relationship. It states that the objectives of the auditor are to:
(a) obtain an understanding of the nature and significance of the services provided by the
service organisation and their effect on the user entity’s internal control relevant to the audit,
sufficient to identify and assess the risks of material misstatement; and
(b) design and perform audit procedures responsive to those risks.
The HKSA identifies a number of directly relevant activities which are often performed in this way
(by no means, an exhaustive list):
 maintenance of accounting records
 management of assets
 initiating, recording or processing transactions as agents of the user entity
Who determines the processes and operational controls over the service activity depends on the
nature of the contract between the two parties:
(a) When the services provided by the service organisation are limited to recording and
processing entity transactions and the entity retains authorisation and maintenance of
accountability, the entity may be able to implement effective policies and procedures within
its own control environment.
(b) When the service organisation executes the entity's transactions and maintains
accountability, the entity may deem it necessary to rely on policies and procedures at the
service organisation.
2.1 Considerations of the entity auditor

HKSA 402.9, The HKSA states that when obtaining an understanding of the user entity the user auditor must
12, A12-13
obtain an understanding of how a user entity uses the services of a service organisation.
Information on the nature of services provided will be available from a wide variety of sources
including:
 user manuals
 system overviews
 technical manuals
 the contract or service level agreement between the user entity and the service organisation
 reports by service organisations, internal auditors or regulatory authorities on controls at the
service organisation
 reports by the service auditor, including management letters
In obtaining an understanding of the entity, the auditor will also consider these factors:
413
Business Assurance
(a) the nature of the services provided by the service organisation and the significance of
those services to the user entity
(b) the nature and materiality of the transactions processed or accounts or financial reporting
processes affected by the service organisation
(c) the degree of interaction between the activities of the service organisation and those of the
user entity
(d) the nature of the relationship between the user entity and the service organisation, including
the relevant contractual terms for the activities undertaken by the service organisation
When obtaining an understanding of internal control the user auditor must evaluate the design and
implementation of relevant controls at the user entity that relate to the services provided by the
service organisation, including those that are applied to the transactions processed by the service
organisation. Where the user entity has established controls over the service organisation’s
services the auditor may be able to rely on these regardless of the controls in place at the service
organisation. The auditor would need to perform tests of controls in this situation and the extent of
reliance would depend on the results of these tests.
If the user auditor is unable to obtain a sufficient understanding from the user entity, the user
auditor shall obtain audit evidence from one or more of the following procedures:
(a) obtaining a Type 1 report or Type 2 report (see Section 2.3 below);
(b) contacting the service organisation via the user entity in order to obtain specific information;
(c) requesting that another auditor be engaged to perform procedures that will provide the
necessary information; or
(d) visiting the service organisation and performing such procedures.
2.2 Obtaining audit evidence

HKSA HKSA 402 (Clarified) states that:
402.15, 16
In responding to assessed risks in accordance with HKSA 330 (Clarified), the user auditor shall:
(a) determine whether sufficient appropriate audit evidence concerning the relevant financial
statement assertions is available from records held at the user entity; and if not
(b) perform further audit procedures to obtain sufficient appropriate audit evidence or use
another auditor to perform those procedures at the service organisation on the user auditor’s
behalf.
Where the auditor has an expectation that controls at the service organisation are operating
effectively and the auditor wishes to rely on these audit evidence must be obtained from one or
more of the following procedures:
(a) obtaining a Type 2 report, if available
(b) performing appropriate tests of controls at the service organisation
(c) using another auditor to perform tests of controls at the service organisation on behalf of the
user auditor
414
2.3 Service organisation auditor's reports

Service organisation auditors will usually supply one of two types of report:
(a) Report on suitability of design. This is the basic report.
(b) Report on suitability of design and operating effectiveness. This contains a report on
design, plus an opinion by the service organisation auditor that the accounting and internal
control systems are operating effectively based on the results from the tests of controls.
While reports on design may be useful to an entity auditor in gaining the background understanding
of the accounting and internal control systems involved, it would not be used as a basis for
reducing the assessment of control risk.
A report on operating effectiveness is much more useful since tests of controls have been
performed and it may be used as evidence to support a lower control risk assessment. For this to
happen an entity auditor would have to consider whether the controls tested by the service
organisation auditor are relevant to the entity's transactions (ie whether they relate to significant
assertions in the entity's financial statements) and whether the service organisation auditors' tests
of controls and the results may be relied on.
The auditor of a service organisation may be engaged to perform substantive procedures that
are of use to an entity auditor. Such engagements may involve the performance of procedures
agreed upon by the entity and its auditor and by the service organisation and its auditor.
2.4 Reporting
HKSA The auditor is always solely responsible for the audit opinion. He must be assured that he has
402.20-22 gained sufficient appropriate audit evidence to form an opinion on the financial statements and he
must then express his opinion in the audit report.
It would therefore be inappropriate to refer to the work of others in the audit report. His
conclusions on the work of others should, however, be adequately documented in the audit file.
If reference to the service organisation is relevant to an understanding of a modified audit opinion
the audit report must indicate that this reference does not diminish the auditor’s responsibility for
that opinion.
415
Business Assurance
Topic recap
USING THE WORK

OF OTHERS
Experts Service
organisation
Auditor assesses
Management’s Auditor’s control risk and designs
expert expert audit procedures
accordingly
Assists the entity in

preparing the Internal External
Assists the auditor in

obtaining sufficient
appropriate evidence
Auditor evaluates
competence, and
capabilities and
objectivity
Auditor has sole

responsibility for audit
opinion
416
Answer 1
(a) The auditor's education and experience enable the auditor to be knowledgeable about
business matters in general, but the auditor is not expected to have the expertise of a person
trained for or qualified to engage in the practice of another profession or occupation, such as
an actuary or engineer. The valuation of the building of EX3 in this case requires expert's
knowledge that ABC & Co does not have. Therefore, ABC & Co needs to rely on the work of
VPS.
(b) In accordance with HKSA 620 (Clarified) Using the Work of an Auditor’s Expert, when ABC &
Co plans to use the work of VPS, ABC & Co should evaluate (1) the professional
competence of VPS; and (2) the objectivity of VPS.
ABC & Co assesses VPS's professional competence by considering the following:
(i) VPS's professional certification or licensing by, or membership in, an appropriate
professional body. For example, the legal and professional status of the professional
body that licenses VPS to perform property valuation.
(ii) Experience and reputation in the field in which ABC & Co is seeking audit evidence,
that is, experience in the type and location of building that EX3 acquired through
Sub-3.
The risk that VPS's objectivity will be impaired increases when VPS is (1) employed by
EX3 (which is not likely in this case); or (2) related in some other manner to EX3, for
example, by being financially dependent upon or having an investment in EX3.
If ABC & Co is concerned about the competence or objectivity of VPS, ABC & Co
needs to discuss any reservations with management and consider whether sufficient
appropriate audit evidence can be obtained concerning the work of VPS. ABC & Co
may need to undertake additional audit procedures or seek audit evidence from
another property valuer when it is necessary.
Answer 2
If Law is going to rely on XYZ's valuation report for the purpose of disclosing the fair value of brand
name in the notes to the financial statement, Law should ensure its audit procedures fully comply
with HKSA 620 (Clarified) Using the Work of an Auditor’s Expert.
Law should make an assessment on the competence, capabilities and objectivity of XYZ.
Law should determine the nature, scope and objectives of XYZ’s work for Law’s purposes and
evaluate the adequacy of that work for Law’s purposes.
This involves assessing whether the substance of XYZ's findings have been properly reflected in
the notes disclosure of the brand name. Particularly, Law should consider whether:
 the source data used by XYZ is appropriate in the circumstances. For example, reviewing or
testing the data used by XYZ.
 the assumptions and methods used by XYZ are reasonable and appropriate, and whether
they are consistently applied in prior periods.
 the results of XYZ’s work are reasonable based on Law’s knowledge of Metropolitan Group’s
business and the results of other audit procedures.
417
Business Assurance
 the effective date of XYZ’s findings (30 April 20Y0) is acceptable when comparing with Law’s
report date.
If the results of XYZ’s work do not provide sufficient appropriate audit evidence, or if the results are
not consistent with other audit evidence, Law should resolve the matter.
Law may discuss the issue with Metropolitan Group and XYZ, and apply additional procedures,
including possibly engaging another expert or modify the auditor's report.
Law should not refer to the work of XYZ when issuing an unmodified auditor’s report for
Metropolitan Group’s audit because such a reference might be misunderstood to be an audit
qualification or a division of responsibility between Law and XYZ.
If Law decides to add an emphasis of matter paragraph to their report or to issue a qualified opinion
as a result of XYZ’s work, Law may in the auditor’s report make a reference to the identification of
XYZ as the expert and the extent of XYZ’s involvement. Such a reference will facilitate an
understanding of the modification. Law should indicate in the auditor’s report that such reference
does not reduce its responsibility for that opinion.
When Law decides to make a reference to XYZ in the auditor’s report, Law would first obtain
permission from XYZ. If permission is refused and Law believes that such a reference is
necessary, Law may consider obtaining legal advice.
418
Exam practice
Management's expert 18 minutes

Your firm has recently been engaged in the audit of the financial statements of a new client, which
is a Hong Kong residential property developer. In accordance with the company’s accounting
policy, residential properties under development are carried at the lower of their costs and net
realisable values. In order to ascertain the net realisable values of the residential properties under
development, the company has employed High Value Surveyors Limited (“HVSL”), a firm of
property consultants, to prepare a valuation report on the development projects.
Required
Explain why your firm may decide to rely on the work of HVSL and how your firm would satisfy itself
that HVSL is a suitable candidate to rely on.
(Total = 10 marks)
419
Business Assurance
420
chapter 15
Accounting estimates,
opening balances and
comparatives
Topic list
1 Accounting estimates 2 Opening balances

1.1 The nature of accounting estimates 2.1 Auditor's objectives in respect of
1.2 Estimation uncertainty opening balances
1.3 Responsibilities of management 2.2 Audit procedures on opening balances
1.4 Responsibilities of auditors – risk 2.3 Specific audit procedures
assessment procedures required 2.4 Material misstatements in opening
1.5 Responsibilities of auditors – responding balances
to the assessed risks 2.5 Effect of a modification to the
1.6 Final evaluation of accounting estimates predecessor auditor's opinion
– reasonable or misstated 2.6 Audit conclusions and reporting
1.7 Indications of possible management bias 3 Comparatives
3.1 What type of comparatives are they?
3.2 Audit procedures on comparative
information
Learning focus
When an estimate is involved, the use of judgment means the level of risk is higher. Be alert
for assertions that are likely to be estimates or subjective valuations.
When auditing fair values, auditors should consider whether there is an active open market,
if not valuation models should be used.
An incoming auditor should perform appropriate audit procedures to verify the opening
balances.
421
Business Assurance
Learning outcomes
Competency
level
2.09.10 Discuss the audit problems and identify procedures for the audit
of:
2.09.10.01 Accounting estimates
2.09.10.02 Fair values
2.09.10.03 Opening balances
2.09.10.04 Comparatives
422
15: Accounting estimates, opening balances and comparatives | Part D Assurance engagements
1 Accounting estimates
Topic highlights
When auditing accounting estimates auditors should:
 test the management process
 use an independent estimate
 review subsequent events
in order to assess whether the estimates are reasonable.
1.1 The nature of accounting estimates

HKSA 540.6 HKSA 540 (Clarified) Auditing Accounting Estimates, including Fair Value Accounting Estimates,
and Related Disclosures provides guidance on the audit of accounting estimates contained in
financial statements. The auditor's objective is to obtain sufficient appropriate audit evidence about
whether accounting estimates are reasonable and related disclosures are adequate.
Key term
An accounting estimate is an approximation of a monetary amount in the absence of a precise
HKSA 540.7a means of measurement.
The responsibility for making estimates lies with management or those charged with governance.
Some estimates are routine and some are one-off. Many estimates are capable of reasonable
estimation but some complex estimates may involve special knowledge and judgment.
Examples of accounting estimates include the following:

 Estimate of impairment of account receivables
 Inventory obsolescence – estimate of net realisable value of inventories
 Warranty obligations – estimate of the provision
 Depreciation method or asset useful life
 Outcome of long-term contracts
 Costs arising from litigation settlements and judgments – contingent liabilities
 Impairment of the carrying amount of an investment where there is uncertainty regarding its
recoverability
 Complex financial instruments, which are not traded in an active and open market
 Share-based payments
 Property or equipment held for disposal
 Deferred tax
 Non-monetary consideration, for example exchange of plant facilities
423
Business Assurance
1.2 Estimation uncertainty
Key term
Estimation uncertainty refers to the susceptibility of an accounting estimate and related
HKSA 540.7c disclosures to an inherent lack of precision in its measurement.
HKSA The degree of estimation uncertainty varies based on the:

540.11, A38
(a) nature of the accounting estimate
(b) extent to which there is a generally accepted method or model used to make the accounting
estimate
(c) subjectivity of the assumptions used to make the accounting estimate
When preparing the financial statements, this may involve estimation which includes judgment
based on information available at that time.
Some accounting estimates involve low estimation uncertainty but alternatively some may
involve high estimation uncertainty. The table below gives example of both categories:
Examples of low estimation uncertainty Examples of high estimation uncertainty
 Relate to entities that are not engaged in  Accounting estimates relating to the outcome
complex business activities of litigation
 Accounting estimates are frequently updated  Fair values accounting estimates for:
due to routine transactions
– derivative financial instruments not
 The method of measurement of the fair value publicly traded
accounting estimates based on applicable
– highly specialised entity-developed
financial reporting framework is simple and
model is used for which assumptions or
can be applied easily
inputs cannot be observed in the
 The model used to measure the fair value marketplace
accounting estimates is well-known or
generally accepted
The auditor shall obtain understanding of whether and if so, how management has assessed the
effect of estimation uncertainty. For example:
(a) how management has considered alternative assumptions or outcomes
(b) how management determines the accounting estimate when analysis indicates a number of
outcome scenarios
(c) whether management monitors the outcome of accounting estimates and has responded
appropriately.
1.2.1 Degree of estimation uncertainty associated with an accounting

estimate
The auditor shall evaluate the degree of estimation uncertainty associated with an accounting
estimate and in addition, the auditor shall consider whether the identified accounting estimates
involve high estimation uncertainty that gives rise to significant risk.
The degree of estimation uncertainty associated with an accounting estimate may be influenced by
the following factors:
(a) whether accounting estimates are heavily dependent on judgment
(b) whether the accounting estimates are heavily sensitive to changes in assumptions
424
(c) whether there are existing recognised measurement techniques to mitigate the estimation
uncertainty
(d) the consideration of the length of the forecast period
(e) the availability of reliable data from external sources
(f) the inputs contributed to the accounting estimate
1.3 Responsibilities of management

It is management's responsibility to make accounting estimates to be included in the financial
statements. The process of making accounting estimates always involves high level of judgment
due to the existence of uncertainty regarding the outcome of events.
Formulae used in forming the accounting estimates need to be reviewed regularly by management.
Some financial statement items cannot be measured precisely, only estimated. The nature and
reliability of information available to management to support accounting estimates can vary
enormously and this therefore affects the degree of uncertainty associated with accounting
estimates, which in turn affects the risk of material misstatement of accounting estimates.
Therefore, when accounting estimates are involved, inherent risk (and therefore audit risk)
increases and in return, the risks of material misstatement increases.
1.4 Responsibilities of auditors – risk assessment procedures

required
HKSA 540.8 The auditor must obtain sufficient and appropriate audit evidence regarding accounting
estimates. The auditor should exercise professional judgment when performing audit procedures
in regard to the accounting estimates.
HKSA 540 (Clarified) requires that the auditor shall obtain an understanding of the following to
provide a basis for the identification and assessment of the risks of material misstatement for
accounting estimates:
(a) The requirements of the applicable financial reporting framework
The auditor shall obtain an understanding of the requirements of the applicable financial
reporting framework by determining the conditions for the recognition or methods for
measuring accounting estimates and the specific disclosures of the accounting estimates.
(b) How management identifies those transactions, events and conditions that may give
rise to the need for accounting estimates
The auditor shall inquire of management as to how management identifies the need for
accounting estimates ie by making inquiries to ascertain management's knowledge of the
entity's business, industry, implementation of business strategies and their cumulative
experience for preparing the financial statements.
In other situations, the auditor may perform risk assessment procedures directed at the
methods and practices used as part of the entity's formal risk management function.
(c) How the management makes the accounting estimates
The auditor shall consider the types of accounts to which the accounting estimates relate
and whether management has used recognised measurement techniques for making the
accounting estimates. The auditor shall perform inquiries to ascertain whether matters
relating to subsequent events have been treated appropriately. (Subsequent events are
covered in detail in the next chapter.)
425
Business Assurance
(d) Method of measurement

The auditor shall consider whether the accounting estimates are made in accordance with
HKFRSs or another framework. There would be a higher level of risk if management is using
an internally developed model in making the accounting estimate or using a method not
commonly used in the industry.
(e) Relevant controls
The auditor shall consider the experience and competence of those of make the accounting
estimates and controls relating to:
(i) how management determines the completeness, relevance and accuracy of the data
used
(ii) the review and approval of accounting estimates
(iii) the segregation of duties of those managing the entity and those responsible for
making the accounting estimates
(f) Assumptions underlying the accounting estimates
The auditor shall consider the assumptions underlying the accounting estimates by taking
into the account of:
(i) the nature of the assumptions
(ii) how management assesses whether the assumptions are relevant and complete
(iii) how management considers the assumptions used are consistent
(iv) how the assumptions used conform with the entity's business plans and environment
(g) Changes in methods for making accounting estimates
The auditor shall determine whether there ought to be a change in the methods for making
accounting estimates as compared to last year. If management has changed the
assumption, management should demonstrate that that the new method is more appropriate.
(h) Reviewing prior period accounting estimates
The auditor may review the prior period accounting estimates as a risk assessment
procedure in accordance with the HKSA.
1.5 Responsibilities of auditors – responding to the assessed

risks
HKSA HKSA 540 (Clarified) requires that, based on the assessed risks of material misstatement, the
540.12-16 auditor shall determine whether the:
(a) accounting estimate has been made in accordance with the requirements of the applicable
financial reporting framework such as conforming with HKFRSs
(b) method used by management for making the accounting estimates are appropriate and have
been applied consistently
(c) whether changes in accounting estimates or in the method for making accounting estimates
from the prior period are appropriate in the circumstances.
1.5.1 Selection of procedures to perform

HKSA 540 (Clarified) requires the auditor to perform one or more of the following procedures in
responding to the assessed risk of material misstatement:
(a) Determine whether events occurring up to the date of the auditor's report provide
sufficient and appropriate audit evidence regarding the accounting estimate.
426
(b) Test how management made the accounting estimate and the data used.
The auditor shall evaluate whether the method of measurement used is appropriate and the
assumptions used by management are reasonable. Some of the tests are described below.
(i) Test the extent to which data on which the accounting estimate is based is accurate,
complete and relevant, and whether the accounting estimate has been properly
determined using such data and management assumptions
(ii) Consider the source, relevance and reliability of external data or information
(iii) Recalculate the accounting estimate
(iv) Consider whether the accounting estimate is internally consistent
(v) Consider management's review and approval processes
(c) Test the operating effectiveness of controls over how management made the accounting
estimate when management's process has been well-designed, implemented and
maintained. For example:
(i) Controls exist for the review and approval of the accounting estimates by appropriate
levels of management and those charged with governance
(ii) The accounting estimate is derived from the routine processing of data by the entity's
accounting system
(d) Develop a point estimate or a range (see key term below) to evaluate whether
management's point estimate may be an appropriate treatment. This may be appropriate in
the following circumstances:
(i) An accounting estimate is not derived from the entity's routine processing of data
(ii) Previous experience suggests that management's current period process is unlikely to
be effective
(iii) The entity's controls for determining accounting estimates are not well designed and
implemented
(iv) Subsequent events contradict management's point estimate
(v) Alternative sources of relevant data are available to use in making a point estimate or
a range
HKSA 540 (Clarified) requires that, when developing a point estimate or a range to evaluate
management's point estimate if the auditor uses different assumptions or methods
compared to management and concludes that it is inappropriate to use a range, then the
auditor shall narrow the range.
When the auditor concludes that it is appropriate to use a range to evaluate the
reasonableness of management’s point estimate the auditor shall narrow the range based on
audit evidence available, until all outcomes within the range are considered reasonable.
(e) Disclosure relating to accounting estimates – the auditor shall obtain sufficient
appropriate the audit evidence about whether the disclosures in the financial statements
related to accounting estimates are in accordance with the requirements of the applicable
financial reporting framework.
Key terms
An auditor's point estimate or auditor's range is the amount, or range of amounts respectively,
HKSA derived from audit evidence for use in evaluating management's point estimate.
540.7b, e
A management’s point estimate is the amount selected by management for recognition or
disclosure in the financial statements as an accounting estimate.
427
Business Assurance
1.5.2 Further substantive procedures in response to significant risks

When auditing accounting estimates that give rise to significant risks, auditors' further substantive
procedures should focus on evaluation of the following:
(a) the appropriateness of the recognition of the accounting estimates in the financial
statements due to the estimation uncertainty ie management's decision to recognise or not
recognise the accounting estimate, with the consideration of disclosure of the circumstances
and the selected measurement basis for the accounting estimates
(b) how management has assessed the effect of estimation uncertainty on the accounting
estimate
(c) the adequacy of related disclosures in the context of applicable financial reporting
framework – the auditor may encourage management to disclose in the notes to the financial
statements the circumstances relating to the estimation uncertainty
HKSA 540 (Clarified) requires that, for accounting estimates that give rise to significant risks, the
auditor shall evaluate the following:
(a) how management has considered alternative assumptions or outcomes for the accounting
estimates
(b) whether the significant assumptions used by management are reasonable
(c) management's intention to carry out specific actions on the accounting estimates and its
ability to do so
(d) whether the auditor needs to develop a range to evaluate the reasonableness of the
accounting estimate
1.6 Final evaluation of accounting estimates – reasonable or

misstated
HKSA 540.18 Under HKSA 450 (Clarified), a misstatement regarding an accounting estimate, whether caused by
fraud or error, may arise as a result of factual misstatements, judgmental misstatements or
projected misstatements.
The auditors should make a final assessment of the reasonableness of the accounting
estimates based on the audit evidence in order to conclude whether the accounting estimates are
reasonable or are misstated.
If there are any differences in between management's point estimates and the auditors' point
estimates supported by audit evidence, the auditors should consider whether the difference is a
misstatement which indicates that management's point estimate lies outside the auditors' range.
Where management has changed an accounting estimate, or the method in making the estimate
as compared to prior period, which cannot be justified, the auditor may conclude based on the audit
evidence that the accounting estimate is misstated as a result of an arbitrary change by
management, or may regard it as an indicator of possible management bias.
1.7 Indications of possible management bias
Key term
Management bias is a lack of neutrality by management in the preparation and presentation of
HKSA 540.7d information.
HKSA During the process of making an accounting estimate, there is inherent subjectivity involved and
540.21-22
the susceptibility of an accounting estimate to management bias increases with the level of
subjectivity.
428
Management bias can be described as unintentional management bias or the potential for
intentional management bias and can be difficult to detect at an account level. It may only be
identified when considered in the aggregate of groups of accounting estimates or all accounting
estimates when observed over a number of periods.
For continuing audits, indicators of possible management bias identified in preceding periods
may influence the planning and risk identification and assessment activities of the auditor in the
current period.
1.7.1 Audit procedures requirement on possible management bias
Topic highlights
Indicators of possible management bias do not necessarily conclude that there are misstatements
on the accounting estimates as there may be no intention by management to mislead users of
HKSA 540 (Clarified) requires that the auditor shall identify whether there are indicators of
possible management bias when reviewing the judgment and decisions made by management in
the making of accounting estimates during the audit.
Examples of indicators of possible management bias:

(a) changes in accounting estimate or method of making the accounting estimate, involving
management's subjective assessment for that change
(b) use of entity's own assumptions for fair value accounting estimates when they are
inconsistent with assumptions that would otherwise be used in the market
(c) generating a point estimate favourable for achieving management objective based on
significant assumptions selected or constructed
(d) selecting a point estimate that may indicate a pattern of optimism or pessimism
However, if there is an intention to mislead, management bias is fraudulent, meaning fraud has
occurred.
1.7.2 Documentation of indicators of possible management bias

HKSA 540 (Clarified) requires that the auditor shall document any indicators of possible bias
identified during the audit in concluding whether the auditor's risk assessment and the responses
to assessed risks remain appropriate and in evaluating whether the financial statements as a whole
are free from material misstatement.

Under HKSA 580 (Clarified), written representations about accounting estimates recognised or
disclosed in the financial statements may include representations on matters such as the following:
 The appropriateness of the measurement processes in the context of the applicable financial
reporting framework, and the consistency in application of the processes.
 Whether the assumptions appropriately reflect management’s intent and ability to carry out
specific courses of action on behalf of the entity, where relevant to the accounting estimates
and disclosures.
 That disclosures related to accounting estimates are complete and appropriate under the
 That no subsequent event requires adjustment to the accounting estimates and disclosures
included in the financial statements.
429
Business Assurance
Metropolitan Group is a company listed on the Hong Kong Stock Exchange. It is one of the large
retailing companies in the Asia-Pacific region with around 130 locations. In 20X9, Metropolitan
generated sales of HK$3,888 million and inventories of HK$420 million. Its sales brands “Metro
Boy” and “Junior Star” command leading market positions in their respective segments.
Simon, senior audit manager of Law & Co. (Law), is responsible for the financial statement audit of
the Metropolitan Group for the year ended 30 June 20Y0. In accordance with the valuation report
prepared by XYZ Valuation and Professional Services Limited (XYZ), a firm of business valuers
engaged by Law, the fair value of the brand name of “Junior Star” at 30 April 20Y0 was HK$100
million. Metropolitan Group would like to disclose this information in the notes to the financial
statements. The brand name is carried at cost of registration of HK$200,000.
Required:
What audit procedures, other than those relating to using the work of XYZ, would Law perform, in
accordance with relevant Hong Kong auditing standards, on the proposed fair value disclosure of
the brand name “Junior Star” in the notes to the financial statements for the year ended 30 June
20Y0?
(6 marks)
2 Opening balances
Topic highlights
HKSA 510 (Clarified) Initial Audit Engagements – Opening Balances provides guidance on opening
balances:
 when the financial statements for the prior period were not audited
 when the financial statements for the prior period were audited by a predecessor auditor,
meaning the incoming auditor should obtain sufficient and appropriate audit evidence
regarding the opening balances.
Key terms
Opening balances are those account balances that exist at the beginning of the period. Opening
HKSA balances are based upon the closing balances of the prior period and reflect the effects of
510.4b, c
transactions and events of prior periods and accounting policies applied in the prior period.
Opening balances include matters requiring disclosure that existed at the beginning of the period,
such as contingencies and commitments.
Predecessor auditor is an auditor from a different audit firm who audited the financial statements
of an entity in the prior period and who has been replaced by the current auditor.
430
2.1 Auditor's objectives in respect of opening balances

HKSA 510.3 HKSA 510 (Clarified) states that when the auditor conducts an initial audit engagement, the
objective with respect to opening balances is to obtain sufficient appropriate audit evidence about
whether:
(a) opening balances contain misstatements that materially affect the current period's financial
statements
(b) appropriate accounting policies reflected in the opening balances have been consistently
applied in the current period's financial statements
(c) if changes are made, whether these changes are appropriately accounted for and
adequately presented and disclosed in accordance with the applicable financial reporting
framework.
2.2 Audit procedures on opening balances

HKSA 510.5, The following flow chart shows the audit procedures on opening balances required by HKSA 510
6, 8 (Clarified):
Audit procedures on opening
balances under HKSA 510
(Clarified)
Review documents: Obtain sufficient appropriate audit evidence about

whether the opening balances contain
Read the most recent misstatements that materially affect the current
financial statements period’s financial statements
Read the
predecessor auditor’s
report; and
Read any other
documents
Correctly brought Application of If prior year Current period

forward: appropriate financial evidence:
accounting statements were Evaluate
Whether prior
policies: audited: whether audit
period’s closing
balances have Whether the Review the proc edures
been correctly opening predecessor performed in the
brought forward balances reflect auditor’s current period
to the current the application working papers provide
period of appropriate evidence on
Auditor should
accounting opening balance
consider the
policies or perform other
professional
specific
Whether competence
proc edures (see
accounting and
Section 2.3)
policies have independence
been of predec essor
consistently auditor
applied If prior year
financial
Whether statements were
changes in not audited:
accounting
policies have The incoming
been accounted auditor should
for and disclosed state in the
auditor’s report
that the
corresponding
figures are
unaudited
431
Business Assurance
2.3 Specific audit procedures

HKSA For current assets and liabilities some audit evidence may be obtained as part of the current
510.A6-7 period's audit procedures. For example, the collection (payment) of opening accounts receivable
(accounts payable) during the current period will provide some audit evidence of their existence,
rights and obligations, completeness and valuation at the beginning of the period.
In the case of inventories, however, the current period's audit procedures on the closing inventory
balance provide little audit evidence regarding inventory on hand at the beginning of the period.
Therefore, additional procedures may be necessary, such as:
(a) observing a current physical inventory count and reconciling it back to the opening
inventory quantities
(b) performing audit procedures on the valuation of the opening inventory items
(c) performing audit procedures on gross profit and cut-off
A combination of these procedures may provide sufficient appropriate audit evidence.
For non-current assets and liabilities, some audit evidence may be obtained by examining the
accounting records and other information underlying the opening balances. In certain cases, the
auditor may be able to obtain some audit evidence regarding opening balances through
confirmation with third parties, for example, for long-term debt and investments. In other cases, the
auditor may need to carry out additional audit procedures.
In some situations, the current auditor may wish to hold consultations with the predecessor
auditor. This is usually limited to seeking information on the predecessor auditor’s audit of
particular areas (usually high risk areas), or to obtaining clarification of any significant accounting
matters that are not adequately dealt with in the client’s records.
2.4 Material misstatements in opening balances

HKSA 510.7 If the opening balances contain misstatements that could affect the current period's financial
statements, the auditor shall perform additional audit procedures to determine the effect on the
current period's financial statements. In addition, the auditor shall communicate the misstatements
with the appropriate level of management and those charged with governance.
2.5 Effect of a modification to the predecessor auditor's opinion

HKSA 510.9 HKSA 510 (Clarified) requires that if the prior period's financial statements were audited by a
predecessor auditor and there was a modification to the opinion, the auditor shall evaluate the
effect of the matter giving rise to the modification in assessing the risks of material misstatement in
the current period's financial statements.
2.6 Audit conclusions and reporting

2.6.1 Limitation on scope
HKSA If the auditor is unable to obtain sufficient appropriate audit evidence regarding the opening
510.10-13,
Appendix
balances, the auditor shall express a qualified opinion or disclaim an opinion on the financial
statements, as appropriate.
The following are the illustrative paragraphs in the auditors' reports:
Illustration 1
Circumstances described in the following paragraph include the following:
 The auditor did not observe the counting of the physical inventory at the beginning of the
current period and was unable to obtain sufficient appropriate audit evidence regarding the
opening balances of inventory.
432
 The possible effects of the inability to obtain sufficient appropriate audit evidence regarding
opening balances of inventory are deemed to be material but not pervasive to the entity's
financial performance and cash flows.
 The financial position at year end is fairly presented.
Basis for qualified opinion

We were appointed as auditors of the Company on 30 June 20X1 and thus did not observe the
counting of the physical inventories at the beginning of the year. We were unable to satisfy
ourselves by alternative means concerning inventory quantities held at 31 December 20X0. Since
opening inventories enter into the determination of the profit and cash flows, we were unable to
determine whether adjustments might have been necessary in respect of the profit for the year
reported in the statement of profit or loss and other comprehensive income and the net cash flows
from operating activities reported in the statement of cash flows.
Qualified opinion
In our opinion, except for the possible effects of the matter described in the Basis for Qualified
Opinion paragraph, the financial statements give a true and fair view of the state of the Company's
affairs as at 31 December 20X1, and of its profit and cash flows for the year then ended in
accordance with Hong Kong Financial Reporting Standards and have been properly prepared in
accordance with the disclosure requirements of the Hong Kong Companies Ordinance.
Illustration 2
 The auditor did not observe the counting of the physical inventory at the beginning of the
current period and was unable to obtain sufficient appropriate audit evidence regarding the
opening balances of inventory.
 The possible effects of the inability to obtain sufficient appropriate audit evidence regarding
opening balances of inventory are deemed to be material but not pervasive to the entity's
financial performance and cash flows.
 The financial position at year end is fairly presented.
 An opinion that is qualified regarding the financial performance and cash flows and
unmodified regarding financial position is considered appropriate in the circumstances.
Basis for qualified opinion on the profit and cash flows

We were appointed as auditors of the Company on 30 June 20X1 and thus did not observe the
counting of the physical inventories at the beginning of the year. We were unable to satisfy
ourselves by alternative means concerning inventory quantities held at 31 December 20X0. Since
opening inventories enter into the determination of the profit and cash flows, we were unable to
determine whether adjustments might have been necessary in respect of the profit for the year
reported in the statement of profit or loss and other comprehensive income and the net cash flows
from operating activities reported in the statement of cash flows.
Qualified opinion on the profit and cash flows
In our opinion, except for the possible effects of the matter described in the Basis for Qualified
Opinion paragraph, the statement of profit or loss and other comprehensive income and statement
of cash flows give a true and fair view of the Company's profit and cash flows for the year ended 31
December 20X1 in accordance with Hong Kong Financial Reporting Standards and have been
properly prepared in accordance with the Hong Kong Companies Ordinance.
433
Business Assurance
Opinion on the financial position

In our opinion, the statement of financial position gives a true and fair view of the state of the
Company's affairs as at 31 December 20X1 in accordance with Hong Kong Financial Reporting
Standards and has been properly prepared in accordance with the Hong Kong Companies
Ordinance.
2.6.2 Misstatements in opening balance

If the auditor concludes that the opening balances contain a misstatement that materially affects
the current period's financial statements, and the effect of the misstatement is not appropriately
accounted for or not adequately presented or disclosed, the auditor shall express a qualified
opinion or an adverse opinion, as appropriate.
2.6.3 Accounting policies not consistently applied
The report will also be modified if accounting policies are not consistently applied.
If the auditor concludes that:
(a) the current period's accounting policies are not consistently applied in relation to
opening balances in accordance with the applicable financial reporting framework
(b) a change in accounting policies is not appropriately properly accounted for or not
adequately presented or disclosed in accordance with the applicable financial reporting
framework,
the auditor shall express a qualified opinion or an adverse opinion as appropriate.
2.6.4 Prior year auditor's report modified
If the prior period auditor's report was modified, the auditor should consider the effect on the
current period's financial statements. For example, if there was a scope limitation in the prior
period, but the matter giving rise to the scope limitation has been resolved in the current period,
the auditor may not need to modify the current period's audit opinion.
If the predecessor auditor's opinion regarding the prior period's financial statements included a
modification to the auditor's opinion that remains relevant and material to the current period's
financial statements, the auditor shall modify the auditor's opinion on the current period's financial
statements.
3 Comparatives
Topic highlight
The auditor's responsibilities for comparatives vary depending on whether they are corresponding
figures or comparative financial statements.
3.1 What type of comparatives are they?

HKSA HKSA 710 (Clarified) Comparative Information – Corresponding Figures and Comparative
710.5-6
Financial Statements establishes standards and provides guidance on the auditors' responsibilities
regarding comparatives.
The auditor must determine whether the comparatives comply in all material respects with the
financial reporting framework applicable to the financial statements being audited.
Comparative information includes corresponding figures and comparative financial information.
434
Key terms
Comparative information is the amounts and disclosures included in the financial statements in
HKSA 710.6 respect of one or more prior periods in accordance with the applicable financial reporting
framework.
Corresponding figures are amounts and other disclosures for the prior period included as part
of the current period financial statements, which are intended to be read in relation to the
amounts and other disclosures relating to the current period (referred to as “current period
figures”). The level of detail presented in the corresponding amounts and disclosures is dictated
primarily by its relevance to the current period figures.
Comparative financial statements are amounts and other disclosures of the prior period included
for comparison with the financial statements of the current period, but, if audited, are referred to in
the auditor’s opinion. The level of information included in those comparative financial statements is
comparable with that of the financial statements of the current period.
Comparatives are presented in compliance with the relevant financial reporting framework. The
essential audit reporting differences are that:
 for corresponding figures, the auditors' report only refers to the financial statements of the
current period
 for comparative financial statements, the auditors' report refers to each period that
financial statements are presented
3.2 Audit procedures on comparative information

3.2.1 The auditors' responsibilities
HKSA 710.7- The auditor must determine whether the financial statements include comparative information
19, Appendix
required by the applicable financial reporting framework and whether such information is
appropriately classified.
For this purpose, the auditor shall evaluate whether the
 comparative information agrees with the amounts and other disclosures presented in the
prior period, or, when appropriate, have been restated
 accounting policies reflected in the comparative information are consistent with those applied
in the current period
For any changes in accounting policy, the auditor shall evaluate whether those changes have been
properly accounted for and properly disclosed.
3.2.2 Additional procedures when there is a possible material misstatement

When auditor becomes aware of possible material misstatements in the comparative information
during the current period audit, the auditor shall perform additional audit procedures to determine
whether a material misstatement really exists.
3.2.3 Subsequent events

Under HKSA 560 (Clarified), the standard requires that, if after the financial statements have been
issued, a fact becomes known to the auditor that, if it had been known to the auditor at the date of
the auditor's report, may cause the auditor to amend the auditor's report, the auditor shall:
 discuss with management and those charged with governance
 determine whether the financial statements shall be amended
 inquire of management as to its intention to address the matter in the financial statements
435
Business Assurance
The auditor shall determine that the comparative information agrees with the amended financial
statements if the prior period financial statements are amended.

For corresponding figures, the written representations are requested for the financial statements of
the current period. However, in the case of restatement, HKSA 710 (Clarified) requires the auditor
to obtain specific written representations regarding any restatement made to correct a material
misstatement in prior period financial statement that affect the comparative information.
3.2.5 Reporting
Topic highlights
The auditor's opinion is on the current period financial statements as a whole, including the
corresponding figures.
3.2.6 Modification in auditor's report on the prior period

When the auditor's report on the prior period, as previously issued, included a qualified opinion, a
disclaimer opinion, or an adverse opinion and the matter which gave rise to the modified opinion is:
Resolved and properly accounted for or The auditor's opinion on the current period need not
disclosed in the financial statements in refer the previous modification.
accordance with the applicable financial
reporting framework
Unresolved The auditor shall consider whether the modification
is relevant to the current period's figures and shall
modify the auditor's opinion on the current period's
financial statements (see illustrations below).
Illustration examples of the basis for modification are as follows.
Illustration 1
 The auditor's report on the prior period, as previously issued, included a qualified opinion.
 The matter giving rise to the modification is unresolved.
 The effects or possible effects of the matter on the current period's figures are material and
require a modification to the auditor's opinion regarding the current period figures.

As discussed in Note 10 to the financial statements, no depreciation has been provided in the
financial statements, which constitutes a departure from Hong Kong Financial Reporting
Standards. This is the result of a decision taken by the directors at the start of the preceding
financial year and caused us to qualify our audit opinion on the financial statements relating to that
year. Based on the straight-line method of depreciation and annual rates of 5% for the building and
20% for the equipment, the loss for the year should be increased by HK$1,500,000 in 20X9 and
HK$2,700,00 in 20Y0, property, plant and equipment should be reduced by accumulated
depreciation of HK$1,500,000 in 20X9 and HK$2,700,000 in 20Y0, and the accumulated loss
should be increased by HK$1,500,000 in 20X9 and HK$2,700,000 in 20Y0.
436
Qualified opinion
In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion
paragraph, the financial statements give a true and fair view of the state of the Company's affairs
as at 31 December 20Y0, and of its profit and cash flows for the year then ended in accordance
with Hong Kong Financial Reporting Standards and have been properly prepared in accordance
with the Hong Kong Companies Ordinance.
Illustration 2
 The auditor's report on the prior period, as previously issued, included a qualified opinion.
 The matter giving rise to the modification is unresolved.
 The effects or possible effects of the matter on the current period's figures are immaterial but
require a modification to the auditor's opinion because of the effects or possible effects of the
unresolved matter on the comparability of the current period's figures and the corresponding
figures.

Because we were appointed auditors of Pluto Limited during 20X9, we were not able to observe
the counting of the physical inventories at the beginning of that period or satisfy ourselves
concerning those inventory quantities by alternative means. Since opening inventories affect the
determination of the results of operations, we were unable to determine whether adjustments to the
results of operations and opening retained earnings might be necessary for 20X9. Our audit
opinion on the financial statements for the period ended 31 December 20X9 was modified
accordingly. Our opinion on the current period's financial statements is also modified because of
the possible effect of this matter on the comparability of the current period's figures and the
corresponding figures.
Qualified opinion
In our opinion, except for the possible effects on the corresponding figures of the matter described
in the Basis for Qualified Opinion paragraph, the financial statements give a true and fair view of
the state of the Company's affairs as at 31 December 20Y0, and of its [profit][loss] and cash flows
for the year then ended in accordance with Hong Kong Financial Reporting Standards and have
been properly prepared in accordance with the Hong Kong Companies Ordinance.
3.2.7 Misstatement in prior period financial statements

HKSA 710 (Clarified) requires that the auditor shall express a qualified opinion or an adverse
opinion in the auditor's report on the current period financial statements, modified with respect to
the corresponding figures if:
(a) the auditor has obtained audit evidence that a material misstatement exists in the prior
period financial statements
(b) an unmodified opinion has been previously issued
(c) the corresponding figures have not been properly restated or appropriate disclosures have
been made
3.2.8 Prior period financial statements were unaudited

When the prior period financial statements are not audited, the incoming auditor should state in the
auditor's report that the comparative financial statements are unaudited.
Again, the inclusion of such a statement does not relieve the auditors of the requirement to carry
out appropriate procedures regarding opening balances of the current period. Clear disclosure in
the financial statements that the comparative financial statements are unaudited is encouraged.
437
Business Assurance
In situations where the incoming auditor identifies that the prior year unaudited figures are
materially misstated, the auditor should request management to revise the prior year's figures or if
management refuses to do so, appropriately modify the report.
3.2.9 Incoming auditors: additional requirements

When the financial statements of the prior period were audited by another auditor:
(a) the predecessor auditor may reissue the audit report on the prior period with the incoming
auditor only reporting on the current period
(b) the incoming auditor's report should state that the prior period was audited by another
auditor and the incoming auditor's report should indicate:
(i) that the financial statements of the prior period were audited by another auditor
(ii) the type of opinion issued by the predecessor auditor and if the opinion was modified,
the reasons why
(iii) the date of that report
You are the audit manager of a CPA firm. You are responsible for the audits of the financial
statements of two new clients, XYZ and KLM, for the year ended 31 December 20X3.
Since the auditors' report of XYZ's financial statements for the year ended 31 December 20X2 has
not been modified, your assistant has suggested to you that no specific procedures are
needed in respect of the opening balances and comparatives relevant to XYZ's financial
statements for the current year.
Required
Do you concur with your audit assistant's view about the opening balances and comparatives?
Explain your views. (6 marks)
HKICPA February 2004
438
Topic recap
Degree of estimation ACCOUNTING Include fair value

certainty varies ESTIMATES
Evaluate method and Management

assumptions Test management responsibility to
process make estimate
Consider
management bias
Develop point Use independent

estimate or range estimate
Review subsequent
events
OPENING BALANCES AND

COMPARATIVES
Comparatives Opening balances
Corresponding Comparative Review document Obtain sufficient

figures financial statements appropriate evidence
Correctly Misstatements Appropriate / Changes

brought consistent appropriate
forward policies
Not audited Audited
State in audit Review working

report papers and
consider
competence /
independence
439
Business Assurance
Answer 1
HKSA 540 (Clarified) Auditing Accounting Estimates, Including Fair Value Accounting Estimates
and Related Disclosures establishes standards and provides guidance on auditing fair value
measurements and disclosures contained in financial statements.
Law should obtain sufficient appropriate audit evidence that fair value measurements and
disclosures of the HK$100 million brand name of “Junior Star” are in accordance with the Hong
Kong Financial Reporting Standards (“HKFRS”).
To this end, Law should obtain an understanding of:
 Metropolitan Group’s process for determining fair value measurements and disclosures; and
 the relevant control activities sufficient to identify and assess the risks of material
misstatement at the assertion level and to design and perform further audit procedures.
Law should evaluate whether the fair value measurements and disclosures in the financial
statements comply with HKFRS.
Law should test the fair value measurements and disclosure, including the assumptions, valuation
method and the data used. Reference to and review of past history of similar intangible assets or
accounting treatment should be made.
Law should obtain written representations from Metropolitan Group’s management whether they
believe significant assumptions used by the company in making the fair value measurements and
disclosures are reasonable.
Law should evaluate the results of the audit procedures performed and conclude whether the fair
value measurements and disclosures of the HK$100 million brand name “Junior Star” are
reasonable.
440
Answer 2
Responsibilities regarding opening balances and comparatives
HKSA 510 (Clarified) requires auditors to obtain sufficient appropriate evidence that:
(a) opening balances do not contain misstatements which materially affect the current period's
financial statements;
(b) the preceding period's closing balances have been correctly brought forward as opening
balances, or when appropriate, have been restated;
(c) appropriate accounting policies are consistently applied or changes in accounting policies
have been properly accounted for and adequately disclosed;
(d) the accounting policies used for the comparatives are consistent with those of the current
period or appropriate adjustments and disclosures have been made where this is not the
case; and
(e) the comparatives agree with the amounts and other disclosures presented in the
preceding period's financial statements or appropriate adjustments and/or disclosure have
been made where this is not the case.
Procedures in general cases
Even if we audited XYZ's financial statements for the year ended 31 December 20X2 and issued
an unqualified opinion, we would still need procedures to ensure that opening balances have
been appropriately brought forward and that current accounting policies have been consistently
applied.
These would normally include a review of the accounting polices adopted in the previous year and
an examination of opening balances and comparatives against the previous year's audited
Additional procedures as incoming auditors
However, since we have not audited XYZ's previous financial statements, we may need to perform
some or all of the following additional procedures to ensure that requirements of HKSA 510
(Clarified) are complied with:
(a) Hold consultations with management of XYZ;
(b) Review records, working papers and accounting and control procedures for the preceding
period;
(c) Perform substantive tests on opening balances and comparatives in respect of which the
results of other procedures are considered unsatisfactory; and
(d) Hold consultations with the auditors, if any, who were previously the auditors of the entity.
441
Business Assurance
Exam practice
Ling Limited 25 minutes

Ling Limited reports a net profit of some HK$48 million in its financial statements for the year ended
30 June 20X0. Extracted below is the independent auditor’s report on Ling Limited’s financial
statements.
Independent Auditor’s Report to the shareholders of Ling Limited

(incorporated in Hong Kong with limited liability)
We have audited the financial statements of Ling Limited (“the Company”) ….... for the year ended
30 June 20X0 …..
Directors’ Responsibility for the Financial Statements
…….
Auditor’s Responsibility
……
Basis for Qualified Opinion
We did not observe the counting of physical inventories of one of the Company’s warehouses at
the end of the year. We were unable to satisfy ourselves by alternative means concerning the
inventory quantities held at 30 June 20X0 which are stated in the statement of financial position at
a total amount of HK$1,300,000 at 30 June 20X0. In addition, the introduction of a new computer
system on one of the accounts receivable sub-ledgers in April 20X0 resulted in some errors in
accounts receivable. As of the date of our audit report, the directors were still in the process of
rectifying the system deficiencies and correcting the errors. We were unable to confirm or verify by
alternative means the accounts receivable sub-ledger which is affected by the new system included
in the statement of financial position at a total amount of HK$1,147,000 as at 30 June 20X0.
As a result of these matters, we were unable to determine whether any adjustments might have
been found necessary in respect of inventories and accounts receivable reported in the financial
statements.
Qualified Opinion
In our opinion, except for the possible effects of the matters described in the Basis for Qualified
Opinion paragraph, the financial statements give a true and fair view of the state of the Company’s
affairs as at 30 June 20X0, and of its profit and cash flows for the year then ended in accordance
with Hong Kong Financial Reporting Standards and have been properly prepared in accordance
Report on matters under sections 141(4) and 141(6) of the Hong Kong Companies
Ordinance
……
Haddock CPA
Certified Public Accountants (Practising)
Hong Kong
14 September 20X0
442
Cod CPA has recently been appointed as the auditor of Ling Limited’s financial statements for the
year ended 30 June 20X1. The client and engagement acceptance procedures have been
satisfactorily completed. Cod CPA has also reviewed the situation in respect of the system
deficiency of the accounts receivable sub-ledger and has considered that the system now appears
to function correctly.
Required
In view of each case above:

(a) What is Cod CPA’s audit objective in respect of Ling Limited’s balances of inventories and
accounts receivable as at 1 July 20X0?
(5 marks)
(b) In view of the qualified auditor’s report issued by Haddock CPA on Ling Limited’s financial
statements, discuss the specific audit procedures that Cod CPA should carry out in respect
of the balances of inventories and accounts receivables as at 1 July 20X0.
(9 marks)
(Total = 14 marks)
(HKICPA June 2012)
443
Business Assurance
444
chapter 16
Overall audit review

and finalisation
Topic list
1 Subsequent events 4.7 Unidentified or undisclosed related parties

1.1 Objectives of the auditor or significant related party transactions
1.2 Audit procedures 4.8 Forming an opinion
2 Going concern 4.9 Written representations and documentation
2.1 Auditor's objectives 5 Overall review of financial statements
2.2 Going concern indicators 5.1 Compliance with accounting regulations
2.3 Management's responsibilities 5.2 Review for consistency and reasonableness
2.4 Auditor's risk assessment procedures 5.3 Treatment of errors
2.5 Evaluation of management's 6 Other information
assessment 6.1 What is other information?
2.6 Events or conditions identified 6.2 Access to other information
2.7 Audit reporting 6.3 Material inconsistencies
3 Written representations 6.4 Material misstatements of fact
3.1 Written representations about 7 Communicating with those charged with
management's responsibilities governance
3.2 Written representations required by 7.1 The importance of communicating with
other HKSAs those charged with governance
3.3 Other written representations 7.2 Matters to be communicated by auditors to
3.4 Form of written representations those charged with governance
3.5 Doubt about the reliability of written 7.3 The communication process
representations 8 Evaluation of misstatements identified during
3.6 Written representations substituting the audit
other audit procedures 8.1 Accumulation of identified misstatements
3.7 Written representations not provided 8.2 Consideration of identified misstatements
4 Related parties as the audit progresses
4.1 Introduction 8.3 Evaluating the effect of uncorrected
4.2 Nature of related party relationships and misstatements
transactions 8.4 Communication and correction of
4.3 Risk assessment procedures and misstatements
related activities required 8.5 Refusal to correct misstatements
4.4 Responses to risks of material 8.6 Obtain written representations and
misstatement associated with general documentation
related party relationships and 9 Following up discovery of illegal acts or fraud
transactions 9.1 HKSA 240 (Clarified)
4.5 Audit procedures on significant 9.2 HKSA 250 (Clarified)
transactions outside the normal course
of business
4.6 Related party with dominant influence
445
Business Assurance
Learning focus
The review stage of the audit is very important. It is very important that you understand the
difference between the review stage of the audit and the earlier testing stage.
These topics are related to the final stage of the audit process. At the end of the audit before
issuing any auditor’s report, the auditor is required to cover these areas.
Learning outcomes
Competency
level
2.09.10 Discuss the audit procedures and identify procedures for the
audit of:
2.09.10.05 Related party transactions
2.12 Completion procedures 3
2.12.01 Explain the purpose of, and the procedures to be used in:
2.12.01.01 A subsequent events review
2.12.01.02 A going concern review
2.12.01.03 Obtaining written representations from management
2.12.01.05 Overall review of the financial statements
2.12.01.06 Review of other published information
2.12.02 Explain the procedures required to identify and audit related
party transactions
2.12.03 Explain the need to evaluate misstatements identified during the
audit
2.12.04 Explain the follow up on illegal acts or fraud found while
performing an audit especially in the case of money laundering
or corruption
2.13 Reporting 3
2.13.02 Explain the requirement for an auditor to report to management
or those charged with governance
446
16: Overall audit review and finalisation | Part D Assurance engagements
1 Subsequent events
Topic highlights
Subsequent events are events occurring between the date of the financial statements and the
date of the auditor's report and also include facts discovered after the auditor's report has been
issued. Auditors shall consider the effect of such events on the financial statements and on their
audit opinion.
Key term
Subsequent events are events occurring between the date of the financial statements and the
HKSA 560.5e date of the auditor's report, and facts that become known to the auditor after the date of the
auditor's report.
1.1 Objectives of the auditor

HKSA 560.4 HKSA 560 (Clarified) Subsequent Events provides guidance to auditors in this area. The objectives
of the auditor are described below:
(a) To obtain sufficient appropriate audit evidence about whether events occurring between the
date of the financial statements and the date of the auditor's report that need adjustment or
disclosure in the financial statements are appropriately reflected in the financial statements
in accordance with the applicable financial reporting framework
(b) To respond appropriately to facts that become known to the auditor after the date of the
auditor's report which may have caused the auditor to amend the auditor's report if they were
known to the auditor at the date of the report
1.1.1 Dates
Key terms
Date of the financial statements is the date of the end of the latest period covered by the
HKSA financial statements.
560.5a, 5c
Date of the auditor's report is the date the auditor dates the report on the financial statements in
accordance with HKSA 700 (Clarified) Forming an Opinion and Reporting on Financial Statements.
This date cannot be earlier than the date on which the auditor has obtained sufficient appropriate
audit evidence for forming the audit opinion and the date of approval of the financial statements.
Date the financial statements are issued is the date that the auditor’s report and audited
financial statements are made available to third parties.
The date of approval of the financial statements is the date on which all the statements that
comprise the financial statements have been prepared and responsible parties have asserted that
they have taken this responsibility.
The date the financial statements are issued is the date that the auditor's report and audited
financial statements are made available to third parties. This date must not only be at, or later than,
the date of the auditor's report but must also be at, or later than, the date the auditor's report is
provided to the entity.
447
Business Assurance
1.1.2 Adjusting and non-adjusting events

HKAS 10 Events After the Reporting Period deals with the treatment in the financial statements of
events, both favourable and unfavourable, occurring between the date of the financial statements
and the date of the financial statements are issued.
There are two types of event defined by HKAS 10 Events after the Reporting Period:
(a) Those that provide evidence of conditions that existed at the year-end date (adjusting
events). These subsequent events have a direct effect on the financial statements, therefore
requiring adjustments of the financial statements.
(b) Those that are indicative of conditions that arose after the year-end date (non-adjusting
events). These subsequent events have no direct effect on the financial statements,
therefore would not require adjustment of the financial statements. However, disclosure is
necessary if their non-disclosure would affect the ability of the users of the financial statements
to make proper evaluations and decisions.
You should be familiar with adjusting and non-adjusting events from your financial reporting
studies. Here are some examples:
Examples of subsequent events
Adjusting events Non-adjusting events

Settlement of a court case Equity dividends declared after the year-end
Sale of inventory after year-end providing Fire causing destruction of plant
evidence of its net realisable value at year-end
Fraud or error showing the financial statements Announcement of a major restructuring or
are incorrect acquisition of another enterprise
Declaration of bankruptcy due to the Decline in market value of securities held for
deteriorating financial condition of a customer temporary investment or resale
with a large outstanding receivable balance
Subsequent collection of a large accounts Disposal after the date of the financial
receivable which had appeared doubtful of statements of a large portion of the entity's
collection at the date of the financial statements productive assets
1.2 Audit procedures
Topic highlights
Auditors have a responsibility to identify subsequent events before they sign their auditor's
report. Action may need to be taken if they become aware of subsequent events occurring between
the date they sign their auditor's report and the date the financial statements are issued.
HKSA 560.6- The audit procedures to identify subsequent events should be timed to occur as near as
17 practicable to the date of the auditor's report. HKSA 560 (Clarified) gives guidance on the
additional procedures the auditor should perform if aware of a subsequent event which materially
affects the financial statements. The auditor should review whether the events are properly
accounted for and adequately disclosed but need not repeat or perform further procedures on
matters on which he is already satisfied.
448
The timeline along with the commentary given below may clarify the responsibilities of an auditor
with regard to subsequent events:
Situation 1 – Subsequent period Situation 2 Situation 3
Date of the financial Date of the Date the financial

statements auditor’s report statements are issued
1.2.1 Situation 1: Events occurring between the date of the financial

statements and the date of the auditor's report
The auditor has the responsibility to perform audit procedures to obtain sufficient appropriate
audit evidence for any subsequent events up to the date of the auditor's report if they may require
adjustment of, or disclosure in, the financial statements. HKSA 560 (Clarified) lists the procedures
used to identify subsequent events that are likely to result in a requirement for an adjustment or
disclosure.
These procedures should be applied to any matters examined during the audit which may be
susceptible to change after the reporting date. They supplement tests on specific transactions after
the period end, such as cut-off tests.
Audit procedures to test subsequent events
Inquiries of Inquire as to status of items involving subjective judgment.
management or Confirm status of items accounted for using preliminary or
those charged with inconclusive data or unusual adjustments.
governance
Investigate whether there are any new commitments, borrowings or
guarantees.
Investigate whether there have been any:
 sales or destruction of non-current assets
 issues of shares/debentures or changes in business structure
 developments involving high risk areas, provisions and
contingencies
 unusual accounting adjustments
 major events (eg going concern problems) affecting
appropriateness of accounting policies for estimates
 litigation or claims to indicate potential contingent liabilities
 significant changes in the assets or capital structure of the entity
Other procedures Review management procedures for identifying subsequent events to
ensure that management are aware of the risks.
Perform procedures which usually form part of the verification of year-end
account balances. These procedures include cut-off and valuation tests of
various balances and related transactions.
Review internal documents such as board and committee meeting
minutes, inquire about unusual items.
Review latest available interim financial statements and budgets,
cash flow forecasts and other management reports.
Inquire, or extend previous oral or written inquiries, of the entity’s legal
counsel concerning litigation and claims:
449
Business Assurance
Audit procedures to test subsequent events

Obtain evidence concerning any litigation or claims from the entity's
counsel (but only with the entity's permission). This may include
correspondence with or confirmation letters from lawyers.
Obtain written representation that all events occurring subsequent to
the date of the financial statements which need adjustment or disclosure
have been adjusted or disclosed.
1.2.2 Situation 2: Facts discovered after the date of the auditor's report but
before the financial statements are issued
As you should now be aware, the preparation of the financial statements in accordance with the
appropriate accounting framework is management's responsibility. Therefore, management
should inform the auditors of any material subsequent events between the date of the auditors'
report and the date the financial statements are issued. The auditors do not have any obligation to
perform procedures, or make inquiries regarding the financial statements, after the date of their
auditor's report.
However, if a matter comes to the auditor’s attention that had it been known to the auditor earlier
may have led to a different opinion, the auditor shall:
(a) discuss the matter with management and those charged with governance
(b) determine whether the financial statements require amendment
(c) if amendment is needed, inquire as to how management intends to address this. The
auditors will then consider performing and extending procedures up to the date of the new
auditor's report based on amended financial statements. The new auditor's report should not
be dated earlier than the date of approval of the amended financial statements.
However, if management does not amend the financial statements the auditor has to take action
to either modify or prevent reliance on the report:
(a) If the auditor's report has not yet been provided to the entity, the auditor shall modify the
opinion and issue its report based on that opinion emphasising the reason for qualification.
(b) If the auditor's report has already been provided to the entity, the auditor shall advise
management and those charged with governance not to issue the financial statements
before the amendments are made. If the entity refuses, the auditor shall take action to seek
to prevent reliance on the auditor's report. The precise action taken will depend on the
auditor's legal rights and obligations and the advice of the auditor's legal counsel.
1.2.3 Situation 3: Facts discovered after the financial statements have been
issued
Auditors have no obligations to perform procedures or make inquiries regarding the financial
statements after they have been issued.
However, if the auditor becomes aware of a fact that had it been known to the auditor at the date of
the auditor's report, may have led to a different outcome, the auditor shall follow the steps outlined
in Situation 2, that is discussion with management, assessing whether the statements need
amendment and how that might be addressed.
If management amends the financial statements, the auditor shall carry out and extend procedures
necessary up to the date of the new auditor's report. The auditor will also review the steps taken by
management to ensure that anyone in receipt of the previously issued financial statements is
informed that an amended set of financial statements has been issued and that the reasons why
are adequately disclosed.
450
The auditor shall also issue a new or amended auditor's report which will include an
explanatory paragraph (known as an emphasis of matter paragraph or other matter
paragraph) that refers to a note in the financial statements that discusses the reason for the
amendment.
In our opinion, the revised financial statements give a true and fair view, as at the date the original
financial statements were approved, of the financial position of the company as of 31 December
20X0, and of its profits and its cash flows for the year then ended in accordance with Hong Kong
Financial Reporting Standards.
In our opinion the original financial statements for the year to 31 December 20X0, failed to comply
Date AUDITOR
Address
If the auditors feel management has failed to adequately communicate the fact that the financial
statements have been amended to users, the auditor shall notify management and those charged
with governance that the auditor will seek to prevent future reliance on the report through legal
recourse.
In the public sector, when management does not amend the financial statements, auditors may
also include reporting separately to the legislature, or other relevant body in the reporting hierarchy,
on the implications of the subsequent event for the financial statements and the auditor’s report.
As at 31 December 20X9, Slow Moving Company Limited (“SMC”) has trade receivables of
HK$30,000,000 overdue for more than one year. After some rounds of tough negotiation with the
auditor, SMC finally agreed to write-off the whole amount in its draft financial statements for the
year ended 31 December 20X9, since it failed to convince the auditor that the debts are
recoverable. However, one of the debtors settled an amount of HK$8,000,000 a few days before
SMC’s directors are due to approve the financial statements. The directors of SMC prefer not to
amend the financial statements to reflect the settlement of the overdue amount of HK$8,000,000,
and account for the impairment reversal in the year ending 31 December 20Y0. You are the
engagement manager for the audit of SMC’s financial statements for the year ended 31 December
20X9.
Required
(a) Determine your team’s responsibility to identify the settlement of the overdue amount of
HK$8,000,000; and
(9 marks)
(b) Determine your team’s response if your team becomes aware of the settlement before your
firm issues the auditor’s report.
(3 marks)
(Total = 12 marks)
451
Business Assurance
2 Going concern
Topic highlights
If the entity has inappropriately used the going concern assumption or a material uncertainty exists,
this may impact on the auditor's report.
Key term
Under the going concern assumption, an entity is viewed as continuing in business for the
HKSA 570.2 foreseeable future with neither the intention to liquidate or cease trading. When the use of the
going concern assumption is appropriate, assets and liabilities are recorded on the basis that the
entity will be able to realise its assets and discharge its liabilities in the normal course of business.
2.1 Auditor's objectives

HKSA 570.9 HKSA 570 (Clarified) Going Concern provides guidance to auditors in this area. The objectives of
the auditor are to:
(a) obtain sufficient appropriate audit evidence regarding the appropriateness of
management's use of the going concern assumption
(b) conclude whether a material uncertainty exists related to events or conditions that may
cast significant doubt on the entity's ability to continue as a going concern
(c) determine the implications for the auditor's report
2.2 Going concern indicators

HKSA 570.A2 HKSA 570 (Clarified) includes examples of events or conditions that may cast doubt about the
going concern assumption (going concern indicators). These fall under three headings: “financial”,
“operating” and “other”, and are shown in the table below:
452
Events or conditions that may cast doubt about the going concern assumption
Financial  Net liability or net current liability position
 Fixed-term borrowings approaching maturity without realistic prospects of
renewal or repayment
 Excessive reliance on short-term borrowings to finance long-term assets
 Withdrawal of financial support by creditors, holding entity and shareholders
 Negative operating cash flows
 Adverse key financial ratios
 Substantial operating losses or significant deterioration in the value of assets
used to generate cash flows
 Arrears or discontinuance of dividends
 Inability to pay creditors on due dates
 Inability to comply with terms of loan agreements
 Change from credit to cash-on-delivery transactions with suppliers
 Inability to obtain financing for essential new product development or other
essential investments
Operating  Management intentions to liquidate or cease operations
 Loss of key management without replacement
 Loss of a major market, key customers, licence, or principal suppliers
 Labour difficulties
 Shortages of important supplies
 Emergence of a highly successful competitor
Other  Non-compliance with capital or other statutory requirements
 Pending legal or regulatory proceedings against the entity
 Changes in law or regulations that may adversely affect the entity
 Uninsured or under-insured catastrophes when they occur
The significance of the above events or conditions can be mitigated by other factors, for example:
(a) An inability to make normal debt repayments may be counter-balanced by management’s
plans to sell assets, rescheduling loan repayments, or obtaining additional capital.
(b) The loss of a principal supplier may be counter-balanced by the availability of a suitable
alternative source of supply.
2.3 Management's responsibilities

It is management's responsibility to make assessment of whether the entity can continue as a
going concern, not the auditor's responsibility.
When management is aware of material uncertainties that may cast significant doubt upon the
entity's ability to continue as a going concern, uncertainties should be disclosed.
Management's assessment must cover a period of not less than 12 months from the date of
the financial statements. If it is less than 12 months, the auditor should ask management to
extend its assessment. The auditor shall cover the same period as performed by the
management, or by law or regulation if it specifies a longer period.
If the entity has a history of profitable operations and has sufficient financial resources for its
operations, management is not required to make a detailed assessment provided the auditor can
carry out detailed procedures.
453
Business Assurance
The auditor shall also inquire of management their knowledge of events or conditions beyond the
period of the assessment that may cast significant doubt on the entity's ability to continue as a
going concern.
When management makes the assessment, it will consider the following:
 The uncertainty involved about the events and conditions being assessed
 Judgment made based in the available information at that time and the future (eg
subsequent events can contradict a judgement which was reasonable at the time it was
made)
 The size and complexity of the entity, the nature and condition of the business.
2.4 Auditor's risk assessment procedures

When performing risk assessment procedures as required by HKSA 315 (Revised), the auditor
shall consider whether there are events or conditions that may cast significant doubt on the
entity's ability to continue as a going concern. In so doing, the auditor shall determine whether
management has already performed a preliminary assessment of the entity's ability to continue as
a going concern, and:
(a) If such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions that,
individually or collectively, may cast significant doubt on the entity's ability to continue as a
going concern and, if so, management's plans to address them.
(b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern assumption, and enquire of
management whether events or conditions exist that, individually or collectively, may cast
significant doubt on the entity's ability to continue as a going concern.
HKSA 570.10 These risk assessment procedures assist the auditor to determine whether management's use of
the going concern assumption is likely to be an important issue and has major impact in the audit
planning. Auditors may discuss with management its plans and resolution of any identified going
concern issues.
The auditor shall remain alert throughout the audit for evidence of events or conditions that may
cast significant doubt on the entity's ability to continue as a going concern.
2.5 Evaluation of management's assessment

2.5.1 The period of management's assessment
HKSA According to HKSA 570 (Clarified), the auditor shall evaluate management's assessment of the
570.12-15 entity's ability to continue as a going concern and management's use of the going concern
assumption.
The auditor shall consider whether management's assessment includes all relevant information for
the auditor's evaluation. In addition, the auditor shall cover the same period as that used by
management to make its assessment as required by the applicable reporting framework, that is
HKAS 1 (Revised) or by law or regulation if it is specifically a longer period.
As mentioned previously, management's assessment must cover a period of not less than
12 months from the date of the financial statements. If management is unwilling to extend its
assessment as requested the auditors shall consider the implications for their report.
454
2.5.2 Period beyond management's assessment

HKSA 570 (Clarified) requires that the auditor shall inquire of management as to its knowledge of
events or conditions beyond the period of a management's assessment that may cast significant
doubt on the entity's ability to continue as a going concern. The auditors have no responsibility to
perform other audit procedures apart from inquiry.
In case there are events and conditions identified, the auditor may need to request management to
evaluate the potential significance of the event or condition on management assessment.
The auditor shall consider the degree of uncertainty associated with these events and conditions
before considering taking further actions.
2.6 Events or conditions identified

HKSA If events or conditions are identified that may cast significant doubt on the entity's ability to
570.16, A15- continue as a going concern, the auditor shall obtain sufficient appropriate audit evidence to
A18
determine whether or not a material uncertainty exists through performing additional audit
procedures, including consideration of mitigating factors.
These procedures required under HKSA 570 (Clarified) follow:
 Requesting management to make its assessment where this has not been done
 Confirming the existence of the material uncertainty
 Evaluating management's plans for future actions
 Evaluating the reliability of underlying data used to prepare a cash flow forecast and
considering the assumptions used to make the forecast
 Considering whether any additional facts or information have become available since the
date management made its assessment such as interim financial statements, board
minutes, correspondence with lawyers
 Inquiring of the entity's legal counsel regarding litigation and claims
 Reviewing subsequent events affecting going concern
 Analysing and discussing cash flow, profit and other relevant forecasts with management
 Confirming financial support and their ability to provide the support from shareholders,
creditors or related parties
 Reviewing terms of debenture or bank loans and whether there are any breaches
 Requesting written representations from management and those charged with governance
about plans for future action and the feasibility of these plans
 Confirming the existence, terms and adequacy of borrowing facilities
 Obtaining and reviewing reports of regulatory actions
 Determining the adequacy of support for any planned disposal of assets
Based on the evidence obtained, the auditor should determine if a material uncertainty exists
related to the events or conditions that may cast significant doubt on the entity's ability to continue
as a going concern.
If it is material, the financial statements should adequately describe the principal events or
conditions that give rise to the uncertainty about the continuance as a going concern and
management's plan to deal with it.
455
Business Assurance
2.7 Audit reporting

HKSA HKSA 570 (Clarified) requires that the auditor shall conclude whether, in the auditor's judgment, a
570.17-22 material uncertainty exists related to events or conditions which may cast doubt on the entity's
ability to continue as a going concern.
A material uncertainty exists when the magnitude of its potential impact and likelihood of
occurrence is such that, in the auditor's judgment, appropriate disclosure of the nature and
implications of the uncertainty is necessary.
2.7.1 Use of going concern appropriate but a material uncertainty exists
If adequate disclosures are made in the financial statements of the following:

 Principal events or conditions that may cast significant doubt on the entity's ability to
continue as a going concern
 Management's plans to deal with these events or conditions
 That a material uncertainty exists (“material uncertainty” is used in HKAS 1 (Revised) in
discussing the uncertainties related to events or conditions which may cast significant doubt
on the entity’s ability to continue as a going concern that should be disclosed in the financial
statements).
 The entity may be unable to realise its assets and discharge its liabilities in the normal
course of business
the auditor shall express an unmodified opinion and include an emphasis of matter paragraph
in the auditor's report to:
(a) highlight the existence of a material uncertainty relating to the event or condition that may
cast significant doubt on the entity's ability to continue as a going concern; and to
(b) draw attention to the note in the financial statements that discloses the matter.
The following is an illustration of an emphasis of matter paragraph:
Emphasis of matter
Without qualifying our opinion, we draw attention to Note 5 in the financial statements which
indicates that the Company incurred a net loss of HK$10,000,000 during the year ended
31 December 20X0 and, as of that date, the Company's current liabilities exceeded its total assets
by HK$15,000,000. These conditions, along with other matters as set forth in Note 3, indicate the
existence of a material uncertainty that may cast significant doubt about the Company's ability to
continue as a going concern.
For multiple material uncertainties that are significant to the financial statements as a whole, the
auditor may consider it appropriate to express a disclaimer of opinion instead.
2.7.2 Appropriate use of going concern assumption but inadequate

disclosure
If the auditor concludes that the use of the going concern assumption is appropriate but a material
uncertainty exists and there is inadequate disclosure in the financial statements, the auditor shall
express a qualified opinion or adverse opinion in accordance with HKSA 705 (Clarified)
Modifications to the Opinion in the Independent Auditor's Report.
456
The following is an illustration of the relevant paragraphs when a qualified opinion is to be expressed:

The Company's financing arrangements expire and amounts outstanding are payable on 19 March
20X1. The Company has been unable to re-negotiate or obtain replacement financing. This
situation indicates the existence of a material uncertainty that may cast significant doubt on the
Company's ability to continue as a going concern and therefore the Company may be unable to
realise its assets and discharge its liabilities in the normal course of business. The financial
statements (and notes thereto) do not fully disclose this fact.
Qualified opinion
In our opinion, except for the incomplete disclosure of the information referred to in the Basis for
Qualified Opinion paragraph, the financial statements give a true and fair view of the financial
position of the Company as at 31 December 20X0 and of its financial performance and its cash
flows for the year then ended in accordance with…
2.7.3 Inappropriate use of going concern assumption
If the financial statements have been prepared on a going concern basis, but in the auditor's
judgment this is inappropriate, the auditor must express an adverse opinion. This applies
regardless of whether the financial statements include disclosure of the inappropriateness of
management's use of the going concern assumption.
The following is an illustration of the relevant paragraphs when an adverse opinion is to be expressed:
Basis for adverse opinion

The Company's financing arrangements expired and amounts outstanding are payable on
31 December 20X0. The Company has been unable to re-negotiate or obtain replacement
financing and is considering filing for bankruptcy. These events indicate a material uncertainty that
may cast significant doubt on the Company's ability to continue as a going concern and therefore
the Company may be unable to realise its assets and discharge its liabilities in the normal course of
business. The financial statements (and notes thereto) do not fully disclose this fact.
Adverse opinion
In our opinion, because of the omission of the information mentioned in the Basis for Adverse
Opinion paragraph, the financial statements do not give a true and fair view of the financial position
of the Company as at 31 December 20X0, and of its financial performance and its cash flows for
the year then ended in accordance with …
2.7.4 Management unwilling to make or extend its assessment

In certain circumstances, the auditor may believe it necessary to request management to make
or extend its assessment. If management is unwilling to do so, a qualified opinion or a
disclaimer of opinion in the auditor's report may be appropriate, because it may not be possible
for the auditor to obtain sufficient appropriate audit evidence regarding the use of the going
concern assumption in the preparation of the financial statements.
2.7.5 Preparation of financial statements on an alternative basis

If the entity's management is required or elects to prepare financial statements where the use of
the going concern assumption is not appropriate in the circumstances, the financial statements are
prepared on an alternative basis such as the liquidation basis. The auditor can still perform the
audit provided that the auditor determines the alternative basis is an acceptable financial reporting
framework in the circumstances.
457
Business Assurance
The auditor can still issue an unmodified opinion on those financial statements if adequate
disclosure has been made and an emphasis of matter paragraph may be added to draw reader's
attention to that alternative basis and the reasons for its use.
2.7.6 Summary of reporting on going concern
The following table summarises the possible scenarios that could arise following the auditor's
review of going concern:
Scenario Impact on auditor's report

Going concern assumption appropriate but material Unmodified opinion and emphasis of
uncertainty which is adequately described and disclosed matter paragraph
Going concern assumption appropriate but material Qualified or adverse opinion
uncertainty which is not adequately disclosed
Use of going concern assumption inappropriate Adverse opinion
Management unwilling to make or extend its assessment Qualified or disclaimer of opinion
The auditor shall communicate with those charged with governance events or conditions that may
cast doubt on the entity's ability to continue as a going concern. This will include:
(a) whether the events or conditions constitute a material uncertainty
(b) whether the use of the going concern assumption is appropriate in the preparation and
presentation of the financial statements
(c) the adequacy of related disclosures
Elegant Ella Limited (“EE”) is a garment manufacturer with major overseas customers residing in
the US. Its annual turnover exceeds US$500 million.
You are the auditor of EE. In March 20X2, you have substantially completed your audit work of the
financial statements for the year ended 31 December 20X1 and are satisfied that there are no
material misstatements. You intend to conclude the audit by 15 April 20X2. On 2 April 20X2, the
Wall Street Journal has reported on the serious financial difficulty of EE’s largest customer,
Y Limited. According to the report, the customer may declare bankruptcy any time.
Required
(a) In view of the facts and the news report, what is your revised assessment of the risk of
material misstatement of EE’s financial statements as a whole? (4 marks)
(b) In response to the circumstances, what are the further audit procedures, with reasoning, you
would design to complete your audit and to give an audit opinion on EE’s financial
statements for the year ended 31 December 20X1? (9 marks)
(Total = 13 marks)
458
3 Written representations
Topic highlights
The auditor obtains written representations from management and, where appropriate those
charged with governance, concerning their responsibilities and to support other audit evidence
where necessary.
Key term
Written representations are written statements by management provided to the auditor to confirm
HKSA 580.7 certain matters or to support other audit evidence. They do not include the financial statements,
assertions or supporting books and records.
HKSA 580.6 HKSA 580 (Clarified) Written Representations provides guidance to auditors in this area. The
objectives of the auditor are described below:
(a) To obtain written representations from management that they believe that they have fulfilled
their responsibility for the preparation of the financial statements and for the completeness of
the information provided to the auditor
(b) To support other audit evidence relevant to the financial statements if determined necessary
by the auditor or required by other HKSAs
(c) To respond appropriately to written representations or if management does not provide
written representations requested by the auditor
3.1 Written representations about management's responsibilities

HKSA The auditor shall request management to provide written representations on the following matters:
580.10, 11
(a) That management has fulfilled its responsibility for the preparation and presentation of the
financial statements as set out in the terms of the audit engagement and whether the
financial statements are prepared and presented in accordance with the applicable financial
reporting framework ie HKASs and HKFRSs – management acknowledges its responsibility
(b) That management has provided the auditor with all relevant information agreed in the
terms of the audit engagement
(c) All transactions have been recorded and are reflected in the financial statements
During the audit, the auditor makes inquiries of management. It is important for auditor to
document management's representations where they are critical to obtaining audit evidence. The
normal practice is auditors would receive a signed copy of the financial statements with a relevant
statement of management responsibilities.
459
Business Assurance
3.2 Written representations required by other HKSAs

HKSA 580 (Clarified) sets out a list of other HKSAs that require specific written representations and
the following illustrates the content of this list.
HKSA 240 (Clarified) The Requires that the auditor shall obtain written representations
Auditor's Responsibilities from management and, where appropriate, those charged with
Relating to Fraud in an Audit governance to evidence the following:
of Financial Statements (a) acknowledgement of their responsibilities for the design,
implementation and maintenance of internal control to
prevent and detect fraud
(b) disclosure to the auditor of the results of management's
assessment of the risk that the financial statements may
be materially misstated due to fraud
(c) disclosure to the auditor of their knowledge of fraud or
suspected fraud affecting the entity or knowledge of an
allegation of fraud.
HKSA 250 (Clarified) Requires that the auditor shall obtain written representations
Consideration of Laws and from management and, where appropriate, those charged with
Regulations in an Audit of governance of their disclosure of known instances of non-
Financial Statements compliance or suspected non-compliance with laws and
regulations whose effects should be considered when preparing
Evaluation of Misstatements from management and, where appropriate, those charged with
Identified During the Audit governance of their belief that the effects of uncorrected
misstatements are immaterial, individually and in aggregate, to
the financial statements as a whole.
HKSA 501 (Clarified) Audit Requires that the auditor shall obtain written representations
Evidence – Specific from management and, where appropriate, those charged with
Considerations for Selected governance that disclosure has been made to the auditor of their
Items knowledge of actual or possible litigation and claims whose
effects should be considered when preparing the financial
statements.
Auditing Accounting from management and, where appropriate, those charged with
Estimates, including Fair governance of their belief that significant assumptions used in
Value Accounting Estimates, making accounting estimates are reasonable.
and Related Disclosures
HKSA 550 (Clarified) Related Requires that the auditor shall obtain written representations
Parties from management and, where appropriate, those charged with
governance of their:
(a) disclosure to the auditor of the identity of the entity's
related parties and all the related party relationships and
transactions of which they are aware
(b) actions of having appropriately accounted for and
disclosed such relationships and transactions in
accordance with the requirements of the framework
460
Subsequent Events from management and, where appropriate, those charged with
governance of their belief that all events occurring subsequent to
the date of the financial statements, for which the applicable
financial reporting framework requires adjustment or disclosure,
have been adjusted or disclosed.
HKSA 570 (Clarified) Going Requires that the auditor shall obtain written representations
Concern from management and, where appropriate, those charged with
governance of their plans for future action and the feasibility of
these plans.
HKSA 710 (Clarified) Requires that the auditor shall:
Comparative Information – (a) request written representations for all periods referred to
Corresponding Figures and in the auditor's opinion
Comparative Financial
(b) obtain specific written representations regarding any
Statements
restatement made to correct a material misstatement in
prior period financial statements that affect the
comparative information.
3.3 Other written representations

HKSA 580.13 Apart from Section 3.2, the auditor shall obtain other representations ie one or more written
representations to support other audit evidence relevant to the financial statements or one or more
specific assertions in the financial statements.
3.4 Form of written representations

HKSA 580.15 The written representations shall be in the form of a representation letter.
The representation letter should:
 be addressed to the auditors
 be appropriately dated (see below)
 contain specific information
 be signed by the members of management who have primary responsibility for the entity and
with specific relevant knowledge
The date of the written representations shall be as near as practicable to, but not after, the date
of the auditor's report on the financial statements. The written representations shall be for all
the financial statements and periods referred to in the auditor's report.
3.5 Doubt about the reliability of written representations

HKSA Written representations are the confirmations of oral representations from management to avoid
580.16-18, 20 any confusion and disagreement. The written representation letter is written evidence, so is better
quality evidence than oral representations.
However, the letter is evidence from within the entity and is less reliable than information from
independent sources. It is crucial to note that the auditor cannot solely rely on written
representations from management or those charged with governance as they are from an internal
source. The HKSA stresses that written representations do not provide sufficient appropriate
audit evidence on their own. The auditor shall consider the competence, integrity, ethical values
of management as these factors would affect the reliability of these written representations.
461
Business Assurance
If written representations are inconsistent with other internal and external corroborative audit
evidence, the auditor shall perform audit procedures to try to resolve the matter or investigate the
circumstances. If the matter cannot be resolved, the auditor shall reconsider the assessment of the
competence, integrity and ethical values of management, and the effect this may have on the
reliability of representations and audit evidence in general.
If the auditor concludes that written representations are not reliable, the auditor shall take
appropriate actions, including determining the impact on the auditor's report or withdrawing from
the engagement.
HKSA 580 (Clarified) requires that the auditor shall disclaim an opinion on the financial statements
if the auditor concludes that there is sufficient doubt about the integrity of management.
3.6 Written representations substituting other audit procedures

Representations by management cannot be a substitute for other audit evidence that the auditor
could reasonably expect to be available. For example:
(a) A representation by management as to the cost of an asset is not a substitute for the audit
evidence of such cost that an auditor would ordinarily expect to obtain
(b) A representation by management as to the quantity and condition of inventories is not a
substitute for the same evidence obtained through physical observation
(c) A representation by management as to the existence of a trade receivable is not a substitute
for the same evidence obtained by trade receivable confirmation
3.7 Written representations not provided

HKSA If management refuses to provide representations that the auditor requires, this constitutes a
580.19, 20 limitation on scope and auditor should express a qualified opinion or a disclaimer of opinion.
The auditor should reconsider the appropriateness of relying on other management representations
during the audit and should discuss the matter with management. Auditors should re-evaluate the
integrity of management.
Towards the end of an audit, it is common for the external auditor to seek a letter of representation
from the management of the client company.
Required
(a) List the matters commonly included in the letter of representation.
(b) Explain why it is important to discuss the content of the letter of representation at an early
stage during the audit.
4 Related parties
Topic highlights
It can be difficult to gain audit evidence about related party transactions.
462
4.1 Introduction
HKSA 550 (Clarified) Related Parties deals with the auditor's responsibilities with regards to related
party relationships and transactions in an audit of financial statements. It is management's
responsibility to identify related party transactions, to make proper disclosure and to approve the
transactions. It is not the auditor's responsibility to do so.
4.2 Nature of related party relationships and transactions
Key term
Related party. A party that is either:
HKSA 550.10
(a) a related party as defined in the applicable financial reporting framework (eg HKAS 24
(Revised)).
(b) where the applicable financial reporting framework establishes minimal or no related party
requirements:
(i) A person or other entity that has control or significant influence, directly or indirectly
through one or more intermediaries, over the reporting entity.
(ii) Another entity over which the reporting entity has control or significant influence,
directly or indirectly through one or more intermediaries.
(iii) Another entity that is under common control with the reporting entity through having:
– common controlling ownership (ie parent, subsidiary or fellow subsidiary related)
– owners who are close family members
– common key management
HKSA 550.2 During the audit process, auditors often encounter difficulties in identifying related party
transactions.
The nature of related party relationships and transactions may give rise to increased risk due to
the following reasons:
(a) Related parties may operate through a wide and complex range of relationships and
structures ie complex group structures. Management may be unaware of the existence of all
related party relationships and transactions
(b) Information systems may be ineffective at identifying or summarising transactions and
outstanding balances between an entity and its related parties
(c) Related party transactions may not be conducted under normal market terms and
conditions
(d) Related party relationships provide a greater opportunity for collusion, concealment or
manipulation by management
(e) Identifying related party transactions means extra work for management as often
accounting systems are not designed to identify the related party transactions
(f) Often there is a lack of audit trail for related party transactions
Planning and performing the audit with professional scepticism is therefore particularly important
where there are related parties.
4.2.1 Obtaining an understanding of the control environment

The auditor may consider features of the control environment relevant to mitigating the risks of
material misstatements associated with related party relationships and transactions. For example:
463
Business Assurance
(a) Review entity's internal codes

(b) Communicate appropriately with those charged with governance within the entity
(c) Review policies and procedures for disclosure of related party transactions, especially those
involving management and those charged with governance
(d) Consider the personnel assigned within the entity for identifying, recording, summarising and
disclosing related party transactions
(e) Consider timely disclosure and discussion between management and those charged with
governance in related to significant related party transactions
(f) Consider clear guidelines and monitoring controls of authorisation of related party
transactions and the terms and arrangements of these transactions
(g) Consider any periodic reviews by the entity's internal auditors
(h) Consider proactive action taken to resolve related party disclosure issues
(i) Consider the existence of monitoring controls over the related party transactions
4.2.2 The entity's controls over related party transactions

The auditor shall inquire of management and others within the entity, and perform other risk
assessment procedures considered appropriate, to obtain an understanding of the controls, if
any, that management has established to:
(a) identify, account for, and disclose related party relationships and transactions in accordance
with the applicable financial reporting framework
(b) authorise and approve significant transactions and arrangements with related parties
(c) authorise and approve significant transactions and arrangements outside the normal course
of business
Others within the entity are those considered likely to have knowledge of the entity's related party
relationships and transactions, and the entity's controls over such relationships and transactions.
Examples include those charged with governance, internal auditors, in-house legal counsel and the
Chief Ethics Officer.
Sometimes, controls over related party relationships and transactions may be deficient or non
existent as:
(a) management considers the controls are less important
(b) there is lack of appropriate oversight by those charged with governance
(c) management intends to disregard such controls in order to conceal sensitive information
(d) management has an insufficient understanding of the requirements of the applicable
financial reporting framework
The auditor may have to consider the ability to obtain sufficient appropriate audit evidence about
related party relationships and transactions and shall consider the impact on the auditor's report.
4.3 Risk assessment procedures and related activities required

HKSA According to HKSA 550 (Clarified), the auditor shall perform audit procedures and related activities
550.12, 13, 15 to obtain information relevant to identifying the risks of material misstatement required by HKSA
315 (Revised) and HKSA 240 (Clarified) associated with related party relationships and
transactions.
In addition, HKSA 550 (Clarified) requires the engagement team to discuss the susceptibility of the
entity's financial statements to material misstatement due to fraud or error that may result from
related party relationships and transactions.
464
4.3.1 Inquire of management and others within the entity

The auditor shall inquire of management the following:
 The identity of the entity's related parties
 The relationships between the entity and these related parties
 The types and the purposes of these related party transactions
4.3.2 Reviewing records or documents

During the audit, the auditor shall remain alert, when inspecting records or documents, for
arrangements or other information that may indicate the existence of related party relationships or
transactions that management has not previously identified or disclosed to the auditor.
In particular, the auditor shall inspect the following for indications of the existence of related party
relationships or transactions that management has not previously identified or disclosed to the
auditor:
 Bank and legal confirmations obtained as part of the auditor's procedures
 Minutes of meetings of shareholders and of those charged with governance
 Such other records or documents as the auditor considers necessary in the circumstances of
the entity
Examples of records or documents that the auditor may inspect in addition to those required
 Third-party confirmations obtained by the auditor (in addition to bank and legal
confirmations)
 Entity income tax returns
 Information supplied by the entity to regulatory authorities
 Shareholder registers to identify the entity's principal shareholders
 Statements of conflicts of interest from management and those charged with governance
 Records of the entity's investments ie investment certificate or statements and those of its
pension plans
 Contracts and agreements with key management or those charged with governance
 Significant contracts, agreements or accounting records not in the entity's ordinary course of
business
 Specific invoices and correspondence from the entity's professional advisers
 Life insurance policies acquired by the entity
 Significant contracts re-negotiated by the entity during the period
 Internal auditors' reports
 Documents associated with the entity's filings with a securities regulator
 Entity records ie annual returns
 Prior year working papers
Auditors shall share all relevant information obtained about the entity's related parties with the
other members of the engagement team.
465
Business Assurance
4.4 Responses to risks of material misstatement associated with

general related party relationships and transactions
HKSA 550.20 Depending upon the results of the auditor's risk assessment, the auditor should modify the nature,
extent and timing of the audit procedures to respond to the assessed risks associated with related
party relationships and transactions.
4.4.1 Testing controls over related party transactions

The auditor should consider whether it is possible to obtain sufficient appropriate audit evidence
from substantive audit procedures alone or test the entity's controls over related party relationships
and transactions. The auditor may find it more effective to perform tests of controls when
transactions are initiated, recorded, processed or reported electronically in an automatic
system. As a result, the auditor is required to test the entity's controls over the completeness and
accuracy of the recording of the related party relationships and transactions.
The auditor should design and perform further audit procedures to obtain sufficient appropriate
audit evidence about the assessed risks of material misstatement associated with related party
relationships and transactions. The nature, timing and extent of these procedures depend on the
nature of the risks and the circumstances of the entity.
4.5 Audit procedures on significant transactions outside the

normal course of business
HKSA 550.23 If the auditor identifies significant transactions outside the entity's normal course of business, the
auditor shall inquire of management about:
(a) the nature of these transactions
(b) whether related parties could be involved
In addition, the auditor shall understand the business rationale of the transactions and the
terms and conditions under which these have been entered into and shall consider whether any
fraud exists.
4.5.1 Transactions outside the entity's normal course of business
(a) Transactions outside the entity's normal course of business may include the following:
(i) Complex equity transactions
(ii) Use of tax haven companies
(iii) Transactions with no consideration exchanged
(iv) Sales transactions with unusually large discounts or returns or abnormal terms such
as unusual prices, interest rates and guarantees
(v) High volume or significant transactions that involve only one single party
(vi) Transactions with circular arrangements
(vii) Transactions under contracts whose terms are changed before expiry
(b) For identified significant related party transactions outside the entity's normal course of
business, the auditor shall perform the following:
(i) Inspect the underlying contracts or agreements
(ii) Evaluate whether the business rationale of the significant related party transactions
suggests they may have been entered into to engage in fraudulent financial reporting
or to conceal misappropriation of assets
Business rationale considerations include the following: underlying complexity, the
terms of trade, the logical business reason and the manner of process.
466
(iii) Evaluate whether the terms of the transactions are consistent with management's
explanations
(iv) Evaluate whether the transactions have been appropriately accounted for and
disclosed in accordance with the applicable financial reporting framework
(v) Obtain audit evidence that the significant related party transactions have been
appropriately authorised and approved
The auditor shall consider the consistency between management's explanations and the business
rationale of the related party transactions. Any inconsistencies with the nature of its business may
indicate a fraud risk.
The auditor shall consider and be alert as to whether there are rational explanations for
significant related party transactions that have not been authorised and approved by appropriate
level of management. Even where the transactions have been authorised and approved, the
auditor shall consider whether there is collusion between the related parties or by related parties
with dominant influence.
The auditor shall identify and assess the risks of material misstatement associated with related
party relationships and transactions and determine whether any of those risks are significant
risks.
4.5.2 Substantive procedures in response to significant risks

When the auditor has assessed a significant risk that management has not appropriately
accounted for or disclosed those specific related party transactions in accordance with the
applicable financial reporting framework, the auditor shall perform the following substantive
procedures:
 Confirm or discuss these transactions with intermediaries ie banks or legal firms
 Confirm the purposes, terms or amounts of these related party transactions
 Read the financial information or statements of related parties, if applicable
4.6 Related party with dominant influence
Topic highlights
A related party with dominant influence can exert control or dominant influence over the entity or
its management.
4.6.1 Indicators of dominant influence

This is necessary for identifying and assessing the risks of material misstatement due to fraud.
Such domination of management by a single person or small group of persons without any
compensating controls is a fraud risk factor.
Indicators of dominant influence exerted by a related party include:
(a) significant transactions are referred to the related party for final approval
(b) the related party has banned significant business decisions taken by management and those
charged with governance
(c) no debates by management and those charged with governance on the proposal initiated by
the related party
(d) no approval or independent review of related party transactions
(e) leading the entity by exerting dominant influence
467
Business Assurance
The auditor should be aware of any significant risks of material misstatement due to fraud such as:
(a) high turnover of senior management indicating unethical or fraudulent business practices
(b) use of intermediaries for significant related party transactions that have no clear business
justification
(c) excessive participation by related parties, especially in making significant estimates
4.6.2 Audit procedures on significant risks of material misstatement due to

fraud
If the auditor has determined there is a significant risk of material misstatement due to fraud
because of the presence of a related party with dominant influence, the auditor may perform the
following audit procedures:
 Inquire of management, or those charged with governance, or the related party
 Inspect significant contracts with related party
 Perform background research
 Review employee whistle-blowing reports
4.7 Unidentified or undisclosed related parties or significant

related party transactions
HKSA HKSA 550 (Clarified) requires that if entity's management has not previously identified or disclosed
550.21, 22 to the auditors the existence of related party relationships or transactions, the auditor shall
determine and confirm whether these transactions do really exist.
If management has not previously identified or disclosed to the auditors the related parties or
significant related party transactions and the auditor has identified them by himself, the auditor
shall:
 communicate promptly with other members of the engagement team
 request management to identify these transactions for auditor's further evaluation
 inquire of the entity about the controls over the related party relationships and transactions
 inquire of management the reasons for failure to identify and disclose these transactions
 inquire of parties outside the entities who have presumed knowledge of the entity ie lawyers
or consultants
 analyse the accounting records and verify the terms and conditions of these transactions
 consider the implication for the audit, especially concerning fraud
4.8 Forming an opinion

HKSA 550.27 In forming an opinion on the financial statements the auditor must evaluate whether:
(a) the identified related party relationships and transactions have been appropriately accounted
for and disclosed in accordance with the applicable financial reporting framework
(b) the effects of the related party relationships and transactions:
(i) prevent the financial statements from achieving fair presentation (for fair presentation
frameworks)
(ii) cause the financial statements to be misleading (for compliance frameworks)
If the auditor is unable to obtain sufficient appropriate audit evidence concerning related parties or
related party transactions and the disclosure is not adequate, the auditor should modify the
auditors’ report.
468
The auditor must communicate all significant matters arising during the audit in connection to the
entity's related parties to those charged with governance.
4.9 Written representations and documentation

HKSA 550.26 Where the applicable financial reporting framework establishes related party requirements, the
auditor shall obtain written representations from management and, where appropriate, those
charged with governance that:
(a) they have disclosed to the auditor the identity of the entity's related parties and all the
related party relationships and transactions of which they are aware (completeness)
(b) they have appropriately accounted for and disclosed such relationships and transactions in
accordance with the requirements of the framework (adequacy)
The auditor must document the names of all identified related parties and the nature of the related
party relationships.
You are the audit manager responsible for a recurring audit engagement. As a result of the
planning procedures recently completed for the upcoming year’s audit assignment, you became
aware that the company purchased goods from a supplier that may be related to a director of the
company.
Required
(a) What factors may cause you to believe that the purchases were made from a related party?
(b) What would you do if you concluded that the purchases were made from a related party?
(c) What would you do to ensure the completeness of related party transactions?
5 Overall review of financial statements
Topic highlights
The auditors must perform and document an overall review of the financial statements by
undertaking analytical procedures before they can reach an opinion.
Once most of the substantive audit procedures have been carried out, the auditors will have a draft
set of financial statements which should be supported by appropriate and sufficient audit evidence.
Towards the end of the audit process, it is usual for the auditors to undertake an overall review of
This review of the financial statements, in conjunction with the conclusions drawn from the other
audit evidence obtained, gives the auditors a reasonable basis for their opinion on the financial
statements. It should be carried out by a senior member of the audit team, with appropriate skills
and experience.
5.1 Compliance with accounting regulations

The auditors should consider whether:
469
Business Assurance
(a) the information presented in the financial statements is in accordance with local statutory
requirements that is, the Hong Kong Companies Ordinance
(b) the accounting policies employed are in accordance with accounting standards HKASs and
HKFRSs, properly disclosed, consistently applied and appropriate to the entity
When examining the accounting policies, auditors should consider the following:
(a) Policies commonly adopted in particular industries
(b) Policies for which there is substantial authoritative support
(c) Whether any departures from applicable accounting standards are necessary for the
financial statements to give a true and fair view
(d) Whether the financial statements reflect the substance of the underlying transactions and
not merely their form
(e) Whether sufficient evidence has been collected
(f) Whether the evidence supports the auditor's opinion
(g) Review of working papers
5.2 Review for consistency and reasonableness

The auditors should consider whether the financial statements are consistent with their knowledge
of the entity's business and with the results of other audit procedures, and the manner of disclosure
is fair. This can be done by applying analytical procedures at or near the end of the audit.
The principal considerations are as follows:
(a) Whether the financial statements adequately reflect the information and explanations
previously obtained and conclusions previously reached during the course of the audit
(b) Whether it reveals any new factors which may affect the presentation of, or disclosure in,
the financial statements
(c) Whether analytical procedures applied when completing the audit, such as comparing the
information in the financial statements with other pertinent data, produce results which
assist in arriving at the overall conclusion as to whether the financial statements as a whole
are consistent with their knowledge of the entity's business
(d) Whether the presentation adopted in the financial statements may have been unduly
influenced by the directors' desire to present matters in a favourable or unfavourable light
(e) The potential impact on the financial statements of the aggregate of uncorrected
misstatements (including those arising from bias in making accounting estimates) identified
during the course of the audit and the preceding period's audit, if any
The analytical review at the final stage must cover:
 important accounting ratios
 related items
 changes in products/customers
 price and mix changes
 wages changes
 variances
 trends in production and sales
 changes in material and labour content of production
 other expenditure in the statement of profit or loss and other comprehensive income
 variations caused by industry or economy factors
As at other stages of the audit process, significant fluctuations and unexpected relationships must
be investigated and documented in the working papers.
470
5.3 Treatment of errors

As part of their completion procedures, auditors should consider whether the aggregate of
uncorrected misstatements in the financial statements is material (also see Section 8 of this
chapter).
During the course of the audit, errors will be discovered which may be material or immaterial to the
financial statements. It is very likely that the entity will adjust the financial statements to take
account of these during the audit. At the end of the audit, however, some errors may still be
outstanding and the auditors will summarise these unadjusted errors.
The summary of errors will not only list errors from the current year, but also those in the previous
year(s). This will allow errors to be highlighted which are reversals of errors in the previous year,
such as in the valuation of closing/opening inventory. Cumulative errors may also be shown,
which have increased from year to year. It is normal to show both the effect on the statement of
financial position and statement of profit or loss and other comprehensive income.
If the auditors consider that the aggregate of misstatements may be material, they must
consider reducing audit risk by extending audit procedures or requesting management to adjust the
financial statements (which management may wish to do anyway).
If management refuses to adjust the financial statements and the results of extended audit
procedures do not enable the auditor to conclude that the aggregate of uncorrected misstatements
is not material, the auditor should consider the appropriate modification to the auditor's report.
If the aggregate of the uncorrected misstatements that the auditors have identified approaches the
materiality level, the auditors should consider whether it is likely that undetected misstatements,
when taken with aggregated uncorrected misstatements, could exceed the materiality level.
Therefore, as aggregate uncorrected misstatements approach the materiality level the auditors
should consider reducing the risk by:
 performing additional audit procedures
 requesting management to adjust the financial statements for identified misstatements
The schedule will be used by the audit manager and partner to decide whether the entity should be
requested to make adjustments to the financial statements to correct the errors.
6 Other information
Topic highlights
Auditors should always seek to resolve inconsistencies or misstatements of fact between
financial statements and other published information.
6.1 What is other information?

HKSA 720.6 HKSA 720 (Clarified) The Auditor’s Responsibilities Relating to Other Information in Documents
Containing Audited Financial Statements sets out the requirements of the auditor with respect to
other information, on which the auditors have no obligation to report, in documents containing
financial statements. However, the auditor is required to read the other information to identify
material inconsistencies if any with the audited financial statements.
471
Business Assurance
Key terms
Other information is financial and non-financial information other than the financial statements
HKSA and the auditor's report, which is included, either by law, regulation or custom, in a document
720.5a, 5b
containing audited financial statements and the auditor's report thereon.
An inconsistency exists when other information contradicts information contained in the audited
A material inconsistency may raise doubt about the audit conclusions drawn from audit evidence
previously obtained and, possibly, about the basis for the auditor's opinion on the financial
statements.
Here are some examples of other information:

 A report by management or the board of directors on operations
 Financial summaries or highlights
 Employment data
 Planned capital expenditures
 Financial ratios
 Names of officers and directors
 Selected quarterly data
Auditors have no responsibility to report that other information is properly stated because an audit
is only an expression of opinion on the truth and fairness of the financial statements. However, they
may be engaged separately, or required by statute, to report on elements of other information.
In any case, the auditors should give consideration to other information as inconsistencies with the
audited financial statements may undermine the auditor's report.
6.2 Access to other information

HKSA 720.7 Timely access to other information will be required. The auditors therefore must make appropriate
arrangements with the entity to obtain such information prior to the date of the auditor's report.
6.3 Material inconsistencies

HKSA 720.8- If, on reading the other information, the auditor identifies a material inconsistency, the auditor
10
???? shall determine whether the audited financial statements or the other information needs to be
revised.
When revision of the audited financial statements is necessary and management refuses to make
the revision, the auditor shall modify the opinion in accordance with HKSA 705 (Clarified). If
revision of the other information is necessary and management refuses to make the revision, the
auditor shall communicate this matter to those charged with governance and:
 include in the auditor's report an other matter paragraph describing the material
inconsistency
 withhold the auditor's report
 where withdrawal is legally permitted, withdraw from the engagement
The actions taken by the auditors will depend on the individual circumstances and the auditors may
consider taking legal advice, but may include the use of the auditor’s right to be heard at the
general meeting of the members.
For any material inconsistencies identified in other information obtained subsequent to the date of
the auditor's report, the auditor shall follow the requirements set out in HKSA 560 (Clarified)
Subsequent Events. (Please refer to Section 1 of this chapter.)
472
6.4 Material misstatements of fact

HKSA A “misstatement of fact” in other information exists when such information, not related to matters
720.14-16, appearing in the financial statements, is incorrectly stated and presented. A material misstatement
Appendix
of fact may undermine the credibility of the document containing audited financial statements.
If on reading the other information for the purpose of in identifying material inconsistencies the
auditor becomes aware of an apparent material misstatement of fact, the auditor shall discuss the
matter with management and shall evaluate the validity of the other information and
management's responses to the auditors' inquiries, and would need to consider whether valid
differences of judgment or opinion exist.
When, following such discussions, the auditor still considers that there is an apparent material
misstatement of fact, the auditor shall request management to consult with a qualified third
party, such as the entity's legal counsel and the auditor shall consider the advice received.
When the auditor concludes that there is a material misstatement of fact in the other information
which management refuses to correct, the auditor shall notify those charged with governance or
audit committee of the auditor's concern regarding the other information and take any further
appropriate action. In accordance with local practice this may include:
(a) including a paragraph describing the material misstatement after the audit opinion
(b) using the auditor’s right under s. 141(7) of Companies Ordinance to be heard at the general
meeting
(c) withdrawing from the engagement.
7 Communicating with those charged with governance
Topic highlights
Auditors shall communicate specific matters to those charged with governance and HKSA 260
(Clarified) provides guidance to auditors in this area.
7.1 The importance of communicating with those charged with

governance
HKSA HKSA 260 (Clarified) Communication with those Charged with Governance sets out guidance for
260.6, 11 auditors on the communication of audit matters arising from the audit of the financial statements of
an entity with those charged with governance. However, auditors do not have to perform specific
procedures to identify matters for the communication.
Key terms
'Those charged with governance' are the person(s) or organisation(s) with responsibility for
HKSA 260.10 overseeing the strategic direction of the entity and obligations related to the accountability of the
entity.
Management are persons with executive responsibility for the conduct of the entity’s operations.
The auditor must determine the appropriate person(s) within the entity’s governance structure with
whom to communicate. Communication with those charged with governance is important for the
following reasons:
(a) It assists the auditor and those charged with governance to understand audit-related
matters in context and allows them to develop a constructive working relationship
(b) It allows the auditor to obtain information relevant to the audit
473
Business Assurance
(c) It assists those charged with governance to fulfil their responsibility to oversee the financial
reporting process, thus reducing the risks of material misstatement in the financial
statements
7.1.1 Communication with a subgroup of those charged with governance

When governance is a collective responsibility, a subgroup such as audit committee or an
individual who may be charged with specific tasks to assist the governing body in meeting its
responsibilities, the auditor shall determine whether the auditor also needs to communicate with the
governing body.
7.1.2 Communication when all of those charged with governance are

involved in managing the entity
In some smaller entities, all of those charged with governance are involved in managing the entity.
Auditors do not need to communicate again with those same persons who are in both management
and governance roles.
7.2 Matters to be communicated by auditors to those charged

with governance
HKSA The following matters shall be communicated to those charged with governance:
260.16-17
The auditor's Including that the auditor is responsible for forming and expressing an
responsibilities in opinion on the financial statements and that the audit does not relieve
relation to the management or those charged with governance of their responsibilities.
financial statements This can be done by providing those charged with governance with a copy
audit of the engagement letter.
Planned scope and An overview of the planned scope and timing of the audit such as:
timing of the audit  How the auditor addresses the significant risks
 The auditor's approach to internal control
 The application of materiality in the audit
 Other planning matters
Significant findings The auditor shall communicate the following:
from the audit  The auditor's views about significant qualitative aspects of the
entity's accounting practices, including accounting policies,
accounting estimates and financial statement disclosures.
 Significant difficulties encountered during the audit
 Material deficiencies in the design, implementation or operating
effectiveness of internal control that have come to the auditor's
attention and have been communicated to management.
 Significant matters arising from the audit that were discussed or
subject to correspondence with management.
 Written representations requested by the auditor.
 Other matters that, in the auditor's professional judgment, are
significant to the oversight of the financial reporting process.
474
Auditor The auditor shall communicate the following for listed entities:
independence  A statement that the engagement team and others in the firm, the
firm, and network firms have complied with relevant ethical
requirements regarding independence.
 All relationships between the firm and entity that may reasonably be
thought to bear on independence.
 Related safeguards that have been applied to eliminate identified
threats to independence or reduce them to an acceptable level.
7.3 The communication process

HKSA 260.18 The auditor shall communicate with those charged with governance the form, timing and
expected general content of communications. The auditor shall communicate with those charged
with governance on a timely basis through structured presentations, written reports or
discussions.
8 Evaluation of misstatements identified during the

audit
Topic highlights
The auditor is required to evaluate the effect of identified misstatements on the audit and the effect
of uncorrected misstatements on the financial statements.
Key terms
Misstatement is a difference between the amount, classification, presentation, or disclosure of a
HKSA 450.4 reported financial statement item and the amount, classification, presentation, or disclosure that is
required for the item to be in accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.
Uncorrected misstatements are misstatements that the auditor has accumulated during the audit
and that have not been corrected.
HKSA 450.3 Misstatements can arise due to the following situations:

 Inaccurate gathering or processing data from which the financial statements are prepared
 Omitting an amount or disclosure
 Overlooking an accounting estimate or misinterpreting a fact
 Judging wrongly an accounting estimate due to unreasonable selection and application of
accounting policies
HKSA 450 (Clarified) Evaluation of Misstatements Identified during the Audit deals with the
auditor's responsibility to evaluate the effect of identified misstatements on the audit and of
uncorrected misstatements, if any, on the financial statements. The auditor's conclusion takes into
account the auditor's evaluation of uncorrected misstatements and the materiality level before
issuing the auditor's report.
The objective of the auditor in the evaluation is to evaluate:
(a) the effect of identified misstatements on the audit
(b) the effect of uncorrected misstatements, if any, on the financial statements.
475
Business Assurance
8.1 Accumulation of identified misstatements

HKSA 450.5 HKSA 450 (Clarified) requires that the auditor shall accumulate misstatements identified during
the audit other than those that are clearly trivial.
As a recap, the auditor may designate an amount below which misstatements would be clearly
trivial and would not need to be accumulated as the auditor expects that the accumulation of such
amounts clearly would not have a material effect on the financial statements.
Clearly trivial misstatements will have no impact on materiality and will be matters that are
clearly inconsequential. Where there is any uncertainty about whether one or more items are
clearly trivial, the matter is deemed to be not clearly trivial.
HKSA 450 (Clarified) requires the auditor shall accumulate misstatements other than those which
are clearly trivial identified during the audit. It is necessary to distinguish misstatements as follows:
Factual misstatements Judgment misstatements Projected misstatements

Misstatements without Different with management's judgment on Auditor's best estimate of
doubt accounting estimates and auditors misstatements in
consider them as unreasonable populations (Refer to audit
Inappropriate accounting policies sampling)
8.2 Consideration of identified misstatements as the audit

progresses
HKSA 450.6 The auditor shall determine whether the overall audit strategy and audit plan need to be revised
if there are identified misstatements or the other misstatements in aggregate are material.
If, at the auditor's request, management has examined a class of transactions, account balance or
disclosure and corrected misstatements that were detected, the auditor shall perform additional
audit procedures to determine whether misstatements remain, the amount of the actual
misstatement and whether adjustments shall be made.
8.3 Evaluating the effect of uncorrected misstatements

Prior to evaluating the effect of uncorrected misstatements, the auditor shall reassess materiality
determined in accordance with HKSA 320 (Clarified) to confirm whether it remains appropriate in
the context of the entity's actual financial results.
In making this determination, the auditor shall consider:
 the size and nature of the misstatements, both in relation to particular classes of
transactions, account balances or disclosures and the financial statements as a whole
 the effect of uncorrected misstatements related to prior periods on the relevant classes of
transactions and accounts balances
The cumulative effect of immaterial uncorrected misstatements related to prior periods may have a
material effect on the current period's financial statements. Auditors are advised to use the same
evaluation approach for consistency.
8.3.1 Offsetting of misstatements

If an individual misstatement is considered to be material, it is unlikely that it can be offset by other
misstatements. It may be appropriate to offset misstatements within the same account balance or
class of transactions, only after considering the existence of further undetected misstatements.
476
8.3.2 Misstatements in classification

The auditor shall evaluate qualitative factors when determining whether a classification
misstatement is material. The auditor may consider classification misstatement to be immaterial in
the context of the financial statements as a whole.
8.4 Communication and correction of misstatements

HKSA 450.8 The auditor shall communicate on a timely basis all misstatements accumulated during the audit
with the appropriate level of management, unless prohibited by law or regulation. The auditor
shall request management to correct those misstatements.
The auditor shall communicate with those charged with governance uncorrected misstatements
and the effect that they, individually or in aggregate, may have on the opinion in the auditor's
report, unless prohibited by law or regulation and the effect of uncorrected misstatements related to
prior periods on the relevant classes of transactions, account balances or disclosures, and the
financial statements as a whole. The auditor's communication shall identify material uncorrected
misstatements individually.
8.4.1 Considerations Specific to Public Sector Entities

In the case of an audit of a public sector entity, the evaluation whether a misstatement is material
may also be affected by the auditor’s responsibilities established by law, regulation or other
authority to report specific matters, including, for example, fraud.
Furthermore, issues such as public interest, accountability, probity and ensuring effective
legislative oversight, in particular, may affect the assessment whether an item is material by virtue
of its nature. This is particularly so for items that relate to compliance with law, regulation or other
authority.
8.5 Refusal to correct misstatements

HKSA 450.9 The auditor shall request management to correct those misstatements accumulated during the
audit. If management refuses to correct some or all of the misstatements communicated by the
auditor, the auditor shall obtain an understanding of management's reasons for not making the
corrections and shall take that understanding into account when evaluating whether the financial
statements as a whole are free from material misstatement.
8.6 Obtain written representations and documentation

HKSA The auditor shall request a written representation from management and, where appropriate,
450.14-15 those charged with governance whether they believe the effects of uncorrected misstatements are
immaterial, individually and in aggregate, to the financial statements as a whole. A summary of
such items shall be included in or attached to the written representation.
The auditor shall include in the audit documentation:
 The amount below which misstatements would be regarded as clearly unimportant
 All misstatements accumulated during the audit and whether they have been corrected
 The auditor's conclusion as to whether uncorrected misstatements are material, individually
or in aggregate, and the basis for that conclusion
477
Business Assurance
9 Following up discovery of illegal acts or fraud
Topic highlights
In most instances the auditor will discuss findings with those charged with governance. The auditor
may also consider the need to report to a proper authority in the public interest.

HKSA Where the auditor becomes aware of a suspected or actual instance of fraud which could have a
240.40-43 material effect on the financial statements, he shall:
(a) consider whether the matter may be one that ought to be reported to a proper authority in the
public interest; and where this is the case
(b) except when he is prohibited by law from informing any party other than the proper authority
or when the matter casts doubt on the integrity of those charged with governance, discuss
the matter with those charged with governance, including any audit committee.
He should also notify in writing those charged with governance of his view.
In respect of an identified suspected or actual instance of fraud which could have a material effect
on the financial statements, the auditor shall make a report direct to a proper authority in the public
interest without delay and without informing those charged with governance in advance in
situations where:
(a) the auditor concludes that the matter ought to be reported to a proper authority in the public
interest; and
(b) the auditor is prohibited by law from informing any party other than the proper authority or
the matter casts doubt on the integrity of those charged with governance.
An auditor who can demonstrate that he has acted reasonably and in good faith in informing an
authority of an instance of fraud which he thinks has been committed would not be held by the
court to be in breach of duty to the client even if, an investigation or prosecution having occurred,
it was found that there has been no offence.
An auditor may need to take legal advice before making a decision on whether the matter should
be reported to a proper authority in the public interest.
The implications of identified fraud depend on the circumstances. For example, an otherwise
insignificant fraud may be significant if it involves senior management. In such circumstances, the
reliability of evidence previously obtained may be called into question, since there may be doubts
about the completeness and truthfulness of representations made and about the genuineness of
accounting records and documentation. There may also be a possibility of collusion involving
employees, management or third parties.

HKSA The auditor shall obtain:
250.22-28
and
audit, including the auditor’s risk assessment and the reliability of written representations, and take
appropriate action.
478
The auditor may discuss the findings with those charged with governance where they may be able
to provide additional audit evidence.
The auditor may consider it appropriate to consult with the entity’s in-house legal counsel or
external legal counsel about the application of the laws and regulations.
audit, including the auditor’s risk assessment and the reliability of written representations.
The auditor may consider withdrawal from the engagement, where withdrawal is possible under
applicable law or regulation.
In some jurisdictions, the auditor of a financial institution has a statutory duty to report the
occurrence, or suspected occurrence, of non-compliance with laws and regulations to supervisory
authorities.
479
Business Assurance
Topic recap
Audit completion
Responsibilities
– Up to date of audit report
Subsequent event – After date of audit report but
before financial statements issued
– After financial statements issued
Reporting implications
Going concern Management’s responsibilities
Auditor’s responsibilities
About management’s
responsibilities
Required by other HKSAs Cannot be substitute

Written for other evidence
representations
Other
Identification
Related parties
Disclosure
Consistency and Analytical

reasonableness procedures
Overall review
Follow up illegal acts / fraud
Assess materiality of
Material inconsistency accumulated misstatement
Other information
Material misstatement of fact
Reports to those
charged with Relevant audit matters Including major
governance control deficiencies
Identified misstatement
Misstatements Evaluate
identified
Uncorrected misstatements
480
Answer 1
(a) The settlement of HK$8,000,000 was a subsequent event, and to be more specific, it was an
event occurring between the date of financial statements and the date of the auditor’s report.
In accordance with HKSA 560 (Clarified), the engagement team should perform procedures
designed to obtain sufficient appropriate audit evidence that all events up to the date of the
auditor’s report that may require adjustment of, or disclosure in, the financial statements
have been identified.
Such procedures ordinarily include the following:
– Reviewing procedures the management has established to ensure that subsequent
events are identified.
For example, the engagement may consider whether the directors/management of
SMC would be alerted of significant cash receipts subsequent to the financial year end.
If SMC has such procedures properly in place, it is likely that the management could
identify the settlement on a timely basis.
– Reading minutes of the meetings of shareholders, the board of directors and audit and
executive committees held after the date of the financial statements and inquiring
about matters discussed at meetings for which minutes are not yet available.
– Given that such meetings would not be frequent, it is unlikely that these procedures
would identify the settlement.
– Reading SMC’s latest available interim financial statements and, as considered
necessary and appropriate, budgets, cash flow forecasts and other related
management reports.
– Given that the preparation of such statements and reports would not be frequent, it is
unlikely that these procedures would identify the settlement.
– Inquiring, or extending previous oral or written inquiries, of SMC’s lawyers concerning
litigation and claims.
Unless the lawyers of SMC have been involved in dealing with the customer for
settlement, such an inquiry or extended confirmation is unlikely to identify the
settlement.
– Inquiring of management of SMC whether any subsequent events have occurred
which might affect the financial statements.
– Provided that SMC has an effective and efficient internal system in identifying and
reporting significant/major cash movements, it is very likely that the engagement
team’s inquiry of management would identify the settlement.
(b) When the engagement team became aware of the settlement before the issue of the
auditor’s report, the engagement team should determine whether SMC’s financial statements
should be amended.
Given that the settlement of HK$8,000,000 subsequent to the financial period provides
evidence as to the recoverability of the receivable as at 31 December 20X9, the engagement
team should normally request SMC to amend the financial statements such that the amount
of impairment of receivables for the year ended 31 December 20X9 would be reduced by
HK$8,000,000.
481
Business Assurance
If the management of SMC refuse to amend the financial statements, the engagement team
should consider whether it is appropriate to issue a qualified opinion in accordance with
HKSA 705 (Clarified).
Answer 2
(a) EE Limited’s auditor should consider the below in assessing the risk of material
misstatement relating to EE Limited’s financial statements as a whole in response to the
rumour:
 Whether the valuation of the accounts receivable due from Y Limited will be impaired
since Y Limited is reported to be in serious financial difficulty; and
 Assess whether Y Limited is the single largest customer of EE Limited and whether
the loss of business from Y Limited would seriously impact the going concern of
EE Limited.
(b) EE Limited’s auditor should consider the audit procedures below in response to the rumour:
 Discuss the rumour with management and management’s assessment of the rumour;
 Perform independent checks on Y Limited’s financial stability;
 Review the year end outstanding accounts receivable balance due from Y Limited and
assess any potential recoverability issues since Y Limited was reported to be in
serious financial difficulty;
 Understand and evaluate management’s business and settlement plan with Y Limited,
if any;
 Review EE Limited’s current financial position, budget and projected cash flow
forecast and assess whether EE Limited is able to continue the operation as a going
concern even if Y Limited is proven to be in financial difficulty; and
 Reassess whether management has adopted an appropriate basis of preparation for
the financial statements and consider whether sufficient financial statements
disclosure has been made about going concern.
EE Limited’s auditor should consider the below audit procedures on performing the
subsequent event review:
 Ask the management whether there is any significant subsequent event to their
knowledge that should be brought to the auditor’s attention;
 Review management’s procedures for identifying subsequent events to ensure that
management are aware of the risks;
 Review meeting minutes and written resolutions of the board of directors and
significant committees up to the date of the signed auditor’s report;
 Review EE Limited’s announcements and publications relating to EE Limited up to the
date of the signed auditor’s report;
 Review EE Limited’s latest available management accounts, budget, cash flow
forecast and management reports.
The above procedures collectively aim to investigate whether there have been any:
 New commitments, borrowings or guarantees;
 Sales or destruction of non-current assets;
 Changes of business structure;
 Issues of shares/debentures;
482
 Unusual accounting adjustments subsequent to year end;

 Litigation and claims to indicate potential contingent liabilities; and
 Significant changes in the assets and capital structure of EE Limited.
Answer 3
(a) Common categories of matters included in the letter of representation:
(i) Confirmation of responsibility for, and approval of, the financial statements.
(ii) Confirmation that all of the accounting records, and all related documentation (such as
minutes of management and shareholder meetings) have been made available, and
that company transactions have been properly reflected therein.
(iii) Confirmation of the expected outcome of legal claims.
(iv) Confirmation of company plans in relation to certain tax provisions.
(v) Confirmation of completeness of disclosures of related party transactions.
(vi) Confirmation that there have been no events after the balance sheet requiring
revisions to the financial statements.
(b) In order to emphasise its importance to management, and to explain that it forms a key part
of audit evidence.
Answer 4
(a) Factors that need to be considered to determine whether the purchases were made from a
related party:
(1) Were the transactions entered into between the parties with normal terms of trade
such as pricing and credit terms, compared to transactions made with other parties?
(2) Were the transactions entered into between the parties without apparent business/
commercial reasons?
(3) Were the transactions made in a structure that places significant emphasis on legal
form rather than actual substance?
(4) Were the transactions carried out in a different manner compared to similar
transactions made with other parties?
(5) Was there an unexpectedly high volume or significant number of transactions made
with the identified supplier?
(6) Were the transactions handled by management/staff who normally are not responsible
for this work?
(b) If the purchases were made with a related party, I will do the following:
(1) Discuss the reasons for the purchases with directors and senior management of the
company.
(2) Send a positive confirmations request in connection with the terms of trade and
amount of the purchases to the party concerned.
(3) Discuss the issue directly with the party concerned and inspect documents in its
possession.
(4) Confirm the nature of the transactions or discuss the matter with other parties involved
in/associated with the transactions.
(5) Include specific representations covering the relationship between the company and
the party, terms of trade and the amount in the letter of representation.
483

Module C Business Assurance - Part 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module C Business Assurance - Part 1

Uploaded by

Copyright:

Available Formats

HKMCST13 (3" front binder)_Layout 1 02/08/2013 11:14 Page 1

Module C: Business Assurance

ISBN 9781 4453 6967 9

British Library Cataloguing-in-Publication Data

BPP Learning Media Ltd

The copyright in this publication is jointly owned by

Printed in Singapore by Ho Printing

31 Changi South Street 1

Your learning materials, published by BPP Learning

All rights reserved. No part of this publication may be

The contents of this book are intended as a guide and not

Every effort has been made to contact the copyright

We are grateful to HKICPA for permission to reproduce the

Part A Corporate governance

Part B Internal assurance

Part C Professional standards and guidance

Part D Assurance engagements

Part E Other audit matters

Part F Computerised business systems

Answers to exam practice questions 615

Question bank – questions 647

Question bank – answers 675

Glossary of terms 719

External Function Internal Function

Part E Other Audit Matters

Part F Computerised Business Systems

Examples Illustrations of particular techniques or concepts with a worked solution or

viii Business Assurance

LO1. Professional standards and guidance

LO2. Assurance engagements

2.03.08 Explain the procedures for the transfer of books, 7

LO2.06 Quality control considerations: 3

xii Business Assurance

2.09.09.06 Trade payables and accruals 13

LO2.12 Completion procedures: 3

3.01.02 Discuss the provisions of international codes of 1

xiv Business Assurance

3.01.03 Explain corporate governance developments in 2

LO4.03 Impact of increasing use and share of ownership by 2 20

xvi Business Assurance

1 Codes of corporate governance 4 Major issues in corporate governance

In this chapter you will cover the following learning outcomes:

3.01.01 Explain the objectives, concepts, relevance and importance of

1 Codes of corporate governance

1.1 What is corporate governance?

1.1.1 The importance of corporate governance

1.2 Contribution of corporate governance codes

1.3 Elements of corporate governance

1.4 Organisation for Economic Co-operation and Development

OECD Principles of Corporate Governance

1.5 Corporate governance concepts

1.5.2 Openness and transparency

1.5.4 Probity and honesty

1.6 HKICPA Guide on Corporate Governance

Statement on Listed companies and other companies are encouraged to include a

Standards of Ethical conduct – governing board members should endeavour to

Values-based The organisation's overarching objective should be to develop a values-

2 Corporate governance and agency

2.1 Nature of agency

2.2 Accountability and fiduciary responsibilities

Two problems potentially arise with this:

2.2.2 Fiduciary duty