Acca p7 Aaa Technical Articles

lOMoARcPSD|2981706
ACCA P7 AAA Technical Articles
Applied Business Ethics (Mit Univerzitet)
StuDocu is not sponsored or endorsed by any college or university

Downloaded by Arlinda Martinaj ([email protected])
lOMoARcPSD|2981706
ACCA
ADVANCE AUDIT AND ASSURANCE
TECHINICAL ARTICLES
PAGE
EXAM TECHNIQUE FOR ADVANCED AUDIT AND ASSURANCE 3
IAASB exposure draft – Proposed International Standard on Auditing 540

(Revised) Auditing Accounting Estimates and Related Disclosures 34
Responding to non-compliance with laws and regulations (NOCLAR)

42
AUDITOR REPORTING 46
Corporate governance and its impact on audit practice

52
THE AUDITOR'S REPORT

57
AUDITING DISCLOSURES IN FINANCIAL STATEMENTS

64
PERFORMANCE INFORMATION IN THE PUBLIC SECTOR 67
LAWS AND REGULATIONS 71
AUDIT QUALITY – A PERPETUAL CURRENT ISSUE 75
PROFESSIONAL SCEPTICISM 78
USING THE WORK OF INTERNAL AUDITORS

82
ACCOUNTING ISSUES 90
FORENSIC ACCOUNTING
94
AUDITOR LIABILITY 99
THE CONTROL ENVIRONMENT OF A COMPANY 103

lOMoARcPSD|2981706
CONTINUE TO BE REST ASSURED 109
SA 315 (REVISED), IDENTIFYING AND ASSESSING THE RISKS OF

MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY
AND ITS ENVIRONMENT 113
PLANNING AN AUDIT OF FINANCIAL STATEMENTS 117
COMPLETING THE AUDIT 200
AUDIT AND INSOLVENCY 124
GROUP AUDITING 127
ACCEPTANCE DECISIONS FOR AUDIT AND ASSURANCE ENGAGEMENTS

132
AUDITING IN A COMPUTER-BASED ENVIRONMENT 136
AUDIT OF ESTIMATES AND FAIR VALUES

140
ANALYTICAL PROCEDURES 145
GOING CONCERN
149
AUDIT RISK 153
AUDITING IN A COMPUTER-BASED ENVIRONMENT (2) 157
MASSAGING THE FIGURES

163
ISA 240 (REDRAFTED) - AUDITORS AND FRAUD 165
THE IMPORTANCE OF FINANCIAL REPORTING STANDARDS TO

AUDITORS 169
FORENSIC AUDITING
173
AUDITORS' REPORTS TO THOSE CHARGED WITH GOVERNANCE 176
GROUP AUDIT ISSUES 178

lOMoARcPSD|2981706
EXAMINING EVIDENCE 182
AUDIT WORKING PAPERS 186
ADVANCED AUDIT AND ASSURANCE – EXAMINER’S APPROACH 190
HOW TO TACKLE AUDIT AND ASSURANCE CASE STUDY QUESTIONS

193
AUDIT AND ASSURANCE CASE STUDY QUESTIONS 198
EXAM TECHNIQUE FOR ADVANCED AUDIT AND ASSURANCE

Part 1 – Ethics
Ethical standards and their application form a major part of the Advanced Audit
and Assurance syllabus and are examined regularly. Often the marks for this
area will be spread over more than one question and may be combined with
planning, professional issues or as a standalone.
The basic ethical standards at this level are the same as those examined
previously in Audit and Assurance; what sets apart the level of the questions is
your ability to apply those standards to more complex situations and show that
you understand both threats and safeguards. This is an area of the exam where
candidates can use good exam technique to increase the marks attained without
having to rote learn much additional information above that learnt for previous
exams.
This article will demonstrate how to maximise marks on these areas using good
technique. It is, however, specific to the context of auditing and assurance and
will therefore have a different focus and application to the way ethics is examined
in other areas of the ACCA Qualification.
WHAT YOU NEED TO KNOW
The starting point for preparing for any exam is to know the underlying
knowledge that is required for this part of the syllabus. At this level the content of
the guidance is what you should focus on. Marks are not awarded for memorising
or quoting standard numbers, it is the application of the content of those
standards that is important. For the Advanced Audit and Assurance exam the
following standards are examinable:
ACCA’s Code of Ethics and Conduct (2016)
IESBA’s Code of Ethics for Professional Accountants (Revised May
2015)
IESBA–Changes to the Code Addressing Certain Non-Assurance
Services Provisions for Audit and Assurance Clients
Ethical Considerations Relating to Audit Fee Setting in the Context
of Downward Fee Pressure (January 2016)
In addition, for the UK exam candidates will be examined on the Financial

Reporting Council’s Revised Ethical Standard 2016, for the IRL exam candidates

lOMoARcPSD|2981706
will be tested on the IAASA’s Ethical Standard for Auditors (Ireland) 2016, and
SGP candidates should also refer to the ISCA Code of Professional Conduct and
Ethics (Revised November 2015).
You will be familiar with ACCA’s Code of Ethics from the Audit and Assurance
exam. This mirrors the IESBA’s Code of Ethics so you will be familiar with the
five basic principles of Integrity, Objectivity, Professional Competence and Due
Care, Confidentiality, and Professional Behaviour. You will also be familiar with
the general areas of threat to the fundamental principles of Self Review, Self
Interest, Advocacy, Familiarity, and Intimidation.
The situations you will be appraising at this level will usually involve an
assessment of those same principles within scenarios given in the question. In
addition, you may be expected to identify situations where the auditor is at risk of
assuming a management responsibility with respect to providing additional
services to audit clients or appreciate the differences between listed (or other
public interest entities) and non-listed clients when it comes to applying these
principles.
With regards to objectivity and independence, the general conceptual approach
in the codes is as follows:
(a) Identify threats to independence
(b) Evaluate the significance of the threats identified, and
(c) Apply safeguards, when necessary, to eliminate the threats or reduce
them
to an acceptable level.
When the professional accountant determines that appropriate safeguards
are not available or cannot be applied to eliminate the threats or reduce
them to an acceptable level, the professional accountant shall eliminate the
circumstance or relationship creating the threats or decline or terminate
the audit engagement.
HOW TO APPLY THE KNOWLEDGE
When addressing ethical situations in the exam, you will usually have to
demonstrate these skills:
that you can identify an ethical threat
that you understand how it arises and the implication of the threat,
and
that you can relate the guidance to the specific scenario to
determine the safeguards or course of action required.
Each of these skills can be illustrated through the examples below (note that the
answers provided here are focusing on the ethical issues arising and do not
cover the professional or other issues you might also need to discuss arising
from the scenarios). These answers are not fully comprehensive and give an
example of the content which could be produced in an exam. There are further
points in each case that could be developed and additional outcomes available
within the ethical codes; however, they do represent a well-developed answer a
candidate could use to attain the full marks available.

lOMoARcPSD|2981706
Example 1
The audit committee of, Mumbai Co, has asked the partner to consider whether it
would be possible for the audit team to perform a review of the company’s internal
control system. A number of recent incidents have raised concerns amongst the
management team that controls have deteriorated and that this has increased the
risk of fraud, as well as inefficient commercial practices. The auditor’s report for the
audit of the financial statements of Mumbai Co for the year ended 31 March 2016
was signed a few weeks ago. Mumbai Co is a listed company.
Required:Comment on the ethical issues raised and the actions your firm should
take in response to the client’s request.
(6 marks)
In this example, we are asked to provide an additional service to an audit client –

a review of systems and controls. This is going to give rise to a self-review threat
and may possibly lead to assuming a management responsibility. This
identification is the first step to answering the question, but these points alone will
not score credit in the exam until you have developed them. In order to do this
you can use the steps described to build up marks as follows. The important
phrases are in bold.
Demonstrating you understand the threats, how they arise and the implication
Providing a review of the company’s system and controls gives rise to a self-review
threat as these controls will then be reviewed by the firm when determining our
audit strategy. The firm may be reluctant to highlight errors or adopt a
substantive approach during the audit as this may highlight deficiencies in the firm’s
work on the additional service. (1 mark)
The design of systems and controls is a management responsibility so a

review of such may give rise to a situation where the auditor is assuming a
management responsibility by taking on the role of management. (1 mark)
Apply the guidance to the scenario – evaluate the significance and suggest
safeguards

lOMoARcPSD|2981706
The code states that the threat to independence of undertaking management

responsibilities for an audit client is so significant that there are no safeguards
which could reduce the threat to an acceptable level. (1 mark)
However, this answer could score three marks, it is likely that more marks are
available. From an exam technique point of view, you should be looking for
additional points to make. At this stage, don’t start speculating about relative fee
size; try to focus on the information the examiner has given you. Here, the
company is flagged as listed, so there must be further development available on
this area. Think about how you’ve seen management responsibility issues
overcome during your studies and past question practice. It is these points that
you can use to attract further marks.
Management responsibility can be avoided if the client takes responsibility for

monitoring the reports made and taking the decisions on recommendations.
(1 mark)
However, as this client is listed, we are prohibited from undertaking internal audit
services which relate to a significant part of the controls over financial reporting. (1
mark)
Conclude
As such we must decline the additional work. (1 mark)
In other circumstances, the safeguard of using separate teams to overcome self-

review threats or considering the competence of the firm to provide this service
would attain credit; however, in this case, the client is listed so these points are
irrelevant here.
Note that, in the exam, no marks are awarded for simply listing self-review or
management responsibility as they will need to be described before marks are
awarded. As such, ensure that you take the time to explain the threats rather
than simply writing terms.

lOMoARcPSD|2981706
Example 2
Your firm’s advisory department has been carrying out a due diligence assignment
on a potential acquisition target of an audit client, Blue Co. The management team
of Blue Co has also approached White & Co to ask whether representatives of the
firm would be available to attend a meeting with the company’s bankers, who they
are hoping will finance the acquisition of Red Co, to support the management team
in conveying the suitability of the acquisition of Red Co. For the meeting the bank
requires the most up-to-date interim accounts of Red Co with the accompanying
auditor’s independent interim review report. Your firm is due to complete the interim
review shortly and the management team of Red Co has requested that the interim
review is completed quickly so that it does not hold up negotiations with the bank,
stating that if it does, it may affect the outcome of the next audit tender, which is
due to take place after the completion of this year’s audit.
Required:Comment on the ethical issues raised and recommend any actions your
firm should take in response to the client’s requests.
(8 marks)
In this example we have additional services and pressure relating to existing

services to an audit client. The issues we face are advocacy, self-review,
management responsibility and intimidation.
Demonstrating you understand the threats, how they arise and the implication
Attending a meeting with the bank would give rise to an advocacy threat as we
would be perceived as promoting the interests of our client and confirming the
client’s assertions in negotiations. (1 mark)
In addition, this may give rise to legal proximity exposing the firm to potential
litigation. (1 mark)
Attending the meeting may result in the firm being perceived to support the
acquisition of Red Co. As these are decisions which should be taken by
management we could be perceived as taking on a management role.
(1 mark)
Self-review threats may also arise when we later audit the finance and acquisition
in the financial statements of the group as we may be reluctant to highlight
errors or are less sceptical about the values in the subsidiary as we have
provided the due diligence work. (1 mark)
Further, an intimidation threat exists as the client has threatened that if the interim
report is delayed it would affect the outcome of the tender for audit in the future
and there is a risk that quality is reduced in order to meet the client’s
demands. (1 mark)

lOMoARcPSD|2981706
Apply the guidance to the scenario – evaluate the significance and suggest
safeguards and concludeHere, there are different directions that the answer
could take – for example, discussing in depth the exact nature of the assignment
and meeting attendance; however, it is possible to attract marks without such
detail in your answer as follows:
Assuming a management responsibility can be avoided if the directors confirm in

writing that they are responsible for any decision regarding the acquisition. (1
mark)
The firm should decline to attend the meeting with the bank. (1 mark)
The self-review threat can be reduced by having an independent partner review

the audit work prior to signing the auditor’s report. (1 mark)
The intimidation threat should be reported to those charged with governance. (1

mark)
Note that, in this instance, a separate team for the due diligence and audit
assignments was not suggested as the scenario already told us that a different
department had been carrying out the due diligence work.
CONCLUSION
The above two examples aim to cover a range of issues and illustrate how
candidates can attract strong marks when answering ethics questions. As with
most areas of the Advanced Audit and Assurance exam, it is the application of
knowledge to a scenario rather than the knowledge itself that will attract marks.
This means that when preparing for this exam, a good grasp of the knowledge
underpinning the syllabus is important but practising questions and developing
the skills of applying that knowledge is key to passing.
Written by a member of the P7 examining team
Last updated: 2 Feb 2018
Part 2 – Risk
/ Element: Page Intro Block: Text
Risk is examined in several ways within the Advanced Audit and Assurance
syllabus and understanding the difference between these can be key to scoring
good marks in the exam. Quite often, risk forms part of a planning question but it
is also examined with respect to financial reporting issues elsewhere in the
exam.

lOMoARcPSD|2981706
The key to attaining good marks for risk comes from understanding the types of
risk you are looking for and explaining them in the correct context. As with many
areas of the exam, good exam technique can be used to increase the marks
attained without having to rote learn much additional information. It is application
and understanding that is important at the Professional level.
This article will demonstrate how to maximise marks on these areas using
effective exam technique. It is, however, specific to the context of auditing and
assurance and will therefore have a different focus and application to the way
risks are examined in other areas of the ACCA Qualification.
What you need to know
The three main types of risk you might be asked to evaluate in the exam are
business risk, risk of material misstatement and audit risk. These are defined as
follows:
Business risk A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity’s ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate
objectives and strategies (ISA 315)
Risk of material misstatement (RoMM) ‘The risk that a material misstatement
exists in figures or disclosures within the financial statements prior to audit’
(IAASB – glossary of terms)
Audit risk ‘The risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. Audit risk is a function of
material misstatement and detection risk’ (IAASB – glossary of terms)
How they interact You should know from your study of Audit and Assurance that
the audit risk model is comprised of:
Audit risk = RoMM x detection risk
For a risk of misstatement to occur there must be an inherent risk of an item
being misstated and a risk that the client’s controls did not identify and correct
this misstatement. When you are asked to evaluate RoMM in an exam, the
examiner is looking for those inherent and control risks and, in many cases,
these arise from underlying business risks.
For something to be an audit risk, there must be either a RoMM or a detection
risk, the risk that the auditor’s procedures do not identify a material misstatement
in the financial statements.
How to apply the knowledge
Knowing these definitions will help you to remember which type of risk is which or
to categorise risks into these sub types but it is not something you will be
awarded direct credit for in an Advanced Audit and Assurance exam.
Remember that you are often being asked to prepare an answer for the attention
of the audit engagement partner, who will certainly not need these terms
explained. Therefore, these definitions are so that you know what type of risk you
are looking for in a question but the marks will be awarded for your evaluation of
these risks.
Let’s consider an example of information that may be provided in the exam and
how your answer would differ for each of the risk types you might be asked to
evaluate. The following is an extract from the published September/December

lOMoARcPSD|2981706
2015 sample questions:
Dali Co was established 20 years ago and has become known as a

leading supplier of machinery used in the quarrying industry, with its
customers operating quarries which extract stone used mainly for
construction.
The machines and equipment made by Dali Co are mostly made to

order in the company’s three manufacturing sites. Customers approach
Dali Co to design and develop a machine or piece of equipment specific
to their needs. Where management considers that the design work will
be significant, the customer is required to pay a 30% payment in
advance, which is used to fund the design work. The remaining 70% is
paid on delivery of the machine to the customer. Typically, a machine
takes three months to build, and a smaller piece of equipment takes on
average six weeks. The design and manufacture of bespoke machinery
involving payments in advance has increased during the year. Dali Co
also manufactures a range of generic products which are offered for
sale to all customers, including drills, conveyors and crushing
equipment.
Block: Text
Business risk For the purpose of the exam, these risks can usually be thought
of in terms of conditions that may prevent a business from meeting its objectives
and might include risks to achieving future profits or cashflows or to business
survival. This is a simplified explanation, but will help you describe the
implications of most risks you come across in the exam. There will be some risks
whose explanation is more involved and you can find examples of these in past
exams.
In general, you are looking for risks in the information that the examiner has
presented to you within the scenario. You will be asked to evaluate those risks.
At this level you will not be credited for defining business risk, nor will you
receive credit for describing what a client could do to mitigate those business
risks.
As set out in the ISAs, the focus of business risk evaluation as part of the audit
process is identifying matters that could impact on audit planning, in particular
matters that could give risk to risks of material misstatement or audit risks.
The focus in the Advanced Audit and Assurance exam is therefore quite different
from other strategic level exams where you might be expected to consider risks
from a business perspective and to describe methods the business may use to
manage those risks. If you stray into risk mitigation from a business perspective
rather than an auditor’s perspective you are wasting valuable time on making
points that cannot score marks.
As such, you need to consider how to frame the information which is provided as
10

lOMoARcPSD|2981706
a business risk. As a general rule, marks for business risks will be awarded along
the following lines:
For identifying only without meaningful explanation, ½ mark
For a briefly explained business risk, 1 mark will be awarded, and
Full marks will only be awarded where a well explained business
risk is presented.
Marks will not be awarded for points that are purely speculative – ie not based on
specific information provided in the question scenario – nor will marks be
awarded for business risks that do not impact on the audit.
Let’s now apply that logic to the example provided above:
Identification only – worth ½ mark
The company manufactures bespoke machines for clients which may

take six months to complete.
In an exam, an answer that merely repeats facts from the question is

unlikely to attain many marks – in a business risk question it can score
½ mark for identification only as the implications for the company have
not been considered.
Identified and briefly explained – worth 1 mark

take six months to complete. During this time the company has funds
tied up in work in progress.
This point cannot score full marks as there is no development of why

this is a risk; how does it impact on the business or the audit?
Identified and well explained – worth full marks

take six months to complete. During this time the company has funds
tied up in work in progress, which could give rise to cashflow problems,
especially as the 30% deposit may not cover all the upfront costs. This
service has increased in the year putting further strains on cash flow.
11

lOMoARcPSD|2981706
Block: Text
It is also possible that a risk can have other implications or alternative
descriptions that are valid and, if the answer was developed in one of these
directions, that would still attract credit. For example, the following would also be
an appropriate way to fully explain the same risk:
Identified and well explained – worth full marks

take six months to complete. There is a risk that the customer cancels
the order after the company has spent significant funds on the design
and manufacture of the machine. This will have put strain on the
company cash flow and it is unlikely that the machine can be sold to a
different customer for the same price due to its bespoke nature. This
may mean that the company makes a loss on the sale of the inventory
or cannot sell it at all.
Block: Text
In an exam such as this, it’s reasonable to assume that the examiner has given
you each piece of information for a reason. It is likely to be relevant to one of the
requirements and the examiner will often flag if there are areas which you should
not consider. A good technique is to try and identify risks in each paragraph –
there could be more than one but there is unlikely to be a section of text that
does not flag something relevant for at least one requirement.
Another thing to watch for is describing risks that are speculative or insignificant
in the context of the scenario you are given. There will be sufficient risk areas
described in the scenario to score maximum credit if they are well described. If
you find yourself hypothesising about potential issues that may affect the client,
but you don’t have enough information to know if it’s a risk or not, then you are
likely to be making irrelevant or marginal points. While it is true that valid risks –
beyond those on the marking guide – can attract credit, it is much easier and less
risky to use those that are flagged by the examiner.
Risks of Material Misstatement (RoMM) RoMM often follow from business risks
and are the impact that those risks might have on the financial statements. It can
be good practice during preparation for the exam to try and think of how a
business risk might affect the financial statements every time you are analysing
them. You are looking to convert that business risk into an impact on the
calculation or disclosure of items within the financial statements.
When describing RoMMs, an effective approach is to use the following steps to
construct your answer
Calculate and conclude on the materiality of the issue where sufficient
information is available – a mark will be given for a correct and relevant
calculation of materiality with an appropriate conclusion – this will only be
awarded once per issue and materiality marks may be capped in an exam
12

lOMoARcPSD|2981706
question.
Briefly describe the relevant financial reporting requirement – note that no
credit is awarded for the accounting standard names or numbers, only the
accounting treatment.
Relate the risk in the scenario to the accounting treatment.
Illustrate the impact of the risk on the financial statements
In general, there will be credit available for each of these processes and you
should recall this approach every time you tackle a question requirement on
evaluating RoMM.
Let’s consider the business risk we looked at above. The issue of bespoke
machinery with an upfront payment can affect the financial statements in terms of
revenue recognition, when dealing with the upfront payments, and inventory
valuation. For the purposes of the exam, these two accounting issues are likely
to be assessed as two separate RoMMs.
Applying this to the scenario we have above, the following illustrates a possible
answer that could be written under exam conditions and would score full marks
for each of the addressed risks.
Revenue recognitionThe company receives a 30% deposit for the

design of bespoke machinery.
Revenue should be recognised over time or at a point in time when

control is passed. Such points will be determined by the contractual
terms. Payments received in advance of control passing should be
recognised as deferred income.
There is a risk that revenue might be recognised early when payment

is received rather than being deferred.
This would result in an overstatement of revenue and an

understatement of liabilities for deferred revenue.
Inventory valuationThe company manufactures machines over a period
of up to three months. This gives rise to work in progress.
Work in progress is valued at the lower of cost and NRV where cost
includes all the costs of purchase and conversion including
overheads of getting the item to its present location and condition.
There is a risk that an order for bespoke machinery is cancelled and

the inventory NRV falls below the net costs incurred.
This would result in an overstatement of inventory (or assets) in the

statement of financial position and an understatement of cost of sales,
13

lOMoARcPSD|2981706
therefore an overstatement of profit.
Note that we did not have sufficient information to calculate materiality

in these examples.
Block: Text
Audit risks Where you are asked to evaluate audit risks in an exam, much of
your answer would be the same as for a requirement asking for risks of material
misstatements as these form the major part of audit risk. The difference here is
that detection risk is now also relevant. Examples of detection risk could include
a recent appointment as the auditor, inexperience in a client’s new market or time
pressure for the audit.
If the information provided in the example we have been using included the
following information:
You are the audit manager of Dali Co, a new audit client of your firm.
The partner has asked you to plan the audit for 31 December 2015 and
has provided you with the following information after a discussion with
the client.
Block: Text
Then, in addition to the RoMMs we have discussed, there would be an additional
audit risk.
We are newly appointed auditors of the client and, as such, do not have
the same level of understanding of the client’s business and controls as
we would for an existing client. As such, we may fail to recognise certain
RoMMs or may apply inappropriate procedures due to this lack of
understanding
In addition, we have not audited the opening balances, so there is a risk

that the opening balances may be incorrect or inappropriate accounting
policies have been used.
Block: Text
There are two common errors candidates make in the exam around the issue of
a new client. First, some candidates consider that a new auditor is a business
risk or gives rise to a RoMM. This is incorrect. The underlying business is the
same regardless and it is only detection risk that alters.
The second is to assume that a new manager on an assignment is the same as
having a new client. The audit partner and the knowledge of the client within the
14

lOMoARcPSD|2981706
firm is unaltered, so the discussion of a new manager to the audit resulting in a

significant audit risk does not attract credit.
It is also important to note that, from an exam point of view, none of these
examples require a definition to be given of risk types nor do they require any
explanation of theories as part of the answer – if the examiner asks you to
evaluate risks, then presenting your answer using the approach of a subheading
for each risk and answers like those shown in the examples above is sufficient.
Conclusion
This article has focused on planning type questions where there is a specific
requirement to describe one or more of business risk, RoMM and audit risk, and
has laid out an effective approach for how you can tackle these questions to
maximise your marks.
Note that RoMM is also relevant for matters and evidence questions where the
structure of the answer in those questions may be broader but the basic thought
process is similar. This will be addressed further in a separate article on
accounting issues for Advanced Audit and Assurance.
Part 3 – Accounting issues

In the Advanced Audit and Assurance exam you will be required to discuss
accounting issues in many contexts. It could be that during planning you are
asked identify areas of audit risk or risk of material misstatement arising from
accounting issues. You may be expected to discuss accounting issues and their
treatment in a completion question, where the appropriateness of a treatment is
considered, or areas of risk exist. Accounting issues could arise in reporting
questions where there may be an impact on the auditor’s report and the type of
opinion which will be given. This list is not exhaustive but illustrates how
important it is to have a good understanding of the accounting and financial
reporting issues covered in all of the financial reporting areas of the qualification.
In addition you will be required to recommend audit procedures or explain the
evidence you would expect to see in the audit file in order to conclude on the
appropriateness of these treatments and amounts.
As such, bringing forward a sound knowledge of financial reporting is crucial
when preparing for the Advanced Audit and Assurance exam. Some of those
areas may be relatively straight forward, for example the valuation of inventory at
the lower of cost and net realisable value while others can be more involved or
complex such as financial instruments, revenue recognition or pensions.
The purpose of this article is to utilise past questions from the Advanced Audit
and Assurance exam to illustrate how accounting issues could be examined and
to recap the accounting treatment on some of the areas candidates typically find
difficult in this exam.
Example 1 – Impairment
It is rare to see an Advanced Audit and Assurance exam which does not cover
impairment and the requirements of IAS 36 Impairment of Assets. This is a
15

lOMoARcPSD|2981706
crucial standard which you need to understand as impairment considerations

apply to so many assets within a set of financial statements.
A summary of the key financial reporting principles from IAS 36 is provided
below:
An asset is impaired if its carrying amount is higher than
recoverable amount.
The recoverable amount of an asset is the higher of its value in use
(the present value of future cash flows deriving from the asset – or group
of assets) and its fair value less disposal costs (the price which would be
received in an orderly transaction between market participants – eg what
you could sell it for).
Where an asset is impaired it should be written down to its
recoverable amount and generally that loss would be taken to the
statement of profit or loss for the year.
An impairment review is required for assets where there is an
indicator of impairment such as a change in technology, increase in
interest rates or possible obsolescence.
There is also a specific rule to perform annual impairment reviews
on intangible assets with indefinite lives, intangible assets not yet available
for use and purchased goodwill (remember that internally generated
goodwill isn’t recognised).
Where an asset cannot be assessed for its recoverable amount
individually it can be assessed as part of a cash generating unit. Where
this is done the impairment is written off against the assets of the cash
generating unit by allocating first against goodwill then against the other
assets on a prorated basis but no asset should be reduced below the
higher of its fair value less costs of disposal or value in use
IAS 36 paragraph 36.2 lists the assets which fall outside the scope of the
standard including inventories, deferred tax assets, financial assets and non-
current assets held for sale.
Recent example – sample March/June 17, Question 4
This is an example from a matters and evidence style question. These questions
are typically set at the completion stage of an audit. Materiality, accounting
treatment and risks are typical areas which would count as matters to be
considered. In these questions the auditor’s report implication is only relevant if
you are asked specifically to consider this area.
You are the manager responsible for the audit of Osier Co, a jewellery
manufacturer and retailer. The final audit for the year ended 31 March
2017 is nearing completion and you are reviewing the audit working
papers. The draft financial statements recognise total assets of $1,919
million (2016 – $1,889 million), revenue of $1,052 million (2016 – $997
million) and profit before tax of $107 million (2016 – $110 million).
16

lOMoARcPSD|2981706
At the year end management performed an impairment review on its

retail outlets, which are a cash generating unit for the purpose of
conducting an impairment review. While internet sales grew rapidly
during the year, sales from retail outlets declined, prompting the review.
At 31 March 2017 the carrying amount of the assets directly attributable
to the retail outlets totalled $137 million, this includes both tangible
assets and goodwill. During the year management received a number of
offers from parties interested in purchasing the retail outlets for an
average of $125 million. They also estimated the disposal costs to be
$1·5 million, based upon their experience of corporate acquisitions and
disposals. Management estimated the value in use to be $128 million.
This was based upon the historic cash flows attributable to retail outlets
inflated at a general rate of 1% per annum. This, they argued, reflects
the poor performance of the retail outlets. Consequently the retail
outlets were impaired by $9 million to restate them to their estimated
recoverable amount of $128 million. The impairment was allocated
against the tangible assets of the outlets on a pro rata basis, based
upon the original carrying amount of each asset in the unit. (7 marks)
In this question you can open with the materiality of the impairment. The
impairment loss of $9m represents 0.47% of total assets and 8.41% of
profit before tax and is material to the statement of profit or loss (1 mark
for an appropriate calculation and conclusion).
You should then state the underlying rule that an indicator of impairment
triggers an impairment review and define impairment and recoverable
amount. (1 mark)
Block: Text
Most of the credit will be available for determining and explaining the risks arising
and applying the accounting treatment to the information you have available.
We’re told that
Carrying value is $137m
Net realisable value is $125m - £1.5m = $123.5m (you will
generally receive ½ mark for calculating this figure)
Value in use is estimated at $128m
Recoverable amount is therefore $128m based on management’s
calculations
Impairment write off was based on value in use and has been pro-
rated against assets based on the original carrying value of the assets in
each unit.
17

lOMoARcPSD|2981706
As auditors we need to look for risks in the process and treatment. Based on the
information you can conclude that the carrying value is relatively low risk – we
audited last year’s figures and it’s not an inherently risky area in general so in the
absence of other information to the contrary you need to focus on the more risky
areas.
The net realisable value carries some risk – external offers though are a good
source of evidence and while not set in stone there have been several parties
interested so it’s likely that the company would be able to sell the retail outlets for
that price.
So what are the key risk areas and the matters which should be
considered?
Risk 1 – Management has estimated the costs of sale. An estimation is

inherently risky as it is not certain. It’s also been estimated by
management who could be biased.
Risk 2 – The value in use is the major source of risk. The calculation is
complex and judgemental and so is inherently risky. It has been
calculated by management who may be biased to keep the impairment
loss as low as possible. The calculation was based on historic cash
flows with 1% annual growth which appears unrealistic given that retail
sales have fallen not grown at 1%.
If the forecast used is overly optimistic then the impairment write off is
insufficient and therefore assets are overstated and profit is overstated
(as expenses are understated).
Risk 3 – The treatment of the impairment write off may be incorrect as

goodwill should be reduced before reducing the assets on a prorate
basis and it should be ensured that no individual asset is reduced to
below its own recoverable amount.
Block: Text
The matters part of this question as illustrated within the boxes above and
answer points which focussed on these risk areas would attract maximum credit
for that part of the question.
As this was a matters and evidence question remember that you also need to go
on to explain evidence you would expect to find on the audit file. The requirement
is for the evidence to be explained in these questions so listing sources of
evidence is not sufficient. Your answer points must also explain what they are
providing evidence of in order to attract high marks. If you write out evidence as a
list of described procedures then this will be acceptable and well described,
relevant procedures will generally receive a mark each.
18

lOMoARcPSD|2981706
Example 2 – Intangibles
Intangible assets are non-monetary assets without physical substance such as
patents, trademarks, customer lists, quotas, brands, franchise agreements etc
A summary of the key financial reporting principles from IAS 38 Intangible Assets
is provided below:
Intangible assets must be - identifiable (capable of being separated
and sold/transferred and arise from contractual or other legal rights) -
controlled - provide future economic benefits
In order to be recognised as an asset there must be a probable
future economic benefit arising from the asset and the cost must be
capable of reliable measurement. If this is not possible then expenditure
on the asset must be recognised as an expense. This is why internally
generated brands and customer lists are not allowed to be recognised but
purchased ones can be (including those purchased as part of the
acquisition of another company)
Subsequent treatment of intangible assets will be either on a
historical cost basis or under a fair value model if it is possible that fair
value can be determined by reference to an active market (eg production
quotas, taxi licences).
Exam focus
By definition brands are unique and therefore it would not be

possible to compare to an active market hence the fair value model
does not apply and they cannot be revalued upwards.
Block: Text
Intangible assets will either have a finite life (a limited period of
benefit to the company over which the asset will be amortised with the
amortisation expense being charged to profit and loss) or an indefinite life
(where no foreseeable limit to the period of economic benefits exist –
hence no amortisation is charged)
Where an asset is deemed to have an indefinite life it is not
amortised but the useful life should be reviewed every reporting period to
determine whether events continue to support an indefinite life and
additionally, the asset should be assessed for impairment each reporting
period.
All intangible assets are subject to an impairment review where
there is an indicator of impairment.
Recent example – Sample March/June, Question 1
This is an extract from a planning question which asked candidates to evaluate
risks of material misstatement arising from a scenario where the Group holds
several purchased brand names for products.
19

lOMoARcPSD|2981706
Acquired brand names are held at cost and not amortised on the
grounds that the assets have an indefinite life. Annual impairment
reviews are conducted on all brand names. In December 2016, the
Chico brand name was determined to be impaired by $30 million due to
allegations made in the press and by customers that some ingredients
used in the Chico perfume range can cause skin irritations and more
serious health problems. The Chico products have been withdrawn from
sale.
When answering a requirement to evaluate risks from a scenario

relating to specific accounting issues you should start by calculating the
materiality of the issue- in this question, total assets were $358 million
and PBT $28million. The impairment of the Chico brand is 8.4% of total
assets and more than 100% of PBT and is therefore material to both the
statement of financial position and the profit and loss for the year.
(1 mark for an appropriate calculation and conclusion).
You should then state the underlying accounting rule (1 mark).
Acquired brand names should be capitalised and amortised over their

useful life. Where this is indefinite, no amortisation is required, however
an annual review of the appropriateness of the assumption of indefinite
life should be performed and an annual impairment test is also required.
Block: Text
How this should be written up in a risk question has been illustrated in the
second article in this series.
Here, the company has decided to hold brands at cost as they deem them to
have an indefinite life – this is an acceptable treatment under IAS 38 however the
important part of the standard which we need to consider is that this should only
be done if there is no foreseeable limit to the periods of benefit. There’s also a
requirement that this assumption should be reviewed annually and additionally
an impairment review performed. The scenario tells us that an impairment review
has been performed but not that a review of the indefinite life has occurred hence
there is a risk that this may not have been done
That decision to hold the brands with an indefinite life is a judgement call on
behalf of management – judgements are subjective and therefore are a source of
inherent risk. Quite often the justification for such a decision would be linked back
to expenditure on the brand and marketing efforts along with market research.
These costs cannot be capitalised but do provide evidence to support an
indefinite life.
Similarly, impairment reviews for a brand would be looking at value in use based
20

lOMoARcPSD|2981706
on the discounted value of future expected cash flows which is complex and
judgemental.
In the exam you need to communicate these risk areas arising above- an
example of a description for each that would be sufficient in an exam is shown
below:
Risk 1 – Management’s judgement that the brands have an indefinite

life may be incorrect
Risk 2 – Management may not have reviewed the useful life of the
brands in the reporting period to ensure that the assumption of indefinite
life is still correct
Risk 3 – The impairment review may not be accurate as the

assumptions used by management may not be appropriate as the
calculation is complex and judgemental. (IAS 36)
Block: Text
The scenario goes on to describe the impairment of the Chico brand after
allegations made about the products. The products have been withdrawn from
sale. This brings in the impairment consideration in more detail. Here there has
been a specific indicator of impairment for both the brand and inventory relating
to Chico and therefore poses more risks.
Risk 4 – The impairment of the Chico Brand may not be sufficient (we
can’t tell if it has been fully written down IAS 36)
Risk 5 – The inventory relating to Chico products may need to be

written off if its net realisable value is below cost (IAS 2 Inventories)
Risk 6 – Other brands and inventory may be affected by the negative

publicity regarding Chico and may also need to be written down (IAS
36)
Exam focus
No credit is awarded for the name or number of auditing and

financial reporting standards.
21

lOMoARcPSD|2981706
You should avoid describing audit approach or

evidence/procedures unless you have been asked to do this in the
requirement.
Block: Text
Conclusion
The above examples aim to demonstrate how candidates can effectively apply
their accounting knowledge in the Advanced Audit and Assurance exam in order
to maximise their marks in a variety of questions including those which cover
planning and matters and evidence considerations. As with most areas of the
Advanced Audit and Assurance exam, it is the application of that accounting
knowledge to a scenario rather than the knowledge itself which will attract marks.
This means that when preparing for this exam, a good grasp of the accounting
knowledge underpinning the syllabus is important but practising questions and
developing the skills of applying that knowledge is the key to passing.
Part 4 – Audit procedures

The Advanced Audit and Assurance (AAA) exam would not be complete without
testing the ability to design relevant procedures by which assertions can be
assessed. This core skill, started at the applied skills level in Audit and
Assurance (AA), is further developed and tested in AAA. In this exam the issues
being audited will be extended to more complex areas of financial reporting and
the more judgemental areas of a set of financial statements such as KPIs,
forecasts and documents used for other services. It is important that candidates
can move beyond learnt lists of procedures or generic tests to specific focused
procedures which will examine specific assertions. Candidates must ensure they
can describe the appropriate action, source and purpose for a procedure.
This article examines the key syllabus requirements in relation to procedures and
considers the level of detail needed in order to obtain credit at this level. It will
also look at some examples of past questions on this syllabus area and explain
the difference between a strong answer and a weak answer to illustrate the detail
and specificity that candidates should produce in their answers to attain marks in
the exam.
Syllabus requirements
Audit procedures are covered in several areas of the AAA syllabus and the
relevant learning outcomes require candidates to 'identify and describe audit
procedures to obtain sufficient appropriate evidence from identified sources' or to
'design appropriate audit procedures' with respect to the audit of historical
financial statements, or for other assignments to 'describe and recommend
appropriate substantive, exam or investigative procedures which can be used to
gather sufficient appropriate evidence in the circumstances'.
22

lOMoARcPSD|2981706
Note that these learning outcomes require candidates to design or describe audit
procedures not simply provide a list of sources of evidence or a verb with no
purpose such as review. When audit procedures are required as part of the exam
it is expected that for credit to be awarded, candidates will describe the
procedure in sufficient detail to demonstrate that they understand what it is trying
to corroborate and what underlying piece of evidence will assist with that
process. A good rule of thumb is to ask, if you gave your list of procedures to a
new trainee auditor, would they know what to do, how to do it and why they are
doing it? If there is a specific source of information and an action that is aimed at
a specific purpose, then the answer is more likely to be complete and
understandable.
Structuring procedures
In the AAA exam, procedures are often examined in planning questions where
you may be required to plan audit procedures over a specific area of risk, or later
in the audit, when reviewing the evidence you would expect to find on the audit
file when it is reviewed by the manager or partner. For both requirements, the
basic principle is the same. The marking guides in published questions state 'up
to 1 mark for each well described audit procedure' hence a poorly described
procedure will not obtain 1 mark, it will obtain at most ½ mark.
Simple example (note this is for illustration and is not indicative of an AAA
scenario)
The client has purchased a new machine for use in production of widgets.
Design the principle audit procedures to be performed in respect of the new
machine.
A good start to answering the question would be to consider what assertions
need to be covered. Here the auditor will want to know whether the machine is
owned by the company, its existence, and its valuation.
We can address valuation and ownership at the same time for an outright
purchase using the invoice in most cases. This should be an easy mark in the
exam and everyone should be aiming for a full mark for this procedure. Consider
the answers below
Strong answer
Obtain the purchase invoice for the machine and confirm the purchase value to
the non-current asset register and ownership of the machine - 1 mark
Weak answers
Review purchase invoice – this would score ½ mark- this does not state what
the invoice is being reviewed for or what assertion is being targeted.
Purchase invoice – this would score no marks – this is a source of evidence
but without an action is not a procedure.
Review the relevant document- this would score no marks – there is no
detailed action or purpose and no identifiable source.
For the existence of the machine, we could physically examine it
Strong answer
Physically examine (or inspect) the asset to confirm it exists - 1 mark
Weak answers
Physically examine machine - this would score ½ mark – not tied to an
23

lOMoARcPSD|2981706
assertion so does not explain why the asset is being examined.

Observe assets – this would score no marks - there is no detailed action or
purpose and no identifiable source.
Adapting the basic technique to the AAA exam
The basic process illustrated above applies to the more complex situations that
you will come across in the AAA exam questions however you will be facing
more challenging areas than those seen in the AA exam. Rather than the
existence of PPE, candidates may be required to consider the existence and
valuation of intangible assets such as a brand (March/June 2017 Q1), the
classification of an investment (March/June 2018 Q4) or the appropriateness of a
forecast for assessing going concern or applying for finance (March/June 2018
Q2). Here candidates will be working with procedures that that can’t be rote
learned and which need to be tailored to the scenario. There will often be
judgements involved in areas examined where candidates will need to decide to
what extent management can be relied upon and where candidates may be
expected to demonstrate professional scepticism.
Practising past questions is important to extend your range of sources of
evidences and develop an understanding of the sort of approaches which can be
taken relating to specific judgements. However, it is also important to be able to
think of original procedures to adapt to the differences in the scenario each time.
What was appropriate in one exam may not be appropriate in another. The
syllabus requirement to design procedures is the underlying skill being tested not
the ability to learn a list of procedures for every occasion.
Example AAA procedures questions
The following is an extract from Question 2 in the September/December 2017
sample questions:
A provision of $430 million (2016 – $488 million) is recognised as a

long-term liability. The provision is in respect of decommissioning a
number of gas production and storage facilities when they are at the
end of their useful lives. The estimate of the decommissioning costs has
been based on price levels and technology at the reporting date, and
discounted to present value using an interest rate of 8% (2016 – 6%).
The timing of decommissioning payments is dependent on the
estimated useful lives of the facilities but is expected to occur by 2046,
with the majority of the provision being utilised between 2025 and 2040.
The accounting policy note discusses the methodology used by

management for determining the value of the decommissioning
provision and states that this is an area of critical accounting
judgements including key areas of estimation uncertainty. The estimate
has been made by management. In previous years, a management
expert was engaged to provide the estimate but as this was expensive,
24

lOMoARcPSD|2981706
management decided to produce the estimate for the year ended 30

June 2017.
Block: Text
This example relates to a decommissioning provision for an event which is
occurring the future. This means that the exact amounts will be unknown and that
a level of estimation and judgement is inherently part of the amount. This
illustration will focus on only the amount (completeness and accuracy) of the
provision (ignoring for this illustration the need to establish that the obligation
exists to decommission the facilities). The provision should be measured at the
best estimate of future costs discounted to present value. When the provision is
created the debit is to PPE but changes in estimates thereafter affect the profit
for the year. In order to assess that the amount is appropriate certain issues must
be evaluated:
The estimate of useful life and timing of the predicted
decommissioning costs (most will be used between 2025 and 2040 but
some as far ahead of 2046)
The discount factor used to calculate the provision (it’s gone up
which will decrease the present values of the cash flows)
The estimates of the cost of decommissioning (based on
information available today)
The process of the calculation of the provision amount
(management has previously used an external expert but have calculated
the figures themselves this year and the provision has reduced so
management might be using the release of the provision to increase
profits)
From a testing point of view each of these elements should be considered and
the appropriateness of them assessed. Before that can happen, we need to
obtain the calculation we are performing work on. The table below shows a range
of procedures to answer this question which would score full marks and
examples of weaker answers with how many marks they would obtain shown
against each.
Block: Text
Strong answers - 1 mark each Weak answers – 0 to ½ marks
Obtain a copy of management’s Review management’s

calculation of the provision and calculation (½)
source documents to support the The term review without a
underlying figures to understand specific purpose is vague and
how the provision had been there is no purpose provided for
derived the procedure
25

lOMoARcPSD|2981706
Assess management’s key Review managements

assumptions and consider the assumptions (½)
validity of these assumptions in This does not state why the
light of the auditor’s assumptions are being reviewed
understanding or make an attempt to confirm
they are valid
Review any decommissioning Check useful life (0)

agreements to confirm estimate There is no source given for
of useful life of the assets and identifying the useful life nor is
date of decommissioning there a purpose given for
checking it
Assess the reasonableness of Ask management why interest

the increase in discount rate by rate has increased (½)
reference to movements in There is no purpose given for
market interest rates investigating the interest rates
and the auditor is aiming to
corroborate managements figure
– interest rates are generally
readily available from
independent sources
Review a list of decommissioning Check costs to invoice (0)

costs and compare to quotes or These costs are in the future, so
prices of current we have no invoice to
decommissioning if available to corroborate costs. There is also
corroborate management’s no purpose given for the
estimates procedure
Compare methodology used this Compare provision to last year’s

year to that used last year to provision (½)
confirm consistency or This lacks purpose for the
differences and assess whether procedure
changes are appropriate
Cast the provision schedule for Cast provision (½)

arithmetical accuracy and agree The purpose of casting the
26

lOMoARcPSD|2981706
to figure in the financial provision is omitted

statements
Use an auditor’s expert to Use expert (0)

provide an independent This does not specify that the
calculation of the expert is independent or what
decommissioning costs and they would be used for
compare to management’s Obtain independent expert
figures to support the calculation (½)
appropriateness of the figures This mentions independent but
does not specify a purpose
Review the notes to the financial Check disclosures (0)

statements to ensure that the This does not specify what the
disclosure on the movement in disclosures should be or the
the provision and the description source
of the nature and timing of the
costs and the assumptions are
appropriate
Get written representation (0)

See below
Review board minutes (0)

See below
Agree to the financial statements

(0)
See below
Block: Text
There are a few things to note about this table. Firstly, the testing has been
tailored to the information which was available in the question – the change in
interest rates, the change in how the estimate is prepared (management vs
external expert). Secondly the procedures must be specific to obtain credit – try
to use an action, (it can be useful to refer to the testing techniques in ISA 500,
Audit Evidence – for example, inspect, recalculate etc), a source and a purpose.
Without these you are not describing enough detail at this level of exam. And
thirdly, the final three answers in the weak answer section are not obtaining
27

lOMoARcPSD|2981706
credit here. This third point is a common area where candidates use rote learnt
points without considering their appropriateness and relevance to the scenario
and each is considered further below.
Written representations from management
Written representations from management are used to support other audit
evidence relevant to the financial statements or one or more specific assertions
in the financial statements. They are often requested where management’s
intentions can affect the validity of a judgement. They should not be used as the
only audit evidence to support an assertion, and should not be used if it is
possible to obtain the evidence without need of a written representation. In the
previous example, obtaining a written representation that management’s
judgement of the discount factor is correct is not wholly appropriate. The auditor
can assess the discount factor with respect to external factors and actual rates
incurred by the company, so there are other more relevant and reliable sources
of evidence
If the scenario focuses on management’s intentions, written representations
could be appropriate, for example the intent to sell a building, or to close down a
division. There would still be a requirement however to obtain corroborative
evidence. If candidates use a written representation from management as a
procedure in the exam then it must be appropriate and the specific content and
purpose of the representation should be described. An example of the
appropriate use of a written representation and the contents is illustrated below:
March/June 2018 Q2b procedures to be performed on a profit forecast to be
used to obtain bank funding
Obtain written representation from management regarding the
completeness of significant assumptions AND accepting their
responsibility for the forecast (this is required by ISA 3400, The Exam of
Prospective Financial Information and therefore is appropriate), or
Obtain written representation from management the bank overdraft
will be repaid by 1 September 2019 (note this is management’s intention
and can be part of the evidence for justifying that it is appropriate that
there is no overdraft interest in the forecast after that date)
A final point on written representations from management, is that where
management are not believed to be reliable, for example they have been
showing signs of earnings management and inappropriate judgements, then
written representations are not likely to be a reliable form of evidence.
Review board minutes
Often candidates include this as part of every answer to every requirement
without considering whether it is likely to be discussed at board level or in what
detail. This procedure might be relevant when supporting management’s
intentions regarding strategy or approval regarding major decisions such as
acquisitions, but it is not likely to be the case that the board of directors approve
every individual asset purchase (rather than the capex budget as a whole) or
every allowance for slow paying customers. If it isn’t something the board discuss
then candidates won’t be credited for this as a procedure. In addition, the
purpose of reviewing the board minutes will need to be stated in order for any
28

lOMoARcPSD|2981706
credit to be awarded.
Strong answer
Confirm that the acquisition of the new subsidiary was approved by the board
through review of board minutes - 1 mark
Weak answers
Review board minutes for approval (½ mark – not stated approval of what)
Review board minutes for acquisition (½ mark - does not state what information
regarding the acquisition is being obtained from the board minutes)
Review board minutes (would score no marks – this will not receive credit as it
is not specific to the scenario at all)
Agree to the financial statements
This is another area where candidates appear to make a general statement that
is often not appropriate. For example, in the March/June 2018 Q4 candidates
testing the elimination of the intercompany balances often stated to check the
elimination of a single transaction between two of the group companies to the
financial statements. By their nature financial statements are aggregate figures
and do not show every transaction. The elimination would be something that
could be agreed to a consolidation schedules but will not be visible in the
financial statements issued by a company. The distinction between detailed
management accounts, breakdowns of the figures in the financial statements,
consolidation schedules and the financial statements themselves should be
something that candidates at this level appreciate. To obtain marks for agreeing
something to the financial statements it will be necessary that the item can be
seen in the financial statements or the notes and that the specific detail of what is
being agreed is stated.
Strong answer – for example, for an acquisition in the year
Confirm disclosures in the financial statements include the date of acquisition,
the fair value of consideration and the fair value of the net assets acquired (1
mark – note this isn’t everything that IFRS® 3 Business Combinations requires
to be disclosed but it does give some specific details that shows understanding
of the sorts of disclosures required)
Weak answers
Agree to financial statements – this would score no marks – no detail of what
is being agreed
Agree the amounts for the acquisition have been disclosed in the financial
statements – this would score ½ marks – no specific detail of the items to be
disclosed
Conclusion
As can be seen from the discussion above, a good structure for presenting
procedures (action- source-purpose) is key to obtaining strong marks on this
section of the exam. For a candidate to score well they will need to be able to
adapt the procedures to the details given in a scenario and question whether the
source is appropriate. Past question practice is a good start for expanding the
range of procedures in a candidate’s toolkit and the ability to tailor answers to the
specific circumstances in the exam they are sitting.
29

lOMoARcPSD|2981706
Written by a member of the Advanced Audit and Assurance examining

team
Part 5 – Auditor reporting

Auditor reporting forms an important part of the Advanced Audit and Assurance
syllabus and exam. Prior to September 2018 auditor reporting typically featured
in one of the optional questions and was often the least popular question each
session. Candidates should be aware that as the exam moves to its new syllabus
format all questions will be compulsory and one of the 25-mark questions each
session will be drawn from the completion and reporting area of the syllabus.
Questions could focus on syllabus areas including final evaluation of audit
evidence, matters such as going concern and subsequent events, and the
reports which auditors produce at the final stage of the audit, including the
auditor’s report to shareholders and reports to those charged with governance.
This article focuses on auditor reporting to shareholders. It is imperative for
candidates to be prepared to answer questions on auditor reporting and will need
an understanding of the format of the report, the types of opinions which may be
given by the auditor and the other modifications which could be required to an
auditor’s report.
Exam questions on the auditor’s report have often taken one of two forms. The
first is an appraisal of information provided within a scenario and a requirement
to consider further actions and possible reporting implications, the other a critique
of draft wording for an auditor’s report. These requirements are slightly different
as one is at an earlier stage than the other and hence it is important to focus the
answer to what the requirement is asking for. There are also different wordings of
the requirements which mean that the answers to two questions may look similar
but conclusions have been reached for different reasons.
Audit opinions
The audit opinion is perhaps the most important thing to understand for an
auditor’s report question. Where the auditor has gathered sufficient and
appropriate evidence that the financial statements are free from material
misstatements an unmodified opinion can be issued.
Unmodified opinions
ISA 700 (revised) Forming an Opinion and Reporting on Financial Statements
gives two alternative forms for an unmodified opinion. These are:
In our opinion, the accompanying financial statements present
fairly, in all material respects, the financial position of the company as at
31 December 20X1 and of its financial performance and its cash flows for
the year then ended in accordance with International Financial Reporting
Standards (IFRS®), or
In our opinion, the accompanying financial statements give a true
and fair view, in all material respects, the financial position of the company
as at 31 December 20X1 and of its financial performance and its cash
flows for the year then ended in accordance with International Financial
Reporting Standards (IFRS®).
30

lOMoARcPSD|2981706
Common error in the exam – candidates often state that the first of
these opinions is incorrect and that the report should state the
financial statements are true and fair – this is not the case, either
wording is allowed by the standard.
Block: Text
Modified opinions
The next thing a candidate needs to have clear in their mind are the possible
modifications for opinions. These arise if the auditor
is not able to obtain sufficient appropriate audit evidence
determines uncorrected material misstatements exist, or
has concluded that the financial statements are NOT prepared, in
all material respects, in accordance with the requirements of the
applicable financial reporting framework which includes consideration of
the qualitative aspects of the entity’s accounting practices, including
indicators of possible bias in management’s judgments.
Where this is the case the auditor will need to assess whether the issues
considered are material or material and pervasive.
ISA 705 (revised), Modifications to The Opinion in The Independent Auditor’s
Report identifies three types of modified opinion:
Qualified opinion – where the auditors concludes either that the
misstatements in the financial statements are material but not pervasive
(qualified on the basis of material misstatement) or the auditor is
unable to obtain sufficient appropriate audit evidence on which to base the
opinion but conclude the possible effects on the financial statements of
undetected misstatements would be material but not pervasive (qualified
on the basis of an inability to obtain sufficient audit evidence).
Qualified opinions are given in the form of 'except for' opinions and
examples of the wording for such opinions can be found in ISA 705
(revised) para 17
adverse opinion – where the auditor concludes that the material
misstatements in the financial statements are pervasive (therefore they do
not present fairly/are not true and fair) and,
a disclaimer of opinion where the auditor concludes that there is
insufficient evidence on which to base an opinion and the possible effects
of undetected misstatements are material and pervasive
In order to distinguish between these types of modified opinion a candidate must
determine two things
Is there a material misstatement or is there insufficient evidence to
know whether there is a material misstatement, and
Is the effect material or material and pervasive?
In determining whether a misstatement is pervasive ISA 705 (revised) gives the
following definition:
31

lOMoARcPSD|2981706
Pervasive – A term used, in the context of misstatements, to describe the effects

on the financial statements of misstatements or the possible effects on the
financial statements of misstatements, if any, that are undetected due to an
inability to obtain sufficient appropriate audit evidence. Pervasive effects on the
financial statements are those that, in the auditor’s judgment:
(i) Are not confined to specific elements, accounts or items of the financial
statements
(ii) If so confined, represent or could represent a substantial proportion of the
financial statements, or
(iii) In relation to disclosures, are fundamental to users’ understanding of the
financial statements.
Block: Text
Common errors in the exam – candidates often identify correctly

there is a material misstatement in the accounts that is not
pervasive, then state that the opinion should be unmodified or that
the misstatement should be covered by an emphasis of matter
paragraph. This is incorrect; a material misstatement which is not
pervasive will result in a qualified opinion.
Block: Text
Basis for opinion paragraph
The auditor’s report contains a paragraph after the opinion paragraph describing
the basis on which auditors form their opinion. Where a modified audit opinion is
given the details of the misstatements or the inability to obtain sufficient
appropriate audit evidence will be provided.
Block: Text
Common error in the exam – using outdated standards and stating

the basis for opinion paragraph is presented before the audit
opinion.
Block: Text
Other modifications to the auditor’s report
In a requirement that asks candidates to consider the effect on the auditor’s
report rather than the effect on only the audit opinion, there are other
modifications which should be considered.
Emphasis of matter (EoM) – used by auditors where they consider that there is
a matter correctly presented or disclosed in the financial statements that the
auditor deems to be of fundamental importance to a user’s understanding of the
financial statements. This paragraph is used to draw attention to the matter being
emphasised by referring to where it is presented and disclosed in the financial
statements. This paragraph is not used for going concern uncertainties.
Block: Text
32

lOMoARcPSD|2981706
Common errors in exams

Using an EoM paragraph for a material misstatement
or failure to obtain evidence – these give rise to qualified
opinions
Using an EoM paragraph for uncertainties
surrounding going concern – these have a separate
paragraph
Using an EoM paragraph for something which would
be a key audit matter for a listed company.
Block: Text
Other matter (OM) – used by auditors where they consider it necessary to
communicate a matter other than those presented or disclosed in the financial
statements that is relevant for a user’s understanding of the audit, auditor’s
responsibilities or the auditor’s report.
Other information
ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information
also requires the inclusion of an Other Information paragraph which includes:
A statement that management is responsible for the other
information
An identification of:
other information, if any, obtained by the auditor prior to the
date of the auditor’s report, and
for an audit of financial statements of a listed entity, other
information, if any, expected to be obtained after the date of the
auditor’s report
A statement that the auditor’s opinion does not cover the other
information and Accordingly that the auditor does not express (or will not
express) an audit opinion or any form of assurance conclusion thereon
A description of the auditor’s responsibilities relating to reading,
considering and reporting on other information as required by this ISA,
and
When other information has been obtained prior to the date of the
auditor’s report, either:
a statement that the auditor has nothing to report, or
if the auditor has concluded that there is an uncorrected
material misstatement of the other information, a statement that
describes the uncorrected material misstatement of the other
information
Block: Text
Common exam error – not appreciating that the audit has a

responsibility for reporting misstatements in the other information
in addition to inconsistencies.
33

lOMoARcPSD|2981706
Block: Text
Material Uncertainty Related to Going Concern – ISA 570 (revised) Going
Concern requires auditors to include a paragraph drawing attention to
uncertainties relating to going concern which are adequately disclosed in the
financial statements by reference to those disclosures.
Block: Text
Common exam errors

Including going concern issues in an EoM paragraph
– this is no longer in line with revised ISAs 570 and 706
Stating that an uncertainty arising due to going
concerns means the break up basis of accounting should be
used – an uncertainty such as withdrawal of one form of
finance or the loss of a major customer may give rise to
uncertainties but do not always mean a company will cease
trading and be required to use the break up basis of
accounting. Candidates should appreciate that it is
extremely rare to see 'break-up basis' financial statements,
which are only used where a reporting entity has no option
but to wind up operations.
Using the uncertainty paragraph where the
uncertainty is not disclosed in the financial statements –
this would give rise to a material misstatement and require a
qualified or adverse opinion.
Block: Text
Note that all three of these modifications do not result in a qualified opinion. They
modify only the report. None of these is an alternative to a qualification of the
audit opinion.
Key audit matters
For listed companies, auditors are required to include a Key Audit Matters (KAM)
section within the auditor’s report ISA 701 Communicating Key Audit Matters in
the Independent Auditor’s Report defines key audit matters as —those matters
that, in the auditor’s professional judgment, were of most significance in the audit
of the financial statements of the current period. Key audit matters are selected
from matters communicated with Those Charged with Governance. They are
areas of high risk, high levels of management judgement or significant events or
transactions arising within the period. The auditor is required to explain why
each matter was deemed important and how it was addressed during the audit.
This section cannot be used to avoid giving a qualified opinion.
Exam focus
Auditor reporting is covered by many ISAs and it is often hard to visualise how an
auditor’s report should look. Many candidates in the exam still refer to outdated
auditing standards or do not seem to understand how the auditor’s report flows.
Listed companies generally publish their annual report online and these can be
accessed freely. Candidates should take time to read the auditor’s reports for
34

lOMoARcPSD|2981706
several real companies to appreciate this fundamental part of the syllabus. The
profession revolves around the auditor’s report, the audit process and the ethics
and professional issues that surround it all lead to this crucial document that is
the output of the audit. View an example of a real auditor’s report
Exam questions on reporting can take different forms. Here’s some examples
from past questions and common misstates that have been seen in candidate
answers. The links below can be used to see the scenario details relating to the
question:
March/June 2018, Q5
Scenario summary
Candidates were presented with an extract from a proposed auditor’s report for a
listed company, comprising KAM, qualified opinion and EoM paragraphs.
Requirement
Critically appraise the extract from the auditor’s report on the consolidated
financial statements of the Blackmore Group for the year ended 31 March 2018.
Exam focus
To critically appraise candidates should consider each piece of information and
assess whether it is correct or incorrect, describing why and how to amend it as
necessary.
Commons mistakes in the exam
stating the qualification matter should have been an EoM
stating the financial statements should be prepared on a break up
basis because of a potential breach of funding covenants (it’s an
uncertainty over going concern but the company is not about to
commence winding up)
stating that the auditor should not disclose the potential uncertainty
regarding going concern because it hasn’t happened yet (the uncertainty
exists therefore it will impact the auditor’s report)
not identifying that the uncertainty discussion did not refer to
adequate disclosures in the accounts (these are needed if the opinion will
not be qualified)
not identifying that the EoM paragraph should have been a Material
Uncertainty Relating to Going Concern paragraph
saying the report was missing a title and signature – this was an
extract not a complete report
September/December 2017, Q5b(ii)

Scenario summary
Candidates were presented with material misstatements identified during the
audit. Part b(i) asked candidates to explain matters which should be discussed
with management in relation to the uncorrected misstatements and then lead to
b(ii) below
Requirement
Assuming that management does not adjust the misstatements identified,
evaluate the effect of each on the audit opinion.
35

lOMoARcPSD|2981706
considering the effects on wider areas of the auditor’s report not

specifically the opinion
assuming that misstatements in disclosures didn’t need a
qualification and recommending using an EoM instead – a material
misstatement in disclosure still requires a qualified audit opinion
believing that the auditor’s disagreement with management
regarding the reduction in provision was an inability to obtain sufficient
appropriate evidence rather than a material misstatement
suggesting putting qualification matters that were material but not
pervasive in an EoM paragraph rather than qualifying the opinion.
September/December 2016
Scenario summary
Candidates were presented with two unresolved issues arising from the audit of a
non-listed company. The first was an imposed limitation in scope arising from a
confidentiality agreement signed by the client and the second was a significant
event properly disclosed in the financial statements.
Requirement
In respect of each of the matters described above, discuss the implications for
the auditor’s report and recommend any further actions necessary.
Note this requirement covers the auditor’s report not simply the opinion and is for
a non-listed company.
ignoring the requirement for further actions in addition to the
auditor’s report implications – this includes trying to resolve the limitation
of scope with management and the requirement to communicate the
matter to TCWG
recommending an EoM paragraph for the limitation of scope – this
has to give rise to a qualified opinion
omitting the description of the effect on the basis for opinion
paragraph or stating it should be placed before the audit opinion
not stating that an EoM paragraph needs to draw attention to the
significant event disclosure in the notes to the financial statements or that
this matter does not modify the audit opinion
Key points for exam technique
In summary, candidates should expect to answer a question on auditor reporting
in exams under the new syllabus. To perform well in this area candidates must:
Have an understanding of the types of audit opinion available
Understand the different additional components of the auditor’s
report
Read the requirements carefully to identify the correct areas to
cover and whether:
the company is listed,
the question asks for more than effects on the auditor’s
report such as actions to be taken
the response is relating to the audit opinion only or the wider
36

lOMoARcPSD|2981706
effects on the auditor’s report

Conclusion
With good preparation and a logical approach this area of the exam can enable
candidates to score strong marks and question practice will help to hone those
skills.
team
res
IAASB EXPOSURE DRAFT – PROPOSED INTERNATIONAL STANDARD
ON AUDITING 540 (REVISED) AUDITING ACCOUNTING ESTIMATES
AND RELATED DISCLOSURES
Exam and syllabus

The syllabus and study guide for Advanced Audit and Assurance (AAA) includes
section G1a on professional and ethical developments which requires candidates
to ‘discuss emerging ethical issues and evaluate the potential impact on the
profession, firms and auditors’ and G1b ‘Discuss the content and impact of
exposure drafts, consultations and other pronouncements issued by IFAC and its
supporting bodies.’ This article is intended to provide insight into recent proposed
changes to ISA 540 Auditing Accounting Estimates, Including Fair Value
Accounting Estimates and Related Disclosures. The article is relevant to all
versions of the AAA exam.
Introduction and background
In April 2017, following outreach activities with regulators and other key
stakeholders, the IAASB issued Proposed International Standard on Auditing
540 (Revised) Auditing Accounting Estimates and Related Disclosures (ED 540).
The IAASB commenced a project in early 2015 to address issues relevant to the
audits of financial institutions as well as to ISA 540 more generally. The project
indicated that regulators and auditors of financial institutions believed that the
IAASB needed to focus on the issues for audits of financial institutions arising
from IFRS® 9 Financial Instruments prior to the effective date for the
implementation of the standard for annual periods commencing on or after 1
January 2018.
The main catalyst for the revisions proposed by ED 540 therefore was the
development and implementation of IFRS 9 Financial Instruments and the
introduction of its expected losses model for assessing the impairment of
financial assets. The expected losses model fundamentally changes the way that
reporting entities will account for their loan assets and other credit exposures.
The model involves a complex and subjective estimation process which presents
a particular challenge to auditors in terms of developing a robust approach to
appraising management’s prospective assessment of the credit risks associated
with an entity’s portfolio of financial assets.
Feedback from the IAASB’s outreach projects also revealed a perceived lack of
consistency in the extent to which auditors obtained an understanding of
37

lOMoARcPSD|2981706
accounting estimates together with evidence of insufficient and inappropriate

work effort by auditors in this area. The consultation process identified:
a lack of professional scepticism being exercised by auditors and a
need for more specific risk assessment requirements and more granular
requirements regarding obtaining audit evidence, and
a need to enhance communication between auditors and those
charged with governance about accounting estimates and in particular the
auditor’s views about significant qualitative aspects of the entity’s
accounting practices.
After consulting with key stakeholders, the IAASB therefore concluded that many
of the issues identified with respect to IFRS 9’s expected credit losses model
were also equally relevant when auditing other complex accounting estimates. As
a result the IAASB concluded that a full revision of ISA 540 was required as a
matter of priority. ED 540 proposes that the revised standard will apply to the
audit of all accounting estimates and to all audits regardless of the size or status
of the reporting entity.
Objectives and overall approach
The objective of ED 540 is to enable the auditor to obtain sufficient and
appropriate audit evidence in order to evaluate whether accounting estimates
and their related disclosures are reasonable in the context of the applicable
financial reporting framework or whether they are misstated. ED 540 includes
enhanced requirements for risk assessment procedures and the work effort
required of the auditor in responding to the assessed risks of material
misstatement.
Although it was IFRS 9 which triggered the need for change, the IAASB has
sought to make ED 540 scalable and the revised standard will apply to all
accounting estimates from the simplest depreciation calculation through to the
most complex of derivative financial instruments and expected credit losses.
While the simpler accounting estimates will not generally give rise to high audit
risk, many measurements based on estimates, including fair value
measurements and impairments in relation to financial instruments, are imprecise
and subjective in nature and will give rise to high inherent risk. Such fair value
and impairment assessments are likely to involve significant, complex
judgements for example regarding market conditions, the timing of cash flows
and the future intentions of the entity. The valuations will often involve complex
models built on significant assumptions such as the predicted timing of cash
flows, the most appropriate discount factor to use and judgements about
probability weighted averages. Management may not always have sufficient
knowledge and experience in making these judgements. Moreover, there may
even be a deliberate attempt by management to manipulate the value of an
estimate in order to window dress the financial statements. The IAASB
recognises the central role that professional scepticism plays in the audit of
accounting estimates and ED 540 contains key provisions which are designed to
enhance the auditor’s application of professional scepticism and a consideration
of the potential for management bias. The key provisions include the following:
Enhanced risk assessment requirements in order to provide a
38

lOMoARcPSD|2981706
better basis for identifying and assessing the risks of material

misstatement related to accounting estimates.
More granular requirements in relation to obtaining audit evidence
when inherent risk is assessed as not low.
A requirement to ‘stand back’ and evaluate the audit evidence
obtained regarding the accounting estimates, including both corroborative
and contradictory audit evidence.
Responding to the assessed risks of material misstatement
The proposed approach requires the auditor to assess the inherent risk attached
to accounting estimates as either low risk or not low risk.
When inherent risk is assessed as low, the auditor will follow a similar approach
to that previously required by ISA 540. Here the auditor will determine whether
one or more of the following further audit procedures would provide sufficient and
appropriate audit evidence regarding the assessed risk of material misstatement:
Obtaining evidence from the review of subsequent events up to the
date of the auditor’s report.
Testing the processes used by management in making the
accounting estimate and testing the underlying data on which it is based.
Developing the auditor’s own estimate or range of estimates based
on the available audit evidence to evaluate management’s estimate.
If the auditor intends to rely on internal controls relating to
accounting estimates or if substantive procedures alone cannot provide
sufficient appropriate audit evidence, the auditor should design and
perform tests of control in order to obtain sufficient appropriate evidence
that they are operating effectively.
When inherent risk is not low, ED 540 will require a more rigorous risk
assessment. ED 540 states that an increased work effort is required in order to
determine how three key factors have impacted on a specific accounting
estimate. The three factors which the auditor must specifically consider are as
follows:
(i) Complexity:
Complexity in relation to accounting estimates can arise from both the estimation
method used and the underlying data on which the estimate is based. Given the
increased emphasis on the use of external sources in IFRS 13 Fair Value
Measurement and in making accounting estimates such as fair values, ED 540
aims to improve and clarify the requirements on the use of such information as it
is in the public interest to do so.
Where the reasons for an increased risk of material misstatement is due to
management’s use of a complex method (including complex modelling) or the
use of specialised skills and knowledge, ED 540 requires the auditor to obtain
sufficient appropriate evidence in relation to a series of specific matters including:
the appropriateness of the method, data and assumptions in the
context of the applicable financial reporting framework
whether the data is relevant and reliable
whether management has appropriately understood and interpreted
the significant data used
39

lOMoARcPSD|2981706
whether the integrity of the data and assumptions has been

maintained in the development of management’s methodology, and
whether the calculations are mathematically accurate and
appropriately applied.
(ii) Need for management judgement:
Where accounting estimates rely upon significant management judgement, the
risk of material misstatement is increased due to intentional or unintentional
management bias. When the risk of material misstatement relates directly to the
use of management judgement (including the judgement used in management’s
application of complex modelling), ED 540 gives detailed guidance on a series of
specific matters on which the auditor must obtain sufficient appropriate audit
evidence. These matters include whether management’s judgements and
assumptions are in compliance with the measurement requirements of the
applicable financial reporting framework; whether significant assumptions are
consistent with those used in other areas of the entity’s business activities
including any other accounting estimates; and whether management’s
judgements about changes from previous periods are appropriate.
(iii) Estimation uncertainty:
ED 540 emphasises the need to understand and address estimation uncertainty
and the impact that this has on the auditor’s evaluation of the reasonableness of
management’s estimates and related disclosures. As with the previous two
factors, ED 540 again contains requirements for the auditor to obtain sufficient
appropriate audit evidence by addressing key matters in the context of the
applicable financial reporting framework. These key matters include whether
management has taken the necessary steps in order to understand the source of
the estimation uncertainty and whether its estimates and disclosures in this
regard are reasonable. Where the auditor concludes that management has not
taken adequate steps, ED 540 requires the auditor to develop their own
estimates to be based on data which is supported by the audit evidence and
which complies with the applicable financial reporting framework.
Other matters
ED 540 highlights a number of other matters which should be considered in the
audit of accounting estimates and related disclosures. These other matters
include the following:
Disclosures
The IAASB has noted the increasing importance of the role of disclosures in
financial reporting and particularly in relation to accounting estimates. The IAASB
believes that disclosures relating to accounting estimates are critical to users’
understanding of the accounting policies applied, the nature and extent of
estimation uncertainty and the key judgements made by management. ED 540
therefore requires the auditor to obtain sufficient appropriate audit evidence
about whether the disclosures relating to accounting estimates are reasonable in
the context of the applicable financial reporting framework. In the context of a
compliance based framework, the auditor must ensure that sufficient appropriate
audit evidence has been obtained to confirm that the disclosures included are
those necessary for the financial statements not to be misleading. In the case of
40

lOMoARcPSD|2981706
a framework based on fair presentation principles, the auditor must obtain

sufficient appropriate audit evidence that management has provided the
additional disclosures beyond those specifically required by the framework that
are necessary in order to achieve the fair presentation of the financial statements
as a whole.
Communication with those charged with governance
The IAASB recognises the importance of a two-way dialogue between the auditor
and those charged with governance (TCWG). ED 540 therefore includes a new
requirement to place more emphasis on communications with TCWG in relation
to the auditor’s views about accounting estimates. ISA 260 (Revised)
Communication with Those Charged with Governance and ISA 265
Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management already require the auditor to communicate with
TCWG about significant qualitative aspects of the reporting entity’s accounting
practices and significant deficiencies in internal controls. ED 540 additionally
requires the auditor to communicate whether the accounting estimates and their
related disclosures are impacted by the key factors identified by the standard
including complexity, the need for management judgement and estimation
uncertainty.
Documentation
The documentation requirements of ISA 230 Audit Documentation already apply
to many of the auditor’s judgements but ED 540 also includes additional
application material which highlights aspects of the auditor’s work on accounting
estimates and related disclosures which would be likely to give rise to
judgements which would require documentation under ISA 230. ED 540 also
extends the existing documentation requirements of ISA 540 to include
documentation of indicators of management bias where applicable and the
auditor’s evaluation of any such bias in forming his opinion on the financial
statements as a whole.
Conclusion
Overall there has been much support for the IAASB’s objectives in revising ISA
540. Respondents to ED 540 have been generally supportive of its additional
focus on the role of professional scepticism in the audit of accounting estimates
and related disclosures and have been sympathetic to the need to finalise the
standard quickly given the implementation of IFRS 9 for annual periods
commencing on or after 1 January 2018. Some commentators have, however,
expressed concerns about the clarity and operability of the proposed standard
and have questioned whether its approach is over-complicated in relation to
simple accounting estimates. Some have maintained, for example, that more
guidance is needed on how to distinguish between ‘low inherent risk’ and ‘non-
low inherent risk’ and have asked for greater development of ED 540’s scalability
concept through the inclusion of further examples in the application material.
Respondents have also commented more generally on a perceived lack of
specificity in the audit procedures to be performed and have requested more
guidance from the IAASB on how to test valuation models and the internal
controls which management have utilised in developing their accounting
41

lOMoARcPSD|2981706
estimates.
At the time of writing, the IAASB is in the process of completing its deliberations
in response to the feedback received before finalising its revision of ISA 540 on a
timely basis for the audit of financial statements prepared under IFRS 9.
team
The completion stage of the audit is when the auditor reviews the work
performed and considers the implications for the auditor’s report. A crucial part of
this review is the evaluation of misstatements found during the audit. This article
describes and discusses the requirements of ISA 450, Evaluation of
Misstatements Identified during the Audit and provides some examples of the
application of the ISA in the context of the Advanced Audit and Assurance exam.
ISA 450 – Objectives and definitions
According to ISA 450, the objectives of the auditor are to evaluate:
The effect of identified misstatements on the audit, and
The effect of uncorrected misstatements, if any, on the financial
statements
A misstatement occurs when something has not been treated correctly in the
financial statements, meaning that the applicable financial reporting framework,
namely IFRS, has not been properly applied. Examples of misstatement, which
can arise due to error or fraud, could include:
An incorrect amount has been recognised – for example, an asset
is not valued in accordance with the relevant IFRS requirement.
An item is classified incorrectly – for example, finance cost is
included within cost of sales in the statement of profit or loss.
Presentation is not appropriate – for example, the results of
discontinued operations are not separately presented.
Disclosure is not correct or misleading disclosure has been
included as a result of management bias – for example, a contingent
liability disclosure is missing or inadequately described in the notes to the
Specific requirements and application of ISA 450
ISA 450 requires that ‘the auditor shall accumulate misstatements identified
during the audit, other than those that are clearly trivial’.
The auditor should set a monetary benchmark below which misstatements are
considered to be clearly trivial and would not need to be accumulated because
the auditor expects that the accumulation of such amounts clearly would not
have a material effect on the financial statements. The application notes to ISA
450 make it clear that ‘clearly trivial’ is not another expression for ‘not material.’
The auditor will need to use judgement to decide whether matters are clearly
trivial, and this may be affected by a range of issues including but not limited to
the monetary size of the matter, for example, the level of audit risk being applied
in the situation.
ISA 450 also requires that ‘The auditor shall communicate on a timely basis all
misstatements accumulated during the audit with the appropriate level of
management, unless prohibited by law or regulation. The auditor shall request
42

lOMoARcPSD|2981706
management to correct those misstatements.’

Simply put, this means that the auditor keeps a note of all misstatements (other
than those which are clearly trivial), raises them with management and asks for
the misstatements to be corrected in the financial statements.
It is useful, when evaluating misstatements and in making requests to
management for misstatements to be corrected, to consider and apply the
framework as laid out in ISA 450, which categorises misstatements as follows:
Factual misstatements are misstatements about which there is no
doubt. An example would be a clear breach of an IFRS requirement
meaning that the financial statements are incorrect, for instance if a
necessary disclosure is missing – for example, non-disclosure of EPS for
a listed company.
Judgmental misstatements are differences arising from the
judgments of management concerning accounting estimates that the
auditor considers unreasonable, or the selection or application of
accounting policies that the auditor considers inappropriate. There are of
course many examples of using judgement in financial reporting, for
instance, when determining the fair value of non-current assets, the level
of disclosure necessary in relation to a contingent liability, or the
recoverability of receivables.
Projected misstatements are the auditor’s best estimate of
misstatements in populations, involving the projection of misstatements
identified in audit samples to the entire populations from which the
samples were drawn.
For the auditor it is important to distinguish between these types of
misstatements in order to properly discuss them with management, and ask for
the necessary corrections, where relevant, to be made. For example, with a
factual misstatement, there is little room for negotiation with management, as the
item has simply been treated incorrectly in the financial statements. With
judgemental misstatement there is likely to be more discussion with
management. The auditor will need to present their conclusion based on robust
audit evidence, in order to explain the misstatement which has been uncovered,
and justify a recommended correction of the misstatement.
With projected misstatements, because these are based on extrapolations of
audit evidence, it is normally not appropriate for management to be asked to
correct the misstatement. Instead, a projected misstatement should be evaluated
to consider whether further audit testing is appropriate.
Correction of Misstatements
Management is expected to correct the misstatements which are brought to their
attention by the auditor. If management refuses to correct some or all of the
misstatements, ISA 450 requires the auditor to obtain an understanding of
management’s reasons for not making the corrections, and to take that
understanding into account when evaluating whether the financial statements as
a whole are free from material misstatement.
Evaluating the Effect of Uncorrected Misstatements
The auditor is required to determine whether uncorrected misstatements are
43

lOMoARcPSD|2981706
material, individually or in aggregate. At this point the auditor should also

reassess materiality to confirm whether it remains appropriate in the context of
the entity’s actual financial results. This is to ensure that the materiality is based
on up to date financial information, bearing in mind that when materiality is
initially determined at the planning stage of the audit, it is based on projected or
draft financial statements. By the time the auditor is evaluating uncorrected
misstatements at the completion stage of the audit, there may have been many
changes made to the financial statements, so ensuring the materiality level
remains appropriate is very important.
Some misstatements may be evaluated as material, individually or when
considered together with other misstatements accumulated during the audit,
even if they are lower than materiality for the financial statements as a whole.
Examples include, but are not restricted to the following:
Misstatements which affect compliance with regulatory
requirements
Misstatements which impact on debt covenants or other financing
or contractual arrangements
Misstatements which obscure a change in earnings or other trends
Misstatements which affect ratios used to evaluate the entity’s
financial position, results of operations or cash flows
Misstatements which increase management compensation
Misstatements which relate to misapplication of an accounting
policy where the impact is immaterial in the context of the current period
financial statements, but may become material in future periods
Communication with those charged with governance
ISA 450 requires the auditor to communicate uncorrected misstatements to those
charged with governance and the effect that they, individually or in aggregate,
will have on the opinion in the auditor’s report. The auditor’s communication shall
identify material uncorrected misstatements individually and the communication
should request that uncorrected misstatements be corrected. The auditor may
discuss with those charged with governance the reasons for, and the implications
of, a failure to correct misstatements, and possible implications in relation to
future financial statements. Perhaps the key issue here is that that auditor should
discuss the potential implications for the auditor’s report, which is likely to contain
a modified opinion, if material misstatements are not corrected as requested by
the auditor.
In addition the auditor is required to request a written representation from
management and, where appropriate, those charged with governance with
regard to whether they believe the effects of uncorrected misstatements are
immaterial, individually and in aggregate, to the financial statements as a whole.
Documentation
Finally, ISA 450 requires certain documentation in relation to misstatements:
The amount below which misstatements would be regarded as
clearly trivial
All misstatements accumulated during the audit and whether they
have been corrected, and
44

lOMoARcPSD|2981706
The auditor’s conclusion as to whether uncorrected misstatements

are material, individually or in aggregate, and the basis for that conclusion.
This is an important part of the audit working papers, as it shows the rationale for
the auditor’s opinion in relation to material misstatements.
Conclusion
Candidates preparing for the Advanced Audit and Assurance exam should
ensure that they are familiar with the requirements of ISA 450 as ultimately in
forming an opinion on the financial statements the auditor must conclude on
whether reasonable assurance has been obtained that the financial statements
as a whole are free from material misstatements and this conclusion takes into
account the auditor’s evaluation of uncorrected misstatements.
Responding to non-compliance with laws and
RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATIONS

(NOCLAR)
A guide to the IESBA pronouncement
The P7 exam and syllabus
The syllabus and study guide for P7 (INT) and P7 (UK), Advanced Audit and
Assurance includes section G1 (a) on professional and ethical developments
which requires candidates to ‘discuss emerging ethical issues and evaluate the
potential impact on the profession, firms and auditors’ and G1 (b) ‘Discuss the
content and impact of exposure drafts, consultations and other pronouncements
issued by IFAC and its supporting bodies.’ This article is intended to provide
insight into recent developments to the International Ethics Standards Board’s
Code of Ethics for Professional Accountants (IESBA) in relation to the auditor’s
response to non-compliance with laws and regulations. The article is also
relevant to all other P7 exams.
Introduction
The International Ethics Standards Board (IESBA) issued their final
pronouncement on Responding to Non-Compliance with Laws and Regulations
(NOCLAR) in July 2016. The pronouncement is an examinable document from
the exam year starting September 2017. In practice, the pronouncement is
effective from July 2017 with earlier adoption permitted. The new standard adds
sections 225 and 360 to the IESBA’s Code of Ethics for Professional
Accountants (the Code). The purpose of the new sections is to address the
responsibilities of Professional Accountants in Public Practice (including auditors)
and Professional Accountants in Business when they become aware of
NOCLAR. The standard also contains consequential and conforming
amendments to a number of existing sections of the Code.
What is NOCLAR?
NOCLAR is defined by the new standard as comprising acts of omission or
commission, intentional or unintentional, committed by a client, or by those
45

lOMoARcPSD|2981706
charged with governance, by management or by other individuals working for or

under the direction of a client which are contrary to the prevailing laws and
regulations.
The non-compliance which the standard addresses is concerned with laws and
regulations which are generally recognised to have a direct effect on the
determination of material amounts and disclosures in the client’s financial
statements. It also addresses other laws and regulations which may be
fundamental to the operating aspects of the client’s business, to its ability to
continue its business or to avoid material penalties. It is worth noting that the
standard does not include within its scope any matters that are clearly
inconsequential or any personal misconduct which is unrelated to the business
activities of the client or employer.
Background and aims
The NOCLAR project originated from an attempt to address concerns from the
regulatory community and other stakeholders that the Professional Accountant’s
(PA’s) duty of confidentiality under the Code was acting as a barrier to the
disclosure of possible NOCLAR to appropriate public authorities. While
emphasising the binding nature of the duty of confidentiality, the existing Code
identified general circumstances where disclosure may be appropriate including
when a PA considers it to be in the public interest. The existing Code
acknowledged that this is a difficult area to decide on and that as a result, it will
often be appropriate to take legal advice.
The new standard aims to raise the ethical bar for the global accountancy
profession and to increase the emphasis on PAs’ duties and responsibilities in
this area. It importantly represents the first time that accountants have been
permitted to set aside the duty of confidentiality, which is a fundamental principle
in the Code, in order to disclose NOCLAR to appropriate public authorities in the
circumstances prescribed. The new standard is intended to sit alongside and
supplement the existing guidance on this area contained within the International
Standards on Auditing (ISAs). It is noteworthy in this regard that in October 2016,
the International Auditing and Assurance Standards Board (IAASB) amended the
ISAs in order to enhance auditor focus on non-compliance with laws and
regulations and to enable the ISAs to be applied effectively alongside the IESBA
Code by clarifying and emphasising key aspects of the IESBA Code in the
IAASB’s Standards. The most significant revisions have been to ISA 250
Consideration of Laws and Regulations in an Audit of Financial Statements which
now directly references the Code and the additional responsibilities under law,
regulation or relevant ethical requirements regarding an entity’s non-compliance
with laws and regulations. It acknowledges that these may differ from or go
beyond the ISA itself.
Concerns were also expressed that auditors were simply resigning from client
relationships as a result of suspected or identified NOCLAR without the matter
being appropriately addressed. Moreover, it was felt that there was a lack of
guidance in the Code about the thought process and the relevant factors to
consider in determining how best to respond to potential NOCLAR in the public
interest. While the existing Code implicitly required PAs not to turn a blind eye to
46

lOMoARcPSD|2981706
potential NOCLAR, there were no clear and explicit requirements on how to

respond. There was a risk that the duty of confidentiality would put PAs in a
conflict situation and confuse their response. NOCLAR enables PAs to override
their duty of confidentiality where there is a strong public interest in the matter.
The NOCLAR guidance therefore aims to ensure that PAs respond to identified
or suspected NOCLAR on a timely basis in order to rectify, remediate or mitigate
its potentially adverse impact on stakeholders and the general public. The
increased emphasis on PAs’ duties and responsibilities in this area should also
serve to stimulate increased reporting of NOCLAR and even to act as a deterrent
to non-compliance by audited entities.
A differential approach
The NOCLAR guidance prescribes a differentiated approach for auditors, other
PAs in public practice as well as for senior level and other PAs in business. While
the basic ethical principles are the same for all PAs, the implementation of these
principles differs according to their roles, levels of seniority, spheres of influence
and the different levels of public expectations. In the context of the P7 exam,
however, we will concentrate on the prescribed approach to NOCLAR for the
auditing profession.
Responsibilities of auditors
The NOCLAR guidance provides a clear framework for auditors to follow when
addressing an instance of non-compliance or suspected non-compliance.
Obtaining an understanding of the matter The first step in this framework is
that the auditor should obtain a full and clear understanding of the matter
including the nature of the act and the circumstances in which it has occurred.
An auditor has always been required to obtain a good understanding of the
environment in which a client operates including any relevant laws and
regulations. However, the auditor is not expected to be an expert on a wide
range of laws and regulations and the new standard does not specifically
increase the auditor’s responsibilities in this regard. Rather, the auditor is
expected to apply their knowledge, professional judgement and expertise but
they are not expected to have a knowledge of laws and regulations that is greater
than that which is required to undertake the assignment in the first place.
In order to clarify whether an instance of non-compliance has occurred, the
auditor should consider consulting with other members of the firm on a
confidential basis, with a network firm or relevant professional body. The auditor
should also consider taking legal advice. If the auditor suspects non-compliance
has occurred, they should discuss the matter with the appropriate level of
management and, where appropriate, those charged with governance in order to
clarify understanding of the facts and circumstances surrounding the matter
together with its potential consequences. In assessing the appropriate level of
management, the auditor should consider any potential involvement or collusion
in the matter together with the ability of management to carry out investigations
and take appropriate action.
Addressing the matter In discussing an instance of non-compliance or
suspected non-compliance with management and, where appropriate, those
charged with governance (TCWG), the auditor should advise them to take timely
47

lOMoARcPSD|2981706
and appropriate actions in order to resolve the situation, to deter possible non-
compliance or to disclose the matter to an appropriate authority where it is
required by law or regulation or it is considered necessary in the public interest.
The auditor must also ensure their own compliance with laws and regulations
together with the requirements under auditing standards. With respect to auditing
standards, the auditor should have particular regard to those relating to:
Identifying and responding to non-compliance, including fraud.
Communicating with those charged with governance.
Considering the implications of the non-compliance or suspected
non-compliance for the auditor’s report.
Communication with respect to groups In the context of a group audit, the
auditor should consider their responsibilities to report instances of non-
compliance or suspected non-compliance to the group engagement partner
unless prohibited from doing so by law or regulation.
Determining whether further action is needed The auditor should assess the
appropriateness and effectiveness of the response of management and TCWG
to the matter, including the timeliness of the response and the extent of
investigation and remedial action, and in the light of this response, the auditor
must determine objectively if further action is needed in the public interest. This
will involve the exercise of professional judgement and the auditor must take into
account whether a reasonable and informed third party would, after weighing all
of the specific facts and circumstances, be likely to conclude that the auditor has
acted appropriately in the public interest.
Where the auditor decides that further action is necessary, it might include, for
example, disclosing the matter directly to the appropriate authority and
withdrawing from the engagement and client relationship. In response to the
concerns that auditors were simply resigning from client relationships as a result
of suspected or identified NOCLAR without the matter being appropriately
addressed, however, the guidance clarifies that withdrawing from an engagement
should not be a substitute for taking other actions which may be needed to
achieve the auditor’s objectives. The standard does though recognise in this
regard that in some jurisdictions there may be limitations on the further actions
which the auditor is able to take and acknowledges that withdrawal may be the
only available course of action. Following withdrawal, the outgoing auditor is
required to co-operate with the proposed successor auditor and on request, to
provide all of the facts and information concerning the identified or suspected
non-compliance which the latter needs to be aware of.
Determining whether to disclose the matter to an appropriate authority The
determination of whether to disclose the identified or suspected non-compliance
to an appropriate authority, assuming such disclosure is not precluded by law or
regulation, depends on the nature and extent of the actual or potential harm
which might be caused to investors, creditors, employees or the general public.
The guidance gives examples of indicative situations where disclosure might be
appropriate and of external factors to consider. These examples include
references to an entity being involved in bribery and tax evasion or to breaches
of regulation which might impact adversely on operating licences, financial
48

lOMoARcPSD|2981706
markets or public health and safety. The standard also clarifies that in
exceptional circumstances where the auditor believes there may be an imminent
breach of a law or regulation, they may need to disclose the matter immediately.
The decision to disclose will always be a matter for the auditor’s judgement and
where the disclosure is made in good faith, it will not constitute a breach of the
duty of confidentiality under Section 140 of the Code. This latter clarification, in
particular, should serve to increase the auditor’s confidence in their ability to
breach the principle of confidentiality where they deem it to be necessary under
the NOCLAR guidance. This should also help to resolve the potential conflict for
the auditor between their ethical duty of confidentiality and their professional duty
of disclosure in the public interest.
Documentation The auditor is required to document the process of compliance
with the NOCLAR guidance including the response of management and those
charged with governance, the courses of action considered, the judgements
made and the decisions taken.
The need for support
The IESBA acknowledges that the accountancy and auditing profession will not
resolve the NOCLAR issue in isolation and that it requires the support and co-
operation of other professions together with governments, legislators and
regulators. In particular it is hoped that governments will introduce and
strengthen legislation addressing NOCLAR and will provide protection for whistle
blowers and to auditors and other PAs who implement the standard. The ultimate
success of the project is also dependent on governmental authorities acting
appropriately in response to the NOCLAR reports which they will receive under
the requirements of the standard.
Conclusion
In practice auditors will often have to deal with instances of non-compliance with
laws and regulations and the IESBA’s NOCLAR standard provides important
additional guidance and clarification of their duties and responsibilities in this key
area. In the context of the P7 Advanced Audit and Assurance exam, candidates
need to be prepared to discuss the recent developments outlined in this article as
well as to consider the new guidance in their answer points to scenario based
exam questions.
AUDITOR REPORTING
An update for P7 students on Key Audit Matters (P7 INT) and the
Extended Auditor’s Report (P7 UK)
Candidates preparing for P7, Advanced Audit and Assurance will be aware that
the auditor’s report is the key output of the audit process, used to communicate
primarily with the shareholders of the audited entity, as well as other
stakeholders.
Recently, there have been some considerable changes in the requirements
relating to auditor’s reports, with the regulatory bodies issuing new and revised
International Standards on Auditing and other supplementary guidance.
The objective of this article is to outline the key changes, focusing on the new
49

lOMoARcPSD|2981706
requirements relating to the Key Audit Matters paragraph for P7 International

candidates, and Extended Auditor Reporting for P7 UK and Ireland candidates. It
should be read in conjunction with the article entitled ‘The new auditor's report’
(see ‘Related links’), which is relevant for both F8 and P7 students and serves as
an introduction to the issue.
The detail of the changes outlined below in relation to Key Audit Matters
are relevant to P7 (INT) candidates from the September 2016 exams
onwards.
P7 UK and Ireland candidates should note that the UK’s Financial
Reporting Council (FRC) did not adopt the new ISA requirements into UK
standards until June 2016, therefore ISA 701 (UK and Ireland) will not
become a UK and Irish examinable documents until September 2017.
However, candidates should be aware that the FRC Invitation to Comment
on the IAASB Exposure Draft Reporting on Audited Financial Statements:
Proposed new and Revised International Standards on Auditing, which
includes the original proposals of the ISA 701 requirements, is examinable
as a current issue in the exam year commencing September 2016.
Further, candidates sitting the UK exam are expected to understand the
Extended Reporting requirements that are expected in the UK and these
are discussed below.
Background to the changes to IAASB standards in relation to
Key Audit Matters
In 2015 the IAASB issued a range of changes to auditor reporting, with the
objective of enhancing auditor’s reports for investors and other users of financial
statements. According to the IAASB, research and public consultations indicate
that enhanced auditor reporting is critical to influencing the perceived value of the
financial statement audit. The auditor’s report is the key deliverable
communicating the results of the audit process. Investors and other financial
statement users have asked for a more informative auditor’s report—in particular
for auditors to provide more relevant information to users.
The IAASB suggests that the intended benefits of enhanced auditor reporting
include the following:
Enhanced communication between auditors and investors, as well
as those charged with corporate governance.
Increased user confidence in auditor’s reports and financial
statements.
Increased transparency, audit quality, and enhanced information
value.
Increased attention by management and financial statement
preparers to disclosures referencing the auditor's report.
Renewed auditor focus on matters to be reported that could result
in an increase in professional scepticism.
Enhanced financial reporting in the public interest.
Thus, the changes should be viewed not just as a development affecting
individual financial statement audits, but as a move to enhance audit quality
generally, which in turn will improve the credibility of financial reporting and the
50

lOMoARcPSD|2981706
audit profession.
Key Audit Matters
ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report
is a new standard that is required to be applied to the audit of all listed entities.
According to ISA 701, the purpose of communicating key audit matters (KAM) is
‘to enhance the communicative value of the auditor’s report by providing greater
transparency about the audit that was performed. Communicating key audit
matters provides additional information to intended users of the financial
statements to assist them in understanding those matters that, in the auditor’s
professional judgment, were of most significance in the audit of the financial
statements of the current period. Communicating key audit matters may also
assist intended users in understanding the entity and areas of significant
management judgment in the audited financial statements’.
It may be helpful to review the definition of KAM from ISA 701: ‘Those matters
that, in the auditor’s professional judgment, were of most significance in the audit
of the financial statements of the current period. Key audit matters are selected
from matters communicated with those charged with governance’.
Determining Key Audit Matters
ISA 701 requires the auditor to include in the KAM paragraph those matters that
required the most significant auditor attention in performing the audit. Thus, when
preparing an auditor’s report for listed entities, the auditor will need to carefully
select the matters that should be communicated in the KAM paragraph. This is
likely to require the use of significant judgement in order for the auditor’s report to
contain information on the matters that are most relevant to the intended users of
the report, while avoiding information overload, which could obscure the
important messages contained in the KAM paragraph.
There are three types of matter, according to ISA 701, which should be
considered when determining key audit matters. All of these should have been
communicated to those charged with governance as part of the audit process.
Areas of higher assessed risk of material misstatement, or significant risks
identified. During the audit, especially at the planning stage, the auditor
will identify risks of material misstatement. A significant risk as an
identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration. Significant risks, including
areas of management judgement and significant unusual transactions are
often areas that require significant auditor attention, and thus should be
considered for inclusion in the KAM paragraph.
Significant auditor judgments relating to areas in the financial statements that
involved significant management judgment, including accounting
estimates that have been identified as having high estimation uncertainty.
Critical accounting estimates and related disclosures are likely to be areas
of significant auditor attention and may be identified as significant risks.
This could include, for example, fair value estimates in relation to financial
instruments, estimates relating to the measurement of provisions,
impairment and the recoverability of assets.
The effect on the audit of significant events or transactions that occurred
51

lOMoARcPSD|2981706
during the period. This could include a one-off transaction or event within
the reporting entity that has required significant auditor attention, for
example the acquisition of a significant subsidiary within a group. In
addition, significant economic, accounting, regulatory, industry, or other
developments that affected management’s assumptions or judgments may
also affect the auditor’s overall approach to the audit and result in a matter
requiring significant auditor attention.
Given the multitude of matters that can arise during the audit process, the auditor
may find that there are many matters that potentially could be included in the
KAM paragraph. The auditor may need to prioritise the matters in order to ensure
that, as required by ISA 701, it is the matters of most significance that are
reported as KAM. ISA 701 explains that the concept of matters of most
significance is applicable in the specific context of the entity and the audit that
was performed. As such, the auditor’s determination and communication of key
audit matters should identify matters specific to the audit and to involve making a
judgment about their importance relative to other matters in the audit.
Specificity is therefore a key issue, and vague or boiler-plate disclosures are not
in keeping with the requirements or spirit of the standard.
ISA 701 therefore gives further guidance on determining significance and
whether a matter should be reported as a key audit matter:
The importance of the matter to intended users’ understanding of
the financial statements as a whole, and in particular, its materiality to the
The nature of the underlying accounting policy relating to the matter
or the complexity or subjectivity involved in management’s selection of an
appropriate policy compared to other entities within its industry.
The nature and materiality, quantitatively or qualitatively, of
corrected and accumulated uncorrected misstatements due to fraud or
error related to the matter, if any.
The nature and extent of audit effort needed to address the matter,
including the extent of specialized skill or knowledge needed to apply audit
procedures to address the matter or evaluate the results of those
procedures, if any.
The nature of consultations outside the engagement team
regarding the matter.
The nature and severity of difficulties in applying audit procedures,
evaluating the results of those procedures, and obtaining relevant and
reliable evidence on which to base the auditor’s opinion, in particular as
the auditor’s judgments become more subjective.
The severity of any control deficiencies identified in relation to the
matter.
Whether the matter involved a number of separate, but related,
auditing considerations. For example, long-term contracts may involve
significant auditor attention with respect to revenue recognition, litigation
or other contingencies, and may have an effect on other accounting
estimates.
52

lOMoARcPSD|2981706
ISA 701 does not state a particular number of key audit matters that should be
communicated, discussing that the volume of disclosure will be affected by the
size and complexity of the entity, the nature of its business and environment, and
the facts and circumstances of the audit engagement. The standard is very clear
in stating that ‘lengthy lists of key audit matters may be contrary to the notion of
such matters being those of most significance in the audit’, requiring the use of
professional judgement in prioritisation of matters to be communicated within the
KAM paragraph.
Communicating Key Audit Matters
ISA 701 requires that the description of each key audit matter in the auditor’s
report shall include a reference to the related disclosure(s), if any, in the financial
statements and shall address:
why the matter was considered to be one of most significance in
the audit and therefore determined to be a key audit matter, and
how the matter was addressed in the audit.
Though there is not a specific requirement in terms of placement of the KAM
paragraph within the auditor’s report, ISA 701 does comment that placement of
the KAM paragraph ‘in close proximity to the auditor’s opinion may give
prominence to such information and acknowledge the perceived value of
engagement-specific information to intended users’. Thus, the auditor may need
to use judgement in deciding on the best position of the KAM paragraph.
The ordering of items within the KAM paragraph itself is also a matter of
professional judgement. ISA 701 suggests that the information may be organized
in order of relative importance, based on the auditor’s judgment, or may
correspond to the manner in which matters are disclosed in the financial
statements.
In deciding the amount and nature of description of each item within the KAM
paragraph, the auditor is required to use their professional judgement, in order to
ensure that each matter is adequately described in an understandable way.
The description of each key audit matter should be a succinct and balanced
explanation to enable intended users to understand why the matter was one of
most significance in the audit and how the matter was addressed in the audit.
ISA 701 suggests that technical jargon should be avoided, stating that ‘limiting
the use of highly technical auditing terms also helps to enable intended users
who do not have a reasonable knowledge of auditing to understand the basis for
the auditor’s focus on particular matters during the audit’.
It is likely that many key audit matters will have been discussed in the financial
statements. For example, information in relation to a significant estimated value
for a provision should have been disclosed in the notes to the financial
statements in accordance with the relevant IFRS requirement. ISA 701 suggests
that the description of a key audit matter should not be a duplicate of information
that is already disclosed in the financial statements. However, a reference to any
related disclosures should be included to enable intended users of the auditor’s
report to further understand how management has addressed the matter in
preparing the financial statements.
The amount of detail to be provided in the auditor’s report to describe how a key
53

lOMoARcPSD|2981706
audit matter was addressed in the audit is also a matter of professional judgment.
The auditor may choose to describe:
aspects of the auditor’s response or approach that were most
relevant to the matter or specific to the assessed risk of material
misstatement
a brief overview of procedures performed
an indication of the outcome of the auditor’s procedures, or
key observations with respect to the matter.
In summary, the introduction of ISA 701 will require auditors to exercise
significant judgement in preparing the KAM section of the auditor’s report. To
help with implementation of the standard, the IAASB has published a range of
supplementary guidance to assist auditors of listed entities.
Note than the KAM paragraph is therefore not a substitute for expressing a
modified opinion or reporting on going concern issues in accordance with the
requirements of the relevant ISA. The interaction between ISA 701 and ISA 705
is explained in the article ‘The new auditor's report’ (see 'Related links'), which is
relevant for both F8 and P7 students.
The Extended Auditor’s Report
Note – this section is relevant to candidates attempting the UK and Irish P7
adapted papers only. The FRC document Extended auditor’s reports – A
review of experience in the first year is an examinable document for UK
and Irish students.
The UK Financial Reporting Council has issued additional requirements that form
part of revised ISA 700 (UK and Ireland) The independent auditor’s report on
financial statements. ISA 700 requires the auditor’s report issued in relation to
the financial statements of entities adopting the UK Corporate Governance Code
to include information that addresses similar issue to those seen in respect of
Key Audit Matters discussed in the previous section of this article. The objectives
are to provide more information about key issues that arose during the audit, how
they affected the audit process, and to allow better understanding of areas where
the auditor used judgement, particularly in relation to materiality.
Specifically, ISA 700 requires the auditor’s report of companies that apply the UK
Corporate Governance Code to include:
a description of those assessed risks of material misstatement that
were identified by the auditor and that had the greatest effect on the
overall strategy; the allocation of resources in the audit; and directing the
efforts of the engagement team
an explanation of how the auditor applied the concept of materiality,
and
a summary of the audit scope, including an explanation of how the
scope was responsive to the assessed risks of material misstatement and
the concept of materiality as described above.
Similar to the issues discussed above in respect of Key Audit Matters, when UK
and Irish auditors are applying these requirements of ISA 700, they will need to
use judgement to decide which risks of material misstatement should be
described, and in deciding how much information to provide in relation to each
54

lOMoARcPSD|2981706
aspect of the disclosure.

The FRC encourages audit firms to be innovative in the way they communicate
information in the Extended Auditor’s Report. The auditor should consider the
most effective way to present and describe the information, which should be
tailored as far as possible to give specific and therefore useful information.
Disclosures of a ‘boiler-plate’ type are discouraged as they do not provide
worthwhile information. Explanations, for example on the application of
materiality, need to be sufficiently detailed so that they are understandable, but
not so detailed that there is information overload. Providing just the right amount
and type of information is a matter of judgement and can be difficult to achieve.
Conclusion
It can be seen that both the IAASB and the FRC have taken steps to enhance
disclosures provided in the auditor’s reports of listed entities. The overall
objective is that these disclosures enhance the value of the auditor’s report by
better communication of key issues relevant to the audit process. Auditors will
need to use their judgement in deciding what to report, and how to communicate,
and some auditor’s reports will be more useful than others, but the regulatory
bodies are in agreement that the additional disclosure adds value to reporting by
auditors to those who have appointed them.
CORPORATE GOVERNANCE AND ITS IMPACT ON AUDIT PRACTICE

The syllabus for P7 (INT), Advanced Audit and Assurance contains
the following learning outcome:
Outline and explain the need for the legal and professional framework including:
i) public oversight of audit and assurance practice ii) the role of audit committees
and impact on audit and assurance practice.
Note: the syllabus and study guide for the UK adapted paper is worded slightly
differently in that they refer to jurisdiction specific Corporate Governance Code.
For both INT and UK and IRL adapted papers, the UK Corporate Governance
Code is included in the list of examinable documents, as is the UK Financial
Reporting Council Guidance on Audit Committees (Revised September 2012) as
examples of guidance on best practice in relation to corporate governance
principles and specific guidance in relation to audit committees. For the SGP
adapted exam, The Singapore Code of Corporate Governance is the relevant
code of best practice.
Candidates attempting P7 are expected therefore to be conversant with
corporate governance principles, many of which they will have seen in previous
exams F8, Audit and Assurance and P1, Governance, Risk and Ethics. The
focus in P7 is on the impact that corporate governance principles and practice
can have on the audit process, and this article explores some of these issues.
Basic principles of corporate governance – a reminder
Corporate governance is the system by which organisations are directed and
controlled. It encompasses the relationship between the board of directors,
55

lOMoARcPSD|2981706
shareholders and other stakeholders, and the effects on corporate strategy and
performance. Corporate governance is important because it looks at how these
decision makers act, how they can or should be monitored, and how they can be
held to account for their decisions and actions.
The published audited financial statements and related information are therefore
of key importance. They will usually be the main information set to which
shareholders and other stakeholders have access and this is why having credible
financial statements supported by the auditor’s opinion is crucial.
Many regulatory authorities, including the UK, use a code of best practice, often
termed a ‘comply or explain’ approach to corporate governance. Under this
approach the regulatory authority issues a set of principles with which company
directors of listed companies are expected to comply. In many jurisdictions
disclosures are required in the financial statements to demonstrate compliance.
Non-compliance is not expected, but in its event, the facts of the non-compliance
must be clearly disclosed and explained.
In some jurisdictions, such as the US, a more prescriptive approach is used,
whereby corporate governance requirements are set by legislation. Both the
principles and the legislative approaches are broadly similar in the matters they
address. They both deal with the importance of the board of directors having a
balanced structure, emphasising the need for non-executive directors, and for
robust procedures in relation to the appointment of board members, and their
remuneration. They both describe the merits of audit committees and the need to
monitor the effectiveness of internal controls. They both demand disclosure
about these and other matters in the annual report.
The main principles of the UK Corporate Governance Code
The content of the UK and Singapore Corporate Governance Codes are very
similar and for the purpose of this article the principles and provisions of the UK
Code will be used to highlight some of the key areas that the board should
consider when assessing their system of corporate governance.
The Code comprises five sections, each containing main principles:
Leadership
Every company should be headed by an effective board which is collectively
responsible for the long-term success of the company, and should lead and
control the company’s operations.
There should be a clear division of responsibilities at the head of the company,
which will ensure a balance of power and authority, such that no one individual
has unfettered powers of decision.
Non-executive directors should constructively challenge and help develop
proposals on strategy. The board should include a balance of executive and non-
executive directors such that no individual or small group of individuals can
dominate the board’s decision taking.
Effectiveness
The board and its committees should have the appropriate balance of skills,
experience, independence and knowledge of the company to enable them to
discharge their respective duties and responsibilities effectively.
There should be a formal, rigorous and transparent procedure for the
56

lOMoARcPSD|2981706
appointment of new directors to the board. All directors should receive induction
on joining the board and should regularly update and refresh their skills and
knowledge.
All directors should be submitted for re-election at regular intervals, subject to
continued satisfactory performance.
Accountability
The board should present a balanced and understandable assessment of the
company’s position and prospects. For UK companies, this is also required by
the Companies Act 2006, which requires that the directors disclose a business
review as part of the directors’ report to be included in the financial statements.
The board should maintain sound risk management and internal control systems.
The board should establish formal and transparent arrangements for considering
how they should apply the corporate reporting and risk management and internal
control principles and for maintaining an appropriate relationship with the
company’s auditor.
Remuneration
Levels of remuneration should be sufficient to attract, retain and motivate
directors of the quality required to run the company successfully, but a company
should avoid paying more than is necessary for this purpose. A significant
proportion of executive directors’ remuneration should be structured so as to link
rewards to corporate and individual performance.
Relations with shareholders
There should be a dialogue with shareholders based on the mutual
understanding of objectives. The board as a whole has responsibility for ensuring
that a satisfactory dialogue with shareholders takes place. The board should use
the Annual General Meeting to communicate with investors and to encourage
their participation.
The role of audit committees
The audit committee is such an important part of corporate governance that it is
the subject of its own guidance document in the UK, the Financial Reporting
Council’s Guidance on Audit Committees. The audit committee should be made
up of at least three independent non-executive directors, one of whom should
have recent and relevant financial experience. The committee has many roles,
including several that are specifically related to the external auditor, which are
discussed below.
Review of published financial information
The audit committee should monitor the integrity of the company’s financial
statements and any formal announcements relating to the company’s
performance. Significant financial reporting judgements should be specifically
reviewed. This means that committee members should scrutinise all published
financial information, and question and be ready to challenge the finance director
and external auditors on any contentious matters arising.
Systems and controls
The audit committee members have responsibility to review the company’s
internal financial controls and systems, and the risk management systems,
unless there is a separate risk committee.
57

lOMoARcPSD|2981706
Most large companies have an internal audit function, in which case the audit
committee should extend its monitoring role to include that function, including the
evaluation of the effectiveness of that function.
Where there is no internal audit function, the audit committee should consider
annually whether there is a need for internal audit and make a recommendation
to the board, and the reasons for the absence of such a function should be
explained in the relevant section of the annual report.
Fraud prevention and detection
Finally, the audit committee plays a part in fraud prevention and detection in that
whistleblowing arrangements should be made so that staff of the company may
raise concerns about possible improprieties in respect of financial reporting
matters.
External auditors – general principles
The audit committee has specific responsibilities in respect of the external
auditors, including recommending the appointment, reappointment and removal
of the external auditor, approving fees paid for audit and non-audit services, and
agreeing on the terms of engagement with the external auditor. A point specific to
the UK adapted paper is that following a revision to the UK Corporate
Governance Code in 2012, there is now a requirement for FTSE 350 companies
to put the external audit out to tender every 10 years.
One of the key issues is that the audit committee should annually assess the
independence, objectivity and effectiveness of the external audit process,
considering of the ethical framework applicable in the jurisdiction in which the
organisation is operating. The audit committee should report annually to the
board on their assessment with a recommendation on whether to propose to the
shareholders that the external auditor be reappointed. The audit committee
section of the annual report should also discuss the annual assessment of the
external audit process by the audit committee and also include information on the
length of tenure of the current audit firm, when a tender was last conducted, and
any contractual obligations that acted to restrict the audit committee’s choice of
external auditors.
In relation to potential threats to objectivity, the audit committee should seek
reassurance that the auditors and their staff have no financial, business,
employment or family and other personal relationship with the company which
could adversely affect the auditor’s independence and objectivity. The audit
committee should seek from the audit firm, on an annual basis, information about
policies and processes for maintaining independence and monitoring compliance
with relevant requirements, including current requirements regarding the rotation
of audit partners and staff.
External auditors – the annual audit cycle
The audit committee should be involved at all stages of the audit, to obtain
comfort that a quality audit will be performed. The Guidance on Audit
Committee specifically requires the following to take place:
At the start of each annual audit cycle, the audit committee should ensure that
appropriate plans are in place for the audit. This includes consideration of
planned levels of materiality, and the proposed resources to execute the plan,
58

lOMoARcPSD|2981706
having regard also to the seniority, expertise and experience of the audit team. In
practice this means that before any audit fieldwork takes place, the audit firm
should meet with the audit committee to discuss the audit strategy and audit
plan, demonstrating that auditing standards and quality control principles have
been adhered to in their development.
The audit committee should review, with the external auditors, the findings of
their work. In the course of its review, the audit committee should discuss with
the external auditor major issues that arose during the course of the audit and
have subsequently been resolved and those issues that have been left
unresolved; review key accounting and audit judgements; and review levels of
errors identified during the audit, obtaining explanations from management and,
where necessary, the external auditors as to why certain errors might remain
unadjusted. The audit committee should review and monitor management’s
responsiveness to the external auditor’s findings and recommendations. Thus, all
key audit findings should be shared with the audit committee and discussed with
them as the audit progresses.
At the end of the annual audit cycle, the audit committee should assess the
effectiveness of the audit process, by:
reviewing whether the auditor has met the agreed audit plan and
understand the reasons for any changes, including changes in perceived
audit risks and the work undertaken by the external auditors to address
those risks
considering the robustness and perceptiveness of the auditors in
their handling of the key accounting and audit judgements identified and in
responding to questions from the audit committee
obtaining feedback about the conduct of the audit from key people
involved, for example the finance director and the head of internal audit
reviewing and monitoring the content of the external auditor’s
management letter (report to those charged with governance), in order to
assess whether it is based on a good understanding of the company’s
business and establish whether recommendations have been acted upon
and, if not, the reasons why they have not been acted upon, and
reporting to the board on the effectiveness of the external audit
process.
In summary, the audit committee carefully monitors the conduct of the audit, and
plays an important part in ensuring the quality and rigour of the external audit of
the financial statements.
External auditors – provision of non-audit services
Specifically, the audit committee should develop and implement a policy on the
engagement of the external auditor to supply non-audit services, taking into
account the relevant ethical principles and requirements. The audit committee’s
objective should be to ensure that the provision of such services does not impair
the external auditor’s independence or objectivity. The audit committee should
consider:
whether the skills and experience of the audit firm make it the most
suitable supplier of the non-audit service
59

lOMoARcPSD|2981706
whether there are safeguards in place to eliminate or reduce to an

acceptable level any threat to objectivity and independence in the conduct
of the audit resulting from the provision of such services by the external
auditor
the nature of the non-audit services
the fees incurred, or to be incurred, for non-audit services both for
individual services and in aggregate, relative to the audit fee, and
the criteria which govern the compensation of the individuals
performing the audit.
The audit committee should set and apply a formal policy specifying the types of
non-audit service:
for which the use of the external auditor is pre-approved (i.e.
approval has been given in advance as a matter of policy, rather than the
specific approval of an engagement being sought before it is contracted)
from which specific approval from the audit committee is required
before they are contracted, and
from which the external auditor is excluded.
One of the non-audit services specifically referred to in the Guidance on Audit
Committees is the provision of internal audit by the external auditor. If the
external auditor is being considered to undertake aspects of the internal audit
function, the audit committee should consider the effect this may have on the
effectiveness of the company’s overall arrangements for internal control and
investor perceptions in this regard.
Conclusion
Candidates preparing to attempt P7 should be familiar with the corporate
governance principles outlined in this article, and they are encouraged to read
the source documentation to obtain a full understanding of general corporate
governance principles and the role of audit committees in particular. It is the
impact of these matters on the audit process that is particularly important to
understand, and candidates should be ready to include points relating to
corporate governance in their answers where appropriate.
THE AUDITOR'S REPORT
Relevant to ACCA Qualification exams AA and AAA

The International Auditing and Assurance Standards Board (IAASB) finalised its
project on auditor reporting in 2015, which resulted in a set of new and revised
standards on auditor reporting as well as revised versions of ISA, 570Going
Concern and a number of other International Standards on Auditing (ISAs).
Candidates attempting Audit and Assurance (AA) and Advanced Audit and
Assurance (AAA) are required to have a sound understanding of these
standards.
This article will focus primarily on: the requirements of ISA 701, Communicating
Key Audit Matters in the Independent Auditor’s Report; how ISA 701 interacts
60

lOMoARcPSD|2981706
with the other reporting standards (ISA 705 and 706); and the reporting
requirements in ISA 570 (Revised), Going Concern.
Candidates often find auditor’s reports a challenging part of the syllabus and in
preparation for exams it is imperative that candidates can:
describe the different elements of the auditor’s report (particularly
relevant for AA candidates)
determine the most appropriate type of audit opinion in a given
scenario, often through an explanation of why a certain opinion is
appropriate which will test the application of the candidate’s knowledge
understand the issues that may arise during the course of an audit
that could require an Emphasis of Matter or Other Matter paragraph to be
included in the auditor’s report, and
identify Key Audit Matters (KAM) that are required to be disclosed
in an auditor’s report.
Candidates will not be expected to draft an auditor’s report in either AA or AAA,
but may be asked to present reasons for an unmodified or a modified opinion, or
the inclusion of an Emphasis of Matter paragraph. Candidates attempting AA
may be required to identify and describe the elements of the auditor’s report and
therefore candidates should ensure that they have a sound understanding of ISA
700, Forming an Opinion and Reporting on Financial Statements. AAA questions
may require a candidate to determine whether a transaction, or a series of
transactions and events or other issues arising during the audit, gives rise to a
KAM and should also be prepared to critique the content of a KAM section of an
auditor’s report. AA candidates should be able to discuss what should be
included in the KAM section to ensure the auditor’s report is compliant with ISA
701.
Candidates may also be presented with extracts from an auditor’s report and be
asked to critically appraise the extracts, or challenge the proposed audit opinion.
Candidates are therefore reminded to ensure they have a sound understanding
of the relevant Syllabus and Study Guide and ensure the revision phase in the
lead-up to the examination includes plenty of exam-standard question practise,
particularly if this is an area of the syllabus which a candidate finds challenging.
Key Audit Matters (KAM)
In January 2015 the IAASB issued ISA 701, Communicating Key Audit Matters in
the Independent Auditor’s Report. This standard is required to be applied to the
audit of all listed entities. The objectives of ISA 701 are for the auditor to:
determine those matters which are to be regarded as KAM; and
communicate those matters in the auditor’s report.
The term ‘key audit matters’ is defined in ISA 701 as:
‘Those matters that, in the auditor’s professional judgment, were of most
significance in the audit of the financial statements of the current period. Key
audit matters are selected from matters communicated with those charged with
governance.’ (1)
Determination of KAM
The definition in paragraph 8 of ISA 701 states that KAM are selected from
matters which are communicated with those charged with governance. Matters
61

lOMoARcPSD|2981706
which are discussed with those charged with governance are then evaluated by
the auditor who then determines those matters which required significant auditor
attention during the course of the audit. There are three matters which the ISA
requires the auditor to take into account when making this determination:
Areas which were considered to be susceptible to higher risks of material
misstatement or which were deemed to be ‘significant risks’ in accordance
with ISA 315 (Revised), Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its Environment.
Significant auditor judgments in relation to areas of the financial statements
that involved significant management judgment. This might include
accounting estimates which have been identified by the auditor as having
a high degree of estimation uncertainty.
The effect on the audit of significant events or transactions that have taken
place during the period.
The auditor must determine which matters are of most significance in the audit of
the financial statements and these will be regarded as KAM.
Communicating KAM
Once the auditor has determined which matters will be included as KAM, the
auditor must ensure that each matter is appropriately described in the auditor’s
report including a description of:
Why the matter was determined to be one of most significance and therefore a
key audit matter, and
How the matter was addressed in the audit (which may include a description of
the auditor’s approach, a brief overview of procedures performed with an
indication of their outcome and any other key observations in respect of
the matter).
Reporting in line with ISA 570, Going concern
Exam questions might ask the candidate to recognise indicators that an entity
may not be a going concern, or require candidates to arrive at an appropriate
audit opinion depending on the circumstances presented in the scenario. It may
be the case that candidates are presented with a situation where the auditor has
concluded that there are material uncertainties relating to going concern and the
directors have made appropriate disclosures in relation to going concern and
candidates must understand the auditor reporting requirements in this respect.
The auditor’s work in relation to going concern has been enhanced in ISA 570
(Revised), Going Concern and the ISA includes additional guidance relating to
the appropriateness of disclosures when a material uncertainty exists.
Under ISA 570 (Revised), if the use of the going concern basis of accounting is
appropriate but a material uncertainty exists and management have included
adequate disclosures relating to the material uncertainties the auditor will
continue to express an unmodified opinion, but the auditor must include a
separate section under the heading ‘Material Uncertainty Related to Going
Concern’ and:
draw attention to the note in the financial statements that discloses
the matters giving rise to the material uncertainty, and
state that these events or conditions indicate that a material
62

lOMoARcPSD|2981706
uncertainty exists which may cast significant doubt on the entity’s ability to
continue as a going concern and that the auditor’s opinion is not modified
in respect of the matter.
The section headed ‘Material Uncertainty Related to Going Concern’ is included
immediately after the Basis for Opinion paragraph but before the KAM section. It
should be noted that where the uncertainty is not adequately disclosed in the
financial statements the auditor would continue to modify the opinion in line with
ISA 705, Modifications to the Opinion in the Independent Auditor’s Report.
Over and above the reporting requirements under ISA 570, candidates need to
understand how issues identified regarding going concern interact with the
requirements of ISA 701. By their very nature, issues identified relating to going
concern are likely to be considered a key audit matter and hence need to be
communicated in the auditor’s report. Where the auditor has identified conditions
which cast doubt over going concern, but audit evidence confirms that no
material uncertainty exists, this ‘close call’ can be disclosed in line with ISA 701.
This is because while the auditor may conclude that no material uncertainty
exists, they may determine that one, or more, matters relating to this conclusion
are key audit matters. Examples include substantial operating losses, available
borrowing facilities and possible debt refinancing, or non-compliance with loan
agreements and related mitigating factors.
In summary if a confirmed material uncertainty exists it must be disclosed in
accordance with ISA 570 and where there is a ‘close call’ over going concern
which has been determined by the auditor to be a KAM it will be disclosed in line
with ISA 701. This is illustrated in the following example:
Example – unmodified audit opinion but material uncertainty exists

in relation to going concern and the disclosures are adequate
Report on the Audit of the Financial Statements (extract)
OpinionIn our opinion, the accompanying financial statements present
fairly, in all material respects, the financial position of the Company as
at 31 December 20X5, and its financial performance and its cash flows
for the year then ended in accordance with IFRS® Standards.
Basis for opinionWe conducted our audit in accordance with

International Standards on Auditing (ISAs). Our responsibilities under
those standards are further described in the Auditor’s Responsibilities
for the Audit of the Financial Statements section of our report. We are
independent of the Company in accordance with the ethical
requirements that are relevant to our audit of the financial statements in
Farland, and we have fulfilled our other ethical responsibilities in
accordance with these requirements. We believe that the audit evidence
we have obtained is sufficient and appropriate to provide a basis for our
63

lOMoARcPSD|2981706
opinion.
Material uncertainty related to going concernWe draw attention to

Note 6 in the financial statements, which indicates that the Company
incurred a net loss of $125,000 during the year ended 31 December
20X5 and, as of that date, the Company’s current liabilities exceeded its
total assets by $106,000. As stated in Note 6, these events or
conditions, along with other matters as set forth in Note 6, indicate that
a material uncertainty exists that may cast significant doubt on the
Company’s ability to continue as a going concern. Our opinion is not
modified in respect of this matter.
Key audit mattersKey audit matters are those matters that, in our
professional judgment, were of most significance in our audit of the
financial statements of the current period. These matters were
addressed in the context of our audit of the financial statements as a
whole, and in forming our opinion thereon, and we do not provide a
separate opinion on these matters. In addition to the matter described in
the Material Uncertainty Related to Going Concern section, we have
determined the matters described below to be the key audit matters to
be communicated in our report.
[Include a description of each key audit matter]
Block: Text
Application of ISA 701 when a Qualified or Adverse Opinion is
issued
ISA 705 (Revised), Modifications to the Opinion in the Independent Auditor’s
Report outlines the requirements when the auditor concludes that the audit
opinion should be modified. ISA 705 (Revised) requires that the auditor includes
a Basis for Qualified/Adverse Opinion section in the auditor’s report. When the
auditor expresses a qualified or adverse opinion, the requirement to
communicate other KAM is still relevant and hence will still apply.
When the auditor issues an adverse opinion it means that the financial
statements do not give a true and fair view (or present fairly) because the auditor
has concluded that misstatements, individually and in aggregate, are both
material and pervasive to the financial statements.
Depending on the significance of the matter(s) which has resulted in the auditor
expressing an adverse audit opinion, the auditor might determine that no other
matters are KAM. In this situation, the auditor will deal with the matter(s) in
accordance with applicable ISAs and include a reference to the Basis for
Qualified/Adverse Opinion or the Material Uncertainty Related to Going Concern
section(s) in the KAM section of the report as illustrated below.
64

lOMoARcPSD|2981706
Example – Qualified ‘except for’ opinion issued but no key audit

matters
The audit of Turquoise Industries Co has been completed and the
auditor discovered a material amount of research expenditure which
had been capitalised as an intangible asset in contravention of IAS 38®
Intangible Assets. The finance director refused to derecognise the
research expenditure as an intangible asset and include it in profit or
loss and the auditor therefore issued a qualified ‘except for’ opinion on
the basis of disagreement with the entity’s accounting treatment for
research expenditure.
The auditor has concluded that there are no KAM which require to be
communicated in the audit report. The KAM section of the report will
therefore be as follows:
Key audit mattersExcept for the matter described in the Basis for
Qualified Opinion section, we have determined that there are no key
audit matters to communicate in our report.
Block: Text
When the auditor has expressed an adverse opinion on the financial statements
and communicates KAM, it is important that the descriptions of such KAM do not
imply that the financial statements as a whole are more credible in light of the
adverse opinion.
Disclaimer of Opinion issued
A disclaimer of opinion is issued when the auditor is unable to form an opinion on
the financial statements. ISA 705 states that when the auditor expresses a
disclaimer of opinion then the auditor’s report should not include a KAM section.
Emphasis of Matter and Other Matter paragraphs
Emphasis of Matter and Other Matter paragraphs are still retained in ISA 706
(Revised), Emphasis of Matter Paragraphs and Other Matter Paragraphs in the
Independent Auditor’s Report and the concepts involved have not been
overridden by the ISA 701 requirements. The IAASB have noted that in some
cases, matters which the auditor considers to be KAM will relate to issues that
are presented and/or disclosed in the financial statements. Therefore,
communicating these as KAM under ISA 701 will serve as the most useful and
meaningful mechanism for highlighting the importance of the matter.
Candidates should appreciate that when the auditor communicates matters as
KAM, the intention is to provide additional information beyond that which would
be included in an Emphasis of Matter paragraph. In recognition of this ISA 706
(Revised) states:
The auditor is prohibited from using an Emphasis of Matter
paragraph or an Other Matter paragraph when the matter has been
determined to be a KAM. To that end, the IAASB has emphasised that the
65

lOMoARcPSD|2981706
use of an Emphasis of Matter paragraph is not a substitute for a

description of individual KAM.
If a KAM is also determined to be fundamental to users’
understanding, the auditor may present this issue more prominently in the
KAM section. Alternatively, the auditor might also include additional
information in the KAM description to indicate the importance of the
matter.
There may be a matter which is not determined to be a KAM, but
which, in the auditor’s judgement is fundamental to users’ understanding
and for which an Emphasis of Matter paragraph may be considered
necessary.
Additional requirements for candidates attempting AAA
Candidates attempting AAA may be required to determine matters which should
be treated as KAM and to discuss the content of the KAM section of the auditor’s
report. Typical examples of issues which could be regarded as KAM include:
Impairment testing on goodwill
IFRS® 3, Business Combinations requires goodwill to be tested for impairment at
each reporting date and the annual impairment test may be regarded as a KAM
where the carrying amount of goodwill is material. Impairment tests are inherently
complex and judgmental and therefore management’s assessment process may
also be a KAM.
Effects of new IFRS standards

New accounting standards may be introduced by the International Accounting
Standards Board (such as IFRS 15, Revenue from Contracts with Customers)
that will involve a material change of accounting treatment. For example, IFRS
15 requires the application of a new framework in respect of revenue recognition,
and hence the implementation of IFRS 15 may give rise to the new accounting
requirements becoming a KAM as they will impact on the reporting entity’s
financial position and performance.
Valuation of financial instruments, and other assets and
liabilities at fair value
Significant measurement uncertainties in some financial instruments (for example
those for which quoted prices are not available) may give rise to the valuation of
financial instruments becoming a KAM because such valuations would invariably
rely on entity-developed models. This can also apply to other assets and
liabilities, particularly those measured using fair value techniques which can be
complex and subjective.
Please note that the examples above are included for illustrative purposes and
do not form an exhaustive list of all issues that could be identified as KAM.
Conclusion
The auditor’s report was significantly changed by the IAASB in response to the
users of financial statements requesting a more informative auditor’s report and
for the report to include more relevant information for users. Candidates
attempting AA will need to be able to identify and describe the basic elements
contained in the auditor’s report.
66

lOMoARcPSD|2981706
Candidates sitting either exam need to understand the requirements and

responsibilities of the auditor as set out in the reporting standards, as well as be
able to determine the form and content of an unmodified/modified auditor’s report
or where the use of an Emphasis of Matter or Other Matter paragraph would be
appropriate.
In addition, AAA candidates may be required to identify matters relating to the
financial statements which should be treated as a KAM and to critically assess
the content of the KAM section of a proposed auditor’s report.
Reference (1) ISA 701 paragraph 8
Written by a member of the Audit and Assurance examining team
AUDITING DISCLOSURES IN FINANCIAL STATEMENTS
In recent years, the International Auditing and Assurance Standards Board

(IAASB) has considered the issue of auditing disclosures in financial statements,
prompted by a number of factors including developments in IFRS requirements
and the increased level of complexity and subjectivity involved in the preparation
of information to be disclosed in financial statements. This article examines this
issue, and reminds candidates to review the examinable documents list for
guidance.
Disclosures in financial statements
Auditors are required to express an opinion on the financial statements as a
whole. This includes the notes to the financial statements which are an integral
part of the accounts, providing additional information on balances and
transactions and other relevant information. Therefore, it is important that during
all stages of the audit the auditor gives appropriate consideration to, and plans to
obtain sufficient and appropriate audit evidence in relation to the disclosures
made in the notes to the financial statements.
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an
Audit in Accordance with International Standards on Auditing specifies that the
financial statements include related notes which ‘comprise a summary of the
significant accounting policies and other explanatory information’.
The notes to financial statements contain different types of information, some
quantitative and some qualitative, as required by IFRS. Some examples are
given below:
Quantitative disclosures:
Disaggregation and analysis of balances and transactions included
in the financial statements, for example of property, plant and equipment,
intangible assets, provisions, lease obligations, financial instruments.
Segmental analysis of revenue, profit and certain other items, and
information about major customers (for listed companies).
Summarised financial information in relation to associates and joint
ventures.
Qualitative disclosures:
Descriptions of significant accounting policies and areas where
67

lOMoARcPSD|2981706
critical accounting judgement has been exercised, and rationale for any
changes in accounting policies.
Confirmation that the going concern assumption is appropriate, or
discussion of significant doubt over going concern.
Information on related parties, and related party transactions.
Explanation of impairment losses recognised in the year.
Discussion of areas of risk, for example those relating to financial
instruments.
A key driver for the IAASB’s consultation and the exposure draft, Addressing
Disclosures in the Audit of Financial Statements, issued in May 2014, is that in
recent years, IFRS requirements in relation to disclosures in the notes to financial
statements have become more onerous. The exposure draft states that ‘over the
past decade, financial reporting disclosure requirements and practices have
evolved. They now provide more extensive decision-useful information that is
more detailed and often deals with matters that are subjective such as
assumptions, models, alternative measurement bases and sources of estimation
uncertainty. As these financial reporting disclosures continue to evolve,
challenges have arisen for preparers and auditors in addressing new types of
quantitative and non-quantitative information’.
The challenges for auditors
Risk of irrelevant disclosures and determining materiality
The IAASB is concerned that in some financial statements excessive disclosure
is being provided, sometimes of immaterial matters that do not need to be
disclosed. This makes it difficult for the reader of the financial statements to focus
on the important matters due to the ‘information overload’. This is a difficult area
for the auditor because often judgement is needed to decide whether or not a
matter should be disclosed. Companies might prefer to provide too much
information rather than too little, in the aim of full transparency, but end up
providing irrelevant or unnecessary disclosures which obscure the rest of the
information included.
Linked to the point above, it can be very difficult to apply materiality to
disclosures, especially those of a quantitative nature. The IAASB has considered
whether additional guidance should be given to auditors to help them to
determine whether qualitative disclosures are material or not by making a
preliminary determination at the planning stage of the audit of those disclosures
that could reasonably be expected to influence the economic decisions of users.
This would help the auditor to better identify disclosures material by their nature
or their monetary value, and to plan appropriate audit procedures.
Sources of information
A key concern of the IAASB is that the information included in the notes to the
financial statements, whether quantitative or qualitative in nature is derived from
systems and processes that are not part of the general ledger system. Examples
could include, forward looking statements, descriptions of models used in fair
value measurements, descriptions of risk exposures and other narrative
disclosures. This gives rise to several potential problems to the auditor, and
respondents involved in the IAASB’s consultations noted that this issue poses
68

lOMoARcPSD|2981706
some of the most challenging aspects of preparing and auditing disclosures.

One problem is whether the system or process from which information is derived,
when it is outside of normal accounting processes, has any internal control to
provide assurance on the completeness, accuracy and validity of the information.
For example, information on financial instruments may be provided by a
company’s treasury management function, which could have very different
systems and procedures to the accounting function, with a different level of
control risk attached. The systems and controls may be deficient, creating higher
audit risk. This may particularly be the case when dealing with one-off
disclosures, for example in relation to the situation causing an impairment loss. In
some cases, due to lack of the documentation that would normally be expected
for more routine transactions or events captured by the accounting system, it
may be difficult to obtain sufficient, appropriate audit evidence on disclosures.
Timing considerations
The IAASB notes that often disclosures are prepared by management very late in
the audit process. Often, when the auditor is planning the audit, draft disclosures
are not available, so it is not possible for the auditor to plan the audit of
disclosures until much later in the audit process. This could lead to higher audit
risk in that there may not be much time to assess the risk relating to disclosures
and to perform the necessary audit procedures. This is especially the case where
disclosures are complex, for example in relation to financial instruments, or
subjective, for example in relation to fair value measurement.
The IAASB proposals
The IAASB has proposed additional guidance to help establish an appropriate
focus on disclosures in the audit and encourage earlier auditor attention on them
during the audit process. There is also a proposal to amend the definition of
financial statements contained in the ISAs, to ensure an appropriate emphasis on
the importance of disclosures as part of the financial statements.
Proposed changes to the ISAs include new application material to:
Amend the term ‘financial statements’ as used in the ISAs to
include all disclosures subject to audit and to include that such disclosures
may be found in the related notes, on the face of the financial statements,
or incorporated by cross-reference as allowable by some financial
reporting frameworks.
Emphasise the importance of giving appropriate attention to, and
planning adequate time for addressing disclosures in the same way as
classes of transactions, events and account balances, and early
consideration of matters such as significant new or revised disclosures.
Focus auditors on additional matters relating to disclosures that
may be discussed with those charged with governance, in particular at the
planning stage of the audit.
Emphasise that, when agreeing the terms of engagement, the
auditor should emphasise management’s responsibility, early in the audit
process, to make available information relevant to disclosures.
Provide additional examples of misstatements in disclosures to
highlight the types of misstatements that may be found in disclosures, and
69

lOMoARcPSD|2981706
to clarify that identified misstatements, including those in disclosures and

irrespective of whether they occur in quantitative or non-quantitative
information, need to be accumulated and evaluated for their effect on the
In terms of specific planning considerations, the IAASB recommends
improvements to some aspects of risk assessment and materiality determination
in order to encourage a more robust risk assessment relating to disclosures:
Expanding the guidance on matters to consider when the auditor is
obtaining an understanding of the entity and its environment, including the
entity’s internal control, and assessing the risks of material misstatement
for disclosures, including materiality considerations for non-quantitative
disclosures.
Highlighting disclosures, including examples of relevant matters, for
consideration during the discussion among the engagement team of the
susceptibility of the entity’s financial statements to material misstatement,
including from fraud.
Integrating the separate category for assertions relating to
presentation and disclosure into the categories for account balances and
transactions to promote their more consistent and effective use.
Acknowledging, and giving prominence to, disclosures where the
information is not derived from the accounting system, and related
considerations pertaining to this source of audit evidence.
In relation to materiality, clarifying that the nature of potential
misstatements in disclosures, in particular non-quantitative disclosures, is
also relevant to the design of audit procedures to address the risks of
material misstatement.
Conclusion
The IAASB has acknowledged that while disclosures have an increased
prominence in financial statements, the audit of disclosures is difficult for a
number of reasons. Through a process of public consultation, the IAASB has
proposed additional guidance in this area, which should provide auditors with
practical guidance and serve to reduce audit risk.
PERFORMANCE INFORMATION IN THE PUBLIC SECTOR

The syllabus and study guide for P7 (INT), Advanced Audit and Assurance (and
SGP adapted paper) includes a section entitled ‘The audit of performance
information (pre-determined objectives) in the public sector’. This article is
intended to provide insight into this syllabus area and explain some of the issues
of which candidates should be aware when studying this aspect of the syllabus.
Background
While the specifics will vary from country to country, in general public sector
organisations are funded wholly or partly by the government, and in turn by the
tax payers in a particular jurisdiction. Public sector organisations may include
hospitals and other health care facilities such as ambulance services, schools
70

lOMoARcPSD|2981706
and universities, the police force and organisations responsible for public
transport and the road network. In some cases, such as the UK university sector,
organisations do charge for services provided but still rely on government funding
to support their activities.
The government as well as other stakeholders will pay close attention to the
performance of these organisations to evaluate whether public funds are being
used appropriately. The organisations should aim to demonstrate that public
monies allocated to them are being used effectively, that specific targets are
being met, and that appropriate decisions are being made in respect of long term
planning. Essentially the management and those charged with governance of a
public sector organisation need to show that the organisation is meeting its
objectives and performing its role in society, and performance information is likely
to be required in order for this to be demonstrated. If a public sector organisation
is not performing well then its funding may be cut and its management may be
replaced; in extreme situations the organisation may even be shut down.
This is supported by guidance issued by the public sector board of IFAC which
notes that the primary function of governments and most public sector entities is
to provide services to constituents. Consequently, their financial results need to
be assessed in the context of the achievement of service delivery objectives.
Reporting non-financial as well as financial information about service delivery
activities, achievements and/or outcomes during the reporting period is
necessary for a government or other public sector entity to discharge its
obligation to be accountable.
An example of how this is implemented is given below, taken from the UK’s
National Health Service (NHS) website:
In the NHS, performance monitoring should:
• help to define performance targets/goals across the key aspects of

service delivery, including management of resources (personnel,
infrastructure), customer service and financial viability
• provide a comprehensive picture of the organisation's progress

towards achieving its performance targets/goals
• provide an early indication of emerging issues/cost pressures that may

require remedial action
• indicate where there is potential to improve the cost effectiveness of

services through comparison with other organisations
Block: Text
Measuring performance information
71

lOMoARcPSD|2981706
Candidates will be familiar with the concept of Key Performance Indicators (KPIs)
which are widely used by private sector organisations in relation to non-financial
information such as social and environmental reporting; there have been several
examination requirements in past P7 exams focussing on this syllabus area. In
the public sector the same principles apply in that target KPIs will be established
as a performance objective and the organisation’s performance against the target
KPIs will be measured.
Performance measures should be measurable and relevant if they are to be
effective. Measurability means trying to ensure that there is consistency in how
performance information is captured and reported. The measures should be
clearly defined and unambiguous, but measurability is sometimes difficult where
the subject matter of the performance information is subjective in nature. For
example for an ambulance service it would be quite easy to measure the average
time taken for an ambulance to respond to an emergency as this is quantifiable,
but more difficult to measure the patient’s satisfaction with the service provided
as this is based on the patient’s opinion.
An issue linked to measurability is the existence of data to generate the
performance information. Much of the work involved in setting up a good system
for reporting on performance information is focussed on ensuring the
completeness and accuracy of supporting information and that the information is
sufficiently robust to withstand scrutiny.
Relevance means that the performance information addresses a valid concern
and public sector organisations should consider the specific needs of their
stakeholders in developing relevant performance measures. Continuing to using
the UK’s NHS as an example, identified stakeholders who regularly review the
NHS performance information include:
The government department responsible for health services
Medical staff
NHS management team and non-executive committee members
Patients
Private companies who supply to the NHS
Academics and students researching the NHS
The NHS therefore has to produce a range of performance measures relevant to
the needs of this wide range of stakeholders. Different stakeholders have
different needs, for example patients may focus on the effectiveness of a certain
medical procedure, whereas management may focus on the cost of providing
that procedure. Therefore a very wide range of performance information may be
required yet it would be pointless to set targets and produce performance
information on an issue which is not relevant to any stakeholder.
The audit of performance information
It is worth reiterating the difference between the audit of performance information
and performance auditing as both are likely to occur in the public sector.
Candidates are reminded that the audit of performance information is concerned
with the audit of reported performance information against predetermined
objectives. The auditor’s role here is usually to report on the credibility,
usefulness and accuracy of the reported performance. Performance auditing is
72

lOMoARcPSD|2981706
related to the evaluation of how the public sector body is utilising resources and
often focuses on determining how the public sector body is achieving economy,
efficiency and effectiveness, sometimes referred to as value for money auditing.
It is the former that is the focus of this area of the P7 syllabus.
In some jurisdictions it is part of the audit requirement for public sector
organisations that the auditor should report on performance information. In
jurisdictions where this is not a requirement, the auditor may be asked to perform
a separate engagement to the financial statement audit, the objective of which is
to report specifically on the performance information. In either case, the auditor
will need to plan procedures in much the same way as in a conventional audit
scenario. Candidates are therefore encouraged to apply their existing knowledge
of audit planning (risk assessment) and evidence gathering techniques to this
type of information. The auditor is still looking to ultimately report on the validity
of the information included in this respect. The auditor may find the principles of
ISAE 3000 Assurance Engagements other than Audits or Reviews of Historical
Financial Information provide a useful framework for planning and performing the
work on performance information.
As with any engagement to provide assurance, this would likely start with an
understanding of the entity to ensure knowledge of the predetermined
performance measures, an evaluation of the systems and controls used to derive
and capture the performance information and also performing substantive
procedures on the reported measures. The auditor will also need to understand
the rationale behind the measures that are being reported on, considering the
relevance and suitability of them in terms of the objectives of the public sector
organisation in order to help assess the usefulness of the information being
provided.
Audit procedures may include:
Tests of controls on the systems used to generate performance
information
Performing analytical review to evaluate trends and gauge the
consistency of the information
Discussion with management and other relevant individuals, for
example those responsible for the reporting process
Review of minutes of meetings where performance information has
been discussed
Confirmation of performance information to source documentation;
this may be performed on a sample basis
Recalculation of quantitative performance information measures
Of course, the procedures must be specifically tailored to the performance
information subject to the audit. Further as in any audit, the working papers must
contain a summary of findings and clear conclusions on the procedures that have
been performed.
Reporting on performance information
There is no specific format or wording that is prescribed by international
regulations for reporting on public sector performance information, though in
some jurisdictions the national regulators may issue country-specific
73

lOMoARcPSD|2981706
requirements.
Generally, the auditor will provide a conclusion on whether the public sector
entity has achieved its objectives as shown by the reported performance
information and concludes on the information itself. This conclusion may be in
the form of a reasonable assurance conclusion – ie an opinion is expressed, or
may be in the form of a negative assurance conclusion – ie no opinion is
expressed. Essentially, in the absence of any jurisdiction specific requirements,
the auditor will agree the type of conclusion with the public sector organisation
and usually its regulating body.
Often the performance information will be provided as part of the public sector
organisation’s integrated report, in which case the auditor’s conclusion will be
included within the integrated report.
Conclusion
The audit of performance information in public sector organisations can be
approached in a similar way to the audit of KPIs in private sector organisations,
and conventional audit techniques can be employed, though they will need to be
tailored to the specific measures that are subject to audit. In approaching
scenarios based on this syllabus area, candidates are encouraged to apply their
understanding of audit techniques to the specific information in the question and
to avoid vague and unfocussed remarks.
LAWS AND REGULATIONS

An important part of an external audit is the consideration by the auditor as to
whether the client has complied with laws and regulations.
It is important that candidates preparing for Audit and Assurance (AA) and
Advanced Audit and Assurance (AAA) have an understanding of how laws and
regulations affect an audit, not only in terms of the work the auditor is required to
do, but also to appreciate the responsibilities of both management and the
auditor where laws and regulations are concerned.
The auditing standard that is relevant to this article is ISA 250
(Revised), Consideration of Laws and Regulations in an Audit of Financial
Statements, and the objectives of the auditor according to paragraph 11 in ISA
250 are:
to obtain sufficient appropriate audit evidence regarding compliance
with the provisions of those laws and regulations generally recognised to
have a direct effect on the determination of material amounts and
disclosures in the financial statements
to perform specified audit procedures to help identify instances of
non-compliance with other laws and regulations that may have a material
effect on the financial statements
to respond appropriately to identified or suspected non-compliance
with laws and regulations identified during the audit.
The standard defines an act of ‘non-compliance’ as follows:
‘Acts of omission or commission intentional or unintentional, committed by the
74

lOMoARcPSD|2981706
entity, or by those charged with governance, by management or by other

individualsworking for or under the direction of the entity which are contrary to
the prevailing laws or regulations. Non-compliance does not include personal
misconduct unrelated to the business activities of the entity.’
Respective responsibilities of management and auditors
Candidates need to go into the exam with an understanding as to who is
responsible for compliance with laws and regulations and who is responsible for
the detection of non-compliance with laws and regulations.
It is the responsibility of management to ensure that an entity complies with
relevant laws and regulations. It is not the responsibility of the auditor to either
prevent or detect non-compliance.
Question 1(c) of the December 2011 F8 exam (now AA) for four marks required
candidates to:
‘Explain the responsibilities of management and auditors of Chuck Industries Co
in relation to compliance with laws and regulations under ISA 250, Consideration
of Laws and Regulations in an Audit of Financial Statements.’
The question itself was linked to a brief scenario where Chuck Industries Co had
received a visit from the tax authority who had discovered incorrect levels of tax
had been deducted from the payroll as tax rates had not been updated in the
previous year and the finance director was questioning the audit firm as to why
they had not identified this non-compliance with tax legislation.
To secure a pass in this part of the question, candidates would have had to:
understand that it is role of the management of Chuck Industries Co
to ensure the operations of the entity are conducted in accordance with
laws and regulations (this applies to tax legislation also)
appreciate that an auditor is not responsible for prevention of non-
compliance with laws and regulations and is not expected to detect
instances of non-compliance
acknowledge in the answer that it is the auditor’s responsibility to
obtain reasonable assurance that the financial statements are free from
material misstatement. To that end the auditor will take into account the
legal and regulatory framework within which the entity operates
make reference to the auditor’s responsibility to consider those
laws and regulations that have both a direct and an indirect effect on the
determination of material amounts and disclosures in the financial
statements.
Direct and indirect laws and regulations
There are many laws and regulations that a reporting entity may have to comply
with in order to continue in business. For example, many entities will have to
comply with strict health and safety legislation; a food manufacturer may have
strict food hygiene legislation to comply with, and an accountancy firm will have a
code of ethics to follow from its professional body. Such laws and regulations will
have both a direct effect on the financial statements and an indirect effect.
For those laws and regulations that have a direct effect on the financial
statements, the auditor will be concerned about gathering sufficient and
appropriate audit evidence that the entity has complied with such laws and
75

lOMoARcPSD|2981706
regulations. For example, when auditing the payroll the auditor will be concerned
with gathering sufficient and appropriate audit evidence to ensure that tax
legislation has been correctly applied by the entity because if it has not (as in
Question 1(c) in the December 2011 F8 exam), there is risk that the entity could
be fined for non-compliance and the fines could be material, either in isolation or
when aggregated with other misstatements. In addition, amounts within the
financial statements may also be misstated as a result of the non-compliance
with laws and regulations.
For those laws and regulations that have an indirect effect on the financial
statements, the auditor will undertake procedures with the objective of identifying
non-compliance with such laws and regulations. ISA 250 gives examples in
paragraph 6(b) of:
compliance with the terms of an operating license
compliance with regulatory solvency requirements, or
compliance with environmental regulations.
When designing procedures to help to identify non-compliance with laws and
regulations, ISA 315, Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its Environment requires an
auditor to obtain a general understanding of:
the applicable legal and regulatory framework, and
how the entity complies with that framework.
Identifying non-compliance with laws and regulations can be tricky for auditors,
particularly where fraud and/or money laundering is concerned (see later in the
article). It is for this reason that the auditor must maintain a degree of
professional scepticism and remain alert to the possibility that other audit
procedures applied may bring instances of non-compliance or suspected non-
compliance with laws and regulations to the auditor’s attention, and such
procedures could include:
reading minutes of board meetings
enquiring of management and/or legal advisers concerning litigation
or claims brought against the entity, and
undertaking substantive tests on classes of transactions, account
balances or disclosures.
Reporting identified or suspected non-compliance with laws
and regulations
Where the auditor discovers non-compliance with laws and regulations, the
auditor must notify those charged with governance. However, care must be taken
by the auditor because if the auditor suspects that those charged with
governance are involved, the auditor must then communicate with the next
highest level of authority, which may include the audit committee. If a higher level
of authority does not exist, the auditor will then consider the need to obtain legal
advice.
The auditor must also consider whether the non-compliance has a material effect
on the financial statements and, in turn, the impact the non-compliance will have
on their report.
If the auditor identifies or suspects non-compliance, the auditor will need to
76

lOMoARcPSD|2981706
consider whether law, regulation and ethical requirements either require the
auditor to report to an appropriate authority outside the entity, or establish
responsibilities under which this may be appropriate.
There may be occasions when the auditor’s duty of confidentiality may be
overridden by law or statute. This can be the case when the auditor discovers
non-compliance with legislation such as drug trafficking or money laundering.
Money laundering
The Study Guide to AAA covers the issue of money laundering separately to that
of laws and regulations in A2(a) to (g). ACCA’s Code of Ethics and Conduct
defines ‘money laundering’ as:
‘...the process by which criminals attempt to conceal the true origin and
ownership of the proceeds of their criminal activity, allowing them to maintain
control over the proceeds and, ultimately, providing a legitimate cover for their
sources of income.’
Auditors need to be particularly careful where money laundering issues are
concerned – especially for a business that is predominantly cash-based because
the scope for money laundering in such businesses is wide. There are usually
three stages in money laundering:
Placement – which is the introduction or ‘placement’ of illegal funds
into a financial system.
Layering – which is where the money is passed through a large
number of transactions. This is done so that it makes it difficult to trace the
money to its original source.
Integration – which is where the ‘dirty’ money becomes ‘clean’ as it
passes back into a legitimate economy.
Money laundering offences can include:
concealing criminal property
acquiring, using or possessing criminal property
becoming involved in arrangement which is known, or suspected, of
facilitating the acquisition of criminal property.
There are many countries in which money laundering is a criminal offence and,
where an accountant or an auditor discovers a situation which may give rise to
money laundering, the accountant or auditor must report such suspicions to a
‘money laundering reporting officer’ (MLRO) whose responsibility it is to report
such suspicions to an enforcement agency (in the UK, this enforcement agency
is the National Crime Agency (NCA)).
It is an offence to fail to report suspicions of money laundering to NCA or the
MLRO as soon as practicable, and it is also an offence if the MLRO fails to pass
on a report to the NCA. Where the entity is actively involved in money laundering,
the signs are likely to be similar to those where there is a risk of fraud, and can
include:
complex corporate structure where complexity does not seem to be
warranted
transactions not in the ordinary course of business
many large cash transactions when not expected
transactions where there is a lack of information or explanations, or
77

lOMoARcPSD|2981706
where explanations are unsatisfactory, or

transactions with little commercial logic taking place in the normal
course of business.
Question 3(b) in the March/June 2016 P7 (Int) Sample Questions (now AAA)
gave candidates a scenario where they were placed in the position of audit
manager. The audit senior had noted as part of their review of the cash book, a
receipt of $350,000 for which the source was unclear followed by a transfer of the
same amount to a bank account held in another country. When questioned, the
financial controller had referred the audit senior to the business owner.
Documentary evidence had been requested but had not yet been received.
This particular question did not make reference to the term ‘money laundering’ in
the scenario or in the question requirement; the question required the candidate
to evaluate the implications for the completion of the audit, recommending any
further actions which should be taken by the firm.
The fact that no mention of money laundering was made either in the scenario or
in the question requirements is reflective of the fact that in real life those
committing money laundering will not openly admit to committing such offences.
Money laundering is therefore very similar (if not identical in many ways) to fraud
and, therefore, auditors should set aside any beliefs concerning the integrity and
honesty of the audit client and keep a sceptical mindset where such issues are
concerned.
Tipping off
The term ‘tipping off’ means that the MLRO discloses something that will
prejudice an investigation. It is an offence to make the perpetrators of money
laundering aware that the auditor has suspicions or knowledge regarding their
money laundering activities or that these suspicions or knowledge have been
reported. It is unnecessary for the auditor to gain all the facts, or to ascertain
without a doubt, that an offence has occurred. The auditor only needs to satisfy
themselves that their suspicions are reasonable, and obtain sufficient evidence to
show the allegations are made in good faith.
Conclusion
Candidates attempting AA and AAA are advised to gain a sound understanding
of laws and regulations, not only in the context of the Syllabus and Study Guide
but also in the context of real-life situations to allow for greater application of
knowledge.
Keep in mind the fact that questions in AAA will not always flag up that
candidates need to consider laws and regulations; the challenging nature of AAA
will mean that candidates will have to conclude for themselves that questions are
testing a specific subject area of the syllabus.
AUDIT QUALITY – A PERPETUAL CURRENT ISSUE

The issue of audit quality has always been a key consideration for auditors.
Performing a high quality audit means that audit risk is reduced and the audit firm
is less likely to issue an inappropriate audit opinion. However, periodic reviews
by regulatory authorities on the work performed by audit firms often conclude that
78

lOMoARcPSD|2981706
audits performed are not always of high quality, despite this being in the best
interest of the audit firm. The objective of this article is to provide some insight
into why audit firms sometimes compromise audit quality, giving examples of how
this happens, and the implications of compromising on audit quality for the
profession.
This issue is relevant to P7 in that the Syllabus and Study Guide contains a
specific section, C1, which contains a number of learning outcomes in relation to
quality control in the context of practice management. In particular, learning
outcome C 1 (d) states the following capability: ‘Assess whether an engagement
has been planned and performed in accordance with professional standards and
whether reports issued are appropriate in the circumstances.’ This requires
candidates to apply their knowledge of quality control to a given scenario and a
requirement of this nature has appeared several times in past papers.
A reminder of the sources of requirements in relation to
quality control
The International Auditing and Assurance Standards Board (IAASB) has issued
two documents relating to quality control. ISQC 1, Quality Control for Firms that
Perform Audits and Reviews of Financial Statements, and Other Assurance and
Related Services Engagements applies to all firms of professional accountants in
respect of audits and reviews of financial statements, and other assurance and
related services engagements. It should therefore also be applied to non-audit
engagements such as reviews of prospective financial information and
engagements to perform agreed upon procedures.
ISA 220, Quality Control for an Audit of Financial Statements is specific to audit
engagements and contains specific requirements that should be adhered to in
the performance of any audit. ISA 220 contains requirements in relation to:
Leadership responsibilities for quality on audits
Relevant ethical requirements, in particular independence
Acceptance and continuance of client relationships and audit
engagements
Assignment of engagement teams
Engagement performance, meaning the direction, supervision and
review of an audit, including consultation and engagement quality control
reviews
Monitoring and documentation
A detailed review of all of the requirements is outside the scope of this article,
and candidates are encouraged to ensure that they are familiar with the contents
of ISA 220 so that they can apply this knowledge to a given scenario and
comment on whether an audit has been performed in accordance with the
requirements of the ISA.
Recent developments in relation to quality control
The IAASB makes specific reference to the issue of audit quality in its latest
annual report published in June 2014. The IAASB chairman, Arnold Schlider, in
his chairman’s statement, discusses audit quality as a key issue that the IAASB
is focussing on. He refers to the IAASB publication entitled A Framework for
Audit Quality, the objective of which is to raise awareness of the key elements of
79

lOMoARcPSD|2981706
audit quality; encourage stakeholders to reflect on ways to improve audit quality;

and facilitate greater dialogue among stakeholders on the topic. (The
Consultation Paper on which this Framework document is based is listed as an
examinable document for P7 INT for June 2015). He also mentions the IAASB
webpage, ‘Focus on Audit Quality,’ which was launched in early 2014 to provide
supplemental material supporting awareness and use of the Framework. It is
clear that the IAASB want to engage not only with auditors but also with users
and preparers of financial statements to encourage debate on audit quality.
The IAASB Work Plan for 2015–16 is entitled Enhancing Audit Quality and
Preparing for the Future, emphasising the prominence of audit quality in the work
programme of the IAASB. In addition, the board has recently commenced a
survey on audit quality, focussing on how audit firms apply ISQC1 and the
difficulties faced by smaller audit firms in meeting the requirements.
It is not just the IAASB that perceives audit quality as a matter of debate. Other
regulatory bodies such as the UK Financial Reporting Council (FRC) is interested
in promoting audit quality and its Annual Reports on Audit Quality Inspections
feature detailed commentary on the improvements that audit firms can make to
enhance audit quality.
Why is audit quality a concern?
The regulatory bodies have a role to play in promoting audit quality as this will in
turn increase public confidence in the audit process and in financial reporting. As
mentioned in the introduction, it is in the best interests of audit firms to conduct a
high quality audit. So, it may be surprising to find that when inspections are
carried out on the conduct of audits, the regulatory bodies come across many
instances where audit quality is lacking.
Audit firms are faced with great pressures which may lead to them compromising
audit quality. Pressures can be in the form of tight deadlines and restrictions on
audit fees, issues relating to competence, ethical dilemmas, and the extent of
judgment that is required when auditing certain balances and transactions. Some
examples are given below to illustrate the effect of these pressures on audit
quality.
Tight deadlines and restrictions on audit fees – the FRC comments in its 2011 –
2012 Annual Report on Audit Quality Inspections that ‘a company’s audit should
represent value for money. Nevertheless, substantial fee reductions may lead the
auditor to reduce valuable audit work and therefore compromise audit quality.’
Fee pressures are a commercial reality and audit firms will react to fee pressure
by seeking efficiencies in the audit. This can manifest in many ways, for example,
reducing sample sizes, and increasing materiality levels especially in group
situations. A particular way to make the audit more efficient is to ‘offshore’ certain
audit procedures in an arrangement whereby some of the audit work is
performed by audit personnel who are not ‘full’ members of the audit team, they
may be located in a foreign country where the labour costs are lower. This
practice raises audit quality issues in that these personnel may not have a good
knowledge of the audit client and the quality of the audit evidence produced may
be questionable.
Competence – if auditors are not technically competent to perform audit work
80

lOMoARcPSD|2981706
there is a clear impact on the quality of work performed. For example, the IAASB
comments in its 2015–16 Work Plan that audit inspections have found instances
where the person selected to perform engagement quality control reviews was
not competent to do so. Given that engagement quality reviews are conducted
for high risk audit engagements using inexperienced auditors to perform such
reviews can create a potentially serious hazard for the audit firm in that it is much
more likely that an inappropriate opinion could be issued.
Ethical dilemmas – a common example is where the audit firm provides non-audit
services to the audited entity. Audit firms should be familiar with the concept that
providing non-audit services creates a threat to objectivity, in particular a self-
review threat, and audit firms also should be accustomed to assessing the
significance of the risk and responding with the use of appropriate safeguards or
by not providing the non-audit service. However there may be circumstances
where the threat is overlooked, so compromising audit quality. For example, if an
audited entity changes status and becomes listed (a public interest entity) then
while it may previously have been acceptable to provide a non-audit service with
the appropriate safeguards, the provision of the non-audit service may not be
acceptable given the new status of the audited entity. This issue was picked up
by the FRC in its 2014 round of audit quality inspections.
Extensive use of judgment – this is very much linked to professional scepticism
(see ‘Related links’ for further reading). Audit inspectors often comment that the
audit of judgmental balances such as fair values and impairment is lacking in
quality. The FRC’s 2014 Annual Report on Audit Quality Inspections states that
‘Limited evidence that [audit] firms have robustly challenged management
particularly in respect of the appropriateness of key assumptions and other
judgments was a key concern. Firms, with the assistance of audit committees,
should ensure they appropriately challenge management.’ The report comments
that audit firms often fail to challenge the feasibility of business plans prepared by
management, as well as assumptions relating to fair value, impairment and the
valuation of tangible and intangible assets.
These are just some examples of instances where audit quality has been
compromised, as identified by audit inspections. The objective of the inspections
is to highlight the weaknesses in audit quality and to recommend improvements.
It is up to the audit firm whether or not they respond to the recommendations, but
it is in their interest to do so, and there are calls by the IAASB to formalise the
means by which audit firms demonstrate that they have taken such
recommendations on board.
Conclusion
By emphasising the issue of audit quality in its current Work Plan, the IAASB is
making it clear that audit quality is something to be taken seriously. Higher
quality audits and public confidence in audit reports issued should reduce the
‘expectation gap’. However with audit firms coming under pressure to cut fees,
produce competitive tender documents and provide ‘added value’ to the audit in
the form of non-audit services, it is easy to see why audit quality is often
compromised. Future changes to make the requirements of ISQC1 and ISA 220
more robust could help, as will promoting the use of professional scepticism in
81

lOMoARcPSD|2981706
the conduct of all audits.

Written by a member of the Paper P7 examining team
Note: Some of the documents referred to in this article
PROFESSIONAL SCEPTICISM
In recent years regulatory bodies including the International Auditing and
Assurance Standards Board (IAASB) and the UK Financial Reporting Council
(FRC) have issued documents highlighting the importance of professional
scepticism in an audit of financial statements. The objective of this article is to
explain the importance of professional scepticism as an essential part of the
auditor’s mindset, and to consider the reasons why approaching an audit with an
attitude of professional scepticism is becoming increasingly important.
What is professional scepticism?
The glossary of terms contained in the IAASB’s Handbook of International
Quality Control, Auditing, Review, Other Assurance, and Related Services
Pronouncements contains the following definition of the term ‘professional
scepticism’:
An attitude that includes a questioning mind, being alert to conditions which may
indicate possible misstatement due to error or fraud, and a critical assessment of
evidence.
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an
Audit in Accordance with International Standards on Auditing, contains more
guidance on how and why the auditor should act with an attitude of professional
scepticism. ISA 200 contains a specific requirement in relation to professional
scepticism:
The auditor shall plan and perform an audit with professional scepticism
recognising that circumstances may exist that cause the financial statements to
be materially misstated.
This overall objective is the fundamental driver for the relevant learning outcomes
within the Paper P7 syllabus, namely:
To discuss the importance of professional scepticism in planning
and performing an audit (B1e), and
To assess whether an engagement has been planned and
performed with an attitude of professional scepticism, and evaluate the
implications (B1f).
The application paragraphs of ISA 200 contain more guidance on what is meant
by applying professional scepticism when conducting an audit: Professional
scepticism includes being alert to, for example:
Audit evidence that contradicts other audit evidence obtained.
Information that brings into question the reliability of documents
and responses to inquiries to be used as audit evidence.
Conditions that may indicate possible fraud.
Circumstances that suggest the need for audit procedures in
addition to those required by the ISAs. (ISA 200 A.18).
Essentially, ISA 200 requires the use of professional scepticism as a means of
82

lOMoARcPSD|2981706
enhancing the auditor’s ability to identify risks of material misstatement and to

respond to the risks identified. Professional scepticism is closely related to
fundamental ethical considerations of auditor objectivity and independence.
Professional scepticism is also linked to the application of professional judgment
by the auditor. An audit performed without an attitude of professional scepticism
is not likely to be a high quality audit. At its core the application of professional
scepticism should help to ensure that the auditor does not neglect unusual
circumstances, oversimplify the results from audit procedures or adopt
inappropriate assumptions when determining the audit response required to
address identified risks, all of which should improve audit quality.
How does the auditor apply professional scepticism?
The auditor is likely to apply professional scepticism at various stages from client
acceptance and at various points during the audit process, and some typical
examples are given below:
When assessing engagement acceptance – at this stage the
auditor should consider whether the management of the intended audit
client acts with integrity and whether there are any matters that may
impact on the auditor being able to act with professional scepticism if they
accept the engagement, such as ethical threats to objectivity.
When performing risk assessment procedures – an auditor should
be sceptical when performing risk assessment procedures at the planning
stage of the audit. For example, when discussing the results of analytical
procedures with management, the auditor should not accept
management’s explanations at face value, and should obtain
corroboratory evidence for the explanations offered.
When obtaining audit evidence – the auditor should be ready to
challenge management, especially on complex and subjective matters and
matters that have required a degree of judgement to be exercised by
management. The reliability and sufficiency of evidence should be
considered, especially where there are risks of fraud. There may also be
specific issues arising during an audit which impacts on professional
scepticism – for example, if management refuses the auditor’s request to
obtain evidence from a third party. The auditor will have to consider how
much trust can be placed on evidence obtained from management – for
example, evidence in the form of enquiry with management or written
representations obtained from management. ISA 200 states that ‘a belief
that management and those charged with governance are honest and
have integrity does not relieve the auditor of the need to maintain
professional scepticism or allow the auditor to be satisfied with less than
persuasive audit evidence when obtaining reasonable assurance’.
When evaluating evidence – the auditor should critically assess
audit evidence and be alert for contradictory evidence that may undermine
the sufficiency and appropriateness of evidence obtained.
The auditor should also apply professional scepticism when forming the auditor’s
opinion, by considering the overall sufficiency of evidence to support the audit
opinion, and by evaluating whether the financial statements overall are a fair
83

lOMoARcPSD|2981706
presentation of underlying transactions and events.

Ultimately, the application of professional scepticism should reduce detection risk
because it enhances the effectiveness of applied audit procedures and reduces
the possibility that the auditor will reach an inappropriate conclusion when
evaluating the results of audit procedures.
Specific applications of professional scepticism
Fraud ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of
Financial Statements, specifically refers to professional scepticism stating that
‘when obtaining reasonable assurance, the auditor is responsible for maintaining
professional scepticism throughout the audit, considering the potential for
management override of controls and recognising the fact that audit procedures
that are effective for detecting error may not be effective in detecting fraud’ (ISA
240.8).
ISA 240 goes on to state a specific requirement for the auditor: ‘The auditor shall
maintain professional scepticism throughout the audit, recognising the possibility
that a material misstatement due to fraud could exist, notwithstanding the
auditor’s past experience of the honesty and integrity of the entity’s management
and those charged with governance’ (ISA240.12).
The application paragraphs of ISA 240 emphasise the importance of assessing
the reliability of the information to be used as audit evidence and the controls
over its preparation and maintenance. In addition, ISA 240 states that
‘management is often in the best position to perpetrate fraud. Accordingly, when
evaluating management’s responses to inquiries with an attitude of professional
scepticism, the auditor may judge it necessary to corroborate responses to
inquiries with other information’ (ISA 240.A17). This is significant in that ISA 240
reminds the auditor that when management provides the auditor with audit
evidence – be that in the form of answers to enquiries, written representations or
other forms of documentary evidence – the auditor should carefully consider the
integrity of that evidence and whether additional corroboratory evidence should
be obtained from a more reliable source.
Other aspects of an audit where professional scepticism may be important
The IAASB has issued a Staff Questions and Answers document entitled
Professional Scepticism in an Audit of Financial Statements, which outlines some
of the areas of the audit where the use of professional scepticism may be
important. These are outlined below and largely relate to areas of the audit that
are complex, subjective or highly judgmental.
Accounting estimates – this can include fair value accounting
estimates, the use of significant assumptions by management in
developing accounting estimates, and reviewing the judgements and
decisions used by management for management bias in developing
accounting estimates.
Going concern – the auditor should review management’s
assessment of going concern and whether management’s plans are
feasible, this being particularly important where there is a significant doubt
over the entity’s ability to continue as a going concern.
Related party relationships and disclosures – it can be difficult to
84

lOMoARcPSD|2981706
obtain information on related parties, as knowledge may be confined to

management meaning that the auditor may have to rely on management
to identify all related parties The auditor should also be sceptical when
assessing the business rationale behind related party transactions.
Consideration of laws and regulations – the auditor should be alert
throughout the audit for indications that there may have been a suspected
non-compliance with laws and regulations.
The increasing importance of professional scepticism
The IAASB Staff Questions and Answers document contains a foreword by
Arnold Schilder, IAASB chairman, which emphasises the increasing need for
auditors to apply professional scepticism. One reason for this is the increased
use of judgment and subjectivity in management’s financial reporting decisions.
This is due to the application of International Financial Reporting Standards
(IFRS), which are largely principle-based, and often require the preparers of
financial statements to exercise significant judgment when making decisions on
accounting treatments.
The global financial crisis of 2008–2009 also focused attention on professional
scepticism. Auditors in many jurisdictions were criticised for not applying
sufficient professional scepticism at that time, particularly in relation to the audit
of fair values, related party transactions and going concern assessments. One of
the reasons for the IAASB issuing the Staff Questions and Answers document
was to re-emphasise the importance of professional scepticism especially in the
audit of financial statements where there is a high risk of material misstatement
due to financial distress.
The UK’s Financial Reporting Council (FRC) has issued a Briefing Paper on
professional scepticism which suggests that professional scepticism is the
cornerstone of audit quality. It proposes that the auditor should actively look for
risks of material misstatement, and that this is only possible when a high degree
of knowledge of the audited entity’s business and the environment in which it
operates is obtained. The document contains proposals for how audit firms can
encourage audit teams to approach audits with a sceptical mindset, and it
considers that some audit firms may need to change their culture to allow this to
happen.
The IAASB’s Work Plan for 2015–16, Enhancing Audit Quality and Preparing for
the Future – issued in December 2014 – prioritises the issues that impact on
audit quality, including group audits, quality control, and professional scepticism.
It is clear the professional scepticism is to stay on the agenda of the regulatory
authorities for some time to come, as it is so intrinsically linked to other key audit
issues such as audit quality, ethics and independence and, ultimately, the
confidence that the public has in the auditing profession.
Conclusion
The IAASB states that ‘the need for professional scepticism cannot be
overemphasised’ and that ‘adopting and applying a sceptical mindset is
ultimately a personal and professional responsibility to be embraced by every
auditor’. Given the increasingly complex and subjective nature of IFRS
requirements, auditors must be confident to challenge management on a range
85

lOMoARcPSD|2981706
of matters relevant to the preparation of the financial statements and the IAASB
and national bodies such as the FRC are keen to support auditors in the
application of professional scepticism. This, they believe, is an essential element
of quality control, and in safeguarding the credibility of the audit opinion.
USING THE WORK OF INTERNAL AUDITORS

Can internal auditors be used to provide direct assistance to the external auditor
for purposes of audit?
Relevant to ACCA Qualification exams AA and AAA
International Standard on Auditing (ISA) 610, Using the Work of Internal
Auditors was revised and published in 2013. This standard focuses on whether
the external auditor can use the work of the internal audit function for purposes of
audit, and the revised version of the standard, clarified whether the internal
auditors could be used to provide direct assistance to the external auditor.
Candidates taking AA and AAA should familiarise themselves with this aspect of
the standard as they are expected to be able to discuss the extent to which
external auditors are able to rely on the work of internal auditors (section D6 of
the AA Study Guide) and to assess the appropriateness and sufficiency of the
work of internal auditors as well as the extent to which reliance can be placed on
it (section D4) of the AAA Study Guide).
External and internal auditors
Much of the work performed by a company’s internal audit function can overlap
with the work conducted by the external auditor, specifically in areas dealing with
the assessment of control processes. It is likely that in carrying out detailed work
evaluating and reviewing the company’s internal control framework internal audit
perform procedures on financial controls relevant to the external audit. As such,
the external auditor, rather than duplicating these procedures, may be able to
place reliance on the work carried out by the internal auditor.
Block: Text
This article focuses on the provision of direct assistance by the internal auditors,
which historically has been a very controversial issue. Internal auditors are the
employees of the entity, which could result in threats to independence (either
in fact or perceived) if direct assistance is provided by the internal auditors. On
the other hand, the following benefits relating to provision of direct assistance by
the internal auditors cannot be ignored:
There will be a strengthened relationship between the external
and internal auditors through a more effective dialogue
With the knowledge of the internal auditors, the external auditor
can gain additional insights into the entity
The external auditor can use internal auditors who may have
relevant expertise in particular areas, and
The external audit team can focus on the more significant audit
issues.
86

lOMoARcPSD|2981706
Where such use is not prohibited by law or regulation, the ISA provides a robust
framework to ensure that direct assistance is obtained only in appropriate
circumstances, that the external auditor considers the relevant limitations and
safeguards, and that the auditor’s responsibilities are clearly set out.
Guidance on determining if it is appropriate for internal auditors to provide
direct assistance
When can internal auditors be used to provide direct assistance?
The external auditor, in the course of discharging their responsibilities must
decide if it is appropriate in the circumstances to use internal audit to provide
direct assistance. The ISA identifies a number of steps that the external auditor
should work through when determining to what extent, if any, direct assistance
can be provided.
Block: Text
Click to enlarge image
Step 1: Prohibition by law or regulation The external auditor may be
prohibited by law or regulation from obtaining direct assistance from internal
auditors; therefore, the first task is to understand the law or regulation of the
jurisdiction in which the auditor is operating. In the United Kingdom for example,
the Financial Reporting Council (FRC) prohibits external auditors from using
internal auditors as ‘direct assistance’ members of the audit team in order to
enhance the principle of auditor independence. Consequently the guidelines in
relation to direct assistance are irrelevant to audits conducted in accordance with
ISAs (UK).
Step 2A: Evaluation of the existence and significance of threats to objectivity of
the internal auditors This is considered as an important element in the external
auditor’s judgment as to whether internal auditors can provide direct assistance.
Objectivity is regarded as the ability to perform the tasks without allowing bias,
87

lOMoARcPSD|2981706
conflict of interest or undue influence of others to override professional judgment.

The following factors are relevant to the external auditor’s evaluation of
objectivity:
Block: Text
It should be noted that the main purpose here is to evaluate threats to
objectivity. Take the first factor as an example – if evidence shows that the
internal audit function’s organisational status supports the objectivity of the
internal auditors, the external auditor will feel more comfortable using direct
assistance from the internal auditors. The following situations are likely to support
the objectivity of the internal auditors:
The internal audit function reports to those charged with
governance (eg the audit committee) rather than solely to management
(eg the chief finance officer)
The internal audit function does not have managerial or operational
duties that are outside of the internal audit function
The internal auditors are members of relevant professional bodies
obligating their compliance with relevant professional standards relating to
objectivity.
Step 2B: Evaluation of the level of competence of the internal auditors
Competence of the internal audit function is likely to be deemed satisfactory
where it can be evidenced that the function as a whole operates at the level
required to (i) enable assigned tasks to be performed diligently and (ii) in
accordance with applicable professional standards. To make such evaluation, the
external auditor can take into consideration the following factors:
Whether there are established policies for hiring, training and
88

lOMoARcPSD|2981706
assigning internal auditors to internal audit engagements

Whether the internal auditors have adequate technical training and
proficiency in auditing (eg with relevant professional designation and
experience)
Whether the internal auditors possess the required knowledge
relating to the entity’s financial reporting and the applicable financial
reporting framework
Whether the internal audit function possesses the necessary skills
(for example, industry-specific knowledge) to perform work related to the
entity’s financial statements.
Points to note in the evaluation The above evaluation regarding the internal
auditors’ objectivity and competence should not be new to candidates as it forms
the basis for any assessment by the external auditor when determining if reliance
can be placed on the work of internal auditors. The external auditor should bear
in mind that the assessment of competence and objectivity are of equal
importance, and should be assessed individually and in aggregate. For example
if the internal auditors are deemed appropriately competent but the external
auditor identifies significant threats to objectivity it is unlikely that the external
auditor will be able to use the internal auditors to provide direct assistance and
vice versa.
What can be assigned to internal auditors providing direct assistance?
Following the above detailed evaluation, if the external auditor determines that
internal auditors, can be used to provide direct assistance for purposes of the
audit, the next decision to be made by the external auditor is to determine the
nature and extent of work that can be assigned to internal auditors.
This is a matter that requires the auditor to exercise professional judgment, due
to the fact that extensive use of direct assistance could affect perceptions of the
independence of external auditors. ISA 610 (Revised 2013) limits the
circumstances in which direct assistance can be provided. The external auditor is
advised to consider the following factors in such determination:
89

lOMoARcPSD|2981706
Block: Text
The external auditor should have performed the assessment of the first two
factors when determining whether the internal auditors can provide direct
assistance in the first instance. The less persuasive the evidence regarding the
internal auditors’ objectivity and competency, the more restrictive the nature and
extent of work that can be assigned.
As a starting point the external auditor should consider the amount of judgment
needed in (i) planning and performing relevant audit procedures and (ii)
evaluating audit evidence gathered. The greater the level of judgment required,
the narrower the scope of work that can be assigned to internal auditors. The
following activities are deemed to involve significant judgment and therefore are
not expected to be assigned to internal auditors providing direct assistance:
Assessing risks of material misstatements
Evaluating the sufficiency of tests performed
Evaluating significant accounting estimates, and
Evaluating the adequacy of disclosures in the financial statements
and other matters affecting the auditor’s report.
For any particular account balance, class of transaction or disclosure, the
external auditor has to take into consideration the assessed risk of material
misstatement when determining the nature and extent of work that they propose
to assign to internal auditors. The higher the assessed risk, the more
restricted the nature and extent of work that should be assigned to internal
auditors. If the risk of material misstatement is considered to be anything other
than low, the more judgment that has to be involved and the more persuasive the
audit evidence required. Therefore, in these circumstances, in order to reduce
90

lOMoARcPSD|2981706
audit risk to an acceptably low level it is expected that the external auditor has to
perform more procedures directly and place less reliance on assistance provided
by internal auditors when collecting sufficient appropriate evidence. The ISA
provides some specific examples of areas where reliance should be restricted.
ISA 610 (Revised 2013) states that internal auditors cannot carry out procedures
when providing direct assistance that:
Involve making significant judgment in the audit
Relate to higher assessed risks of material misstatements where
the judgment required in performing the relevant audit procedures or
evaluating the audit evidence gathering is more than limited
Relate to decisions the external auditor makes in accordance with
ISA 610 (Revised 2013) regarding the internal audit function and the use
of its work or direct assistance
Relate to work with which the internal auditors have been involved
and which has already been or will be reported to management (or those
charged with governance) by the internal audit function. This restriction
intends to minimise self-review threats.
ISA 610 (Revised 2013) also states that the following should not be assigned to
or involve internal auditors providing direct assistance:
(i) discussion of fraud risks (ii) determination of unannounced (or unpredictable)
audit procedures as addressed in ISA 240, The Auditor’s Responsibilities
Relating to Fraud in an Audit of Financial Statements, and (iii) maintaining control
over external confirmation requests and evaluation of results of external
confirmation procedures.
Responsibilities of the external auditor using internal auditors to provide
direct assistance
The external auditor should note the following responsibilities at different stages
of the audit when using internal auditors to provide direct assistance:
(1) After determining the use of internal auditors to provide direct assistance The
external auditor has to:
Communicate the nature and extent of the planned use of internal
auditors with those charged with governance (in accordance with ISA 260,
Communication with Those Charged with Governance) so as to reach a
mutual understanding that such use is not excessive in the
circumstances of the engagement. This communication not only dispels
any perception that the external auditor’s independence might be
compromised by the use of direct assistance but also facilitates
appropriate dialogue with those charged with governance.
Evaluate whether the external auditor is still sufficiently involved in
the audit.
(2) Prior to the use of internal auditors to provide direct assistance The external
auditor has to obtain written agreement from two parties:
From an authorised representative of the entity stating that: (i) the
internal auditors will be allowed to follow the external auditor’s instructions,
and (ii) the entity will not intervene in the work the internal auditor
performs for the external auditors.
91

lOMoARcPSD|2981706
From internal auditors stating that they will: (i) keep confidential
specific matters as instructed by the external auditor and (ii) inform the
external auditor of any threat to their objectivity.
(3) During the audit The external auditor has to:
Direct, supervise and review the work performed by internal
auditors on the engagement, bearing in mind that the internal auditors
are not independent of the entity. It is therefore expected that such
supervision and review will be of a different nature and more extensive
than if members of the audit engagement team perform the work.
Remind the internal auditors to bring accounting and auditing
issues identified during the audit to the attention of the external auditors.
Check back to the underlying audit evidence for some of the work
performed by the internal auditors.
Make sure the internal auditors have obtained sufficient appropriate
audit evidence to support the conclusions based on that work.
(4) Documenting the audit evidence The documentation requirements evidencing
the application of the important safeguards in ISA 610 (Revised 2013) have been
expanded when the external auditor uses the internal auditors to provide direct
assistance. The external auditor should document the following in the working
papers:
Evaluation of the existence and significance of the threats to the
objectivity of the internal auditors and the level of competence of the
internal auditors used to provide direct assistance
The basis for the decision regarding the nature and extent of the
work performed by the internal auditors
Who reviewed the work performed and the date and extent of
that review in accordance with ISA 230, Audit Documentation
The written agreements obtained from an authorised
representative of the entity and the internal auditors
The working papers prepared by the internal auditors providing
direct assistance on the audit engagement.
Conclusion
The external auditor has to exercise professional judgment when determining
whether the internal auditors, subject to law and regulation, can be used to
provide direct assistance in the financial statement audit of an entity. Candidates
are expected to understand (i) how the external auditor makes such evaluations
and (ii) for which processes or tasks the internal auditors can provide direct
assistance to the external auditor. The most important principle is, in any
circumstances, the external auditor should be sufficiently involved in the audit
as the external auditor has the sole responsibility for the audit opinion
expressed.
Eric YW Leung, CUHK Business School, The Chinese University of Hong
Kong, FCCA
Reference ISA 610 (Revised 2013), Using the Work of Internal Auditors,
together with its Basis for Conclusions
92

lOMoARcPSD|2981706
ACCOUNTING ISSUES
A very common theme in Paper P7 questions is to present you with information
that embodies an accounting issue. Sometimes the information is presented as a
standalone requirement but is often, for example, included in a set of notes of a
conversation with an audit client’s finance director.
For example:
December 2012 Question 1 contains: Work has recently started on a new
production line which will ensure that Grohl Co meets new regulatory
requirements prohibiting the use of certain chemicals, which come into force in
March 2013. In July 2012, a loan of $30m with an interest rate of 4% was
negotiated with Grohl Co’s bank, the main purpose of the loan being to fund the
capital expenditure necessary for the new production line.
June 2012 Question 1 contains: Starling Co received a grant of $35m on 1 March
2012 in relation to redevelopment of its main manufacturing site. The government
is providing grants to companies for capital expenditure on environmentally
friendly assets. Starling Co has spent $25m of the amount received on solar
panels which generate electricity, and intends to spend the remaining $10m on
upgrading its production and packaging lines.
December 2011 Question 1 contains: On 1 July 2011, Oak Co entered into a
lease which has been accounted for as a finance lease and capitalised at $5m.
The leased property is used as the head office for Oak Co’s new website
development and sales division. The lease term is for five years and the fair
value of the property at the inception of the lease was $20m.
Typically the question requirements will then be something along the lines of:
Evaluate the business risks faced by X Co.
Identify and explain the risks of material misstatement to be
considered in planning the audit of X Co.
In respect of the risks of material misstatement, suggest suitable
audit procedures.
Business risks
Remember that when you are describing business risks, you should say nothing
about potential misstatements in the financial statements. Business risks exist
quite independently of the financial statements and they do not depend on audit
procedures. Business risk is where the directors make wrong decisions or where
events have occurred which threaten the business’s future. Business risks are
often classified as:
Strategic risks (for example, investing in out-of date technology).
Operational risks (for example, manufacturing products which have
faults).
Regulatory risks (for example, the fines and damages that might be
payable as a consequence of breaching health and safety regulations).
Financial risks (for example, an inability to pay interest or rent
because of poor cash flow).
Although drafting financial statements does not affect the business risks,
understanding the business risks can give insights into where the financial
93

lOMoARcPSD|2981706
statements might contain material misstatements. For example, investing in out-

of date technology could cause going concern problems and queries about the
impairment of the out-of date, though possibly relatively new, machinery.
Regulatory risks can give rise to problems over assessing and presenting
liabilities or contingent liabilities.
Risks of material misstatement
The risk of material misstatement refers to the risk that a material misstatement
is present in the financial statements that are being audited. It is the purpose of
the audit to ensure that these misstatements do not appear in the published
financial statements – or if they do that there is an appropriately modified audit
opinion.
Material misstatements at the assertion level arise if a relevant assertion is
wrong. For example, the amount could be incomplete, a valuation could be
wrong, a transaction might not have occurred.
Assertions also cover presentation and disclosure. For example, the
classification and understandability assertion requires that ‘financial information
is appropriately presented and described, and disclosures are clearly expressed’
(ISA 315).
Broadly, therefore, misstatements can be divided into two groups:
The treatment of the transaction, event or balance, including its
presentation and disclosure could be incorrect.
The amount of the transaction, event or balance could be incorrect.
The auditor must devise suitable procedures to collect sufficient appropriate audit
evidence about the assertions lying behind both of these aspects of items in the
Remember, the treatment must be right, the amounts must be right and sufficient
appropriate audit evidence is needed for both.
So when you are presented with a question in the exam about financial
statement risk and audit procedures, don’t sit scratching your head: TAP it
instead and remember:
Treatment Amount Procedures
Treatment and amount
IAS 8, Accounting Policies, Changes in Accounting Estimates and Errors,
requires that financial statements comply with any specific IAS or IFRS applying
to a transaction, event or condition, and provides guidance on developing
accounting policies for other items that result in relevant and reliable information.
In the absence of a Standard or an Interpretation that specifically applies to a
transaction, other event or condition, IAS 8.10 states that management must use
its judgment in developing and applying an accounting policy that results in
information that is:
relevant to the economic decision-making needs of users and
reliable so that the financial statements:
represent faithfully the financial position, financial
performance and cash flows of the entity
reflect the economic substance of transactions, other events
and conditions, and not merely the legal form
94

lOMoARcPSD|2981706
are neutral, ie free from bias

are prudent and
are complete in all material respects
In applying its judgment, IAS 8 requires management to consider the definitions,
recognition criteria, and measurement concepts for assets, liabilities, income,
and expenses in the IFRS conceptual framework.
So, looking again at the three question examples given at the start of this article:
The December 2012 Question 1 raises the matter of the treatment of interest
payments. To quote the ACCA answer:
‘The new production process would appear to be a significant piece of capital
expenditure, and it is crucial that directly attributable costs are appropriately
capitalised according to IAS 16, Property, Plant and Equipment and IAS 23,
Borrowing Costs. Directly attributable finance costs must be capitalised during
the period of construction of the processing line, and if they have not been
capitalised, non-current assets will be understated and profit understated.’
The June 2012 Question 1 raises the matter of the treatment of government
grants. To quote the ACCA answer:
‘Starling Co has received a grant of $35m in respect of environmentally friendly
capital expenditure, of which $25m has already been spent. There is a risk in the
recognition of the grant received. According to IAS 20, Accounting for
Government Grants and Disclosure of Government Assistance government
grants shall be recognised as income over the periods necessary to match them
with the related costs which they are intended to compensate. This means that
the $35m should not be recognised as income on receipt, but the income
deferred and released to profit over the estimated useful life of the assets to
which it relates. There is a risk that an inappropriate amount has been credited to
profit this year.’
The December 2011 Question 1 raises the matter of treatment of a lease. To
quote from the ACCA answer:
‘The lease taken out in July 2011 has been treated as a finance lease. However,
there are indications that it is in fact an operating lease. First, the lease is for only
five years, which for a property lease is not likely to be for the major part of the
economic life of the asset.
According to IAS 17, Leases, an indicator of a finance lease is that the lease
term is for the major part of the economic life of an asset. Second, the amount
capitalised of $5m represents only 25% of the fair value of the asset. Under IAS
17, for a lease to be classified as a finance lease, the present value of minimum
lease payments (the amount capitalised) should amount to at least substantially
all of the fair value of the asset. 25% is not substantially all of the fair value,
indicating that this is actually an operating lease.’
Having determined the correct treatment for a transaction, event or balance, its
amount can then be tackled. Sometimes the accounting standard can be very
prescriptive. For example, the correct treatment of inventory is to value it at the
lower of cost and NRV and cost can be based on average costs or FIFO but not
LIFO. Another example is found in the calculation of impairment where the
carrying amount (the amount at which an asset is recognised in the balance
95

lOMoARcPSD|2981706
sheet after deducting accumulated depreciation) cannot be more than its a

recoverable amount, ie the higher of fair value less costs of disposal and value in
use). Calculations will be needed to determine both of these amounts.
Procedures
If material misstatements can be caused by either wrong treatment or wrong
amounts, then audit evidence is needed to verify that both of these are
acceptable.
Taking the capitalisation of a lease in the December 2011 example, evidence is
needed as to whether or not it should be treated as a finance or operating lease
and, depending on its treatment, evidence is then needed about either the
amount capitalised or the amount appearing as an expense. Sometimes, as
here, the evidence will be provided in the question, but sometimes you can be
asked to suggest what procedures are needed to find the evidence.
ISA 500, Audit Evidence, categorises the procedures available to auditors as:
Inspection
Observation
External confirmation
Recalculation
Analytical procedures
Enquiry
These are high level categories of procedures and specific, precise procedures
have to be described which will both verify the correct treatment and the correct
amount. Where a relevant International Standards in Auditing exists any
procedures stipulated must be followed. For example:
ISA 501 describes procedures for auditing inventory, litigation
claims and segment reporting information.
ISA 505 sets out procedures for obtaining external confirmations.
ISA 530 sets out procedures and other matters relevant to audit
sampling.
ISA 560 sets out procedures relating to post balance sheet events.
ISA 570 sets out procedures relating to the validity of the going
concern assumption.
Block: Text
However, by no means all procedures covered by ISAs and candidates must be
able to suggest procedures that will help in the collection of appropriate audit
evidence for both the treatment of items in accordance with the accounting
standards and for their amounts.
So, procedures relevant to collecting evidence about the receipt of a government
grant (Q1 from June 2012):
Treatment:
Inspect the grant application and subsequent correspondence with
the government department to verify the amount and purpose of the grant
(ie to ensure it is a grant relating to non-current assets).
Trace the credit entry in respect of the grant either to a deferred
income account or to the credit of the appropriate non-current asset
96

lOMoARcPSD|2981706
register entries and the appropriate non-current asset control account.

If credited to a deferred income account, inspect entries showing
that it is being released to income over the expected life of the asset.
Amount:
Inspect the grant application and subsequent correspondence with
the government department to verify the amount and purpose of the grant.
Inspect the board minutes for mention of the grant.
Trace receipt of the grant to the bank account.
If the amount is being released form a deferred income account,
reperform the calculation relating to the amount released to income in the
current financial period.
If the amount is credited to the cost of the asset reperform the
depreciation calculation to ensure that depreciation is based on the net
cost of the asset after the grant is credited.
Conclusion
Remember ‘TAP’:
Financial statements will not provide a true and fair view if they
include material misstatements.
Misstatements can be caused by either incorrect accounting
Treatment or incorrect Amounts.
An audit requires Procedures to collect evidence about both
treatment and amounts.
Ken Garrett is a freelance author and lecturer
FORENSIC ACCOUNTING
With at least one requirement relating to forensic accounting in three out of five
Paper P7 exams between December 2011 and December 2013, this is an area
of the syllabus that students cannot afford to overlook. This article explores some
of the issues relevant to forensic accounting. Forensic accounting has been a
regular feature in the Paper P7 exam in recent sittings but the examiner has
commented that it is an inadequately understood part of the syllabus.
Terminology
The syllabus requires an understanding of three key terms: ‘forensic accounting’,
‘forensic investigation’ and ‘forensic audit’. Recent exam sittings have shown that
students have rote-learnt the definitions or meaning of these terms, but do not
necessarily understand them.
The terms are not strictly defined in regulatory guidance and the meaning of
forensic accounting is quite broad: it is the application of accountancy skills and
knowledge in circumstances that have legal consequences. There are many
circumstances with legal consequences in which accountancy might be required;
the most well known of which is investigating alleged fraudulent activity.
Forensic accounting is the term used to describe the type of engagement. It is
the whole process of carrying out a forensic investigation, including preparing an
expert’s report or witness statement, and potentially acting as an expert witness
in legal proceedings.
97

lOMoARcPSD|2981706
Forensic investigation is a part of a forensic accounting engagement. Forensic

investigation is the process of gathering evidence so that the expert’s report or
witness statement can be prepared. It includes forensic auditing, but incorporates
a much broader range of investigative techniques, such as interviewing
witnesses and suspects, imaging or recovering computer files including emails,
physical searches of premises etc.
Forensic auditing is the application of traditional auditing procedures and
techniques in order to gather evidence as part of the forensic investigation.
Application
The major applications of forensic accounting include fraud investigations,
negligence cases and insurance claims.
An insurance claim would require determination of how much the client should
claim from the insurer. The first step would be a detailed review of the insurance
policy to determine ‘coverage’, ie what is insured and any clauses that might
restrict the amount that can be claimed or invalidate the claim.
The second step would be to gather evidence to quantify the loss, ie the amount
to be claimed. Insurance claims might include claims following misappropriation
of assets, ie theft of goods or money. In such cases, the forensic accountant will
review inventory or cash records and details of sales and purchases to reconcile
the amounts held and determine the value of the goods or cash stolen. They will
also test the reliability of the information held by counting a sample of inventory
or cash currently held in comparison with the client’s records. The forensic
accountant will not assume that there has been a theft; they will consider other
possibilities such as an error in the data held.
Insurance claims may however, be much more complicated than this, such as in
the case of business interruptions arising as a result of fire or flood. In these
types of engagements the forensic accountant will review prospective financial
information in comparison with reported outturn to evaluate the loss of profit
arising as a result of the business interruption. The forensic accountant will not
assume that there has been any loss of profit due to the business interruption;
they will consider other possibilities such as a straightforward loss of market
share to a competitor.
Forensic engagements often require the forensic accountant to quantify a loss.
One such engagement is in professional negligence claims, ie when another
accountant has breached their duty of care to a client or third party resulting in a
loss for that client. In these types of engagement, the forensic accountant would
also provide an opinion on whether the duty of care owed has been breached, ie
whether the audit or other accountancy service was performed in accordance
with current standards in practice, legislation and techniques. In relation to an
audit, this would require consideration of whether the International Standards on
Auditing were followed.
The need for a forensic accountant may also arise because two parties cannot
agree on the amount owed by one party to another, and the accountant is
engaged to provide an expert valuation, of a business for example.
This might be the case in a matrimonial dispute, where a divorcing couple whose
assets include shares in a company or partnership, engage a forensic accountant
98

lOMoARcPSD|2981706
to value the company so that a settlement can be reached. A similar process

might apply in partnerships, when one partner wishes to leave the partnership
and is being bought out by the remaining partner(s).
The role of an expert witness
An expert witness is quite different to any other witness in court proceedings.
Most witnesses are 'witnesses of fact', ie they can only provide evidence on what
they saw, did or heard. Most importantly, they cannot give their opinion on any of
the matters about which they give evidence. By contrast, an expert witness is
specifically called to give their opinion on a particular matter.
An accountant can be called to give evidence as a professional witness, ie a
witness of fact, or an expert witness. In order to give evidence as an expert
witness they must be just that, an expert. They must be able to demonstrate a
level of expertise that means their opinion is valuable to the court. This means
not only expertise in accountancy, but also expertise in the particular area of
accountancy that they are giving evidence on.
A witness will provide a written report/statement to the court, and may also be
required to attend court to give live evidence, in person, and be cross-examined
by the ‘other side’.
However, not all forensic engagements will require evidence to be submitted to a
court. Often, the engagement will simply require a report for the client’s own
purposes or sometimes a report for use by the insurer.
Either way, a key skill necessary in being a successful forensic accountant is the
ability to explain complex accounting concepts in simple terms to someone who
is not themselves an accountant, whether that be as an expert witness explaining
matters to the judge or jury, or when explaining matters to the client. Forensic
accounting integrates investigative, accountancy, and communication skills.
Planning
Forensic accounting engagements are agreed-upon procedures engagements,
not assurance engagements. The forensic accountant will not provide an
assurance opinion – that is the role of the auditor when reviewing the amount of
loss included in the financial statements.
This will normally involve determining an appropriate value or quantifying a loss
as discussed above; this is quite distinct from an assurance engagement in
which the engagement team would review an amount determined by the client.
As an agreed-upon procedures engagement, the forensic accountant will
normally prepare a report for the client that sets out their findings, based on the
scope agreed in the engagement letter. This report may be addressed to
management, often in the case of a fraud, or to the insurer.
It may be that a witness statement/report for submission to the court/arbitrator is
required in addition to or instead of a report to the client.
However, planning the investigation is likely to be similar to planning an audit or
any other assurance engagement.
Planning will commence with a meeting with the client in which the engagement
team will develop an understanding of the issue/events (the fraud, theft etc) and
actions taken by the client since it occurred.
A key part of planning is to confirm exactly what format the output is required in,
99

lOMoARcPSD|2981706
and exactly what matters are required to be covered within it.

At this stage any key documentation will be obtained and scrutinised – for
example, the insurance policy, the partnership agreement, the evidence that led
to the discovery of the fraud, etc.
The team will agree with the client, what access to other information or personnel
will be required and this will be arranged.
Based on the above, the team will design procedures that enable them to meet
the requirements of the client, as agreed. This may or may not include test of
controls, depending on the circumstances. There would be no need to tests
control when valuing a business for a matrimonial dispute. However, testing
controls will be key to determining how a fraud took place.
Procedures and evidence
Any method of obtaining evidence can be used in a forensic accounting
engagement – this is not a limited assurance engagement in which procedures
are likely to be restricted to enquiry and analytical procedures.
Forensic engagements will include a detailed and wholesale review of all
documentation and electronic evidence available. The opinion given by the
expert accountant must be reasoned, and backed up by evidence. Their opinion
cannot be objective if only based on what they are told; they must corroborate
that information.
To be awarded marks in the exam, your procedures cannot be vague. They must
be specific enough that the engagement team could actually follow your
instructions.
For example, it would not be sufficient to write 'interview the suspect'. You must
suggest questions that should be asked of the suspect in interview, depending on
the circumstances in the scenario. For example, the suspect could be asked to
explain their job role and what access that gives them to systems, cash,
inventory etc.
This also applies when recommending enquires of or discussions with
management – it must be clear in your answer what it is the engagement team
should ask of them, eg have they informed the police, has the suspect been
suspended, have they informed the insurer etc.
Equally it is not sufficient to suggest the use of computer assisted auditing
techniques (CAATs). You must specify how the CAATs could be used. For
example, data matching bank accounts used for paying suppliers with bank
accounts for paying employees, exception reports identifying employees who are
not taking holiday, etc.
In order to design appropriate procedures you must identify the type of forensic
accounting engagement, and the specific type of fraud, insurance or negligence
claim. For example, quantifying the theft of goods will be very different from
quantifying a loss from payroll or ‘ghost employee’ fraud or loss of profits
following a business interruption (as discussed above).
Fundamental ethical principles
The range of ethical and professional issues will be similar to any other type of
engagement. However, the importance of ethics is arguably much greater in
relation to forensic accountancy. Often both ‘sides’ will bring an expert witness to
100

lOMoARcPSD|2981706
the hearing where they do not agree. The decision maker must decide which
evidence they ‘prefer’ – the credibility of the witness is often the primary factor on
which they can base that decision and the credibility of an accountant is reliant
on their compliance with the fundamental ethical principles.
In the exam, you will also need to note whether the client requesting the forensic
accounting service is an audit client, if so, this will present an additional and
particularly important threat to objectivity; a self-review threat. The investigation
is likely to involve the quantification of an amount, which will then be reviewed as
part of the financial statements audit. The significance of the threat will be
affected by the materiality of the amount and the subjectivity involved in
quantifying it, eg if for loss of profits following business interruption this will be
more subjective than quantification of the value of stolen inventory.
Remember that the decision to prosecute is a matter for the client. Often, clients
do not want to prosecute for fear of damaging their reputation. The forensic
accountant can provide the client with an analysis of all of the facts, but must not
make the decision to prosecute (a management threat to objectivity). The
forensic accountant has a duty of confidentiality, unless it is in the public interest
to do so, they must not disclose the fraud to any third party including the police,
without client permission.
A final note
Remember that a forensic accountant is just that; an accountant! Their role is to
provide an accountant’s expert opinion or analysis of the facts. They are not the
law-enforcer, prosecutor or judge. Be careful in the exam not to detract from an
otherwise professional answer by getting carried away with suggestions such as
taking fingerprints or DNA evidence or blood samples, or catching and punishing
the culprit – that is not the role of an accountant.
Check your understanding
Question: Which of the following would be a valid procedure in a forensic
engagement to determine the amount of insurance to be claimed in respect of
lost profits during a business interruption following a flood?
Obtain a written confirmation from the insurance provider to verify the amount
of the loss.
Recalculate management’s assessment of the loss to verify mathematical
accuracy.
Obtain the profit forecast for the period covered by insurance, and cast for
mathematical accuracy.
Answer: The assurance provider’s role is to independently quantify the loss in
order to determine the amount to be claimed; therefore 1 and 2 are not relevant.
They would review the profit forecast in comparison with the actual outturn to
determine the amount of profit lost and the first step would be to ensure that it
adds up correctly. (Answer 3) Question: Which of the following would be a valid
statement to include in a witness statement from an expert witness, but not a
professional witness?
The company’s purchases daybook recorded 15 sales invoices made out in the
name of the allegedly fictitious supplier.
The majority of the transactions recorded in the sales day-book do not appear
101

lOMoARcPSD|2981706
to be commercial in nature.
75% of customers breached the credit limits set by the company during the
period.
Answer: 1 and 3 are a matter of fact, 2 is a matter of opinion. Only an expert
witness can give their opinion. A professional witness is a witness of fact who
can only comment on what they did, saw or heard. A professional accountancy
witness could review a company’s records and comment on what they saw
during that review. (Answer 2)
Helen Barrett is a forensic accountant and a freelance lecturer
AUDITOR LIABILITY
Auditor liability: ‘fair and reasonable’ punishment?
The issue of auditor’s liability is included in the syllabus for Paper P7, Advanced
Audit and Assurance. Candidates need to understand and apply the principles of
establishing liability in a particular situation, as well as being able to discuss the
ways in which liability may be limited. The specific learning outcomes can be
found in the Syllabus and Study Guide.
This article focuses on the issue of auditor’s liability in the UK, and therefore
contains references to the UK Companies Act 2006, as well as UK-specific legal
cases. Candidates other than those attempting the UK adapted paper are not
expected to have UK-specific knowledge. The concepts discussed in this article
however are broadly relevant and will help candidates to understand why this is
an important issue within the auditing profession.
Over the past two decades the bill for litigation settlements of Big Four audit firms
alone has run into billions of dollars. Examples include Deloitte’s 2005 settlement
of $250m regarding its audit of insurance company Fortress Re and PwC’s
$229m settlement in the lawsuit brought by the shareholders of audit client Tyco
in 2007.
Auditor liability is increasingly concerning, both in terms of audit quality and the
reputation of the profession but also in terms of the cost to the industry and the
barriers this creates to competition within the audit market.
This article considers the current legal position of auditors in the UK. It also
discusses the impact on the competitiveness of the audit market and some of the
methods available to limit exposure to expensive litigation.
Types of liability
Auditors are potentially liable for both criminal and civil offences. The former
occur when individuals or organisations breach a government imposed law; in
other words criminal law governs relationships between entities and the state.
Civil law, in contrast, deals with disputes between individuals and/or
organisations.
Criminal offences Like any individual or organisation auditors are bound by the
laws in the countries in which they operate. So under current criminal law
auditors could be prosecuted for acts such as fraud and insider trading.
Audit is also subject to legislation prescribed by the Companies Act 2006. This
102

lOMoARcPSD|2981706
includes many sections governing who can be an auditor, how auditors are
appointed and removed and the functions of auditors.
One noteworthy offence from the Companies Act is that of ‘knowingly, or
recklessly causing a report under section 495 (auditor’s report on company’s
annual accounts) to include any matter that is misleading, false or deceptive in a
material particular’ (s.507).
This means that auditors could be prosecuted in a criminal court for either
knowingly or recklessly issuing an inappropriate audit opinion.
Civil offences
There are two pieces of civil law of particular significance to the audit profession;
contract law and the law of tort. These establish the principles for auditor liability
to clients and to third parties, respectively.
Under contract law parties can seek remedy for a breach of contractual
obligations. Therefore shareholders can seek remedy from an auditor if they fail
to comply with the terms of an engagement letter. For example; an auditor could
be sued by the shareholders, which was the case in the PwC settlement to Tyco
shareholders referred to above.
Under the law of tort auditors can be sued for negligence if they breach a duty of
care towards a third party who consequently suffers some form of loss.
Case history
The application of the law of tort in the auditing profession, and the way in which
auditors seek to limit their exposure to the ensuing liabilities, has been shaped by
a number of recent landmark cases. The most notable of these are Caparo
Industries Plc (Caparo) v Dickman (1990) and Royal Bank of Scotland (RBS) vs
Bannerman Johnstone MacLay (Bannerman) (2002).
In the first case Caparo pursued the firm Touche Ross (who later merged to form
Deloitte & Touche) following a series of share purchases of a company called
Fidelity plc. Caparo alleges that the purchase decisions were based upon
inaccurate accounts that overvalued the company. They also claimed that, as
auditors of Fidelity, Touche Ross owed potential investors a duty of care. The
claim was unsuccessful; the House of Lords concluded that the accounts were
prepared for the existing shareholders as a class for the purposes of exercising
their class rights and that the auditor had no reasonable knowledge of the
purpose that the accounts would be put to by Caparo.
It was this case that provided the current guidance for when duty of care between
an auditor and a third party exists. Under the ruling this occurs when:
the loss suffered is a reasonably foreseeable consequence of the
defendant’s conduct
there is sufficient ‘proximity’ of relationship between the defendant
and the pursuer, and
it is 'fair, just and reasonable' to impose a liability on the defendant.
In the second case RBS alleged to have lost over £13m in unpaid overdraft
facilities to insolvent client APC Ltd. They claimed that Bannerman had been
negligent in failing to detect a fraudulent and material misstatement in the
accounts of APC. The banking facility was provided on the basis of receiving
audited financial statements each year.
103

lOMoARcPSD|2981706
In contrast to Touche Ross, who had no knowledge of Caparo’s intention to rely

upon the audited financial statements, Bannerman, through their audit of the
banking facility letter of APC, would have been aware of RBS’s intention to use
the audited accounts as a basis for lending decisions. For this reason it was
upheld that they owed RBS a duty of care. The judge in the Bannerman case
also, and crucially, concluded that the absence of any disclaimer of liability to
third parties was a significant contributing factor to the duty of care owed to them.
Joint and several liability
The guidance for when an auditor may be liable, either under criminal or civil law,
appears to be clear and largely uncontroversial. The same cannot be said of the
nature of the fines and settlements, which remains a hotly debated issue.
Before discussing this, it is worth making the point that auditors are only found
liable in cases where they have breached their responsibilities to perform work
with professional competence and due care and to act independently of their
clients. There is therefore little argument that they should face the penalties of
their own failures and that parties that have suffered as a result should be able to
seek adequate compensation.
The main criticism of the current system is that the penalties incurred by the audit
profession are unfairly high. This arises from the civil law principle of ‘joint and
several liability’ enforced in the UK (as well as the US). This means that even if
there are multiple culpable parties in a negligence case the plaintiff may pursue
any one of those parties individually for the entire damages sought.
So for example, if a director fraudulently misstates the financial statements, the
company’s management fail to detect this because of poor controls and the
auditor performs an inadequate audit leading to the wrong audit opinion, it would
be fair to say all three parties are at fault. Shareholders seeking compensation
for any consequent losses, however, could try and recover the full loss from only
one of those three parties.
Given that many of the cases arise when companies are facing financial
difficulties, as with the examples cited above, and that any individuals involved
are unlikely to possess sufficient assets to settle the liabilities, the audit firm, who
may be asset rich and possess professional indemnity insurance, is often the
sole target for financial compensation.
Regardless of the perceived fairness, this situation does create a number of
challenges for the profession, namely:
The increasing cost to the industry, firstly from defending and settling claims
but also from spiralling insurance premiums.
The potential for consequent increases in audit fees to cover these rising costs.
The overall lack of sufficient insurance cover in the sector in comparison to the
size of some of the claims.(Reference 1)
The lack of competition in the audit market for large (listed) entities.
With regard to the final point, auditor liability is not the sole reason for the lack of
competition in the audit of listed entities but it is a significant barrier to entering
that market. Currently only the Big Four firms have adequate insurance and
asset cover to be able to audit an extensive range of listed clients. It may simply
be too risky for smaller firms to take on such clients. Given that settlements
104

lOMoARcPSD|2981706
against the Big Four have topped $300m, one large negligence case could easily
bankrupt a mid-tier firm.
Managing exposure to liability
Audit quality
There are a number of ways in which audit firms can manage their exposure to
claims of negligence. Perhaps the most obvious is not being negligent in the first
place. In practical terms this means rigorously applying International Standards
on Auditing and the Code of Ethics for Professional Accountants and paying
close attention to the terms and conditions agreed upon in the engagement letter.
Of course, improvements in quality controls in comparison to current levels would
not happen without investment from the audit firms. With pressure to reduce
audit fees it is unlikely that firms will want to commit to further increases in cost
unless it is perceived that such action will lead to long-term reductions in legal
and insurance costs.
Disclaimers of liability
One of the outcomes of the Bannerman case was the potential exposure of
auditors to litigation from third parties to whom they have not disclaimed liability.
As a result it became common to include a disclaimer of liability to third parties in
the wording of the audit report.
Disclaimers may not entirely eliminate liability to third parties but they do reduce
the scope for courts to assume liability to them. It should be noted that whilst this
should reduce the threat of litigation in the UK, this protection may not extend
overseas because the disclaimer is based on a ruling from a UK court case. It
also provides no protection from the threat of litigation from clients under contract
law.
There are also critics of the ‘Bannerman Paragraph,’ who believe that its
presence devalues the audit report. They argue that the disclaimer acts as a
barrier to litigation, which reduces the pressure to perform good quality audits in
the first place. It is plausible that this reduces the credibility of the audit report in
the eyes of the reader.
Liability Limitation Agreements
Since 2008 auditors have been permitted, under the terms of the Companies Act,
to use Liability Limitation Agreements (LLAs) to reduce the threat of litigation
from clients. LLAs are clauses built into the terms of an engagement that impose
a cap on the amount of compensation that can be sought from the auditor. These
must be approved by shareholders annually and be upheld by judges as ‘fair and
reasonable’ when cases arise.
Whilst this may sound straightforward it has created problems, including how to
define the cap (ie as a fixed monetary amount, a multiple of the fee,
proportionate liability on a case by case basis). It is also difficult to decide what is
fair and reasonable when setting the terms of the engagement because this is
done before any potential litigation, or the scale of potential litigation, is known to
the auditor and the client. This is therefore open to the interpretation of the
courts. At which point the level of compensation may as well lie at the discretion
of the courts in the first place.
Another problem lies with the shareholders; what motivation do they have for
105

lOMoARcPSD|2981706
agreeing to terms that could potentially reduce their ability to recover any losses
they incur due to the negligence of other parties? Once again this may be
perceived as a barrier to litigation that audit firms can hide behind, reducing the
pressure to perform good quality audits.
Current position
All the methods described contribute to the management of auditor liability but it
seems none of them have provided the protection the profession needs to
become truly competitive. Remember, the profession is not asking for exemption
from litigation, rather that it does not shoulder the entire burden of litigation where
others may also be to blame.
In June 2008, the European Commission recommended that member states find
a way to limit auditor liability to try and encourage competition in the audit of
listed companies and to protect EU capital markets. Given the different legal
systems involved the recommendation leaves it to member states to determine
an appropriate method but suggests that the solution:
should not apply in cases of misconduct
would be ineffective if it did not extend to third parties, and
should ensure fair compensation of damaged parties.
Whilst no firm decision has been reached in the UK there are an increasing
number of advocates for a ‘proportional’ system of liability replacing the current
‘joint and several’ one. Under this proposal the audit firm would accept their
proportion of the blame in a negligence case and would pay that proportion of the
compensation. This system, as introduced in Australia in 2004, would ensure a
fair outcome for the plaintiff without placing the entire financial burden upon the
audit profession. It would also meet the EC recommendations listed above.
At the time of writing no solution has been agreed upon in the UK and the debate
continues.
Conclusions
There is an increasing trend of litigation that is costing the audit profession
billions of pounds. The potential costs and risks of auditing large, listed
businesses may now be prohibitive for any firm of willing auditors outside of the
Big Four.
Auditors can reduce their exposure to litigation but there is a rising groundswell
of opinion that the audit profession has, for too long, borne the brunt of penalties
for misdemeanours shared by other culpable parties. These penalties are
prohibitive to competition, which may be damaging to capital markets.
There is widespread agreement that this situation must change. Unfortunately,
any decision on the nature and timing of such a change appears to be a long way
off. Until such time the audit profession will simply have to bear the burden of
liability. Simon Finley is a teaching fellow at the Aston University
Accounting Group Reference 1 Auditing: Commission Issues Recommendation
on Limiting Audit Firms’ Liability, European Commission, 6 June 2008
THE CONTROL ENVIRONMENT OF A COMPANY

The purpose of this article is to provide candidates with a more detailed
106

lOMoARcPSD|2981706
appreciation of matters pertinent to an auditor, focusing on the need for the

auditor of a large limited liability company (in the UK – a limited company)
to evaluate the effectiveness of the company’s control environment
ISA 315, Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment, sets out the auditor’s responsibility
to identify and assess the risks of material misstatement in the financial
statements, through understanding the entity and its environment including the
entity’s internal control. One of the five components of internal control is the
control environment and it is recognised that the control environment within small
entities is likely to differ from larger entities. Many candidates have not yet had
the opportunity of working in larger entities, or have chosen not to, so have not
been exposed to working within the type of strong control environment often
referred to in auditing texts. Consequently, they often have limited experience on
which to draw when answering exam questions that require anything other than
superficial knowledge of an entity’s control environment.
This article aims to provide common examples of matters the auditor needs to
consider when assessing an entity’s control environment, and in making an
assessment as to their impact on the risk of material misstatement in the financial
statements. Reflecting the general trend of exam questions testing knowledge of
this area, the article focuses on the need for the auditor of a large limited liability
company (in the UK – a limited company) to evaluate the effectiveness of the
company’s control environment.
A company’s control environment comprises seven elements each requiring
careful consideration by the company’s auditor, recognising that some elements
may be more pertinent than others – depending on the subject company. Each
one of these elements is identified below, along with an explanation of specific
practical aspects that may be considered by the auditor when evaluating its
effectiveness. Candidates should be aware that this process forms part of the
auditor’s assessment of the overall effectiveness of the company’s internal
control, relevant to the audit.
1 Communication and enforcement of integrity and ethical values Many
companies have high values and seek to promote honesty and integrity among
their employees on a day-to-day basis. Clearly, if it is evident that such values do
exist and are communicated effectively to employees and enforced, this will have
the effect of increasing confidence in the design, administration and monitoring of
controls – leading to a reduced risk of material misstatement in a company’s
financial statements. For example, where a company adopts comprehensive anti-
bribery and corruption policies and procedures with regard to contract tendering,
and has formal employee notification and checking practices in this regard, it
follows that there is reduced risk of material misstatement due to the omission of
provisions for fines for the non-compliance with relevant laws and regulations.
Alternatively, the existence in a company of comprehensive and ethical
procedures with regard to the granting of credit facilities to customers and the
pursuance of payment of for goods and services supplied, together with regular
supervisory control in this respect, is likely to lead to increased audit confidence
in the trade receivables area. This is because the existence of a system allowing
107

lOMoARcPSD|2981706
goods and services to be a supplied on credit to customers provides the

opportunity for fraud to be perpetrated against the company by employees and
customers, particularly if controls are deficient in terms of their design or
implementation.
2 Commitment to competence Competence is the knowledge and skills
necessary to accomplish tasks that define the individual’s job. It is self-evident
that if individual employees are tasked with carrying out duties that are beyond
their competence levels, then desired objectives are unlikely to be met. For
example, there is an increased probability that the objective of avoiding material
misstatement in a set of complex financial statements will not be met if prepared
by an inexperienced company accountant. This is simply due to the inexperience
(translating to a lower competence level) of the accountant. From this, it follows
that the auditor will have increased confidence in internal control relevant to the
audit, where management have taken measures to ensure employees who
participate in internal control are competent to carry out relevant tasks effectively.
Measures taken by management in this regard can cover a range of activity
including for example, rigorous technical and aptitude testing at the employee
recruitment stage and in-house or external training courses and mentoring from
more senior colleagues
3 Participation by those charged with governance The directors of a limited
liability/limited company are charged with the company’s governance. As such,
they are responsible for overseeing the strategic direction of the company and its
obligations related to its accountability – for example, to governments,
shareholders and to society in general. In particular, in most jurisdictions the
company’s directors are responsible for the preparation of its financial
statements. Given the influence that the actions of directors have on a
company’s internal control, the extent of their day-to-day active involvement in
the company’s operations has a pervasive effect on the internal control of the
company.
The extent to which directors do get involved will, to some extent, depend on
legislation or codes of practice setting out guidance for best practice in given
jurisdictions. For example, the UK Corporate Governance Code (with which
companies listed on the London Stock Exchange should comply) sets out
standards of good practice, including those pertaining to board leadership and
effectiveness. Notwithstanding legislation and codes of practice, the extent of
each director’s participation is largely influenced by the nature of their
professional discipline and their individual perspective about how they should
carry out their respective roles. Some may see themselves as micromanagers,
while others will trust subordinates to carry out defined duties with minimal
interference. Frequently, directors will be very experienced and adopt an arms-
length approach to getting involved in operational tasks. However, they may
insist on monitoring activity by way of receipt of formal narrative reports. Other
directors may adopt a more casual (but equally thorough!) ‘working alongside
subordinates’ approach as a method of monitoring activities.
All of the variables mentioned above with regard to director involvement, should
be important considerations of an auditor as part of the process of ascertaining
108

lOMoARcPSD|2981706
the extent of internal control in the company and in assessing its effectiveness.
4 Management’s philosophy and operating style A company’s board of
directors will comprise of individuals each with a different mind – set as to
philosophy and operating style, manifested in characteristics such as their:
approach to taking and managing business risk
attitudes and actions toward financial reporting
attitudes toward information processing and accounting and
functions personnel.
Each of the above characteristics underlie a company’s control environment and
it is crucial for an auditor to have an understanding of them. Dealing with each in
turn:
Approach to taking and managing business risk. Business risk is the risk inherent
in a company as a consequence of its day-to-day operations and it comprises
several components. The first of these is financial risk – for example, the risk that
the company may have insufficient cash flow to continue in operation. The
second component is operational risk – for example, the risk that the company’s
product lines may decline in popularity leading to a sharp decline in sales and
profitability. The final component of business risk is compliance risk – for
example, the risk that the company may be in breach of health and safety
regulations, leading to the possibility of hefty fines or even the closedown of
operational activity.
Candidates should be aware that a risk-based approach to an audit requires the
identification and assessment of inherent risk factors and then of the control risk
pertaining to these, in order to determine the risk of material misstatement, prior
to carrying out substantive procedures. By adopting a top-down approach to the
audit and first identifying business risks, auditors should be able to identify the
associated inherent risks arising. They can then progress through the audit using
the audit risk model (audit risk = the risk of material misstatement x detection
risk) to determine the amount of detailed testing required in each area of the
financial statements. To illustrate this approach, referring to the compliance risk
example above, an inherent risk arising from the risk of a breach of health and
safety regulations. As a consequence, there is a risk that the company’s liabilities
may be understated due to the omission of a provision required in the financial
statements, in respect of a fine for a non-compliance.
The directors’ approach to taking and managing business risk has obvious
ramifications on a company’s financial statements, and the auditor should be
aware of the various factors that influence directors in this area, and of applicable
controls in place. It is often the case that a newly established company with
young entrepreneurial directors and a flat management structure will have a
more liberal approach to taking and managing business risk than a well-
established company with more experienced directors, and a steep hierarchical
management structure. Consequently, it is likely that there would be a lower level
of a risk of material misstatement in the financial statements of the latter
company.
Attitude and actions toward financial reporting. Financial Reporting Standards
exist to help facilitate fairness, consistency and transparency of financial
109

lOMoARcPSD|2981706
reporting. However, some determinants of profitability such as the measure of

depreciation, the valuation of inventory or the amount of a provision remain open
to the subjective judgment of management. Consequently, the auditor needs to
gain an understanding of directors’ attitudes and actions to financial reporting
issues and then make a judgment as to the extent of reliance that can be placed
upon these. It may be that a company that is struggling in a faltering economy,
and in another driven by a culture to report increasing profits, there is a tendency
to adopt aggressive (as opposed to conservative) accounting principles, in order
to meet profit expectations. Clearly, on such audit engagements it is important for
the auditor to remain resolute in exercising appropriate levels of professional
scepticism throughout.
Attitude towards information processing and accounting functions and personnel.
Properly financed and resourced with sufficient numbers of appropriately
qualified staff and contemporary information and communications technology, the
financial reporting (accounting) and information processing functions of a
company are vital to a company’s ongoing existence. They are key to the
facilitation of compliance with laws and regulations, transactions with third
parties, administration and control systems and in the provision of information for
decision making. In most very large companies many aspects of the accounting
function are inextricably intertwined with specific aspects of the company’s
information processing systems, and there is an ongoing programme of
investment in these, to ensure that the accounting and information processing
systems are contemporary and fit for purpose. This is reflective of a situation
where directors recognise that business risk will be significantly reduced, if the
company has effective information processing and accounting functions.
However, this situation does not apply to all companies. In some, both functions
may be seen by the directors merely as necessary functional overhead areas of
the business and, as such, they become under-funded and inadequately
resourced in terms of staffing and equipment. An auditor engaged on an audit in
such a company should be aware that there is an increased risk of material
misstatement in the financial statements.
5 Organisational structure ISA 315 describes a company’s organisational
structure as being ‘the framework within which an entity’s activities for achieving
its objectives are planned, executed, controlled and reviewed’. The appendix to
the ISA then explains ‘that the appropriateness of an entity’s organisational
structure depends, in part, on its size and the nature of its activities’. It follows
from this that an international consulting company with offices and operations in
several countries has different priorities in terms of organisational structure to a
national car sales company with several offices and a number of sales branches
in a single country. Similarly, the organisational structure deemed suitable for
such a car sales company would not be appropriate for a single site
manufacturing company. Generally, an auditor may reasonably expect there to
be a positive correlation between the level of inherent risk and the size and
complexity of a company’s operations. In assessing, the level of the risk of
material misstatement the auditor should consider as to whether the company’s
organisational structure in terms of authority, responsibility and lines of reporting
110

lOMoARcPSD|2981706
meet desired objectives.

6 Assignment of authority and responsibility Normally, the larger a
company’s scale of operations, then the larger the size of the workforce and,
inevitably, the larger the amount of assignment of authority and responsibility that
is required. Consequently, companies need to deal not only with ensuring that
appropriate levels of authority and responsibility are assigned to appropriately
qualified and experienced individuals. They also need to ensure that adequate
reporting relationships and authorisation hierarchies are in place. Additionally,
individuals need to be properly resourced and made fully aware of their
responsibilities and of how their actions interrelate with the actions of others and
contribute to the objectives of the company. If a company is not successful in
meeting each of these needs, then there is an increased probability of ineffective
decisions, errors and oversights by employees leading to an increased risk of
material misstatement in its financial statements. For example, where a wages
clerk is authorised to process the wages payroll and is then assigned the
(inappropriate!) authority to enter new employee details into the wages master
file.
7 Human resources policies and practices As explained in ISA 315, ‘human
resource policies and practices demonstrate important matters in relation to the
control consciousness of an entity’. This implies that if human resources policies
and practices are considered to be sound both in design and in implementation
over a range of matters, then the risk of material misstatement will be reduced.
Examples of these matters include:
Recruitment policies and procedures. These should ensure that
only competent individuals with integrity are employed by the company.
Interview procedures should ensure that only candidates meeting the
company’s criteria for recruitment are engaged.
There should be adequate induction procedures for new
employees, such that they can carry out their assigned responsibilities
effectively and efficiently soon after being engaged by the company.
Employees should be provided with ongoing training, support and
mentoring as appropriate, such that they can continue to carry out their
assigned responsibilities effectively and efficiently.
There should be regular formal appraisal, at least annually of an
employee’s performance. Performance should be measured against
standardised criteria authorised by senior management of the company,
and there should be ongoing monitoring and feedback to employees about
their performance and development needs.
The company should employ comprehensive and transparent
employment grievance procedures, such that employees can be confident
that grievances will be dealt with openly and impartially.
There should be open, transparent and equitable employee
disciplinary procedures, such that employees can be confident they will
not be treated unfairly by the company in the event that an action triggers
its disciplinary process.
Employment termination procedures should incorporate provision
111

lOMoARcPSD|2981706
for an exit interview so that the reason for the termination can be
confirmed or clarified, all emoluments due to the employee can be settled
and arrangements can be made for the return of all company assets prior
to the termination date.
While each of the above measures will have a positive impact on the internal
control of a company, to some extent they all have the effect of reducing the risk
of material misstatement in the financial statements. For example, the existence
of fair and robust grievance and disciplinary procedures reduce the possibility of
a successful claim against the company for constructive or unfair dismissal, and
the absence of a material provision in this respect. Significantly, the existence of
human resources policies and practices that are the same or similar to those
above should leave a favourable impression with the auditor, as to the directors’
attitude toward their company’s workforce. It is likely that such an attitude would
foster good working relationships with employees, leading to an increased
likelihood that individuals would reciprocate by carrying out their tasks diligently
with integrity in the best interests of the company – resulting in a reduced risk of
Summary As indicated at the beginning of this article, the purpose of it is to
provide candidates with a more detailed appreciation of matters pertinent to an
auditor, when evaluating the control environment of a limited liability/limited
company. When asked to explain what is meant by the term ‘control
environment’, they typically comment that it is a component of a company’s
internal control and that it centres around how a company is operated by its
management, reflecting such matters as their philosophy and operating style.
While there is some merit in this answer, having now read the above
commentary, candidates should be aware that the term has much more meaning
than that.
Written by a member of the audit examining team
CONTINUE TO BE REST ASSURED

This article looks at the topic of assurance in the context of Paper P7,
Advanced Audit and Assurance, describing a framework for the
classification of assurance and non-assurance engagements, and giving
guidance on the practical approach required when undertaking assurance
assignments
Note: ISAE 3000, ISAE 3400, ISRS 4400, ISRS 4410 and ISRE 2400 are not
examinable documents for Paper P7 UK and Ireland.
Assurance engagements
The glossary of terms published by the International Auditing and Assurance
Standards Board (IAASB) describes an assurance engagement as:
‘An engagement in which a practitioner expresses a conclusion designed to
enhance the degree of confidence of the intended users other than the
responsible party about the outcome of the evaluation or measurement of a
subject matter against criteria.’
112

lOMoARcPSD|2981706
IAASB and the assurance framework

The IAASB has developed the International Framework for Assurance
Engagements in which it gives detailed guidance on assurance and non-
assurance engagements. The structure and hierarchy of pronouncements are
summarised at www.ifac.org in the IAASB handbook, which is freely available
online. For Paper P7 purposes, a summary of the developing framework for
assurance and non-assurance engagements is shown below:
Assurance engagements on historic financial information
The first distinction to be made is to distinguish between the two types of
assurance engagements on historic financial information that can be provided.
The difference is the level of assurance provided on the historical information.
Reasonable assurance engagement This is a statutory audit, where the
approach required will need to be consistent with local legislative requirements,
such as the Companies Act 2006 in the UK, and audit work will need to be
carried out in accordance with International Standards on Auditing (ISAs). The
auditor will express a conclusion designed to enhance the degree of confidence
of the intended users of the financial statements, and moderate to high
assurance would normally be given.
Limited assurance engagement A limited assurance engagement is
increasingly being seen as an alternative to the statutory audit. A good example
of this type of engagement is represented by recent initiatives in the UK, which
have proposed the introduction of ‘mini’ audits for companies below the audit
exemption threshold. There currently exists no UK statutory requirement for a
‘mini’ audit, although an increasing number of companies are requesting, on a
voluntary basis, limited assurance engagements. Such engagements do not give
the same level of assurance as a statutory audit, but instead give ‘negative
assurance’ based on more limited procedures than are required with a statutory
audit. Negative assurance will typically be worded as follows:
‘Based on our review, nothing has come to our attention to indicate that the
accompanying financial statements contain material misstatement.’
With a negative assurance statement, effectively no opinion is given on the
information, but at least some assurance is provided that the information
‘appears reasonable’.
Assurance engagements other than audits or reviews of
historical financial information
The International Standard on Assurance Engagements (ISAE) 3000 gives
guidance to practitioners (defined by ISAE 3000 as ‘professional accountants in
public practice’) for the performance of assurance engagements other than
audits or reviews of historical financial information. A summary of the key
requirements of ISAE 3000 is shown in the following table.
1 Ethical requirements – practitioners should comply with ethical

requirements (ie IESBA’s Code of Ethics for Professional
113

lOMoARcPSD|2981706
Accountants and ACCA’s Code of Ethics and Conduct).
Quality control – the practitioner should implement quality control

2 procedures that are applicable to the individual engagement.
Engagement – the terms of the engagement should be recorded in

3 an engagement letter, and the practitioner should agree on the
terms of the engagement with the engaging party.
Planning and obtaining evidence – the practitioner should plan the

engagement so that it will be performed effectively, and should
4 consider materiality and assurance engagement risk, and sufficient
appropriate evidence should be obtained on which to base the
conclusion.
Reporting – the assurance report should be in writing and should

5 contain a clear expression of the practitioner’s conclusion about
the subject matter information.
Block: Text
The approach required by ISAE 3000, and the work undertaken with an
assurance engagement, may be similar in many respects to an audit
engagement, although the context is different. For each of the assurance
engagements on other information, the guidance from ISAE 3000 will apply, with
the exception of Prospective Financial Information (PFI) work, where separate
guidance is given in ISAE 3400, which is summarised later in this article.
Listed below are the most relevant areas where assurance engagements on
other information will typically arise:
Internal controls and systems reviews
Due diligence reviews
Prospective financial information.
Internal control and systems reviews The type of assurance work arising here
is very similar to the work that auditors have been doing for a long time as part of
the audit approach required when evaluating the effectiveness of internal control
systems. Control and systems review work is tested in Paper F8 and, as such,
needs little further coverage in this article.
Key performance indicators Developments in performance measurement have
led to many companies publishing a selection of key performance indicators
(KPIs) in the annual financial statements. KPIs represent a set of measures
focusing on those aspects of performance that are most crucial for the continued
success of an organisation. Many companies are increasingly opting for
114

lOMoARcPSD|2981706
voluntary disclosure of KPIs, which can be financial (such as ratios based on the
financial statements) or non-financial (such as targets on social and
environmental matters). The increased tendency to disclose such data is often in
response to shareholder expectations. The assurance approach towards KPIs
requires careful consideration of how the KPI has been defined, the KPI
calculation method, and the purpose of reporting the KPI, and the nature of
evidence that would be available on the source of the underlying data.
Problems facing assurance providers in relation to KPI assessment may include
the lack of precise definitions of KPI targets, lack of developed systems to
capture KPI data, and the potential for KPIs, as disclosed, to be manipulated to
achieve a desired result. However, an assurance report provided on the KPIs
should add credibility to the published data if sufficient evidence is available to
the assurance provider.
Due diligence reviews There is little specific guidance on due diligence reviews,
despite this being an increasingly common form of assurance. Normally, the
assurance provider is engaged by the potential acquirer of a company, who
seeks to discover information about the target organisation. The assurance
provider will attempt to verify any representations made by the management of
the target company, and may also offer practical recommendations regarding the
acquisition process.
Prospective financial information Procedures by assurance firms on
prospective financial information (PFI) are well established, and separate
guidance is given by the IAASB in ISAE 3400, The Examination of Prospective
Financial Information, which again is very practical in nature. The standard
defines PFI as ‘financial information based about events that may occur in the
future and possible actions by an entity’.
The standard recognises that, because PFI relates to events and actions that
have not yet occurred and may not occur, PFI work is highly subjective in its
nature, and its preparation requires the exercise of considerable judgment.
ISAE 3400 requires that before accepting a PFI engagement, the terms of the
engagement should be agreed on and sufficient knowledge of the business
should be obtained. The period of time covered by the PFI should be clarified,
which could be a forecast (usually a period of up to 12 months) and/or a
projection (usually up to five years).
ISAE 3400 also requires that written representations should be requested from
management regarding the intended use of the PFI, the completeness of
significant management assumptions, and also management’s acceptance of its
responsibility for the PFI. The assurance report should make it clear that
management is responsible for the PFI and also the assumptions on which it is
based. Given the subjective and speculative nature of the PFI, an opinion cannot
be given on whether the results shown in the report will be achieved, so only
negative assurance can be given.
Non-assurance engagements
Non-assurance engagements are more likely to arise with small companies, and
only a general awareness will be required of the guidance given by the IAASB for
each of these three areas. Each of the three so-called non-assurance areas is
115

lOMoARcPSD|2981706
briefly summarised below.

Review engagements The objective of a review of financial statements is to
enable an auditor to state whether, on the basis of procedures that do not
provide all the evidence required in an audit, anything has come to the auditor’s
attention that causes the auditor to believe that the financial statements are not
prepared in accordance with the applicable financial reporting framework (ie
negative assurance). Guidance to practitioners taking on this type of assignment
is given by the IAASB in International Standard on Review Engagements (ISRE)
2400, Engagements to Review Historical Financial Statements.
Another type of review engagement is the review of interim financial information,
covered by ISRE 2410, Review of Interim Financial Information Performed by the
Independent Auditor of the Entity.
There are many similarities between review engagements and the limited
assurance engagements (these were discussed earlier, in the context of so-
called ‘mini’ or voluntary audits). The best approach to adopt, however, is to
consider the work required for the engagement itself, rather than to dwell on how
the engagement is classified.
Agreed upon procedures The objective is for the auditor to carry out
procedures of an audit nature to which the auditor, the entity, and any
appropriate third parties have agreed, and for the auditor to report on factual
findings. Guidance to practitioners taking on this type of assignment is given by
the IAASB in International Standard on Related Services (ISRS) 4400,
Engagements to Perform Agreed Upon Procedures Regarding Financial
Information. Examples of this type of engagement could include the quantification
of an insurance claim, or of the loss suffered due to a fraud. The specialist area
of forensic accounting and auditing could be viewed as a specific type of agreed
upon procedure engagement.
Compilation engagements The objective of a compilation engagement is for the
practitioner to apply accounting and financial reporting expertise to assist
management in the preparation and presentation of financial information in
accordance with an applicable financial reporting framework based on
information provided by management – and report in accordance with the
requirements of ISRS 4410, Compilation Engagements. Thus, the practitioner’s
report is not a vehicle to express an opinion or conclusion on the financial
information in any form.
Conclusion
Students should expect to see assurance assignments other than reasonable
assurance engagements appearing frequently in the Paper P7 exam. In other
words, a question that is not based around a ‘traditional audit’, but is presented in
the context – for example, of a due diligence engagement, a review of PFI, a
review of KPIs, or a limited assurance engagement on historical information.
Such a question could appear in Section A or B of the exam.
It is important that candidates appreciate the practical nature of these questions,
which will require application of knowledge to the scenario. The requirement may
ask the candidate to consider, for example:
whether or not to accept the engagement
116

lOMoARcPSD|2981706
matters to be discussed with the client post-acceptance

methods of gathering sufficient and appropriate evidence
the report to be provided.
SA 315 (REVISED), IDENTIFYING AND ASSESSING THE RISKS

OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE
ENTITY AND ITS ENVIRONMENT
One of the major revisions of ISA 315 relates to the inquiries made by
external auditors of the internal audit function since internal auditors have
better knowledge and understanding of the organisation and its internal
control. This article addresses and highlights the components of internal
control
The International Auditing and Assurance Standards Board (IAASB) issues
International Standard on Auditing (ISA) for international use. From time to time,
ISAs are revised to provide updated standards to auditors. In order to enhance
the overall quality of audit, IAASB published a consultation draft on a proposed
revision to ISA 315. The objective in revising ISA 315 is to enhance the
performance of external auditors by applying the knowledge and findings of an
entity’s internal audit function in the risk assessment process, and to strengthen
the framework for evaluating the use of internal auditors work to obtain audit
evidence.
In March 2012, ISA 315 (Revised) was approved and released. One of the major
revisions of ISA 315 relates to the inquiries made by external auditors of the
internal audit function since internal auditors have better knowledge and
understanding of the organisation and its internal control. This article addresses
and highlights the components of internal control.
Objectives in establishing internal controls
Generally speaking, internal control systems are designed, implemented and
maintained by the management and personnel in order to provide reasonable
assurance to fulfil the objectives – that is, reliability of financial reporting,
efficiency and effectiveness of operations, compliance with laws and regulations
and risk assessment of material misstatement. The manner in which the internal
control system is designed, implemented and maintained may vary with the
entity’s business nature, size and complexity, etc. Auditors focus on both the
audit of financial statements and internal controls that relates to the three
objectives that may materially affect financial reporting.
In order to identify the types of potential misstatements and to determine the
nature, timing and extent of audit testing, auditors should obtain an
understanding of relevant internal controls, evaluate the design of the controls,
and ascertain whether the controls are implemented and maintained properly.
The major components of internal control include control environment, entity’s
risk assessment process, information system (including the related business
processes, control activities relevant to the audit, relevant to financial reporting,
and communication) and monitoring of controls.
117

lOMoARcPSD|2981706
Block: Text
Control environment
The control environment consists of the governance and management functions
and the attitudes, awareness and actions of the management about the internal
control. Auditors may obtain an understanding of the control environments
through the following elements.
1. Communication and enforcement of integrity and ethical values It is important
for the management to create and maintain honest, legal and ethical culture, and
to communicate the entity’s ethical and behavioural standards to its employees
through policy statements and codes of conduct, etc.
2. Commitment to competence It is important that the management recruits
competent staff who possess the required knowledge and skills at competent
level to accomplish tasks.
3. Participation by those charged with governance An entity’s control
consciousness is influenced significantly by those charged with governance;
therefore, their independence from management, experience and stature, extent
of their involvement, as well as the appropriateness of their actions are extremely
important.
4. Management’s philosophy and operating style Management’s philosophy and
operating style consists of a broad range of characteristics, such as
management’s attitude to response to business risks, financial reporting,
information processing, and accounting functions and personnel, etc. For
example, does the targeted earning realistic? Does the management apply
aggressive approach where alternative accounting principles or estimates are
available? These management’s philosophy and operating style provide a
picture to auditors about the management’s attitude about the internal control.
5. Organisational structure The organisational structure provides the framework
on how the entity’s activities are planned, implemented, controlled and reviewed.
6. Assignment of authority and responsibility With the established organisational
structure or framework, key areas of authority and reporting lines should then be
defined. The assignment of authority and responsibility include the personnel that
make appropriate policies and assign resources to staff to carry out the duties.
Auditors may perceive the implementation of internal controls through the
understanding of the organisational structure and the reporting relationships.
7. Human resources policies and practices Human resources policies and
practices generally refer to recruitment, orientation, training, evaluation,
counselling, promotion, compensation and remedial actions. For example, an
118

lOMoARcPSD|2981706
entity should establish policies to recruit individuals based on their educational

background, previous work experience, and other relevant attributes. Next,
classroom and on-the-job training should be provided to the newly recruited staff.
Appropriate training is also available to existing staff to keep themselves
updated. Performance evaluation should be conducted periodically to review the
staff performance and provide comments and feedback to staff on how to
improve themselves and further develop their potential and promote to the next
level by accepting more responsibilities and, in turn, receiving competitive
compensation and benefits.
With the ISA 315 (Revised), external auditors are now required to make inquiries
of the internal audit function to identify and assess risks of material misstatement.
Auditors may refer to the management’s responses of the identified deficiencies
of the internal controls and determine whether the management has taken
appropriate actions to tackle the problems properly. Besides inquiries of the
internal audit function, auditors may collect audit evidence of the control
environment through observation on how the employees perform their duties,
inspection of the documents, and analytical procedures. After obtaining the audit
evidence of the control environment, auditors may then assess the risks of
Entity’s risk assessment process
Auditors should assess whether the entity has a process to identify the business
risks relevant to financial reporting objectives, estimate the significance of them,
assess the likelihood of the risks occurrence, and decide actions to address the
risks. If auditors have identified such risks, then auditors should evaluate the
reasons why the risk assessment process failed to identify the risks, determine
whether there is significant deficiency in internal controls in identifying the risks,
and discuss with the management.
The Information system, including the relevant business processes,
relevant to financial reporting and communication
Auditors should also obtain an understanding of the information system, including
the related business processes, relevant to financial reporting, including the
following areas:
The classes of transactions in the entity’s operations that are
significant to the financial statements. The procedures that transactions
are initiated, recorded, processed, corrected as necessary, transferred to
the general ledger and reported in the financial statements.
How the information system captures events and conditions that
are significant to the financial statements.
The financial reporting process used to prepare the entity’s financial
statements.
Controls surrounding journal entries.
Understand how the entity communicates financial reporting roles,
responsibilities and significant matters to those charged with governance
and external – regulatory authorities.
Control activities relevant to the audit
Auditors should obtain a sufficient understanding of control activities relevant to
119

lOMoARcPSD|2981706
the audit in order to assess the risks of material misstatement at the assertion
level, and to design further audit procedures to respond to those risks. Control
activities, such as proper authorisation of transactions and activities,
performance reviews, information processing, physical control over assets and
records, and segregation of duties, are policies and procedures that address the
risks to achieve the management directives are carried out.
Monitoring of controls
In addition, auditors should obtain an understanding of major types of activities
that the entity uses to monitor internal controls relevant to financial reporting and
how the entity initiates corrective actions to its controls. For instance, auditors
should obtain an understanding of the sources and reliability of the information
that the entity used in monitoring the activities. Sources of information include
internal auditor report, and report from regulators.
Limitations of internal control systems
Effective internal control systems can only provide reasonable, not absolute,
assurance to achieve the entity’s financial reporting objective due to the inherent
limitations of internal control – for example, management override of internal
controls. Therefore, auditors should identify and assess the risks of material
misstatement at the financial statement level and assertion level for classes of
transactions, account balances and disclosures.
Conclusion
As internal auditors have better understanding of the organisation and expertise
in its risk and control, the proposed requirement for the external auditors to make
enquiries of internal audit function in ISA 315 (Revised) will enhance the
effectiveness and efficiency of audit engagements. External auditors should pay
attention to the components of internal control mentioned above in order to make
effective and efficient enquiries. An increase in the work of internal audit
functions is also expected because of such proposed requirement.
Raymond Wong, School of Accountancy, The Chinese University of Hong
Kong, and Dr Helen Wong, Hong Kong Community College, Hong Kong
Polytechnic University
Reference ISA 315 (Revised), Identifying and Assessing the Risks of Material
Misstatement Through Understanding the Entity and Its Environment
PLANNING AN AUDIT OF FINANCIAL STATEMENTS

Relevant to ACCA Qualification Paper P7 Paper P7, Advanced Audit and
Assurance, regularly features questions set in the planning phase of an audit.
Effective planning will focus the auditor’s attention on key areas of the audit and
ensure that sufficient resources are allocated to the engagement. Planning
should result in an audit that is well directed and supervised and ultimately good
planning will reduce audit risk. Candidates will benefit from understanding the
wider aspects of audit planning, and so this article summarises the main
requirements and guidance contained in ISA 300, Planning an Audit of Financial
Statements. When does audit planning take place? Naturally, it is reasonable
to assume that planning occurs towards the start of an audit engagement.
120

lOMoARcPSD|2981706
However, according to ISA 300, planning should not be seen as a discrete and
separate part of the overall audit. Planning often begins shortly after, or in
connection with, the completion of the previous audit, for example, with a review
of issues that were discussed with management, such as control deficiencies or
unadjusted errors. Such matters are relevant to the next year’s audit and need to
be considered when planning. Similarly, the audit plan may be revised as the
audit progresses, and should not be viewed as being fixed in place once the
main planning phase has ended. For example, a significant event may take place
as the audit is in progress, meaning that the audit plan needs to be changed. The
nature and extent of planning activities depends on the size and complexity of
the audit client, previous experience of the audit firm with the client, and any
changes in circumstance that may occur during the audit. Preliminary activities
ISA 300 contains a requirement that the auditor shall undertake the following
activities at the beginning of the current audit engagement:
Performing procedures regarding the continuance of the client
relationship and the specific audit engagement.
Evaluating compliance with relevant ethical requirements, including
independence.
Establishing an understanding of the terms of the engagement.
These requirements are also contained in and ISA 220, Quality Control for an
Audit of Financial Statements and ISA 210, Agreeing the Terms of Audit
Engagements and remind us that planning is a wider activity than just obtaining
understanding of the business and performing risk assessment. Audit strategy
and audit plan ISA 300 states that audit planning activities should:
establish the overall audit strategy for the engagement
develop an audit plan.
Audit strategy The audit strategy sets out in general terms how the audit is to be
conducted and sets the scope, timing and direction of the audit. The audit
strategy then guides the development of the audit plan, which contains the
detailed responses to the auditor’s risk assessment. An underpinning principle of
audit planning under the Clarified ISAs is that the audit plan should contain
detailed responses to the specific risks identified from obtaining an
understanding of the audited entity. ISA 300 requires the auditor to consider
specific matters when establishing the audit strategy, and provides a list of typical
matters to be considered in its appendix. These matters are discussed below.
Identify the characteristics o f the engagement that define its scope Some
audit engagements have specific characteristics that mean the audit has a wider
scope than the audit of other entities. For example, a group audit engagement or
the audit of a multinational company will both have wider scopes than an audit of
a small, owner-managed entity. Matters such as the ability to use the work of
internal auditors, the need to liaise with external service organisations, and the
effect of IT on audit procedures are also relevant. The scope is also affected by
the applicable financial reporting framework, the nature of the audited entity’s
business and whether it operates business segments, the business activities
conducted, and the availability of client personnel and data. Ascertain the
reporting objectives of the engagement to plan the timing of the audit and
121

lOMoARcPSD|2981706
the nature of the communications required Reporting requirements will vary

from audit to audit. For example, some entities have additional reporting
requirements to comply with corporate governance regulations or industry
requirements, and the auditor must understand these requirements from the start
of the audit. The nature of other communications that may be necessary during
the audit should be considered, such as liaison with component auditors, and
communications to management and to those charged with governance.
Consider the factors that are significant in directing the audit team’s efforts
in the auditor’s professional judgment The strategy must consider issues to
do with quality control, such as how resources are managed, directed and
supervised, when team briefing and debriefing meetings are expected to be held,
how engagement partner and manager reviews are expected to take place (for
example, on-site or off-site), and whether to complete engagement quality control
reviews. Consider the results of preliminary engagement activities and
knowledge gained on other engagements This includes the initial
assessments of materiality, risks identified from preliminary activities such as
fraud risks, significant events that have occurred at the entity or in the industry in
which it operates since the last audit, and the results of previous audits that
involved evaluating the operating effectiveness of internal control, including the
nature of identified deficiencies and action taken to address them. The audit firm
may also have performed other services for the client that may be relevant in
determining the audit strategy, for example, reviews of business plans or cash
flow forecasts. Ascertain the nature, timing and extent of resources
necessary to perform the engagement One of the main objectives of
developing the audit strategy is to effectively allocate resources to the audit
team, for example, the use of specialists on particular areas of the audit, or
building a team of highly experienced auditors for a potentially high-risk audit
engagement. If the audit is time pressured due a tight deadline, then more
resources will need to be allocated to ensure that all necessary audit work is
completed, and can be reviewed in time to meet the deadline. Audit plan ISA
300 states that once the overall audit strategy has been established, an audit
plan can be developed to address the various matters identified in the overall
audit strategy, taking in to account the need to achieve the audit objectives
through the efficient use of the auditor’s resources. The establishment of the
overall audit strategy and the detailed audit plan are not necessarily discrete or
sequential processes, but are closely interrelated since changes in one may
result in consequential changes to the other. Therefore it is not necessarily the
case that the audit strategy is prepared and completed before the audit plan is
devised, and in practice it is typical for the two to be developed together. The
audit plan is a detailed programme giving instructions as to how each area of the
audit will be conducted. In other words, the audit plan details the specific
procedures to be carried out to implement the strategy and complete the audit.
ISA 300 provides guidance on what should be included in the audit plan, stating
that the audit plan should describe:
the nature, timing and extent of planned risk assessment
procedures
122

lOMoARcPSD|2981706
the nature, timing and extent of planned further audit procedures at

the assertion level
other planned audit procedures that are required to be carried out
so that the engagement complies with ISAs.
Typically an audit plan will include sections dealing with business understanding,
risk assessment procedures, planned audit procedures ie the responses to the
risks identified and other mandatory audit procedures. Changes to the audit
strategy and audit plan The audit strategy and audit plan are not fixed once the
planning stage of the audit is complete. It is important that both are updated and
changed as necessary as the audit progresses. For example, as a result of
unexpected events, or changes in conditions, the auditor may need to modify the
overall audit strategy and audit plan and thereby the resulting planned nature,
timing and extent of further audit procedures, based on the revised consideration
of assessed risks. This may be the case when information comes to the auditor’s
attention that differs significantly from the information available when the auditor
planned the audit procedures, for example, an event may take place after audit
planning has been initially completed which creates doubt over going concern.
Or, as a result of performing planned audit procedures additional information may
come to light which may lead the auditor to amend initial risk assessment, or
level of performance materiality, for all, or part, of the audit. Documentation ISA
300 requires that as well as the audit strategy and audit plan being thoroughly
documented, a record of significant changes made to the audit strategy and audit
plan is needed. Documentation is crucial, because key decisions about how the
audit will be performed are contained in the audit strategy and audit plan. The
documentation should therefore include the response made by the auditor to any
significant changes that occur during the audit, as discussed above. The audit
strategy and audit plan do not need to be documented in a particular way. Some
audit firms use memoranda, others checklists. Some use standardised
documentation such as standardised audit programmes while others tailor the
specific form of the documentation to each audit engagement. The form of the
documentation does not matter as long as it provides a clear record of how the
audit was planned. Direction, supervision and review ISA 300 requires that the
auditor shall plan the nature, timing and extent of direction and supervision of
engagement team members and the review of their work. It is crucial that the
audit plan includes the detail as to how supervision and review should be
conducted during the audit, in order to perform a high quality audit. Inadequate
supervision and review can lead to the audit team making errors, for example,
selecting inappropriate items for sampling, or failing to properly conclude on audit
procedures performed. The amount of detail included in the audit plan in relation
to supervision and review will depend on factors such as the size and complexity
of the entity being audited, the assessed risk of material misstatement, and the
capabilities and competence of the audit team members. Additional
considerations in initial audit engagements The final section of ISA 300
relates to initial audit engagements, and requires the auditor to perform client and
engagement acceptance procedures (as also required by ISA 220), and also to
communicate with the predecessor auditor, where there has been a change of
123

lOMoARcPSD|2981706
auditors, in compliance with relevant ethical requirements. The ISA recognises

that for an initial audit engagement, the auditor may need to expand the planning
activities because the auditor does not ordinarily have the previous experience
with the entity that is considered when planning recurring engagements.
Conclusion Planning an audit involves more than just obtaining business
understanding and performing risk assessment. Planning is a dynamic process
that may evolve during the audit, and should always respond to changes in the
circumstances of the audited entity. Adherence to the requirements of ISA 300
should result in a well-focused audit, staffed by appropriate personnel,
performing relevant and appropriate audit procedures. Written by a member of
the Paper P7 examining team
COMPLETING THE AUDIT

Relevant to ACCA Qualification Paper P7 and Performance Objectives 17 and
18 The completion stage of the audit is of crucial importance. It is during the
completion stage that the auditor reviews the evidence obtained during the audit
together with the final version of the financial statements with the objective of
forming the auditor’s opinion. This article explores some of the key requirements
of International Standards on Auditing (ISA) that are relevant at the completion
stage, and discusses the practical implications of those requirements.
Review of audit files and evaluation of misstatements
All audit work should be subject to review. This is a basic quality control
requirement of ISA 220, Quality Control for an Audit of Financial Statements, and
serves to ensure that sufficient appropriate audit evidence has been obtained in
respect of transactions and balances included in the financial statements. From
an exam point of view, candidates who have reviewed past Paper P7 exams will
be familiar with exam requirements that ask candidates ‘the matters to consider
and the evidence they expect to find’ when conducting an audit file review in
relation to various matters, and such a requirement is clearly set in the
completion stage of an audit. In performing a file review, the reviewer should
consider the sufficiency of evidence obtained and may need to propose further
audit procedures if evidence is found to be insufficient or contradictory. ISA 230,
Audit Documentation requires that documentation of the review process includes
who reviewed the audit work completed and the date and extent of such review.
ISA 450, Evaluation of Misstatements Identified during the Audit is relevant
during an audit file review. The objective of the auditor when following the
requirements of this ISA are to evaluate both the effect of identified
misstatements on the audit, and the effect of uncorrected misstatements, if any,
on the financial statements. ISA 450 requires that all misstatements identified
(other than those that are clearly trivial) shall be accumulated during the audit.
The auditor may need to perform further audit procedures in response to an
identified misstatement – for example, to determine whether further
misstatements exist – and it is required that all misstatements are communicated
to management on a timely basis, along with a request to amend the
misstatement identified. Typically, the auditor will present the client with a list of
misstatements (often referred to as the ‘audit error schedule’), quantifying the
124

lOMoARcPSD|2981706
amount of each misstatement, and proposing the necessary adjustment to the

financial statements. The proposed adjustment may be in the form of a journal
entry, an amendment to the presentation of the financial statements, or a
correction to a disclosure note. When management makes the necessary
adjustments to the financial statements, the auditor should confirm that the
adjustments have been made correctly. When misstatements remain uncorrected
by management, the auditor is required to reassess the level of materiality to
confirm that it remains appropriate, and should then determine if the uncorrected
misstatements are material individually or in aggregate. The uncorrected
misstatements must be communicated to those charged with governance, and
the potential implications for the auditor’s report must also be communicated.
The auditor must also obtain an understanding of management’s reasons for not
making the necessary corrections to the financial statements. ISA 450 also
requires that the auditor must request that management provides a written
representation as to whether management believes the effects of uncorrected
misstatements are immaterial, both individually and in aggregate, to the financial
statements taken as a whole. A summary of uncorrected misstatements should
also be included within, or attached to, the written representation.
Final analytical procedures
During the completion stage of the audit, the client should prepare the final
version of the financial statements, which, as discussed above, should
incorporate any adjustments of misstatements proposed by the auditor. The
financial statements should be reviewed according to the requirements of ISA
520, Analytical Procedures. One of the objectives of the auditor in complying with
ISA 520 is to design and perform analytical procedures near the end of the audit
that assist in forming an overall conclusion as to whether the financial statements
are consistent with the auditor’s understanding of the entity. The analytical
procedures performed at this stage of the audit are not different to those
performed at the planning stage – the auditor will perform ratio analysis,
comparisons with prior period financial statements and other techniques to
confirm that trends are as expected, and to highlight unusual transactions and
balances that may indicate a risk of misstatement. The key issue is that, near the
end of the audit, the auditor should have sufficient audit evidence to explain the
issues highlighted by analytical procedures, and should therefore be able to
conclude as to the overall reasonableness of the financial statements. When the
analytical procedures performed near the end of the audit reveal further
previously unrecognised risk of material misstatement, the auditor is required to
revise the previously assessed risk of material misstatement and modify the
planned audit procedures accordingly. This means potentially performing further
audit procedures in relation to matters that are identified as high risk. As well as
reviewing the main elements of the financial statements, the auditor must at this
stage carefully review the notes to the financial statements for completeness and
compliance with the applicable financial reporting framework. In many situations,
this will be the first opportunity for the auditor to review this information, as clients
often prepare the notes to the financial statements towards the end of the audit
process. At this stage, the auditor should also read the other information to be
125

lOMoARcPSD|2981706
issued with the financial statements for consistency with the financial statements.
This is important as inconsistencies may have implications for the auditor’s
report. Specific items of other information are subject to specific regulation in
some jurisdictions – for example, in the UK and Ireland the auditor’s report must
state whether the Directors’ Report is consistent with the financial statements.
Subsequent events and going concern procedures
There are two ISAs that are particularly relevant near the end of the audit. The
first is ISA 560, Subsequent Events, which requires the auditor to perform audit
procedures to obtain sufficient appropriate audit evidence that all events
occurring between the date of the financial statements and the auditor’s report
that require adjustment of, or disclosure in, the financial statements have been
identified. Typically, the auditor will follow a specific work programme dealing
with subsequent events, including procedures such as reviewing internal
accounting records and minutes of management meetings since the year-end
and discussing subsequent events with management – particularly the extent to
which management has established procedures adequate to identify relevant
subsequent events. It is important that procedures dealing with subsequent
events are performed up to the date of the auditor’s report. If they are performed
too early and not updated close to the date of the auditor’s report, then a
significant event may not be identified by the auditor. Secondly, ISA 570, Going
Concern states that the auditor shall remain alert throughout the audit for audit
evidence of events or conditions that may cast doubt on the entity’s ability to
continue as a going concern. Therefore, the auditor will conclude on going
concern matters near the end of the audit having reviewed all evidence obtained
and after reviewing the final version of the financial statements.
Written representations and communication with those
charged with governance
Towards the end of the audit, the auditor must consider the matters to be
included in management’s written representation, according to ISA 580, Written
Representations . This is a matter to be de alt with towards the conclusion of the
audit because it is a requirement of ISA 580 that the date of the written
representation shall be as near as possible to, but not after, the date of the
auditor’s report. Written representations are necessary audit evidence, and
therefore the auditor’s opinion cannot be expressed and the auditor’s report
cannot be dated before the date of the written representations. Significant
subsequent events may come to light very late in the audit, and therefore the
written representations should cover all of the subsequent events period, right up
to the date at which the audit report is dated. Important outputs of the audit are
the matters to be communicated in accordance with ISA 260, Communication
with Those Charged with Governance. The matters to be communicated include
significant findings from the audit and matters relating to auditor’s independence.
In addition, the auditor must also consider whether the two-way communication
between the auditor and those charged with governance has been adequate for
an effective audit, and have taken appropriate action if not.
Audit clearance meeting
At the conclusion of the audit, a meeting will usually be held between the auditor
126

lOMoARcPSD|2981706
and management and/or those charged with governance of the client. At this
clearance meeting the audit or will explain the various matters that have been
discussed in this article, and any other matters to be discussed in respect of the
financial statements and the audit. Typically, at the clearance meeting the
following matters may be discussed:
The adequacy of the entity’s internal controls and process of
preparing the financial statements,
any proposed adjustments to the financial statements
any difficulties encountered during the audit process
the details of ethical matters that may need to be clarified with the
client
confirmation of the matters to be included in management’s written
representations
an update on changes in financial reporting or other regulations that
may impact the client’s financial statements, and
confirmation that the client’s accounting policies are appropriate.
The audit clearance meeting is not a requirement of ISAs, but is often used as a
means to ensure that there are no misunderstandings regarding the financial
statements, the auditor’s report and any of the other matters discussed.
Conclusion
The completion stage of the audit must be carefully planned to ensure that the
requirements of the many relevant ISAs are adhered to. If the completion stage is
not adequately performed, there is a risk that an inappropriate opinion is given on
AUDIT AND INSOLVENCY

Relevant to ACCA Qualification Paper P7 (UK) and (IRL) From June 2011,
the syllabus for Paper P7 (UK) and (IRL) includes specific learning
outcomes relevant to auditing aspects of insolvency (syllabus reference
E7). This topic has been added to the syllabus on the recommendation of
the Financial Reporting Council’s Professional Oversight Board in order to
comply with the requirements of the Statutory Audit Directive, as the topic
is considered required knowledge for those wishing to obtain the audit
qualification and practice as an auditor. Why should auditors need to
understand aspects of insolvency? The simple answer is that,
unfortunately, many auditors’ clients will face financial distress at so me
point in their business life cycle. The global economic recession of the
past few years has caused many companies to face insolvency, and in
times of crisis the directors of such companies may turn to their auditor for
information and advice. Therefore, auditors must be in a position to
determine the level of financial difficulty being faced by a client, explain
and recommend the various options available to management, and
explain the consequences of liquidation or administration. This article
highlights some of the issues that auditors may have to deal with in
respect of insolvency. Of course, it is important to study this topic in its
127

lOMoARcPSD|2981706
entirety using an up-to-date study text to gain full knowledge and

understanding of this new syllabus area.
The meaning of insolvency
It is important to understand what is actually meant by a company being
‘insolvent’, and to distinguish insolvency from general, less severe financial
difficulties. A company is insolvent if the value of its assets is less than its
liabilities – in other words, the statement of financial position shows a position of
net liabilities. If all of the company’s assets were sold at book value, the existing
liabilities could not be paid. This is a more fundamental problem than simply
being short of cash. Company directors are charged with monitoring financial
position and performance. This is especially important when the company is
experiencing financial difficulties, as a company experiencing cash flow problems
can quickly turn insolvent. When a company is facing insolvency, the directors
must consider the interests of creditors (payables), shareholders and other
stakeholders, which is impossible to do without up-to-date financial information.
Directors must, therefore, prepare and monitor financial statements and cash
flow and profit forecasts on a regular basis in order to deter mine the financial
position of the company. Auditors may be asked to advise on whether a company
is insolvent, or to review historic or projected financial information. Having up-to-
date financial information and taking professional advice may also help to protect
directors from legal claims such as wrongful trading or misfeasance.
Options available
The directors of an insolvent company face a difficult decision. Should they
continue to trade, in the hope that the company’s performance and position will
improve, or should they cut their losses and wind up the company? This is a
dilemma that the auditor may be asked to help resolve by evaluating the
advantages and disadvantages of the options available, and considering the
impact of each on the relevant par ties, including creditors, shareholders,
management and employees. The auditor may also be asked to explain the
procedures involved in placing a company into administration or liquidation, as
directors will usually have limited knowledge in this area.
Administration
If the directors decide to try to save the company, it can be placed into
administration, which offers some breathing space and legal protections while a
rescue plan is formulated to try to preserve the company’s going concern status.
The main advantage of administration is that once an administrator is appointed,
a moratorium over the company’s debts commences meaning that it is not
possible for a winding up petition to be presented at court by the company’s
creditors (payables) – thus allowing time for the rescue plan to be designed and
initiated. A company in administration is under the control of the appointed
administrator who is given a short period of time (usually eight weeks) to set out
a proposal for achieving the aim of the administration, or to decide that it is not
reasonable that the company can be rescued. A creditors’ meeting is called, at
which the proposals are accepted or rejected. The administrator takes over
management of the company and has the power to appoint and remove
directors. The process for appointment of an administrator varies, and may or
128

lOMoARcPSD|2981706
may not involve a court order. A company, its directors or one or more creditors
(payables) can apply to the court for the appointment of an administrator. The
court will grant an administration order only if it is satisfied that the company is –
or is likely to become insolvent, and that the administration process is likely to
achieve its purpose of rescuing the company as a going concern. It is also
possible for an administrator to be appointed without a court order, either by a
floating chargeholder, or by the company or its directors. Administration usually
lasts for 12 months, after which time the administrator automatically vacates
office, though the period of administration can – in some cases – be extended
subject to approval from creditors (payables). On the other hand, administration
may not last for the full 12-month period, and may end early if the administration
has been successful.
Liquidation
If the company cannot be saved, then liquidation or ‘winding up’ is likely to be
initiated. The company will cease to trade, assets are sold, liabilities are paid (to
the extent allowed by the proceeds from the sale of assets and by applying the
rules for allocation of assets described below), and eventually the company will
be dissolved. Once liquidation proceedings are under way share dealings must
stop, and the directors lose their power to manage the company. The procedures
involved in placing a company into liquidation are complicated by the fact that
there are different ways that the process is initiated – compulsory liquidation,
members’ voluntary liquidation, and creditors’ voluntary liquidation. Compulsory
liquidation is usually initiated by one or more creditors, who apply to the court
and must demonstrate that the company is unable to pay its debts. A creditor
who is owed more than £750, and who has served the company with a written
demand for payment that has not been settled, has grounds to apply to the court
for compulsory liquidation. In less common circumstances, a member
(shareholder) who is dissatisfied with the directors’ management of the company
may petition the court for the company to be wound up on the just and equitable
ground. For this to be successful, the member had to demonstrate to the court
that winding up is the only remedy available. Voluntary liquidation can occur
through two different routes – a member’s voluntary liquidation, or a creditors’
voluntary liquidation. The former is used where the company is solvent, and can
only take place when the directors have made a declaration of solvency.
Creditors have no involvement with this type of liquidation, as the declaration of
solvency means that they will be paid in full and therefore have no risk exposure.
Shareholders pass a resolution to wind up the company and appoint a liquidator,
who is responsible for closing down the company. In contrast, in a creditors’
voluntary liquidation the creditors are heavily involved with proceedings, as in this
case the company is not solvent, and therefore creditors face the risk that they
will not be paid the full amount owing to them. The process is started by a
shareholders’ meeting where a resolution is passed to agree that the company
should be wound up, but subsequently, the creditors’ wishes over the
appointment of the liquidator and the process of winding up will override the
wishes of the shareholders.
Allocating company assets
129

lOMoARcPSD|2981706
An important issue arising on liquidation is the order of priority for allocating

company assets. This is especially important for creditors and shareholders
because, by definition, an insolvent company cannot pay everything that is owed.
The amounts that will be paid on liquidation depend on matters such as whether
debts are secured or unsecured, whether charges over assets are fixed or
floating in nature, whether shareholders own preference or equity shares, the
costs suffered by the liquidator (which are generally paid first) and the amount of
preferential creditors (including employees’ salaries and other benefits in
arrears). In most liquidations equity shareholders receive very little, and usually
nothing, as they rank last in the order of priority in allocating company assets.
The auditor of an insolvent or potentially insolvent company may be asked to
advise on the allocation of company assets.
Advantages of administration
In many cases, it may be preferable to place a company into administration,
rather than go through the process of liquidation. The obvious advantage is that if
the administration is successful, the company will continue as a going concern,
allowing shareholders to continue to hold their shares and, hopefully, eventually
receive a return on that investment. In contrast, as mentioned above,
shareholders usually receive nothing when a company is wound up. For
creditors, the continued existence of the company may also prove beneficial, as
its improved cash flows should allow debts to be repaid, and trading relationships
can be maintained. Administration may also be beneficial to employees, as there
will continue to be employment of some staff in the continued business (though,
of course, the administrator may make some redundancies as part of the
company’s rescue plan). In contrast, in a compulsory liquidation the employees
are automatically dismissed.
Conclusion
Auditors have a part to play in advising directors of companies that are in
financial distress or, indeed, are insolvent. Candidates attempting Paper P7 (UK)
or (IRL) must be prepared to identify the issues relating to insolvency in a given
scenario and to provide appropriate explanations and recommendations. Auditing
aspects of insolvency will not be examined at each sitting, but will feature fairly
regularly in case study type questions. Studying from an up-to-date study text is
essential. Written by a member of the Paper P7 examining team
GROUP AUDITING
This article reviews the most significant elements of group audits and
changes to ISA 600 that were introduced as a result of the recent Clarity
project
In March 2008, the Paper P7 examiner wrote an article about auditing groups
and joint audits.
This article is a reminder of some of the most significant elements of group
audits, which feature frequently in the Paper P7 exam. The significant changes to
ISA 600, Special Considerations – Audits of Group Financial Statements
(Including the Work of Component Auditors) that were introduced as a result of
the recent Clarity project are likely to make group auditing even more
130

lOMoARcPSD|2981706
examinable. Exam questions may focus on the audit of group financial

statements, or on the requirements of the group auditor to report to management
on matters all around the group.
Similarities within the ISA 600 series of auditing standards
Group auditing often necessitates that the group auditor places considerable
reliance on other audit firms. However, ISA 600 doesn’t allow the group auditor to
wholly outsource responsibility for parts of the audit to another auditor.
To begin at the beginning: acceptance of the assignment
ISA 600 requires the group engagement partner each year formally to assess
whether it is appropriate to act as group auditor. If at any point the group
engagement partner concludes that they lack the professional skills necessary to
form a group audit opinion, they should resign. ISA 600 requires that the group
engagement partner resign immediately if there is any significant restriction
placed by the parent company management on information made available from
within the group (or disclaim opinion if resignation is not legally possible).
ISA 600 (revised and redrafted) extends this responsibility to require that the
auditor relying on the third party’s work has obtained their own understanding of
the specialist area in question, or business of each subsidiary or associate
(referred to as ‘components’ in ISA 600, with that company’s auditor referred to
as the ‘component auditor’). The group auditor must form their own
concurring opinion on any judgmental areas. This does not require having the
same depth of knowledge as the expert/other auditor, but they would need to be
able to review the third party’s files and have sufficient independent knowledge to
understand the work done, the reason for the work and the conclusions from that
evidence.
Group audit opinion
The parent company of a group will normally publish its financial statements as
an individual company and the group financial statements in the same document,
so, the audit opinion will normally be expressed on ‘the financial statements of
the company and of the group as at...’ Although presented as one opinion, it
logically contains two separate opinions; one on the entity financial statements of
the parent itself and another on the financial statements of the group. ISA
prohibits the group auditor from making any reference to the work of any other
experts or auditors, as doing so would diminish the credibility of the audit opinion
and allow the group auditor to ‘pass the buck’ for responsibility for part of the
audit. You should be prepared to explain this point in the exam. This is an
example of where ISA differs from US audit standards, where reference to other
auditors conducting some of the work on components is permissible.
Planning work required
Groups often have a number of subsidiaries that are either dormant or
immaterial. At a minimum, the group engagement team must develop an
understanding of each component of the group and review the financial
statements of each subsidiary.
Where a component is judged to be material or a significant contributor of
inherent risk at the group level, further work will be required to be satisfied that
the financial statements of each component, in order to be satisfied that the
131

lOMoARcPSD|2981706
component is unlikely to introduce errors that could be material at the group

level. This work might include:
discussing with the component auditor, and/or the management of
the component, the business activities that are significant to the group
reviewing the more significant parts of the component auditor’s
working papers
discussing with the component auditor the susceptibility of the
company’s financial statements to material error or deliberate
misstatement
reviewing the component auditor’s documentation of identified
significant risks, and the conclusions reached on these risks
observing final clearance meetings between the component auditor
and the management of the company.
The group auditor as the repository of information
The group engagement team’s role brings information flowing to them that is
useful to disseminate around the group. This includes materiality (see below) and
matters such as related party relationships, which may be unknown at the
component level, because two subsidiaries may be unaware of each other’s
existence. The group auditor asks each component auditor for known related
party relationships and then communicates a collated list of all related party
relationships to each component auditor.
Materiality
At the planning stage, the group engagement partner must determine several
figures for materiality for each component part of the group (ISA 600:21).
Each
Group Parent
component
Financial
Group Group Component
statements
auditor auditor auditor
materiality
Materiality for
the
Group Group
consolidation Group auditor
auditor auditor
package as a
whole
Level of Group Group Group auditor

reduced auditor auditor
132

lOMoARcPSD|2981706
materiality for
sensitive
figures
Performance Group Group

Group auditor
materiality auditor auditor
Block: Text
Performance materiality is the figure below that any errors in the financial
statements may be considered trivial. The component auditor will be required to
communicate to the group auditor a summary of all unadjusted errors in the
consolidation package.
It is common in larger group audits for the financial statements to be prepared
using a consolidation package of information that is sent to the parent company
by each component company. This will omit many of the disclosures that will be
in the eventual entity financial statements. The component auditor may,
therefore, be required to issue a special audit opinion on the truth and fairness of
the consolidation package. This opinion is likely to be addressed to the directors
of the component company, or may be addressed to the group auditor directly.
In order to minimise the risk of several accidental or deliberate errors in the
financial statements together exceeding group materiality, component materiality
figures will normally be significantly lower than the group materiality figure, even
for the largest component companies.
Example 1
Imagine that financial statements materiality is taken to be 10% of profit or loss
for each entity within a group and performance materiality is set at 0.5% of profit.
Imagine that a group has a parent company and two components, one of which
is profit making and one of which is loss making:
Pare Subsidiar Subsidiar Grou

$'000s
nt y1 y2 p
Proft 2,000 12,000 (8,000) 6,000
Component
materiality @ 200 1,200 800 600
10%
133

lOMoARcPSD|2981706
Performance
materiality @ 10 60 40 30
0.5%
Block: Text
If subsidiary 1 were audited by another firm using the same materiality
calculation method as the parent, an unadjusted error of $10m would correctly
result in issuance of an unmodified audit opinion on the financial statements of
that individual company. However, the effect of losses elsewhere in the group
would mean that although this error would not be material at the component
level, it would be material at the group level. Since it is only likely to be the parent
auditor who has this overview of the group, the group engagement team must
communicate materiality figures to component auditors in advance of audit work
commencing. In this example, the maximum component materiality figure that the
group auditor could communicate to the component auditors would be 600, but it
would be wise to select a lower figure than this, in order to reduce to a tolerable
level the risk of errors in both component companies together exceeding 600.
In the exam, if you are given extracts from draft financial statements, it’s often a
good start to recommend and briefly explain a figure for materiality.
Communication between auditors
ISA 600 in its revised form contains extensive new requirements on the
communication between parent and component auditor. In addition to practical
matters such as materiality, the required format of the consolidation package,
deadlines and contact details, the group auditor must communicate a number of
matters at the planning to the component auditor, including:
related party relationships known anywhere around the group
identified significant risks, whether due to error or fraud
methodology to be used for impairment testing of goodwill. Audit of
estimates is subjective and so it’s essential that the group auditor’s
preferred method is used throughout the group. Be prepared to explain
this in Paper P7.
Matters that the component auditor must communicate to the group auditor will
include:
any known related party relationships and related party transactions
any indications of management bias

any significant risks to the truth and fairness of the component
financial statements, work done on these risks and the conclusions
reached
all intra-group transactions, period end balances and allowances for
unrealised profit
any observed non-trivial failure to observe relevant laws and
regulations
all observed control weaknesses, flagging significant weaknesses
134

lOMoARcPSD|2981706
separately
any known events after the reporting date.
Audit of the consolidation process
Once the group engagement partner is satisfied that the individual financial
statements within the group are free from material misstatement, attention can
now shift to audit of the consolidation process.
The good news for exam purposes is that this stage of the audit is very similar
regardless of the specific company, so good marks can be obtained largely by
memorising the risks and responses below.
Principal risks arising in the consolidation process include errors or omissions
arising during:
transcription of figures from individual financial statements to
consolidation workings
classification of components (eg associate, subsidiary)
cancellation of intra-group trading, cancellation of intra-group
balances and allowance for unrealised profit on intra-group transfers
recognition of impairment of purchased positive goodwill
determination of fair values being used on acquisition
arithmetical inaccuracy in the consolidation process
identification and disclosure of related party relationships and
transactions
foreign currency translation from functional currency of components
to reporting currency of the group.
The most reliable evidence on completeness and accuracy of consolidation
adjustments in a large group is likely to be determining whether the client’s
accounting systems adequately flags transactions with fellow group companies.
The process is still likely to be highly substantive in nature and will probably
include these tests of detail:
line-by-line agreement of all items from audited component financial
statements (or consolidation packages submitted to head office) to the
consolidation schedules
detailed discussion with management on the reason for
classification of each component
sample testing of known intra-group transactions to ensure that
they have been eliminated in the client’s consolidation
recalculation of all significant workings, such as goodwill, non-
controlling interests and foreign currency translation.
Final review of financial statements
The group audit opinion may be signed on some date on or after the audit
opinions on material components are signed. Once the component auditor has
issued their opinion, their responsibility for reporting on the impact on events
after the reporting date is greatly diminished, yet there may be material events
that could be material in the group financial statements. The group engagement
team will normally agree in advance with the auditor of significant components
that an update on events is given by the component auditor to the group
engagement partner immediately before the group audit opinion is signed. It is
135

lOMoARcPSD|2981706
the responsibility of the group engagement team to ensure that material events
are reported.
Reporting to management and the board
In addition to the usual requirements for reporting to those charged with
governance (the ‘management letter’), ISA 600:49 requires the group
engagement partner also to report to management on any concerns that they
had about possible fraud anywhere in the group, any restrictions on information
made available by component management and any concerns that they had
about the quality of work performed by any component auditor.
In addition to the audit report to shareholders, the group auditor is required by
ISA 600 to report on a group-wide basis to group management and separately to
those charged with governance at a group level, such as the audit committee of
the board. This split communication echoes the requirements of ISA 260
Communication with Those Charged with Governance to produce different letters
to different levels of management.
The report to management will include details of all observed instances of
non-trivial fraud and all non-trivial deficiencies in internal controls around the
group.
The report to those charged with governance, most probably the audit
committee, will include:
an overview of the audit approach insofar as it affects component
auditors
any doubts that the group auditor may have about the quality of
work performed by the component auditor, giving the group auditor a
potentially awkward need to publicly question the skills of a fellow
professional.
any limitations on audit scope anywhere within the group
any suspected fraud where management is suspected of
involvement.
Summary
ISA 600 represents a significant extension of the responsibilities of both group
auditor and component auditor compared with the previous ISA. It is likely to be a
controversial standard in practice, and it is therefore likely to be in many Paper
P7 exams.
Understanding and memorising the key points of the standard is a very good use
of study time when preparing for the Paper P7 exam.
Graham Fairclough is group technical director at the ExP Group
ACCEPTANCE DECISIONS FOR AUDIT AND ASSURANCE

ENGAGEMENTS
Relevant to ACCA Qualification Paper P7 The syllabus for Paper P7, Advanced
Audit and Assurance includes Professional Appointments (syllabus reference
C4). The learning outcomes include the explanation of matters that should be
considered and procedures that should be followed by a firm before accepting a
new client, a new engagement for an existing client, or agreeing the terms of any
136

lOMoARcPSD|2981706
new engagement. The engagement may be an audit, or it may be a non-audit or

assurance engagement. Acceptance decisions are crucially important, because
new clients and/or engagements can pose threats to objectivity, or create risk
exposure to the firm, which must be carefully evaluated. One of the current
issues being debated in the profession is whether there should be an outright
ban on the provision of non-audit services to audit clients. In addition, new
International Standard on Auditing (ISA) requirements compel the firm to
establish whether preconditions for an audit are present when faced with a
potential new audit engagement. All of these factors mean that acceptance
decisions must be taken with care.
Accepting new audit clients
IFAC’s Code of Ethics for Professional Accountants states: ‘Before accepting a
new client relationship, a professional accountant in public practice shall
determine whether acceptance would create any threats to compliance with the
fundamental principles. Potential threats to integrity or professional behaviour
may be created from, for example, questionable issues associated with the client
(its owners, management or activities).’ This means that when approached to
take on a new client, the firm should investigate the potential client, its owners
and business activities in order to evaluate whether there are any questions over
the integrity of the potential client which create unacceptable risk. These
investigative actions are usually performed as ‘know your client/customer’ or
‘customer due diligence’ procedures, which are also carried out in order to
comply with anti-money laundering regulations. Once a client has been accepted,
the firm should consider the suitability of the specific engagement it has been
asked to perform. In particular there may be ethical threats which mean that the
engagement should not be accepted, in particular whether there are any threats
to objectivity. Potential threats could arise for example, if members of the audit
firm hold shares in the client or there are family relationships. If threats are
discovered, it may not mean that the client must be turned down, as safeguards
could potentially reduce the threats to an acceptable level. There may be other
ethical matters to evaluate in relation to a potential new engagement, for
example, whether any conflict of interest or confidentiality issues could arise, and
if so, whether appropriate safeguards can be put in place. Also, the firm’s
competence to perform the potential work should be evaluated, especially if the
potential client operates in a specialised industry, or if the client has a complex
structure. A self-interest threat to professional competence and due care is
created if the engagement team does not possess, or cannot acquire, the
competencies necessary to properly carry out the engagement. Practical matters
such as the resources needed to perform the work, the deadline for completion,
and logistics like locations and geographical spread will have to be looked into as
well. Obviously, these matters need to be evaluated in the specific context of the
potential engagement, and should be fully documented. Different types of
potential engagement will give rise to different matters that should be evaluated.
For example, if the firm is asked to perform the audit of a large group of
companies with operations in many countries, then resourcing the audit may be
the most significant issue. The fee may be large, leading to a self-interest threat
137

lOMoARcPSD|2981706
of fee dependence. On the other hand, if asked to perform the audit of a small
owner-managed company, fee dependence is less likely to be an issue, but
threats potentially created by the auditor appearing to make management
decisions could be significant. In answering requirements on client and
engagement acceptance, candidates are warned that their comments must be
made specific to the scenario presented to them in order to pass the
requirement. Commercially, an engagement should be profitable to make it
worthwhile for the firm. But the firm must take care that commercial
considerations do not outweigh other matters to be considered. IFAC’s Code
makes it clear that acceptance decisions are not to be treated as a one-off
matter. The Code states: ‘It is recommended that a professional accountant in
public practice periodically review acceptance decisions for recurring client
engagements.’ Changes in the circumstances of either the client, or the audit firm
may mean that an engagement ceases to be ethically or professionally
acceptable or creates a heightened level of risk exposure. Therefore, client
continuance assessments are important and should be fully documented.
Preconditions for an audit
Once a firm has decided to go ahead with an audit engagement, it must comply
with the requirements of ISA 210, Agreeing the Terms of Audit Engagements.
ISA 210 was revised as part of the International Auditing and Assurance
Standards Board’s Clarity Project, with new requirements to perform specific
procedures in order to establish whether the preconditions for an audit are
present. ISA 210 defines preconditions for an audit as follows: ‘The use by
management of an acceptable financial reporting framework in the preparation of
the financial statements and the agreement of management and, where
appropriate, those charged with governance to the premise on which an audit is
conducted’. This means that the auditor must do two things. First, the auditor
must determine the acceptability of the financial reporting framework to be
applied in the preparation of the financial statements. This includes evaluating
whether law or regulation prescribes the applicable financial reporting framework,
considering the purpose of the financial statements, and the nature of the
reporting entity (for example, whether a listed company or a public sector entity).
In most cases this will simply be a matter of confirming with the client that the
financial statements will be prepared under International Financial Reporting
Standards, or other national reporting framework. Second, the auditor must
obtain the agreement of management that it acknowledges and understands its
responsibility:
For the preparation of the financial statements in accordance with
the applicable financial reporting framework.
For internal controls to enable the preparation of financial
statements which are free from material misstatement, whether due to
fraud or error.
To provide the auditor with access to all information necessary for
the purpose of the audit.
In relation to the final bullet point, if management impose a limitation on the
scope of the auditor’s work in the terms of a proposed audit engagement, the
138

lOMoARcPSD|2981706
auditor should decline the audit engagement if the limitation could result in the
auditor having to disclaim the opinion on the financial statements. The
engagement should also be declined if the financial reporting framework is
unacceptable, or if management fail to provide the agreement outlined above.
(ISA 580, Written Representations also requires that management provide
written representations regarding its responsibilities in relation to the preparation
of financial statements.)
Accepting non-audit assignments
It is very common for audit clients to approach their auditor for the provision of
additional services, ranging from audit related services such as tax planning and
bookkeeping, to other engagements such as due diligence and forensic
investigations. The audit firm must again carefully consider whether it is ethically
and professionally acceptable to take on the additional service. The main ethical
threat created by the provision of non-audit services is the threat to objectivity.
The threats created are most often self-review, self-interest and advocacy threats
and if a threat is created that cannot be reduced to an acceptable level by the
application of safeguards, the non-audit service shall not be provided. The UK
Auditing Practices Board’s (APB) Ethical Standard 5, Non-audit services
provided to audit clients contains similar principles, and emphasises the
‘management threat’ which exists when the audit firm makes decisions and
judgments that are properly the responsibility of management. Both the Code
and ES 5 outline a principles-based approach to determining the acceptability of
a non-audit service to an audit client. With a few exceptions, if safeguards can
reduce threats to an acceptable level then the service may be provided.
Safeguards could include using separate teams to provide the various services to
the client, and the use of second partner review or Engagement Quality Control
Review. ES 5 specifies that it is the audit engagement partner who should
evaluate the level of threat, the effectiveness of safeguards, and is ultimately
responsible for the documentation of the acceptance decision. The provision of
non-audit services to audit clients continues to be debated by the profession.
Many argue in favour of outright prohibition as being the only measure which can
totally safeguard auditor’s objectivity. However, it is accepted that audit firms are
best placed to provide audit clients with additional services due to the knowledge
of the business which they already possess, leading to a lower cost and higher
quality service than that would be provided by a different firm. In 2010 the APB
issued a feedback and consultation paper The provision of non-audit services by
auditors , which prompted continued discussion of these issues and
recommended a number of measures to:
Increase the rigour with which auditors assess threats to their
independence
Introduce a new non-audit services disclosure regime and
Increase the role of Audit Committees in overseeing the retention of
a company’s auditors to undertake non-audit services.
The final bullet point is important as it links to corporate governance. Under many
codes of corporate governance, including the UK Corporate Governance Code ,
the client’s audit committee should be involved with any decision as to whether
139

lOMoARcPSD|2981706
the audit firm can be engaged to provide a non-audit service. Therefore, when
approached to provide a non-audit service to an audit client, there should be full
discussion with those charged with governance, including the audit committee,
with a view to seeking approval for the engagement to go ahead. As well as
considering independence and objectivity, audit firms should remember that the
fundamental ethical principles apply to non-audit services, just as they apply to
audits. Therefore, when considering whether to provide a non-audit service, the
firm should evaluate its competency to perform the work, whether confidentiality
is an issue, and that it is able to comply with all relevant laws and regulations. As
discussed above, in answering requirements to do with non-audit services,
candidates’ answers must apply knowledge to the specific scenario provided in
order to score well.
Conclusion
The evaluation of new engagements is a crucial part of successful practice
management. The current debate over the acceptability of auditors providing
non-audit services to their audit clients indicates that ethical matters will continue
to play an important part in acceptance decisions. Written by a member of the
Paper P7 examining team
AUDITING IN A COMPUTER-BASED ENVIRONMENT

Specific aspects of auditing in a computer-based environment
Information technology (IT) is integral to modern accounting and management
information systems. It is, therefore, imperative that auditors should be fully
aware of the impact of IT on the audit of a client’s financial statements, both in
the context of how it is used by a client to gather, process and report financial
information in its financial statements, and how the auditor can use IT in the
process of auditing the financial statements.
The purpose of this article is to provide guidance on following aspects of auditing
in a computer-based accounting environment:
Application controls, comprising input, processing, output and
master file controls established by an audit client, over its computer-based
accounting system and
Computer-assisted audit techniques (CAATs) that may be
employed by auditors to test and conclude on the integrity of a client’s
computer-based accounting system.
Exam questions on each of the aspects identified above are often answered to
an inadequate standard by a significant number of students – hence the reason
for this article.
Dealing with application controls and CAATs in turn:
Application controls
Application controls are those controls (manual and computerised) that relate to
the transaction and standing data pertaining to a computer-based accounting
system. They are specific to a given application and their objectives are to
ensure the completeness and accuracy of the accounting records and the validity
of entries made in those records. An effective computer-based system will
ensure that there are adequate controls existing at the point of input, processing
140

lOMoARcPSD|2981706
and output stages of the computer processing cycle and over standing data
contained in master files. Application controls need to be ascertained, recorded
and evaluated by the auditor as part of the process of determining the risk of
material misstatement in the audit client’s financial statements.
Input controls
Control activities designed to ensure that input is authorised, complete, accurate
and timely are referred to as input controls. Dependent on the complexity of the
application program in question, such controls will vary in terms of quantity and
sophistication. Factors to be considered in determining these variables include
cost considerations, and confidentiality requirements with regard to the data
input. Input controls common to most effective application programs include on-
screen prompt facilities (for example, a request for an authorised user to ‘log-in’)
and a facility to produce an audit trail allowing a user to trace a transaction from
its origin to disposition in the system.
Specific input validation checks may include:
Format checks These ensure that information is input in the correct form. For
example, the requirement that the date of a sales in voice be input in numeric
format only – not numeric and alphanumeric.
Range checks These ensure that information input is reasonable in line with
expectations. For example, where an entity rarely, if ever, makes bulk-buy
purchases with a value in excess of $50,000, a purchase invoice with an input
value in excess of $50,000 is rejected for review and follow-up.
Compatibility checks These ensure that data input from two or more fields is
compatible. For example, a sales invoice value should be compatible with the
amount of sales tax charged on the invoice.
Validity checks These ensure that the data input is valid. For example, where an
entity operates a job costing system – costs input to a previously completed job
should be rejected as invalid.
Exception checks These ensure that an exception report is produced highlighting
unusual situations that have arisen following the input of a specific item. For
example, the carry forward of a negative value for inventory held.
Sequence checks These facilitate completeness of processing by ensuring that
documents processed out of sequence are reject ed. For example, where pre-
numbered goods received notes are issued to ac knowledge the receipt of goods
into physical inventory, any input of notes out of sequence should be rejected.
Control totals These also facilitate completeness of processing by ensure that
pre-input, manually prepared control totals are compared to control totals input.
For example, non-matching totals of a ‘batch’ of purchase invoices should result
in an on-screen user prompt, or the production of an exception report for follow-
up. The use of control totals in this way are also commonly referred to as output
controls (see below).
Check digit verification This process uses algorithms to ensure that data input is
accurate. For example, internally generated valid supplier numerical reference
codes, should be formatted in such a way that any purchase invoices input with
an incorrect code will be automatically rejected.
Processing controls
141

lOMoARcPSD|2981706
Processing controls exist to ensure that all data input is processed correctly and
that data files are appropriately updated accurately in a timely manner. The
processing controls for a specified application program should be designed and
then tested prior to ‘live’ running with real data. These may typically include the
use of run-to-run controls, which ensure the integrity of cumulative totals
contained in the accounting records is maintained from one data processing run
to the next. For example, the balance carried forward on the bank account in a
company’s general (nominal) ledger. Other processing controls should include
the subsequent processing of data rejected at the point of input, for example:
A computer produced print-out of rejected items.
Formal written instructions notifying data processing personnel of
the procedures to follow with regard to rejected items.
Appropriate investigation/follow up with regard to rejected items.
Evidence that rejected errors have been corrected and re-input.
Output controls
Output controls exist to en sure that all data is processed and that output is
distributed only to prescribed authorised users. While the degree of output
controls will vary from one organisation to another (dependent on the
confidentiality of the information and size of the organisation), common controls
comprise:
Use of batch control totals, as described above (see ‘input
controls’).
Appropriate review and follow up of exception report information to
ensure that there are no permanently outstanding exception items.
Careful scheduling of the processing of data to help facilitate the
distribution of information to end users on a timely basis.
Formal written instructions notifying data processing personnel of
prescribed distribution procedures.
Ongoing monitoring by a responsible official, of the distribution of
output, to ensure it is distributed in accordance with authorised policy.
Master file controls
The purpose of master file controls is to ensure the ongoing integrity of the
standing data contained in the master files. It is vitally important that stringent
‘security’ controls should be exercised over all master files.
These include:
appropriate use of passwords, to restrict access to master file data
the establishment of adequate procedures over the amendment of
data, comprising appropriate segregation of duties, and authority to
amend being restricted to appropriate responsible individuals
regular checking of master file data to authorised data, by an
independent responsible official
processing controls over the updating of master files, including the
use of record counts and control totals.
Computer Assisted Audit Techniques (CAATs)
The nature of computer-based accounting systems is such that auditors may use
the audit client company’s computer, or their own, as an audit tool, to assist them
142

lOMoARcPSD|2981706
in their audit procedures. The extent to which an auditor may choose between
using CAATs and manual techniques on a specific audit engagement depends
on the following factors:
the practicality of carrying out manual testing
the cost effectiveness of using CAATs
the availability of audit time
the availability of the audit client’s computer facility
the level of audit experience and expertise in using a specified
CAAT
the level of CAATs carried out by the audit client’s internal audit
function and the extent to which the extern al auditor can rely on this work.
There are three classifications of CAATs – namely:
Audit software
Test data
Other techniques
Dealing with each of the above in turn:
Audit software
Audit software is a generic term used to describe computer programs designed
to carry out tests of control and/or substantive procedures. Such programs may
be classified as:
Packaged programs These consist of pre-prepared generalised programs used
by auditors and are not ‘client specific’. They may be used to carry out numerous
audit tasks, for example, to select a sample, either statistically or judgementally,
during arithmetic calculations and checking for gaps in the processing of
sequences.
Purpose written programs These programs are usually ‘client specific ’ and may
be used to carry out tests of control or substantive procedures. Audit software
may be bought or developed, but in any event the audit firm’s audit plan should
ensure that provision is made to ensure that specified programs are appropriate
for a client’s system and the needs of the audit. Typically, they may be used to
re-perform computerised control procedures (for example, cost of sales
calculations) or perhaps to carry out an aged analysis of trade receivable (debtor)
balances.
Enquiry programs These programs are integral to the client’s accounting system;
however they may be adapted for audit purposes. For example, where a system
provides for the routine reporting on a ‘monthly’ basis of employee starters and
leavers, this facility may be utilised by the auditor when auditing salaries and
wages in the client’s financial statements. Similarly, a facility to report trade
payable (creditor) long outstanding balances could be used by an auditor when
verifying the reported value of creditors.
Test data
Audit test data Audit test data is used to test the existence and effectiveness of
controls built into an application program used by an audit client. As such,
dummy transactions are processed through the client’s computerised system.
The results of processing are then compared to the auditor’s expected results to
determine whether controls are operating efficiently and systems’ objectiveness
143

lOMoARcPSD|2981706
are being achieved. For example, two dummy bank payment transactions (one
inside and one outside authorised parameters) may be processed with the
expectation that only the transaction processed within the parameters is
‘accepted’ by the system. Clearly, if dummy transactions processed do not
produce the expected results in output, the auditor will need to consider the need
for increased substantive procedures in the area being reviewed.
Integrated test facilities To avoid the risk of corrupting a client’s account system,
by processing test data with the client’s other ‘live’ data, auditors may instigate
special ‘test data only’ processing runs for audit test data. The major
disadvantage of this is that the auditor does not have total assurance that the test
data is being processed in a similar fashion to the client’s live data. To address
this issue, the auditor may therefore seek permission from the client to establish
an integrated test facility within the accounting system. This entails the
establishment of a dummy unit, for example, a dummy supplier account against
which the auditor’s test data is processed during normal processing runs.
Other techniques This section contains useful background information to
enhance your overall understanding.
Other CAATs include:
Embedded audit facilities (EAFs) This technique requires the auditor’s own
program code to be embedded (incorporated) into the client’s application
software, such that verification procedures can be carried out as required on data
being processed. For example, tests of control may include the reperformance of
specific input validation checks (see input controls above) – selected transactions
may be ‘tagged’ and followed through the system to ascertain whether stated
controls and processes have been applied to those transactions by the computer
system. The EAFs should ensure that the results of testing are recorded in a
special secure file for subsequent review by the auditor, who should be able to
conclude on the integrity of the processing controls generally, from the results of
testing. A further EAF, of ten overlooked by students, is that of an analytical
review program enabling concurrent performance of analytical review procedures
on client data as it is being processed through the automated system.
Application program examination When determining the extent to which they may
rely on application controls, auditors need to consider the extent to which
specified controls have been implemented correctly. For example, where system
amendments have occurred during an accounting period, the auditor would need
assurance as to the existence of necessary controls both before and after the
amendment. The auditor may seek to obtain such assurance by using a software
program to compare the controls in place prior to, and subsequent to, the
amendment date.
Summary
The key objectives of an audit do not change irrespective of whether the audit
engagement is carried out in a manual or a computer-based environment. The
audit approach, planning considerations and techniques used to obtain sufficient
appropriate audit evidence do of course change. Students are encouraged to
read further to augment their knowledge of auditing in a computer-based
environment and to practise their ability to answer exam questions on the topic
144

lOMoARcPSD|2981706
by attempting questions set in previous ACCA exam papers.

Written by a member of the audit exam team
AUDIT OF ESTIMATES AND FAIR VALUES

Relevant to ACCA Qualification Paper P7 Making estimates is an inevitable
part of preparing financial statements. Management will need to make estimates
about many of the assets and some of the liabilities in order to show them at a
reliable value. These estimates will include some routine matters such as the
expected life of property, plant and equipment, estimating appropriate allowances
for receivables and some more challenging matters, such as valuation of pension
liabilities for a newly acquired subsidiary. Estimates share one characteristic
above all others – they are an attempt to look into the future and are
consequently subject to a high degree of uncertainty and so inherent risk of
misstatement. ISA 700 requires that an auditor expresses an opinion in terms of
reasonable assurance. This requires us to state an opinion that we believe a set
of financial statements present a true and fair view (or are fairly presented). The
assertive nature of this opinion requires a substantial amount of robust evidence
to support it. It is rather too easy to drop into auditing estimates to a degree
where conclusions become that management’s estimates are ‘reasonable’ or
even ‘plausible’. Neither of these conclusions mirror the wording used in our
actual audit report and so are insufficient to comply with the requirement of ISA
700 and ISA 540, Auditing Accounting Estimates, Including Fair Value
Accounting Estimates, and Related Disclosures. Obtaining certainty about the
future is impossible, but obtaining evidence to support a reasonable conclusion
on likely future outcomes is not.
How can estimates be wrong?
It is logically impossible to say that an estimate about the future is certain to be
right. It’s much easier, however, to identify when an estimate is likely to be
wrong. So it is perhaps easiest to start off identifying some common situations
when an estimate looks likely to be materially misstated. This list isn’t exhaustive,
but it includes some of the biggest potential errors and you should be sure that
you’re comfortable with all of them before taking the Paper P7 exam.
Misunderstanding the stated system of GAAP. In the audit report, we define true
and fair, or fair presentation, by referring to full compliance with a stated system
of GAAP. It is, therefore, essential to have an in-depth knowledge of the GAAP
system being used to define truth and fairness before it’s possible to express an
audit opinion that is built on that system. This is why you can expect a
reasonable amount of accounting knowledge to be needed to pass Paper P7.
Unfortunately, there is not one unifying method of deciding what constitutes a
true and fair estimate. For example, inventory will be defined as being fairly
estimated in value if it is valued at the lower of cost and net realisable value.
Contingent liabilities are fairly estimated if they are shown with a value of zero,
unless they are being valued as part of an acquirer’s initial consolidation of a new
subsidiary (see later). The definition of fair value given in the IASB glossary is:
The amount for which an asset could be exchanged, or a liability settled,
between knowledgeable, willing parties in an arm’s length transaction. In
145

lOMoARcPSD|2981706
practice, this definition is stretched somewhat depending on the asset or liability

in question and so it is necessary to know the specific rules for each material
asset or liability. Management bias. Bias is not necessarily deliberate, but is
almost certain to exist in most estimates. Bias may be exacerbated during a
takeover situation, when management are likely to wish to convince sellers of a
business that net assets have a lower fair value than they really have, in order to
obtain a lower price for the acquired business. Innate optimism and human
nature may deter management from wishing to accept that less will be received
from receivables than management wish. Familiarity with preparing estimates in
an established way may also build in long-standing bias. Poor data, poor
controls. If information systems are poor, even neutral management will produce
estimates that are unreliable. For example, if a loan provider has poor data
collection on overdue repayments, estimates of impairments of financial assets
are likely to be unreliable.
Fair values – acquisition of new subsidiaries
When a parent company acquires a new subsidiary, it will pay the fair value of
the acquired company as a whole. This is because the previous owners tend to
be unwilling to sell their company for less than its fair value. In order to bring in a
fair estimate of the initial value of goodwill, IFRS 3, Business Combinations
requires that the individual net assets of the acquired company be valued at their
fair value at the date of the acquisition. Fair value still means the amount that
would be transferred between knowledgeable parties in an arm’s length
transaction. Often, the acquirer will have investigated their assessment of value
of material assets, liabilities and contingent liabilities of the target company as
part of a pre-acquisition due diligence investigation. In these circumstances, the
values ascribed to individual assets and liabilities in this due diligence will be an
appropriate value to use for the initial recognition of each asset and liability. This
means that fair value often becomes fair value through the eyes of the acquirer.
This is not always the most appropriate valuation basis, however, since the value
given by the acquirer may include some degree of the acquirer’s intentions. For
example, it is common for a new acquirer to plan to restructure an acquired
business shortly after the acquisition. This might include an intention to pay off
any litigation in progress at the date of acquisition in order to fee management
time for integration of the subsidiary into its new group. This could result in
incorrect recognition of provisions that are higher than the true value of the
obligation. IAS 37, Provisions, Contingent Liabilities and Contingent Assets
normally prohibits recognition of contingent liabilities. This rule is overturned on
the acquisition of a new subsidiary, since the existence of contingent liabilities
(eg individual lawsuits against the company) will reduce the value that the
acquirer is willing to pay for control of the company. To ensure a fair value of
initial goodwill, contingent liabilities must be valued within the statement of
financial position; with the most appropriate valuation probably being the amount
that the acquirer would be willing to pay an independent third party to assume the
risk on their behalf. IFRS 3 also requires recognition of any contingent
consideration payable to the sellers of the new subsidiary. These are common in
‘earn out’ arrangements where the amount that the seller eventually pays is
146

lOMoARcPSD|2981706
adjusted for post-acquisition profit of the business. The determination of a fair

value of this contingent consideration is subject to elevated estimation
uncertainty.
What is the auditor to do?
ISA 540 states that the auditor’s objective is to obtain sufficient, appropriate
evidence on whether:
Accounting estimates are reasonable, and
Related disclosures in the financial statements are adequate.
A critical first step for the auditor in planning the work needed on estimates is to
understand the client’s business and identify where the greatest scope for
accidental or deliberate bias in production of estimates exists. This assessment
will include a formal and documented assessment of:
How the client identifies items subject to estimates and how
satisfactory these procedures appear to be.
How the client identifies and assesses estimation uncertainty .
Estimation uncertainty is ‘The susceptibility of an accounting estimate and
related disclosures to an inherent lack of precision in its measurement’.
The greater the estimation uncertainty, the more the client will need to
explore the effect of different models and assumptions to make an
appropriate estimate. For example, if long-term receivables are judged to
be subject to high estimation uncertainty, the client will need to test how
sensitive the estimates are to changes in discount rates or assumed
default rates. If estimation uncertainty is lower, less work will be required
by the client in determining the estimate and also less corroborative
evidence needs to be obtained by the auditor.
How the client has identified new items that are subject to
estimates and any existing items subject to estimation but where there
may now be a more reliable method of establishing an estimate.
The source data used by the client upon which to base an estimate,
together with how relevant and reliable that source data appears to be.
Historically, estimates have arguably mostly been audited by assessing the
client’s schedules and determining if they are reasonable. ISA 540 requires a
more forensic approach than this.
Sufficient, appropriate evidence
The greater the potential materiality of an item and the greater its estimation
uncertainty, the greater the evidence will need to be in order to be sufficient and
appropriate to base a conclusion. The core evidence is likely to be:
The auditor must assess and document their own independent
assessment of estimation uncertainty for each material, subjectively
valued item in the financial statements.
Assessment of adequacy of controls over determining estimates
and whether the controls have worked as specified. For example, if a risk
management committee is tasked with approval of all material estimates,
is there evidence that this has happened, that its members were properly
briefed and competent?
Inspection of accounting policies used by management to ensure
147

lOMoARcPSD|2981706
that they comply with the appropriate rules of the GAAP system used.
Investigation of outcomes of the uncertainties after the year-end but
before the audit opinion is issued. If the uncertainty has been settled
before the audit opinion has been issued, the uncertainty has effectively
been disposed of.
Comparison of historical accuracy of management estimates
compared with actual outcomes. The greater the variance between
estimates and eventual outcomes, the greater the risk of error; either by
high estimation uncertainty or weak control by management of the process
of determining estimates.
Verification of any underlying data used by management (eg debt
default rates by age of debt) to external evidence.
The auditor’s response is graded depending on whether a risk
identified is a normal risk or a significant risk. A significant risk is one that
the auditor judges to have high estimation uncertainty. The size of the item
in the draft financial statements may give a misleading view of its potential
significance. If an item is estimated to have a low value, but is subject to
high estimation uncertainty then that figure may well be significantly
understated when compared with the eventual outcome of the estimate.
Hence ISA 540 directs the auditor’s work from a starting point of
uncertainty rather than the materiality of the draft figure in the financial
statements. The greater the estimation uncertainty, rather than the size of
the draft figure, the greater the amount of evidence that the auditor will
need to obtain.
The auditor must develop their own point estimate, or range of
estimates if a point estimate is not achievable. A point estimate is the
auditor’s own assessment of the single most likely value. A range of
estimates is the range over which the auditor believes an estimate would
be reasonable.
For significant risks, the auditor must assess if management
considered alternative means for determining estimates.
Significant risks may arise as a result of valuation being largely
linked to management intentions (eg the intended future use of an asset
may affect its recoverable value and so impairment loss under IAS 36,
Impairment of Assets). ISA 540 requires the auditor to document an
assessment of viability of management’s intentions wherever these
intentions are part of the estimated fair value of an item subject to
significant risks.
The auditor must assess for signs of management bias. The
existence of management bias does not necessarily mean that
management is incapable of producing a neutral estimate, but the
chances of an estimate not being neutral are increased.
A change in method of estimation by management should be
treated with scepticism. Changing the methodology used to make an
estimate has much the same effect on the financial statements as
changing an accounting policy, so the auditor should require evidence that
148

lOMoARcPSD|2981706
a change in methodology as necessary to produce more reliable

estimates.
Sceptically review assumptions used by management for internal
consistency and ensure in accordance with observable market data. For
example, if inflation has been built into growth in expected income
streams, ensure that all future costs are also estimated allowing for
expected inflation. There is a high inherent risk of cost estimates being
based on today’s costs; thus overestimating net income.
Ranges of estimates are normally adequate if their range of values
(other than remotely possible values) is within performance materiality.
Performance materiality is the figure below which errors noted on audit
tests of detail are not cumulatively recorded in the audit files. If their range
of values other than remote possibilities falls outside the limit of
performance materiality, they represent significant estimation risks and
more evidence is required; normally including estimation of a point
estimate.
Should consider need for specialist advice.
Obtain written management representations to confirm the auditor’s
understanding of management’s intentions. Note that management
representations alone do not provide sufficient, appropriate evidence. The
representation letter should be viewed as a necessary, but insufficient
component of the audit evidence.
Summary
Audit of estimates is subject to a high degree of uncertainty. The degree of audit
risk is somewhat reduced by GAAP systems accepting that more than one
estimate of the same uncertainty may give a true and fair view. This is why
GAAP systems often require substantial disclosure of the circumstances giving
rise to the uncertainty; so that readers can make up their own mind. Audit of
estimates is likely to be a common feature in the Paper P7 exam, as well as in
practice. Auditor’s judgment is often difficult to challenge. Failure to follow the
prescribed steps that lead to the use of auditor’s judgment however is much
easier to attack in any negligence action. Both Paper P7 students and auditors in
practice will do well to be familiar with the enhanced requirements of ISA 540.
Graham Fairclough is group technical director at the ExP Group
ANALYTICAL PROCEDURES
To obtain audit evidence, the auditor performs one – or a combination – of
the following procedures:
inspection
observation
external confirmation
inquiry
reperformance
recalculation
analytical procedures.
149

lOMoARcPSD|2981706
It is mandatory that the auditor should perform risk assessment for the
identification and assessment of risks of material misstatement at the financial
statement and assertion level, and the risk assessment procedures should
include analytical procedures (ISA 315). It is also mandatory that the auditor
should perform analytical procedures near the end of the audit that assess
whether the financial statements are consistent with the auditor’s understanding
of the entity (ISA 520). Analytical procedures are also commonly used in non-
audit and assurance engagements, such as reviews of prospective financial
information, and non-audit reviews of historical financial information. While the
use of analytical procedures in such engagements is not covered in the ISAs, the
principals regarding their use are relevant.
Definition of analytical procedures
Analytical procedures consist of ‘evaluations of financial information through
analysis of plausible relationships among both financial and non-financial data’.
They also encompass ‘such investigation as is necessary of identified
fluctuations or relationships that are inconsistent with other relevant information
or that differ from expected values by a significant amount’ (ISA 520). A basic
premise underlying the application of analytical procedures is that plausible
relationships among data may reasonably be expected to exist and continue in
the absence of conditions to the contrary.
Purposes of analytical procedures
Analytical procedures are used throughout the audit process and are conducted
for three primary purposes:
Preliminary analytical review – risk assessment (required by ISA 315)
Preliminary analytical reviews are performed to obtain an understanding of
the business and its environment (eg financial performance relative to
prior years and relevant industry and comparison groups), to help assess
the risk of material misstatement in order to determine the nature, timing
and extent of audit procedures, ie to help the auditor develop the audit
strategy and programme.
Substantive analytical procedures Analytical procedures are used as
substantive procedures when the auditor considers that the use of
analytical procedures can be more effective or efficient than tests of
details in reducing the risk of material misstatements at the assertion level
to an acceptably low level.
Final analytical review (required by ISA 520) Analytical procedures are
performed as an overall review of the financial statements at the end of
the audit to assess whether they are consistent with the auditor’s
understanding of the entity. Final analytical procedures are not conducted
to obtain additional substantive assurance. If irregularities are found, risk
assessment should be performed again to consider any additional audit
procedures are necessary.
Use of substantive analytical procedures
One of the objectives of ISA 520 is that relevant and reliable audit evidence is
obtained when using substantive analytical procedures. The primary purpose of
substantive analytical procedures is to obtain assurance, in combination with
150

lOMoARcPSD|2981706
other audit testing (such as tests of controls and substantive tests of details), with
respect to financial statement assertions for one or more audit areas. Substantive
analytical procedures are generally more applicable to large volumes of
transactions that tend to be more predictable over time. The application of
substantive analytical procedures is based on the expectation that relationships
among data exist and continue in the absence of known conditions to the
contrary. The presence of these relationships provides audit evidence as to the
completeness, accuracy and occurrence of transactions. Due to their nature,
substantive analytical procedures can often provide evidence for multiple
assertions, identify audit issues that may not be apparent from more detailed
work, and direct the auditor’s attention to areas requiring further investigation.
Furthermore, the auditor may identify risks or deficiencies in internal control that
had not previously been identified, which may cause the auditor to re-evaluate
his planned audit approach and require the auditor to obtain more assurance
from other substantive testing than originally planned. To derive the most benefit
from substantive analytical procedures, the auditor should perform substantive
analytical procedures before other substantive tests because results of
substantive analytical procedures often impact the nature and extent of detailed
testing. Substantive analytical procedures might direct attention to areas of
increased risk, and the assurance obtained from effective substantive analytical
procedures will reduce the amount of assurance needed from other tests. There
are four elements that comprise distinct steps that are inherent in the process to
using substantial analytical procedures: STEP 1: Develop an independent
expectation The development of an appropriately precise, objective expectation
is the most important step in effectively using substantive analytical procedures.
An expectation is a prediction of a recorded amount or ratio. The prediction can
be a specific number, a percentage, a direction or an approximation, depending
on the desired precision. The auditor should have an independent expectation
whenever s/he uses substantive analytical procedures (ISA 520). The auditor
develops expectations by identifying plausible relationships (eg between store
square footage and retail sales, market trends and client revenues) that are
reasonably expected to exist based on his knowledge of the business, industry,
trends, or other accounts. STEP 2: Define a significant difference (or
threshold) While designing and performing substantive analytical procedures the
auditor should consider the amount of difference from the expectation that can be
accepted without further investigation (ISA 520). The maximum acceptable
difference is commonly called the ‘threshold’. Thresholds may be defined either
as numerical values or as percentages of the items being tested. Establishing an
appropriate threshold is particularly critical to the effective use of substantive
analytical procedures. To prevent bias in judgment, the auditor should determine
the threshold while planning the substantive analytical procedures, ie before Step
3, in which the difference between the expectation and the recorded amount are
computed. The threshold is the acceptable amount of potential misstatement and
therefore should not exceed planning materiality and must be sufficiently small to
enable the auditor to identify misstatements that could be material either
individually or when aggregated with misstatements in other disaggregated
151

lOMoARcPSD|2981706
portions of the account balance or in other account balances. STEP 3: Compute

difference The third step is the comparison of the expected value with the
recorded amounts and the identification of significant differences, if any. This
should be simply a mechanical calculation. It is important to note that the
computation of differences should be done after the consideration of an
expectation and threshold. In applying substantive analytical procedures, it is not
appropriate to first compute differences from prior-period balances and then let
the results influence the ‘expected’ difference and the acceptable threshold.
STEP 4: Investigate significant differences and draw conclusions The fourth
step is the investigation of significant differences and formation of conclusions
(ISA 520). Differences indicate an increased likelihood of misstatements; the
greater the degree of precision, the greater the likelihood that the difference is a
misstatement. Explanations should be sought for the full amount of the
difference, not just the part that exceeds the threshold. There is a chance that the
unexplained difference may indicate an increased risk of material misstatement.
The auditor should consider whether the differences were caused by factors
previously overlooked when developing the expectation in Step 1, such as
unexpected changes in the business or changes in accounting treatments. If the
difference is caused by factors previously overlooked, it is important to verify the
new data, to show what impact this would have on the original expectations as if
this data had been considered in the first place, and to understand any
accounting or auditing ramifications of the new data.
Key factors affecting the precision of analytical procedures
There are four key factors that affect the precision of analytical procedures:
1 Disaggregation The more detailed the level at which analytical procedures are
performed, the greater the potential precision of the procedures. Analytical
procedures performed at a high level may mask significant, but offsetting,
differences that are more likely to come to the auditor’s attention when
procedures are performed on disaggregated data. The objective of the audit
procedure will determine whether data for an analytical procedure should be
disaggregated and to what degree it should be disaggregated. Disaggregated
analytical procedures can be best thought of as looking at the composition of a
balance(s) based on time (eg by month or by week) and the source(s) (eg by
geographic region or by product) of the underlying data elements. The reliability
of the data is also influenced by the comparability of the information available
and the relevance of the information available. 2 Data reliability The more
reliable the data is, the more precise the expectation. The data used to form an
expectation in an analytical procedure may consist of external industry and
economic data gathered through independent research. The source of the
information available is particularly important. Internal data produced from
systems and records that are covered by the audit, or that are not subject to
manipulation by persons in a position to influence accounting activities, are
generally considered more reliable. 3 Predictability There is a direct correlation
between the predictability of the data and the quality of the expectation derived
from the data. Generally, the more precise an expectation is for an analytical
procedure, the greater will be the potential reliability of that procedure. The use of
152

lOMoARcPSD|2981706
non-financial data (eg number of employees, occupancy rates, units produced) in

developing an expectation may increase the auditor’s ability to predict account
relationships. However, the information is subject to data reliability considerations
mentioned above. 4 Type of analytical procedures There are several types of
analytical procedures commonly used as substantive procedures and will
influence the precision of the expectation. The auditor chooses among these
procedures based on his objectives for the procedures (ie purpose of the test,
desired level of assurance).
Trend analysis – the analysis of changes in an account over time.
Ratio analysis – the comparison, across time or to a benchmark, of
relationships between financial statement accounts and between an
account and non-financial data.
Reasonableness testing – the analysis of accounts, or changes in accounts
between accounting periods, that involves the development of a model to
form an expectation based on financial data, non - financial data, or both.
Each of the types uses a different method to form an expectation. They are
ranked from lowest to highest in order of their inherent precision. Scanning
analytics are different from the other types of analytical procedures in that
scanning analytics search within accounts or other entity data to identify
anomalous individual items, while the other types use aggregated financial
information. If the auditor needs a high level of assurance from a substantive
analytical procedure, s/he should develop a relatively precise expectation by
selecting an appropriate analytical procedure (eg a reasonableness test instead
of a simple trend or ‘flux’ analysis). Thus, determining which type of substantive
analytical procedure to use is a matter of professional judgment. In summary,
there is a direct correlation between the type of analytical procedure selected and
the precision it can provide. Generally, the more precision inherent in an
analytical procedure used, the greater the potential reliability of that procedure.
Key messages:
Substantive analytical procedures play an important part in a risk-
based audit approach.
Properly designed and executed analytical procedures can allow
the auditor to achieve audit objectives more efficiently by reducing or
replacing other detailed audit testing.
The effectiveness of analytical procedures depends on the auditor’s
understanding of the entity and its environment and the use of
professional judgment; therefore, analytical procedures should be
performed or reviewed by senior members of the engagement team.
It is vital that the analytical procedures be sufficiently documented
to enable an experienced auditor, having no previous connection with the audit,
to understand the work done (ISA 230).
GOING CONCERN
The Paper P7 examiner describes the additional guidance given for ISA
153

lOMoARcPSD|2981706
570, Going Concern

The recent global economic crisis, commonly referred to as the credit crunch,
has provided many challenges for both the preparers and the auditors of
published financial statements.
For auditors, ISA 570, Going Concern is a well-established source of guidance,
and additional direction has been provided by the IAASB's Practice Alert Audit
Considerations in Respect of Going Concern in the Current Economic
Environment, issued in January 2009. In the UK, the APB issued the Bulletin
Going Concern Issues During the Current Economic Conditions in December
2008. Both of these are examinable documents for the Paper P7 exams in 2010.
The auditor's objectives in relation to going concern
ISA 570 contains well-established guidance on going concern, including the
following objectives for the auditor:
to obtain sufficient appropriate audit evidence regarding the
appropriateness of management's use of the going concern assumption in
the preparation of the financial statements
to conclude, based on the audit evidence obtained, whether a
material uncertainty exists related to events or conditions that may cast
significant doubt on the entity's ability to continue as a going concern, and
to determine the implications for the auditor's report.
All audits should involve an assessment of the appropriateness of the going
concern assumption, and it is obvious to say that the auditor may well have to
perform additional procedures when there are heightened risks relating to going
concern, caused by difficult economic and market conditions. But going concern
should be considered at all stages of the audit, not just in terms of specific
procedures. It is important to remember that going concern is not just something
considered at a particular stage in the audit cycle, but should be an issue that
permeates the whole performance and review of an audit.
Auditors should consider the current economic circumstances and their impact
on a particular audit when:
assessing risk at the planning stage of the audit, and when re-
assessing risk as the audit progresses
designing and performing audit procedures to respond to the
assessed risks
evaluating and concluding on the results of audit procedure, and
forming an audit opinion.
Assessing risk at the planning stage of the audit
Auditors are required by ISA 315, Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its Environment, to gain an
understanding of the audit client's business and the economic environment in
which it operates. This understanding should then lead to the identification of
business risks, which are then evaluated in terms of any risks of material
misstatement in the financial statements.
Business risks include risks that could reduce the company's profit and/or cash
inflows, and could ultimately mean that either a company is not a going concern,
or that there are significant doubts over its ability to continue as a going concern.
154

lOMoARcPSD|2981706
Identification of this heightened risk at this initial stage in the audit cycle means
that additional audit procedures can be planned as a response to the specific
risks identified.
All of this means that the auditor must gain a detailed understanding of the
economic environment in which a company is operating, and more specifically,
an understanding of the particular market conditions affecting its operations.
Risks can arise from many factors, including reduced demand for goods and
services, customers' inability to pay for goods and services already provided, and
an inability to raise necessary finance. Such factors must be assessed for their
specific impact on a company's operations. It is important to remember that
difficult economic or market conditions do not necessarily mean that a material
uncertainty exists about a company's ability to continue as a going concern.
The evaluation of business risks should lead to the assessment of specific
financial statement risks. For a company facing going concern difficulties, the
fundamental financial statement risk is whether the financial statements have
been prepared under the correct assumption, or whether any significant
uncertainties have been disclosed in the financial statements. However, there are
more specific financial statement risks including:
potential overstatement of non-current assets if impairments
caused by reduced market value or value in use have not been
recognised
potential overstatement of inventory if net realisable value has
fallen due to reduced demand
potential overstatement of receivables if bad debts not provided for
incorrect measurement and recognition of gains or losses on
financial instruments due to inactive markets
incorrect measurement and disclosure of assets held for sale or
discontinued operations
incorrect measurement or disclosure of provisions or contingent
liabilities caused by restructuring of operations.
Designing, performing and evaluating audit procedures
Where risks, such as the ones mentioned above, have been identified, the
auditor must respond to the risks by designing and performing appropriate audit
procedures. Clearly the procedures should address the specific risks identified,
and so extra procedures may be needed on many balances and transactions
such as the ones outlined above.
More generally, audit procedures are necessary in order to evaluate how the key
management personnel have satisfied themselves that it is appropriate to adopt
the going concern basis in preparing the financial statements. Procedures should
include:
analysing and discussing cash flow, profit and other relevant
forecasts with management
reviewing the terms of loan agreements and determining whether
they have been breached
reading minutes of board meetings and relevant committees for any
discussion of financing difficulties
155

lOMoARcPSD|2981706
reviewing events after the year end to identify factors relevant to

the going concern assumption as a basis for the preparation of the
Paragraph A15 of ISA 570 contains examples of additional procedures that may
be used.
Analysis of cash flow is usually a key feature of any going concern evaluation. In
this evaluation the auditor should pay particular attention to the reliability of the
company's systems for generating the cash flow information, and whether the
assumptions underlying the cash flow appear reasonable.
In evaluating going concern, the auditor will consider whether necessary
borrowing facilities are in place and in doing so will attempt to obtain
confirmations from the company's bankers. However, the bankers may be
reluctant to confirm whether the borrowing facilities will be available, in which
case the auditor should consider the significance of this to the entity's ability to
continue as a going concern, and also consider, through discussion with
management, whether there are other strategies or sources of finance available.
Forming an audit opinion
In forming the audit opinion, the auditor should consider two issues: have the
financial statements been prepared using the appropriate going concern
assumption, and is there adequate disclosure of any material uncertainty
regarding the going concern status.
First, the auditor may conclude that management's use of the going concern
assumption is inappropriate. This means that the financial statements are
effectively rendered meaningless, and ISA 570 requires the auditor to express an
adverse opinion on the financial statements.
In rare circumstances, where the financial statements have not been prepared
under the going concern assumption (for example, using a liquidation basis), and
the auditor agrees with the use of this alternative basis for the preparation of the
financial statements, the audit report will not be qualified, as there is no basis for
a disagreement, but the auditor may consider it necessary to include an
Emphasis of Matter paragraph in the audit report to highlight the unusual
circumstances to the users of the financial statements.
It is much more likely that the auditor disagrees with the level of disclosure of
material uncertainties, rather than disagreeing with the use of the going concern
assumption. ISA 570 contains detailed guidance in this area, which is briefly
summarised below:
Where the disclosure of material uncertainty is considered
adequate, the auditor includes an Emphasis of Matter paragraph within
the audit report to highlight the uncertainty to the users of the financial
statements.
Where there are multiple significant uncertainties that relate to the
financial statements as a whole, a disclaimer of opinion may be
considered more appropriate than an Emphasis of Matter paragraph. ISA
570 comments that this is in extremely rare cases only.
Where the disclosure of material uncertainty is not considered
adequate, the audit opinion should be either qualified due to
156

lOMoARcPSD|2981706
disagreement, or an adverse opinion should be given, depending on the

level of significance of the lack of disclosure.
Ethical matters
In the current economic climate, with severe restrictions on borrowing facilities in
many jurisdictions, auditors are likely to be asked by audit clients to perform non-
audit services which may create self review, advocacy or management threats to
objectivity and independence. For example, the audit firm may be asked to
perform:
a review of the business including advising on restructuring options
a review of prospective financial information, possibly for
presentation to potential providers of finance
advising on corporate finance options, or negotiating such options.
The problem created is that the audit firm may not be able to objectively assess
going concern factors when in addition becoming involved with non-audit
services pertaining to the going concern status of the company. The audit firm
should carefully consider the appropriateness of providing such non-audit
services in these circumstances.
Safeguards may be able to reduce the threats to objectivity and independence to
an acceptable level. Safeguards may include:
a review of the going concern assessment and conclusion reached
by a partner who is not a member of the audit team
additional procedures as part of an Engagement Quality Control
Review
confirmation from the audit client that they remain responsible for
any decisions or actions taken as a result of the non-audit service
provided.
Conclusion
In the current economic climate, auditors must be extra vigilant in relation to the
audit of going concern matters, and should also remember the possible ethical
implications of being involved in non-audit services relevant to going concern.
Even though the global economy may now be showing signs of recovery, the
effects in some markets and for many companies are likely to be seen for some
time, so auditors should not approach the assessment of going concern in
difficult times as a one-off exercise, but as an issue to be continually addressed.
AUDIT RISK
This article outlines and explains the concept of audit risk, making
reference to the key auditing standards which give guidance to auditors
about risk assessment
Identifying and assessing audit risk is a key part of the audit process, and ISA
315, Identifying and Assessing the Risks of Material Misstatement Through
Understanding the Entity and Its Environment, gives extensive guidance to
auditors about audit risk assessment. The purpose of this article is to give
summary guidance to FAU, F8 and P7 students about the concept of audit risk.
157

lOMoARcPSD|2981706
All subsequent references in this article to the standard will be stated simply as
ISA 315, although ISA 315 is a ‘redrafted’ standard, in accordance with the
International Auditing and Assurance Standards Board (IAASB) Clarity Project.
For further details on the IAASB Clarity Project, read the article 'The IAASB
Clarity Project' (see 'Related links').
What is audit risk?
According to the IAASB Glossary of Terms (1), audit risk is defined as follows:
‘The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk is a function of material
misstatement and detection risk.’
Why is audit risk so important to auditors?
Audit risk is fundamental to the audit process because auditors cannot and do
not attempt to check all transactions. Students should refer to any published
accounts of large companies and think about the vast number of transactions in a
statement of comprehensive income and a statement of financial position. It
would be impossible to check all of these transactions, and no one would be
prepared to pay for the auditors to do so, hence the importance of the risk-based
approach toward auditing. Traditionally, auditors have used a risk-based
approach in order to minimise the chance of giving an inappropriate audit
opinion, and audits conducted in accordance with ISAs must follow the
risk-based approach, which should also help to ensure that audit work is carried
out efficiently, using the most effective tests based on the audit risk assessment.
Auditors should direct audit work to the key risks (sometimes also described as
significant risks), where it is more likely that errors in transactions and balances
will lead to a material misstatement in the financial statements. It would be
inefficient to address insignificant risks in a high level of detail, and whether a risk
is classified as a key risk or not is a matter of judgment for the auditor.
Relevant ISAs
There are many references throughout the ISAs to audit risk, but perhaps the two
most important audit risk-related ISAs are as follows:
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of
an Audit in Accordance with ISAs ISA 200 sets out the overall objectives of the
auditor, and the standard explains the nature and scope of an audit designed to
enable an auditor to meet those objectives. References to audit risk are
frequently made by ISA 200, and the standard also requires that the auditor shall
plan and perform an audit with professional scepticism, recognising that
circumstances might exist that may cause the financial statements to be
materially misstated. Professional scepticism is defined as an attitude that
includes a questioning mind and a critical assessment of evidence.
ISA 315, Identifying and Assessing the Risks of Material Misstatement
Through Understanding the Entity and Its Environment ISA 315 deals with
the auditor’s responsibility to identify and assess the risks of material
misstatement in the financial statements through an understanding of the entity
and its environment, including the entity’s internal controls and risk assessment
process. The first version of ISA 315 was originally published in 2003 after a joint
audit risk project had been carried out between the IAASB, and the United States
158

lOMoARcPSD|2981706
Auditing Standards Board. Changes in the audit risk standards have arguably
been the single biggest change in auditing standards in recent years, so the
significance of ISA 315, and the topic of audit risk, should not be underestimated
by auditing students.
The requirements of ISA 315 are summarised in the following table.
(1). The auditor shall perform risk assessment procedures in order

to provide a basis for the identification and assessment of the risks
of material misstatement.
(2). The auditor is required to obtain an understanding of the entity
and its environment, including the entity’s internal control systems.
(3). The auditor shall identify and assess the risks of material
misstatement, and determine whether any of the risks identified
are, in the auditor’s judgement, significant risks. This is in order to
provide a basis for designing and performing further audit
procedures.
(4). ISA 330 then deals with the required responses to assessed
risks.
Block: Text
Let us consider each of these four stages in more detail.
1. Risk assessment procedures ISA 315 gives an overview of the procedures
that the auditor should follow in order to obtain an understanding sufficient to
assess audit risks, and these risks must then be considered when designing the
audit plan. ISA 315 goes on to require that the auditor shall perform risk
assessment procedures to provide a basis for the identification and assessment
of risks of material misstatement at the financial statement and assertion levels.
ISA 315 goes on to identify the following three risk assessment procedures:
Making inquiries of management and others within the entity Auditors must
have discussions with the client’s management about its objectives and
expectations, and its plans for achieving those goals.
Analytical procedures Analytical procedures performed as risk assessment
procedures should help the auditor in identifying unusual transactions or
positions. They may identify aspects of the entity of which the auditor was
unaware, and may assist in assessing the risks of material misstatement in order
to provide a basis for designing and implementing responses to the assessed
risks.
Observation and inspection Observation and inspection may also provide
information about the entity and its environment. Examples of such audit
procedures can potentially cover a very broad area, including observation or
inspection of the entity’s operations, documents, and reports prepared by
management, and also of the entity’s premises and plant facilities.
ISA 315 requires that risk assessment procedures should, at a minimum,
comprise a combination of the above three procedures, and the standard also
159

lOMoARcPSD|2981706
requires that the engagement partner and other key engagement team members
should discuss the susceptibility of the entity’s financial statements to material
misstatement. Key risks can be identified at any stage of the audit process, and
ISA 315 requires that the engagement partner should also determine which
matters are to be communicated to those engagement team members not
involved in the discussion.
2. Understanding an entity ISA 315 gives detailed guidance about the
understanding required of the entity and its environment by auditors, including
the entity’s internal control systems. Understanding of the entity and its
environment is important for the auditor in order to help identify the risks of
material misstatement, to provide a basis for designing and implementing
responses to assessed risk (see reference below to ISA 330, The Auditor’s
Responses to Assessed Risks), and to ensure that sufficient appropriate audit
evidence is collected. Given that the focus of this article is audit risk, however,
students should ensure that they also make themselves familiar with the concept
of internal control, and the components of internal control systems.
3. Identification and assessment of significant risks and the risks of
material misstatement In exercising judgement as to which risks are significant
risks, the auditor is required to consider the following:
Whether the risk is a risk of fraud.
Whether the risk is related to recent significant economic,
accounting or other developments, and therefore requires specific
attention.
The complexity of transactions.
Whether the risk involves significant transactions with related
parties.
The degree of subjectivity in the measurement of financial
information related to the risk, especially those measurements involving a
wide range of measurement uncertainty.
Whether the risk involves significant transactions that are outside
the normal course of business for the entity, or that otherwise appear to be
unusual.
4. ISA 330 and responses to assessed risks The requirements of ISA 330,
The Auditor’s Responses to Assessed Risks, will be covered in a future article,
but essentially ISA 330 gives guidance about the nature and extent of the testing
required, based on the risk assessment findings.
Audit risk and business risk
For the purposes of the F8 exam, it is important to make a distinction between
audit risk and business risk (which is not examinable in F8), even though ISA 315
itself does not make such a distinction clear. ISA 315(2) defines business risk as
follows:
‘A risk resulting from significant conditions, events, circumstances, actions or
inactions that could adversely affect an entity’s ability to achieve its objectives
and execute its strategies, or from the setting of inappropriate objectives and
strategies.’
Hence, business risk is a much broader concept than audit risk. Students are
160

lOMoARcPSD|2981706
reminded that business risk is excluded from the FAU and F8 syllabus, although
it is examinable in P7.
The audit risk model
Finally, it is important to make reference to the so called traditional audit risk
model, which pre-dates ISA 315, but continues to remain important to the audit
process. The audit risk model breaks audit risk down into the following three
components:
Inherent risk This is the susceptibility of an assertion about a class of
transaction, account balance, or disclosure to a misstatement that could be
material, either individually or when aggregated with other misstatements, before
consideration of any related controls.
Control risk This is the risk that a misstatement could occur in an assertion
about a class of transaction, account balance or disclosure, and that the
misstatement could be material, either individually or when aggregated with other
misstatements, and will not be prevented or detected and corrected, on a timely
basis, by the entity’s internal control.
Detection risk This is the risk that the procedures performed by the auditor to
reduce audit risk to an acceptably low level will not detect a misstatement that
exists and that could be material, either individually or when aggregated with
other misstatements. The interrelationship of the three components of audit risk
is outside the scope of this current article. F8 students, however, will typically be
expected to have a good understanding of the concept of audit risk, and to be
able to apply this understanding to questions in order to identify and describe
appropriate risk assessment procedures.
The UK and Ireland perspective
The UK Auditing Practices Board announced in March 2009 that it would update
its auditing standards according to the clarified ISAs, and that these standards
would apply for audits of accounting periods ending on or after 15 December
2010. UK and Irish students should note that there are no significant differences
on audit risk between ISA 315 and the UK and Ireland version of the standard.
Conclusions
The concept of audit risk is of key importance to the audit process and F8
students are required to have a good understanding of what audit risk is, and
why it is so important. For the purposes of the F8 exam, it is important to
understand that audit risk is a very practical topic and is therefore examined in a
very practical context. Any definition or explanation of the audit risk model itself
will usually only be allocated a small number of marks, but many students still
include such definitions in answers to case study and scenario questions which
require a practical application of audit risk assessment procedures. Students
must also be prepared to apply their understanding of audit risk to questions and
come up with appropriate risk assessment procedures.
Written by a member of the F8 examining team
References
AUDITING IN A COMPUTER-BASED ENVIRONMENT (2)

Relevant to Foundation level Paper FAU and ACCA Qualification Papers F8 and
161

lOMoARcPSD|2981706
P7 (Int and UK) The accounting systems of many companies, large and
small, are computer-based; questions in all ACCA audit papers reflect this
situation. Students need to ensure they have a complete understanding of the
controls in a computer-based environment, how these impact on the auditor’s
assessment of risk, and the subsequent audit procedures. These procedures will
often involve the use of computer-assisted audit techniques (CAATs). The aim of
this article is to help students improve their understanding of this topic by giving
practical illustrations of computer-based controls and computer-assisted
techniques and the way they may feature in exam questions. Relevant auditing
standards References will be made throughout this article to the most recent
guidance in standards:
ISA 300 (Redrafted) Planning an Audit of Financial Statements
ISA 315 (Redrafted) Identifying and Assessing the Risks of Material
Misstatement Through Understanding the Entity and Its Environment
ISA 330 (Redrafted) The Auditor’s Responses to Assessed Risks.
Internal controls in a computer environment The two main categories are
application controls and general controls. Application controls These are
manual or automated procedures that typically operate at a business process
level and apply to the processing of transactions by individual applications.
Application controls can be preventative or detective in nature and are designed
to ensure the integrity of the accounting records. Accordingly, application controls
relate to procedures used to initiate, record, process and report transactions or
other financial data. These controls help ensure that transactions occurred, are
authorised and are completely and accurately recorded and processed (ISA 315
(Redrafted)). Application controls apply to data processing tasks such as sales,
purchases and wages procedures and are normally divided into the following
categories: (i) Input controls Examples include batch control totals and document
counts, as well as manual scrutiny of documents to ensure they have been
authorised. An example of the operation of batch controls using accounting
software would be the checking of a manually produced figure for the total gross
value of purchase invoices against that produced on screen when the batch-
processing option is used to input the invoices. This total could also be printed
out to confirm the totals agree. The most common example of programmed
controls over the accuracy and completeness of input are edit (data validation)
checks when the software checks that data fields included on transactions by
performing:
reasonableness check, eg net wage to gross wage
existence check, eg that a supplier account exists
character check, eg that there are no alphabetical characters in a
sales invoice number field
range check, eg no employee’s weekly wage is more than $2,000
check digit, eg an extra character added to the account reference
field on a purchase invoice to detect mistakes such as transposition errors
during input.
When data is input via a keyboard, the software will often display a screen
message if any of the above checks reveal an anomaly, eg ‘Supplier account
162

lOMoARcPSD|2981706
number does not exist’. (ii) Processing controls An example of a programmed

control over processing is a run-to-run control. The totals from one processing
run, plus the input totals from the second processing, should equal the result
from the second processing run. For instance, the beginning balances on the
receivables ledger plus the sales invoices (processing run 1) less the cheques
received (processing run 2) should equal the closing balances on the receivable
ledger. (iii) Output controls Batch processing matches input to output, and is
therefore also a control over processing and output. Other examples of output
controls include the controlled resubmission of rejected transactions, or the
review of exception reports (eg the wages exception report showing employees
being paid more than $1,000). (iv) Master files and standing data controls
Examples include one-for-one checking of changes to master files, eg customer
price changes are checked to an authorised list. A regular printout of master files
such as the wages master file could be forwarded monthly to the personnel
department to ensure employees listed have personnel records. General
controls These are policies and procedures that relate to many applications and
support the effective functioning of application controls. They apply to mainframe,
mini-frame and end-user environments. General IT controls that maintain the
integrity of information and security of data commonly include controls over the
following:
data centre and network operations
system software acquisition, change and maintenance
program change
access security
application system acquisition, development, and maintenance (ISA
315 (Redrafted))
‘End-user environment’ refers to the situation in which the users of the computer
systems are involved in all stages of the development of the system.
(i) Administrative controls Controls over ‘data centre and network operations’ and
‘access security’ include those that:
prevent or detect errors during program execution, eg procedure
manuals, job scheduling, training and supervision; all these prevent errors
such as using wrong data files or wrong versions of production programs
prevent unauthorised amendments to data files, eg authorisation of
jobs prior to processing, back up and physical protection of files and
access controls such as passwords
ensure the continuity of operations, eg testing of back - up
procedures, protection against fire and floods.
(ii) System development controls The other general controls referred to in ISA
315 cover the areas of system software acquisition development and
maintenance; program change; and application system acquisition, development
and maintenance. ‘System software’ refers to the operating system, database
management systems and other software that increases the efficiency of
processing. Application software refers to particular applications such as sales or
wages. The controls over the development and maintenance of both types of
software are similar and include:
163

lOMoARcPSD|2981706
Controls over application development, such as good standards

over the system design and program writing, good documentation, testing
procedures (eg use of test data to identify program code errors, pilot
running and parallel running of old and new systems), as well as
segregation of duties so that operators are not involved in program
development
Controls over program changes – to ensure no unauthorised
amendments and that changes are adequately tested, eg password
protection of programs, comparison of production programs to controlled
copies and approval of changes by users
Controls over installation and maintenance of system software –
many of the controls mentioned above are relevant, eg authorisation of
changes, good documentation, access controls and segregation of duties.
Exam focus Students often confuse application controls and general controls. In
the June 2008 CAT Paper 8 exam, Question 2 asked candidates to provide
examples of application controls over the input and processing of data. Many
answers referred to passwords and physical access controls – which are
examples of general controls – and thus failed to gain marks. Computer-
assisted audit techniques Computer-assisted audit techniques (CAATs) are
those featuring the ‘application of auditing procedures using the computer as an
audit tool’ ( Glossary of Terms ). CAATs are normally placed in three main
categories:
(i) Audit software Computer programs used by the auditor to interrogate a client’s
computer files; used mainly for substantive testing. They can be further
categorised into:
Package programs (generalised audit software) – pre-prepared
programs for which the auditor will specify detailed requirements; written
to be used on different types of computer systems
Purpose-written programs – perform specific functions of the
auditor’s choosing; the auditor may have no option but to have this
software developed, since package programs cannot be adapted to the
client’s system (however, this can be costly)
Enquiry programs – those that are part of the client’s system, often
used to sort and print data, and which can be adapted for audit purposes,
eg accounting software may have search facilities on some modules, that
could be used for audit purposes to search for all customers with credit
balances (on the customers’ module) or all inventory items exceeding a
specified value (on the inventory module).
Using audit software, the auditor can scrutinise large volumes of data and
present results that can then be investigated further. The software consists of
program logic needed to perform most of the functions required by the auditor,
such as:
select a sample
report exceptional items
compare files
analyse, summarise and stratify data.
164

lOMoARcPSD|2981706
The auditor needs to determine which of these functions they wish to use, and
the selection criteria. Exam focus Sometimes, questions will present students
with a scenario and ask how CAATs might be employed by the auditor. Question
4 in the December 2007 Paper F8 exam required students to explain how audit
software could be used to audit receivables balances. To answer this type of
question, you need to link the functions listed above to the normal audit work on
receivables. Students should refer to the model answer to this question. The
following is an example of how this could be applied to the audit of wages:
Select a random sample of employees from the payroll master file;
the auditor could then trace the sample back to contracts of employment
in the HR department to confirm existence
Report all employees earning more than $1,000 per week
Compare the wages master file at the start and end of the year to
identify starters and leavers during the year; the auditor would then trace
the items identified back to evidence, such as starters’ and leavers’ forms
(in the HR department) to ensure they were valid employees and had
been added or deleted from the payroll at the appropriate time (the auditor
would need to request that the client retain a copy of the master file at the
start of the year to perform this test)
Check that the total of gross wages minus deductions equates to
net pay.
(ii) Test data Test data consists of data submitted by the auditor for processing
by the client’s computer system. The principle objective is to test the operation of
application controls. For this reason, the auditor will arrange for dummy data to
be processed that includes many error conditions, to ensure that the client’s
application controls can identify particular problems. Examples of errors that
might be included:
supplier account codes that do not exist
employees earning in excess of a certain limit
sales invoices that contain addition errors
submitting data with incorrect batch control totals.
Data without errors will also be included to ensure ‘correct’ transactions are
processed properly. Test data can be used ‘live’, ie during the client’s normal
production run. The obvious disadvantage with this choice is the danger of
corrupting the client’s master files. To avoid this, an integrated test facility will be
used (see other techniques below). The alternative (dead test data) is to perform
a special run outside normal processing, using copies of the client’s master files.
In this case, the danger of corrupting the client’s files is avoided – but there is
less assurance that the normal production programs have been used. (iii)
Other techniques There are increasing numbers of other techniques that can be
used; the main two are:
Integrated test facility – used when test data is run live; involves the
establishment of dummy records, such as departments or customer
accounts to which the dummy data can be processed. They can then be
ignored when client records are printed out, and reversed out later.
Embedded audit facilities (embedded audit monitor) – also known
165

lOMoARcPSD|2981706
as resident audit software; requires the auditor’s own program code to be

embedded into the client’s application software. The embedded code is
designed to perform audit functions and can be switched on at selected
times or activated each time the application program is used. Embedded
facilities can be used to: – Gather and store information relating to
transactions at the time of processing for subsequent audit review; the
selected transactions are written to audit files for subsequent examination,
often called system control and review file (SCARF) – Spot and record
(for subsequent audit attention) any items that are unusual; the
transactions are marked by the audit code when selection conditions
(specified by the auditor) are satisfied. This technique is also referred to
as tagging.
The attraction of embedded audit facilities is obvious, as it equates to having a
perpetual audit of transactions. However, the set-up is costly and may require the
auditor to have an input at the system development stage. Embedded audit
facilities are often used in real time and database environments. Impact of
computer-based systems on the audit approach The fact that systems are
computer-based does not alter the key stages of the audit process; this explains
why references to the audit of computer-based systems have been subsumed
into ISAs 300, 315 and 330. (i) Planning The Appendix to ISA 300 (Redrafted)
states ‘the effect of information technology on the audit procedures, including the
availability of data and the expected use of computer - assisted audit techniques’
as one of the characteristics of the audit that needs to be considered in
developing the overall audit strategy. (ii) Risk assessment 'The auditor shall
obtain an understanding of the internal control relevant to the audit.’ (ISA 315
(Redrafted)) The application notes to ISA 315 identify the information system as
one of the five components of internal control. It requires the auditor to obtain an
understanding of the information system, including the procedures within both IT
and manual systems. In other words, if the auditor relies on internal control in
assessing risk at an assertion level, s/he needs to understand and test the
controls, whether they are manual or automated. Auditors often use internal
control evaluation (ICE) questions to identify strengths and weaknesses in
internal control. These questions remain the same – but in answering them, the
auditor considers both manual and automated controls. For instance, when
answering the ICE question, ‘Can liabilities be incurred but not recorded?’, the
auditor needs to consider manual controls, such as matching goods received
notes to purchase invoices – but will also consider application controls, such as
programmed sequence checks on purchase invoices. The operation of batch
control totals, whether programmed or performed manually, would also be
relevant to this question. (iii) Testing ‘The auditor shall design and perform further
audit procedures whose nature, timing and extent are based on and are
responsive to the assessed risks of material misstatement at the assertion level.’
(ISA 330 (Redrafted)) This statement holds true irrespective of the accounting
system, and the auditor will design compliance and substantive tests that reflect
the strengths and weaknesses of the system. When testing a computer
information system, the auditor is likely to use a mix of manual and computer-
166

lOMoARcPSD|2981706
assisted audit tests. ‘Round the machine (computer)’ v ‘through the machine
(computer)’ approaches to testing Many students will have no experience of
the use of CAATs, as auditors of clients using small computer systems will often
audit ‘round the machine’. This means that the auditor reconciles input to output
and hopes that the processing of transactions was error-free. The reason for the
popularity of this approach used to be the lack of audit software that was suitable
for use on smaller computers. However, this is no longer true, and audit software
is available that enables the auditor to interrogate copies of client files that have
been downloaded on to a PC or laptop. However, cost considerations still appear
to be a stumbling block. In the ‘through the machine’ approach, the auditor uses
CAATs to ensure that computer - based application controls are operating
satisfactorily. Conclusion The key objectives of an audit do not change in a
computer environment. The auditor still needs to obtain an understanding of the
system in order to assess control risk and plan audit work to minimise detection
risk. The level of audit testing will depend on the assessment of key controls. If
these are programmed controls, the auditor will need to ‘audit through the
computer’ and use CAATs to ensure controls are operating effectively. In small
computer-based systems, ‘auditing round the computer’ may suffice if sufficient
audit evidence can be obtained by testing input and output. Written by a
member of the Paper F8 examining team
MASSAGING THE FIGURES

A survey of audit committee members attending the 4th Annual Audit
Committee Issues Conference, published by KPMG in 2008(1), identified
the increased risk of earnings management as a top concern. For auditors,
it is certainly the case that there is an increased risk of earnings
management or even fraudulent financial reporting in the financial
statements of those companies affected by the global economic downturn.
What is ‘earnings management’?
Earnings management occurs when companies deliberately manipulate their
revenues and/or expenses in order to inflate (or deflate) figures relating to profits
and earnings per share. In other words, it is when companies use ‘creative
accounting’ to construct reported figures that show the position and performance
that management want to show. Unfortunately, earnings management is not
uncommon. Preparers of financial information (the finance director or financial
controller, for example) are often under pressure from other members of the
senior management team to present a certain level of profitability. This is
especially the case in today’s economic climate, when a company’s revenue may
have reduced significantly due to market factors, or if profit is being eroded by
significant expenses arising from asset impairments or other exceptional losses.
Earnings management does not always mean that the applicable financial
reporting framework has not been followed. Earnings management is often
described as ‘bending the rules’. It may be that the manipulation of published
figures is the result of selecting an accounting policy which is allowed under the
financial reporting framework, but which does not reflect economic reality. For
167

lOMoARcPSD|2981706
example, changing the estimated life of a non-current asset is allowed under

financial reporting standards, but if it is done purely to manipulate the
depreciation charge (and therefore earnings), then it becomes an example of
earnings management.
The problem for the auditor is that financial reporting standards allow a degree of
flexibility in application, and all financial statements will include balances and
disclosures that are subject to judgment and estimations. This means that it is
sometimes difficult to decide if an accounting treatment is within accepted
accounting principles, or whether the treatment is in breach of the rules – in
which case it represents fraudulent financial reporting.
When does earnings management become fraud?
Fraudulent financial reporting is a deliberate misstatement in the financial
statements. It can include the deliberate falsification of underlying accounting
records, intentionally breaching an accounting standard, or knowingly omitting
transactions or required disclosures in the financial statements. For example,
deliberately not disclosing a contingent liability, or significant going concern
problems, in the notes to the financial statements means that the disclosures
required (under IAS 37 and IAS 1 respectively) have intentionally not been made.
According to ISA 240 (Redrafted), The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements, this is an example of fraudulent
financial reporting.
ISA 240 (Redrafted) states that ‘incentive or pressure to commit fraudulent
financial reporting may exist when management is under pressure, from sources
outside or inside the entity, to achieve an expected (and perhaps unrealistic)
earnings target or financial outcome – particularly since the consequences to
management for failing to reach financial goals can be significant’. It can
therefore be seen that in times of financial difficulty, such as the current
economic downturn, management may feel pressurised into the non-disclosure
of items that may detract from the company’s performance during the year, or
into the use of accounting policies which produce deliberately misstated results
for the year.
Earnings management and fraudulent financial reporting are discussed more fully
in an article in Student Accountant(2), which can be found on the ACCA website.
What are the implications to the auditor?
Professional scepticism ISA 240 (Redrafted) stresses the importance of
approaching the audit with a degree of professional scepticism, an attitude which
should be heightened if there is a suspicion of fraudulent financial reporting.
Discussion among the audit team In accordance with ISA 315, (Redrafted)
Identifying and Assessing the Risks of Material Misstatement Through
Understanding the Entity and its Environment, ISA 240 (Redrafted) re-
emphasises the fact that the audit team should have a discussion about those
factors that indicate that the financial statements may be susceptible to
misstatement due to fraud.
Evaluation of accounting policies When assessing the risk of fraudulent
financial reporting, particular attention should be paid to the selection and
application of accounting policies. Particular attention should focus on those
168

lOMoARcPSD|2981706
policies relating to complex transactions, and to subjective matters. All

accounting policies and estimates should be carefully reviewed for potential bias.
The circumstances resulting in any bias may represent a risk of misstatement
due to a fraudulent financial reporting.
Completeness of disclosures In difficult economic times, management may be
tempted to hide information which may raise concerns about the company’s
performance. The auditor must therefore consider whether all relevant
information has been disclosed in the financial statements in compliance with
accounting standards.
Audit report In cases where financial statements appear to have been misstated
due to earnings management or fraudulent financial reporting, the auditor should
carefully consider the implications for the audit report. The problem for the
auditor will be to decide whether any earnings management is within generally
accepted accounting principles (and so, therefore, the financial statements are
fairly presented), or whether it is so aggressive that it is in breach of accepted
accounting practice and therefore fraudulent. A breach of financial reporting
principles resulting from the misapplication of accounting standards will result in
a disagreement and thus a potential qualification of the audit opinion.
Reporting to those charged with governance Instances of fraudulent financial
reporting should be communicated to those charged with governance on a timely
basis. The relevant audit procedures necessary to complete the audit should also
be discussed.
Other reporting responsibilities ISA 240 (Redrafted) indicates that where fraud
has occurred, the auditor should consider other reporting responsibilities, such as
communications with regulatory and enforcement authorities. In many
jurisdictions, it would also be appropriate to communicate with shareholders, for
example at a general meeting of members.
Conclusion
Current global economic circumstances mean that auditors face increased audit
risk. Preparers of financial statements have the motive to make the published
accounts appear as good as possible, and the means to do this is earnings
management or fraudulent financial reporting. Auditors therefore need to conduct
risk assessment and audit procedures carefully, in order to fully identify indicators
of manipulation, and to gather sufficient evidence to decide whether any
manipulation is the result of bending or breaking financial reporting rules, for
which the ultimate consequence may be a qualified audit opinion. Auditors, as
well as shareholders, may need to approach all companies’ financial statements
with an increased degree of scepticism in the current climate.
References
Recession-Related Risks, a Top Concern for Audit Committees, KPMG Audit
Committee Institute Survey, 2008.
Namasiku L, Earnings Management, Student Accountant, April 2004.
ISA 240 (REDRAFTED) - AUDITORS AND FRAUD
169

lOMoARcPSD|2981706
Relevant to ACCA Qualification papers F8 and P7

This article examines the definitions given by International Standard on
Auditing (ISA) 240 (Redrafted) of fraud and error, and the historical
expectations of the audit role. It also defines the extent of auditor
responsibilities for the prevention and detection of fraud, including the
need for professional scepticism and discussion among the engagement
team. The article then summarises the key risk assessment procedures
required of auditors by ISA 240 (Redrafted), and concludes that the
traditional ‘watchdog not bloodhound’ philosophy regarding the extent of
auditor responsibilities for fraud detection is no longer valid in the context
of the requirements of the redrafted ISA.
Fraud is a highly controversial area, and the extent of auditor responsibility for
the prevention and detection of fraud has generated considerable discussion in
recent years. This article aims to summarise the current extent of auditor
responsibilities for fraud, as per the requirements of ISA 240 (Redrafted), The
Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.
ISA 240 (Redrafted) was issued in December 2006 and is effective for audits of
financial statements for periods beginning on or after 15 December 2008. The
International Auditing and Assurance Standards Board (IAASB) Clarity Project
was launched in 2004 in order to encourage greater use of its standards and to
facilitate the process of translation of standards into other languages. ISA 240 is
described by the IAASB Handbook (reference 1) as ‘redrafted’ because it has
been revised in the past few years and is not in need of further revision by the
Clarity Project. As a result, the ‘clarified’ version of ISA 240 is the same as the
redrafted version. See the IAASB Handbook, and the section ‘Background
Information on the Clarity Project of the IAASB’ for further details (reference 2).
Background
The traditional ‘passive philosophy’ towards auditor responsibility for fraud
detection is well summarised by the Lord Justice Lopes’ ruling, in the UK, given
in the 1896 Kingston Cotton Mill case (re Kingston Cotton Mill Company (No.2)):
‘An auditor is not bound to be a detective, or … to approach his work with
suspicion, or with a foregone conclusion that there is something wrong. He is a
watchdog, not a bloodhound.’ (Reference 3). Watchdogs and Bloodhounds
(below) gives formal definitions of a ‘watchdog’ and a ‘bloodhound’.
Clearly, auditing has changed considerably since 1896, although auditor
responsibility for fraud detection has remained a low priority. We now consider
the requirements of the recently revised audit standard regarding the role of the
auditor and fraud detection, and then form a conclusion about the current extent
of auditor responsibility for fraud detection.
The difference between fraud and error
The key distinguishing factor between fraud and error is whether the underlying
action that results in a misstatement of the financial statements is intentional or
unintentional. The term ‘fraud’ is a broad legal concept, but the auditor is
concerned with fraud that causes a material misstatement in the financial
statements. ISA 240 (Redrafted) defines fraud as: ‘An intentional act by one or
more individuals among management, those charged with governance,
170

lOMoARcPSD|2981706
employees, or third parties, involving the use of deception to obtain an unjust or

illegal advantage.’ ISA 240 (Redrafted), paragraph 11.
The two types of fraud most relevant to the auditor, according to ISA 240
(Redrafted), are misstatements arising from fraudulent financial reporting, and
misstatements arising from the misappropriation of assets. By way of contrast to
fraud, the term ‘error’ refers to an unintentional misstatement in financial
statements, including the omission of an amount or a disclosure. ISA 240
(Redrafted) says: ‘The distinguishing factor between fraud and error is whether
the underlying action that results in the misstatement of the financial statements
is intentional or unintentional.’ ISA 240 (Redrafted), paragraph 2.
The emphasis of this article is on fraud, because fraud responsibilities are more
controversial than error. Fraud may involve sophisticated and carefully organised
schemes, designed to conceal fraudulent activity, such as forgery, deliberate
failure to record transactions, or intentional misrepresentations being made to the
auditor. However, in order to better understand error, more consideration of
internal control effectiveness is required.
ISA 240 (redrafted) and responsibilities for fraud
ISA 240 (Redrafted) makes it clear who has the main responsibility for the
prevention and detection of fraud: ‘The primary responsibility for the prevention
and detection of fraud rests with both those charged with governance of the
entity and management.’ ISA 240 (Redrafted) paragraph 4.
ISA 240 (Redrafted) also goes on to state, however, that: ‘An auditor conducting
an audit in accordance with ISAs is responsible for obtaining reasonable
assurance that the financial statements as a whole are free from material
misstatement, whether caused by fraud or error.’ ISA 240 (Redrafted), paragraph
5.
Hence, both the entity itself and the auditors have responsibilities for fraud and
error. It could be said that management, and those charged with governance,
have the primary responsibility for fraud and error, whereas the auditor has a
secondary responsibility. It is important, however, to ensure that the extent of
these secondary responsibilities are clearly understood, which is the area
discussed in the rest of this article.
Professional scepticism
ISA 200 (Revised and Redrafted), Overall Objective of the Independent Auditor
and the Conduct of an Audit in Accordance with ISAs, requires the auditor to
maintain an attitude of professional scepticism: ‘The auditor shall plan and
perform an audit with professional scepticism, recognising that circumstances
may exist that cause the financial statements to be materially misstated.’ ISA 200
(Revised and Redrafted), paragraph 15.
ISA 200 (Revised and Redrafted) describes professional scepticism as: ‘An
attitude that includes a questioning mind, being alert to conditions which may
indicate possible misstatement due to error or fraud, and a critical assessment of
audit evidence.’ ISA 200 (Revised and Redrafted), paragraph 13 (l).
ISA 240 (Redrafted) further requires that: ‘The auditor is responsible for
maintaining an attitude of professional scepticism throughout the audit.’ ISA 240
(Redrafted), paragraph 8.
171

lOMoARcPSD|2981706
Professional scepticism is of key importance to the audit, for example requiring

auditors to be alert to:
audit evidence contradicting other evidence
information questioning evidence reliability
conditions that may indicate possible fraud
circumstances that suggest the need for audit procedures in
addition to those required by the ISAs.
Discussion among the engagement team
ISA 240 (Redrafted) refers to the requirement in ISA 315 (Redrafted), Identifying
and Assessing the Risks of Material Misstatement Through Understanding the
Entity and its Environment, that members of the engagement team discuss the
susceptibility of the entity’s financial statements to material misstatement due to
fraud. ISA 240 (Redrafted) requires that: ‘This discussion shall place particular
emphasis on how and where the entity’s financial statements may be susceptible
to material misstatement due to fraud, including how fraud might occur.’ ISA 240
(Redrafted), paragraph 15.
Ordinarily, the key members of the engagement team should be involved in the
discussion, and the engagement partner should then consider which matters are
to be communicated to those in the team not involved in the discussion.
Discussion is expected to occur with a questioning mind, setting aside any beliefs
held by the engagement team members that the management and those charged
with governance are honest and have integrity. Interestingly, this discussion is
also expected to include a consideration of how an element of unpredictability will
be incorporated into the nature, timing, and extent of the audit procedures to be
performed.
ISA 240 (redrafted) risk assessment procedures
ISA 240 (Redrafted) requires that the auditor performs risk assessment
procedures to obtain information for use in identifying the risks of material
misstatement due to fraud. Paragraphs 17 to 24 of ISA 240 (Redrafted) outline
the required risk assessment procedures, which are summarised in the Risk
Assessment Procedures box below.
Conclusion
The redrafting of ISA 240 has allowed for a timely review of audit responsibilities
relating to fraud. It should be noted, however, that there are minor differences of
emphasis between the requirements of ISA 240 (Redrafted) and the current
requirements of ISA (UK and Ireland) 240 The Auditor’s Responsibility to
Consider Fraud in an Audit of Financial Statements, which became effective for
periods commencing on or after 15 December 2004. According to ISA 240
(Redrafted) the difference between fraud and error depends upon whether
deception has been used, and the distinction between the responsibilities of
those charged with governance and auditors for fraud prevention can be
described respectively as primary and secondary responsibilities. Auditors are
required, however, to maintain an attitude of professional scepticism throughout
the audit, and members of the audit engagement team are required to discuss
the susceptibility of the entity’s financial statements to material misstatement due
to fraud.
172

lOMoARcPSD|2981706
ISA 240 (Redrafted) requires auditors to perform risk assessment procedures to

obtain information for use in identifying the risks of material misstatement due to
fraud.
Finally, it can be concluded that to describe the audit role as that of a ‘watchdog,
not a bloodhound‘ is no longer valid in the context of the requirements of the
redrafted and revised ISAs; these negate the traditional ‘passive philosophy’
towards auditor responsibility for fraud detection, marking a significant shift away
from a ‘monitoring’ role and towards the requirement for a very keen ‘sense of
smell’.
Written by a Paper F8 exam panel member
References
Handbook of International Auditing, Assurance, and Ethics Pronouncements,
Part II, IAASB, 2008 Edition.
Background Information on the Clarity Project of the International Auditing and
Assurance Standard Board, 2008 Edition, pages 1 to 4, in Part II of
Handbook of International Auditing, Assurance, and Ethics
Pronouncements, IAASB, 2008 Edition.
Lord Justice Lopes, The Law Times, Volume LXXIV, Court of Appeal, 11 July
1896, quoted in Sarup D, Watchdog or Bloodhound? The Push and Pull
Towards a New Audit Model, Information Systems Control Journal,
Volume 1, 2004.
Oxford English Dictionary, www.askoxford.com
THE IMPORTANCE OF FINANCIAL REPORTING STANDARDS

TO AUDITORS
Relevant to ACCA Qualification Paper P7 The Study Guide for Paper P7
contains (in Section D1 (iii) (j) Evaluation and review) a list of financial
reporting matters which are examinable from the auditor’s point of view.
Candidates can expect to be faced with at least one requirement, and most
likely several requirements each sitting dealing with such matters. This
article provides extra guidance in this area. The significance of financial
reporting standards In an audit of historical financial information, the significance
of financial reporting standards cannot be over-emphasised. The opinion
ultimately provided at the end of the engagement will state whether, in the
auditor’s opinion, the financial statements are fairly presented (or show a true
and fair view). A fundamental issue that must be considered in order to reach this
opinion is whether the financial statements have been prepared in compliance
with the relevant financial reporting framework. In other words, have the relevant
financial reporting standards been followed by the management of the entity
when preparing the financial statements? The technical correctness of the
financial statements is implicit in an unmodified audit opinion. Clearly, the auditor
must fully understand the relevant financial reporting standards to be able to
reach an opinion as to whether they have been complied with. This is why the
Paper P7 exam will test, on a regular basis, the matters which an auditor must
consider with regard to a variety of financial reporting issues. How much
173

lOMoARcPSD|2981706
knowledge needs to be retained from previous papers? There are a large

number of financial reporting standards examinable for this paper. Because
Paper P7 follows on from Paper P2, Corporate Reporting, all examinable
financial reporting standards for Paper P2 are eligible for testing in Paper P7
questions. However, exposure drafts and discussion papers examinable in Paper
P2 will not be tested in Paper P7. There is therefore a lot of assumed knowledge
with regard to financial reporting standards. Candidates should be aware that in
the context of Paper P7 questions they will be expected to retain a basic
understanding of the key principles of financial reporting standards. This means
that candidates should remember key definitions, recognition criteria,
measurement rules and disclosure requirements, in sufficient detail to be able to
discuss the financial reporting treatment of an item from the auditor’s point of
view. Candidates will be aware of the large number of financial reporting
standards, and it is fair to say that some of the standards are more examinable in
Paper P7 than others. The first two Paper P7 exams have examined fairly
straightforward financial reporting issues, as the transition from the old to the new
syllabus meant that candidates attempting Paper P7 in the first two sittings would
not necessarily have knowledge of the full range of standards examined in Paper
P2. Financial reporting issues tested so far include: research and development,
revenue recognition, provisions, inventory valuation, related party transactions,
discontinued operations, impairment of assets, investment cost, and
consolidation issues. All of these have associated financial reporting standards.
Now that the transitional phase is over, more challenging financial reporting
matters are likely to be examined (as well as the type of matters already seen in
the exam). The financial reporting issues which pose particular problems for the
auditor are those that call for complex or subjective accounting treatments, and
which create an inherent risk that the financial statements are prone to contain a
material misstatement. It is helpful to categorise financial reporting issues into
those which require a more detailed level of knowledge, and those for which less
detailed knowledge will be expected. Likely to be examined in detail
Recognition and valuation of tangible and intangible non-current
assets including initial and subsequent measurement, revaluations,
impairments, and investment properties.
Leasing transactions including sale and leaseback arrangements.
Financial instruments – particularly classification and subsequent
measurement.
Share-based payment arrangements, including equity-settled and
cash-settled schemes.
Deferred tax balances – recognition of deferred tax assets and
liabilities, and their measurement.
Employee benefits – defined contribution and defined benefit plans,
including the basic principles of measurement, and the treatment of
actuarial gains and losses.
Discontinued operations and held for sale assets.
Provisions (including decommissioning provisions and provisions
associated with restructuring) and contingent liabilities and assets.
174

lOMoARcPSD|2981706
Revenue recognition.
Related party transactions.
Events after the reporting date.
Business combinations – particularly the cost of investment and
calculation of goodwill, and determination of the status of an investment.
Likely to be examined in less detail
Inventory and receivables valuations.
Cash flow statements.
Reporting operating (segmental) information.
Earnings per share.
Financial instruments – hedging and derivatives.
Changes in accounting policy.
Government grants and assistance.
Construction contracts.
Marks will be available on the marking scheme for reference to relevant financial
reporting standards, though the amount of marks for simply referring to the name
and number of relevant standard will be restricted. Most marks will be for
demonstrating an understanding of a financial reporting issue, and its relevance
to the audit. What are the impacts of financial reporting issues for the
auditor? The auditor should consider financial reporting issues throughout an
audit. Therefore, question scenarios involving these matters could be based in
the planning phase, the evidence gathering period, or during the completion
stage when the audit opinion is being evaluated. Each of these stages of the
audit is discussed in turn below. The planning phase At this initial stage of the
audit, the auditor will use risk assessment techniques to assess the client’s
business and financial statements for potential problem areas. One type of risk
that the auditor will assess is financial statement risk. Financial statement risk is
the risk that components of the financial statements could be misstated, through
inaccurate or incomplete recording of transactions or disclosure. Financial
statement risks, therefore, represent potential errors or deliberate misstatements
in the published accounts of a business. Financial statement risks could lead to a
balance being over or understated in value, or could result in an item being
recognised when it should not be, or vice versa, the non-recognition of an item
which should be recognised. In addition, financial statement risk could lead to an
item being recognised at an inappropriate time, or in incorrect presentation or
disclosure of a matter. Clearly, the auditor must understand financial reporting
standard requirements in order to assess the risk of an item being recognised,
measured, or disclosed incorrectly. For an example of how this issue could be
tested see Paper P7 June 2008 Q1 (bii) which requires an assessment of
financial statement risks in relation to potential litigation and demolition of
property, plant and equipment. Gathering evidence The second type of question
that could feature financial reporting standards deals with the stage of the audit
when the auditor is gathering evidence. Auditors need to gather sufficient,
appropriate evidence regarding financial reporting issues. Of course, one of the
matters for which the auditor needs to gather evidence is in relation to
compliance with financial reporting standards. A common question requirement
175

lOMoARcPSD|2981706
here will ask the candidate to ‘comment on the matters to be considered’ in

relation to a financial reporting issue. Usually, a second, related requirement will
ask the candidate to suggest relevant audit procedures. For an example of this
type of question requirement, see Paper P7 June 2008 Q3 (b). Some financial
reporting matters are considered to be relatively hard to audit, and, in some
cases, a particular International Standard on Auditing (ISA) has been issued to
provide guidance to the auditor on such matters. An example is ISA 550, Related
Parties, which provides guidance for the auditor on the subject of auditing related
party transactions. These are the kind of matters which are likely to feature
regularly in the exam, so candidates should pay particular attention to financial
reporting matters which are the subject of specific ISAs (see ISAs 540–570). An
example of a question featuring this type of financial reporting matter can be
seen in Paper P7 June 2008 Q3 (a). Candidates must pay close attention to the
wording of question requirements. Questions which ask candidates to ‘comment
on the matters which should be considered’ will feature regularly in the exam.
Typical matters which should be considered by the auditor in the context of a
financial reporting issue may include, for example: whether the financial reporting
issue is relatively complex, or whether the financial reporting issue is subjective,
necessitating the use of significant judgement. The existence of either increases
the inherent risk that a balance or transaction will be materially misstated the
specific requirements of any relevant financial reporting standard, in terms of the
recognition, measurement, or presentation or disclosure of the item, and
whether, in the context of the scenario, it appears that the requirements have
been followed or not the materiality of the item in question, bearing in mind that
materiality should be assessed from a quantitative and a qualitative viewpoint the
wider impact of an issue on the financial statements, for example, consider the
implication of a matter to all of the primary financial statements, and disclosure
needed in the notes to the financial statements. Candidates may also be required
to consider only one aspect of a financial reporting matter, so care must be taken
to restrict the answer to the specific requirement. For example, Paper P7
December 2007 Q2 (bii) required candidates to ‘describe the evidence you would
seek to support the assertion that development costs are technically feasible’. It
is important to follow the instructions being given, in other words, to only discuss
matters relevant to technical feasibility, and not to deviate into discussions of
other, irrelevant matters. (Many candidates in answering this question discussed,
for example, the commercial viability of the product in question, and whether the
entity intended to use or sell the product, neither comment answered the
question as set.) Similarly, candidates should make an effort to discuss only the
specific balance or transaction required. As an example, Paper P7 June 2008 Q2
(bi) required the explanation of audit procedures appropriate for the carrying
value of an investment. Many answers, however, incorrectly focused on the audit
of the goodwill arising on consolidation, which was irrelevant to the question
requirement. Reaching an audit opinion The ultimate impact of financial
reporting issues is in arriving at the audit opinion. The auditor must decide
whether the financial statements prepared by management comply with relevant
standards, and if they do not, the auditor needs to consider the impact on the
176

lOMoARcPSD|2981706
audit opinion. A non-compliance with standards leading to a material

misstatement in the financial statements will result in an opinion modified due to
disagreement, which could be an ‘except for’ qualification, or an adverse opinion.
For an example of a question in this area, see Paper P7 December 2007 Q5 (a).
On discovering a material breach of financial reporting standards, the auditor
should bring the matter to the attention of those charged with governance. This is
to highlight the seriousness of the issue, and to ensure that those charged with
governance have full awareness of the technical issues involved, and can
therefore make an informed decision with regard to amending the financial
statements. CONCLUSION There is a wide range of financial reporting
standards which are potentially examinable, and candidates should be aware
that a lack of knowledge of these standards, which is assumed from previous
exams, will put their performance in Paper P7 at a disadvantage. Candidates
should be conversant with the key aspects of all examinable financial reporting
standards, but should focus their attention on the key financial reporting matters
outlined above. Ultimately, an auditor of historical financial information cannot
hope to perform a quality audit in the absence of a detailed knowledge and
understanding of financial reporting standards, which is why such matters will
regularly feature in the exam. Well-prepared candidates can score very highly in
such questions by demonstrating their knowledge of a financial reporting matter,
but more importantly, applying that knowledge to the issue faced by the auditor in
the question scenario provided. Written by a member of the Paper P7
examining team
FORENSIC AUDITING
Relevant to ACCA Qualification Paper P7 This article explores some of the
issues relevant to forensic investigations. ‘Forensic auditing’ covers a broad
spectrum of activities, with terminology not strictly defined in regulatory guidance.
Generally, the term ‘forensic accounting’ is used to describe the wide range of
investigative work which accountants in practice could be asked to perform. The
work would normally involve an investigation into the financial affairs of an entity
and is often associated with investigations into alleged fraudulent activity.
Forensic accounting refers to the whole process of investigating a financial
matter, including potentially acting as an expert witness if the fraud comes to trial.
Although this article focuses on investigations into alleged frauds, it is important
to be aware that forensic accountants could be asked to look into non-fraud
situations, such as the settling of monetary disputes in relation to a business
closure or matrimonial disputes under insurance claims. The process of forensic
accounting as described above includes the ‘forensic investigation’ itself, which
refers to the practical steps that the forensic accountant takes in order to gather
evidence relevant to the alleged fraudulent activity. The investigation is likely to
be similar in many ways to an audit of financial information, in that it will include a
planning stage, a period when evidence is gathered, a review process, and a
report to the client. The purpose of the investigation, in the case of an alleged
fraud, would be to discover if a fraud had actually taken place, to identify those
involved, to quantify the monetary amount of the fraud (ie the financial loss
177

lOMoARcPSD|2981706
suffered by the client), and to ultimately present findings to the client and
potentially to court. Finally, ‘forensic auditing’ refers to the specific procedures
carried out in order to produce evidence. Audit techniques are used to identify
and to gather evidence to prove, for example, how long the fraud has been
carried out, and how it was conducted and concealed by the perpetrators.
Evidence may also be gathered to support other issues which would be relevant
in the event of a court case. Such issues could include:
the suspect’s motive and opportunity to commit fraud
whether the fraud involved collusion between several suspects any
physical evidence at the scene of the crime or contained in documents
comments made by the suspect during interviews and/or at the time
of arrest
attempts to destroy evidence.
TYPES OF INVESTIGATION The forensic accountant could be asked to
investigate many different types of fraud. It is useful to categorise these types
into three groups to provide an overview of the wide range of investigations that
could be carried out. The three categories of frauds are corruption, asset
misappropriation and financial statement fraud. Corruption There are three
types of corruption fraud: conflicts of interest, bribery, and extortion. Research
shows that corruption is involved in around one third of all frauds.
In a conflict of interest fraud, the fraudster exerts their influence to
achieve a personal gain which detrimentally affects the company. The
fraudster may not benefit financially, but rather receives an undisclosed
personal benefit as a result of the situation. For example, a manager may
approve the expenses of an employee who is also a personal friend in
order to maintain that friendship, even if the expenses are inaccurate.
Bribery is when money (or something else of value) is offered in
order to influence a situation.
Extortion is the opposite of bribery, and happens when money is
demanded (rather than offered) in order to secure a particular outcome.
Asset misappropriation By far the most common frauds are those involving
asset misappropriation, and there are many different types of fraud which fall into
this category. The common feature is the theft of cash or other assets from the
company, for example:
Cash theft – the stealing of physical cash, for example petty cash,
from the premises of a company.
Fraudulent disbursements – company funds being used to make
fraudulent payments. Common examples include billing schemes, where
payments are made to a fictitious supplier, and payroll schemes, where
payments are made to fictitious employees (often known as ‘ghost
employees’).
Inventory frauds – the theft of inventory from the company.
Misuse of assets – employees using company assets for their own
personal interest.
Financial statement fraud This is also known as fraudulent financial reporting,
and is a type of fraud that causes a material misstatement in the financial
178

lOMoARcPSD|2981706
statements. It can include deliberate falsification of accounting records; omission

of transactions, balances or disclosures from the financial statements; or the
misapplication of financial reporting standards. This is often carried out with the
intention of presenting the financial statements with a particular bias, for example
concealing liabilities in order to improve any analysis of liquidity and gearing.
CONDUCTING AN INVESTIGATION The process of conducting a forensic
investigation is, in many ways, similar to the process of conducting an audit, but
with some additional considerations. The various stages are briefly described
below. Accepting the investigation The forensic accountant must initially
consider whether their firm has the necessary skills and experience to accept the
work. Forensic investigations are specialist in nature, and the work requires
detailed knowledge of fraud investigation techniques and the legal framework.
Investigators must also have received training in interview and interrogation
techniques, and in how to maintain the safe custody of evidence gathered.
Additional considerations include whether or not the investigation is being
requested by an audit client. If it is, this poses extra ethical questions, as the
investigating firm would be potentially exposed to self-review, advocacy and
management threats to objectivity. Unless robust safeguards are put in place, the
firm should not provide audit and forensic investigation services to the same
client. Commercial considerations are also important, and a high fee level should
be negotiated to compensate for the specialist nature of the work, and the likely
involvement of senior and experienced members of the firm in the investigation.
Planning the investigation The investigating team must carefully consider what
they have been asked to achieve and plan their work accordingly. The objectives
of the investigation will include:
identifying the type of fraud that has been operating, how long it
has been operating for, and how the fraud has been concealed
identifying the fraudster(s) involved
quantifying the financial loss suffered by the client
gathering evidence to be used in court proceedings
providing advice to prevent the reoccurrence of the fraud.
The investigators should also consider the best way to gather evidence – the use
of computer assisted audit techniques, for example, is very common in fraud
investigations. Gathering evidence In order to gather detailed evidence, the
investigator must understand the specific type of fraud that has been carried out,
and how the fraud has been committed. The evidence should be sufficient to
ultimately prove the identity of the fraudster(s), the mechanics of the fraud
scheme, and the amount of financial loss suffered. It is important that the
investigating team is skilled in collecting evidence that can be used in a court
case, and in keeping a clear chain of custody until the evidence is presented in
court. If any evidence is inconclusive or there are gaps in the chain of custody,
then the evidence may be challenged in court, or even become inadmissible.
Investigators must be alert to documents being falsified, damaged or destroyed
by the suspect(s). Evidence can be gathered using various techniques, such as:
testing controls to gather evidence which identifies the
weaknesses, which allowed the fraud to be perpetrated
179

lOMoARcPSD|2981706
using analytical procedures to compare trends over time or to

provide comparatives between different segments of the business
applying computer assisted audit techniques, for example to
identify the timing and location of relevant details being altered in the
computer system
discussions and interviews with employees
substantive techniques such as reconciliations, cash counts and
reviews of documentation.
The ultimate goal of the forensic investigation team is to obtain a confession by
the fraudster, if a fraud did actually occur. For this reason, the investigators are
likely to avoid deliberately confronting the alleged fraudster(s) until they have
gathered sufficient evidence to extract a confession. The interview with the
suspect is a crucial part of evidence gathered during the investigation. Reporting
The client will expect a report containing the findings of the investigation,
including a summary of evidence and a conclusion as to the amount of loss
suffered as a result of the fraud. The report will also discuss how the fraudster
set up the fraud scheme, and which controls, if any, were circumvented. It is also
likely that the investigative team will recommend improvements to controls within
the organisation to prevent any similar frauds occurring in the future. Court
proceedings The investigation is likely to lead to legal proceedings against the
suspect, and members of the investigative team will probably be involved in any
resultant court case. The evidence gathered during the investigation will be
presented at court, and team members may be called to court to describe the
evidence they have gathered and to explain how the suspect was identified. It is
imperative that the members of the investigative team called to court can present
their evidence clearly and professionally, as they may have to simplify complex
accounting issues so that non-accountants involved in the court case can
understand the evidence and its implications. CONCLUSION In summary, a
forensic investigation is a very specialist type of engagement, which requires
highly skilled team members who have experience not only of accounting and
auditing techniques, but also of the relevant legal framework. There are
numerous different types of fraud that a forensic accountant could be asked to
investigate. The investigation is likely to ultimately lead to legal proceedings
against one or several suspects, and members of the investigative team must be
comfortable with appearing in court to explain how the investigation was
conducted, and how the evidence has been gathered. Forensic accountants
must therefore receive specialist training in such matters to ensure that their
credibility and professionalism cannot be undermined during the legal process.
AUDITORS' REPORTS TO THOSE CHARGED WITH

GOVERNANCE
Relevant to ACCA Qualification Paper P7
When considering the reporting ‘outputs’ of an audit of historical financial
information, attention is usually focused on the report issued by the auditors to
180

lOMoARcPSD|2981706
shareholders, which contains the audit opinion. However, there is another

important reporting ‘output’ produced as a result of the audit process – the
auditor’s communication to those charged with governance. This short article
outlines the main features of this communication and summarises the
requirements of ISA 260, Communication of Audit Matters With Those Charged
With Governance, and the UK equivalent, ISA 260 (UK and Ireland),
Communication of Audit Matters With Those Charged With Governance.
Auditors are required by ISA 260 to communicate audit matters of governance
interest to those charged with governance. It is important that those charged with
governance have an understanding of all significant issues that have arisen from
the audit process.
Relevant persons
The first step is to consider to whom the communication should be directed. ISA
260 does not specify this exactly, but states that ‘governance is the term used to
describe the role of persons entrusted with the supervision, control and direction
of an entity’. This implies that the communication should be with the highest level
of management, including the executive and non-executive directors, and the
audit committee, where relevant. The identity of the relevant person(s) to whom
the communication will be addressed may be clarified in the engagement letter.
Matters to be communicated In the second step, the auditor should consider
the type of issues that should be communicated. ISA 260 provides some
guidance as to the matters which ordinarily could be incorporated in the
communication, including:
the overall approach and scope of the audit, including any
limitations on the scope of the audit
the accounting policies, and any changes to them, that could
materially affect the financial statements
adjustments arising as a result of audit procedures which could
materially impact the financial statements
material events or uncertainties which could jeopardise the going
concern status, and which require disclosure within the financial
statements
disagreements with management over accounting treatments or
disclosures
any expected modifications to the audit report
material weaknesses discovered in the internal systems and
controls.
All of the above are referred to as ‘findings from the audit’ (also often called
‘management letter points’).
The reason for communicating such matters is to ensure that the auditors have
brought them to the attention of the people responsible for the accounting and
financial reporting function of the entity. Those responsible can then discuss the
matters and decide any actions that need to be taken in respect of them. For
example, if the management of the entity was totally unaware of the matters
regarding control weaknesses, it then has the opportunity to implement corrective
action. It could also be the case that the management lacks technical knowledge;
181

lOMoARcPSD|2981706
for example, it may not be appreciated that a specific accounting policy is in

breach of acceptable accounting practice. Again, armed with information from the
auditor, management can then resolve the problem by deciding on a new
accounting policy.
It is important that material errors found in the financial statements are
highlighted to management; if they are left uncorrected, the audit opinion will be
modified. Management must be made aware of this and given the opportunity to
correct the financial statements if necessary, in order to avoid a modified audit
report.
Other relevant matters to be communicated The communication to those
charged with governance should not just contain findings from the audit, but
should cover the range of issues related to the audit, which the auditor may want
to raise with management. Such matters may include:
details of any threats to independence and objectivity, and of any
safeguards adopted
explanations of the audit approach used (for example, the concept
of materiality and its application to the audit process)
a summary of business risks identified, including an assessment of
the likelihood of the risks materialising
a review of the contents of the management’s representation letter
recommendations, where relevant, to help improve the entity’s
internal systems and controls.
The timing and form of communication The auditor should communicate
matters to those charged with governance on a timely basis, in order for
management to react to the matters raised as soon as possible. Findings from
the audit relevant to the accounting and financial reporting function should be
communicated before the approval of the financial statements by management.
This means that material errors can be corrected by management prior to the
audit report being issued, thus avoiding a modification of the report.
ISA 260 discusses the various forms that the communication should take. In
most cases, the communication will be in writing, and in the UK and Ireland this
is a requirement of the standard. A communication should be issued even if there
are no matters that the auditor wishes to bring to the attention of those charged
with governance, stating that there are no significant findings from the audit to be
communicated.
Outside the UK and Ireland, the communication could be made orally. In this
situation, it is important that the auditor has a written record within the audit
working papers of the discussion of significant matters with management.
Whichever method is used to formally communicate the matters, oral or written,
the process should be seen as a two-way dialogue. Management should have
the opportunity to respond to the auditor regarding the matters raised.
Conclusion
The communication with those charged with governance should be viewed as a
crucial reporting ‘output’ of the audit. It allows management to be informed of
significant matters arising from the audit process, and allows management the
chance to respond to the auditor regarding these matters, and to take action to
182

lOMoARcPSD|2981706
improve the accounting and financial reporting function of the entity.

GROUP AUDIT ISSUES

Relevant to ACCA Qualification Paper P7
In October 2007, the International Auditing and Assurance Standards Board
issued International Standard on Auditing (ISA) 600 (Revised and Redrafted),
Special Considerations – Audits of Group Financial Statements (Including the
Work of Component Auditors). As ISA 600 is a fairly lengthy document, this
article summarises only some of its sections. In addition, it is important to
appreciate that ISA 600 does not cover all of the issues relevant in a group audit
situation, and that the auditor or assurance provider must consider a wide variety
of issues, including detailed financial reporting standards, and issues currently
being debated within the profession.
ISA 600 (revised and redrafted), special considerations – audits of group
financial statements (including the work of component auditors)
Definitions
The group auditor is responsible for providing the audit opinion on the group
financial statements. Components of the group financial statements can include
subsidiaries, associates, joint ventures, and branches. The components may be
audited by the group auditor, but may instead be audited by a different firm of
auditors known as the ‘component auditors’, also known as the ‘other auditor’.
The term component auditor is introduced by the revised and redrafted ISA 600.
This article focuses on the objectives and responsibilities of the group auditor.
Objectives
The objective of the group auditor is twofold. First, the group auditor should
establish that it is appropriate to act as group auditor. Second, the group auditor
should gather sufficient and appropriate evidence in order to reach an opinion on
the consolidated financial statements. This article focuses on the second of these
two objectives.
It is useful to consider the process by which the group financial statements are
produced before considering the group auditor’s objectives in relation to
evidence. This three-stage process is summarised in Figure 1.
Stage one – gathering evidence on the components
Planning and risk assessment
It is imperative that the group auditor has a good understanding of the structure
of the group, the significance (ie materiality) of each component of the group, the
mechanics of the consolidation process, and the risk of material misstatement
presented by each of the company’s financial statements. Materiality levels
should be established for the group in aggregate, and for the individually
significant components.
Involvement in the work of component auditors
In a group, it is likely that some companies will be audited by a different firm of
auditors. The group auditor has two issues to resolve. First, the group auditor
cannot simply rely on another auditor’s opinion on the financial statements of the
183

lOMoARcPSD|2981706
company. In other words, if the other auditor has concluded that the financial
statements of the component are free from material misstatement, the group
auditor should not just rely on this opinion and assume that the figures taken
from the company’s financial statements into the consolidated financial
statements are correct. A material misstatement in the financial statements of a
company could become a material misstatement in the financial statements of
the group.
For all companies within the group, regardless of materiality, the group auditor
should review a report of work done by the component auditor. This report of
work done could be in the form of an executive summary, or a memorandum of
audit issues arising from the audit of the company. Alternatively, the group
auditor may issue a questionnaire, to be completed by the component auditor,
which would highlight key issues arising from the audit of the component.
Following this review, the group auditor will need to decide on the extent of any
further actions which need to be taken, or any further work which needs to be
carried out, in order to ensure that the financial statements are free from material
misstatement. Such actions could include:
a review of the component auditor’s overall audit strategy
performing a risk assessment at the company level
participating in closing meetings with the component auditor and
the management of the company
a review of relevant parts of the component auditor’s audit working
papers.
Where a company is material to the group financial statements, the group auditor
should carry out further actions, including:
discussing with the component auditor, and/or the management of
the company, the business activities that are significant to the group
discussing with the component auditor the susceptibility of the
company’s financial statements to material error or deliberate
misstatement
reviewing the component auditor’s documentation of identified
significant risks, and the conclusions reached on these risks.
It may be the case that, having performed the actions outlined above, the group
auditor concludes that further audit work is required on the financial statements
of a company, or that a memorandum of audit issues arising from the audit of the
company is needed. For example, the group auditor may consider that an
element of the financial statements of the company could be materially
misstated, and that further audit evidence is necessary. The group auditor should
determine the nature of the work necessary, and whether the work should be
carried out by the group auditor or the component auditor. Having taken the
actions outlined above, the group auditor should now have obtained sufficient
evidence to show that the individual company financial statements are free from
material misstatement, and are a sound basis for the preparation of the
consolidated financial statements.
Stage two – auditing the consolidation
The consolidation process
184

lOMoARcPSD|2981706
The group auditor must plan the audit procedures to be performed on the
consolidation process. For some groups, the consolidation will be complex and is
likely to involve some areas of judgement, and so there is a high degree of audit
risk. Thorough planning will be essential to ensure that audit risk is minimised.
The types of audit procedures that could be performed include:
checking that figures taken into the consolidation have been
accurately extracted from the financial statements of the components
evaluating the classifications of the components of the group – for
example, whether the components have been correctly identified and
treated as subsidiaries, associates, or joint ventures
reviewing the disclosures necessary in the group financial
statements, such as related party transactions and minority interests
investigating the treatment of any components which have a
different financial year end from that of the rest of the group
gathering evidence appropriate to the specific consolidation
adjustments made necessary by financial reporting standards, including,
for example: – the calculation of goodwill and its impairment review –
cancellation of inter-company balances and transactions – provision for
unrealised profits as a result of inter-company transactions – fair value
adjustments needed for assets and liabilities held by the component – re-
translation of financial statements of components denominated in a foreign
currency.
Some of the evidence required to meet the above objectives will be gathered by
the component auditor, and it is the group auditor’s responsibility to communicate
to the component auditor the evidence that they are expected to gather. This
communication ideally occurs at the audit planning stage. The group auditor must
have a sound knowledge of the relevant financial reporting standards, which
include:
IFRS 3, Business Combinations
IAS 28, Investments in Associates
IAS 31, Interests in Joint Ventures
IAS 32, Financial Instruments: Presentation
IAS 39, Financial Instruments: Recognition and Measurement.
Candidates are advised that, for the purposes of study for Paper P7, they must
be very familiar with the above financial reporting standards. Particularly
important are the accounting regulations relating to subsidiaries regarding
goodwill, inter-company transactions, and fair value adjustments, as well as the
financial reporting implications on the acquisition and disposal of a subsidiary.
Candidates must also be aware of the principles of accounting for associates,
joint ventures, and foreign subsidiaries. It is also important to remember that the
parent company’s individual financial statements will contain balances and
transactions pertinent to the components of the group. The parent company’s
statement of financial position (balance sheet) will carry the investments as non-
current assets, and the statement of comprehensive income is likely to contain
dividend receipts and other group transactions. The auditor expressing an
opinion on the parent company’s individual financial statements must gather
185

lOMoARcPSD|2981706
sufficient appropriate evidence regarding these items, paying particular attention

to the carrying value of the investments. Candidates are reminded that IFRS 3
contains detailed guidance on the treatment of group investments, particularly on
the calculation of the cost of investment.
Stage three – issuing the group audit opinion
The group auditor issues an opinion on the consolidated financial statements.
This is done after a thorough review of all evidence gathered in the first and
second stages.
Other matters relevant to a group audit situation
Joint auditing
A joint audit is when two audit firms are appointed to jointly provide an audit
opinion on a set of financial statements. This is becoming increasingly common,
especially in group audits, where a component may be audited by both the group
auditor and another auditor. The main benefit of this type of arrangement is that
when a new component is acquired by the group, for example the acquisition of a
new subsidiary, it is advantageous to keep the subsidiary’s existing audit firm,
which will have built up considerable knowledge and experience of the business
of the component. However, the group auditor will also need to build up
knowledge of the new subsidiary’s business, and also become familiar with the
audit methods and procedures used by the other auditor. One way for this to
happen is for the group auditor to be appointed, along with the other auditor, to
jointly provide the audit opinion on the individual financial statements of the
subsidiary. The two firms will work together to plan the audit, gather evidence,
review the work done, and to finally provide the opinion.
Other benefits from a joint audit may include better availability of resources and
the provision of a higher quality audit, as there will be access to staff from both
firms of auditors. The inclusion of members of staff from the group audit firm
within the audit team of the subsidiary should also improve the efficiency of the
audit of the consolidation process.
However, it may be difficult for the two firms to work together if they use different
audit methods and it may take time to develop a ‘joint audit’ approach. There will
also be cost implications for the client, as it will presumably be more expensive to
use two firms of auditors to provide an audit opinion instead of one.
Joint auditing has been the subject of some debate within the profession in
recent times. This is largely because it is seen as a way for small and medium-
sized audit firms to continue to be involved in the audit of their client once the
client has been acquired by another company. Prior to the emergence of the joint
audit, it would have been most likely for the existing auditor (especially if a small
or medium-sized audit firm) to be replaced by the group auditor (likely to be a
larger audit firm) as the provider of the audit opinion on the individual financial
statements.
As more and more companies become acquisition targets, it can be seen that if
this practice were to continue, the small and medium-sized audit firms would
continue to lose audit clients to the larger audit firms, and would be left with few
clients to provide a source of income. Therefore, in the interests of maintaining
revenue streams for small and medium-sized audit firms, and in the interests of
186

lOMoARcPSD|2981706
competition in the audit profession, joint auditing is an important current issue,

and will continue to be debated for the foreseeable future.
Conclusion
Group audits raise a variety of issues. The group structure can be complex and
the existence of numerous components within the group means that there may
be several firms of auditors involved. The group auditor must ensure that the
group audit is carefully planned and that communications with other auditors are
made early in the audit process. The group auditor needs to gather two types of
evidence. Evidence regarding individual components of the group may be
gathered using a joint audit arrangement, though this is not without
disadvantages. Evidence on the consolidation process must be thorough, and
planned with regard to numerous complex financial reporting standards.
Reference
ISA 600 (Revised and Redrafted), Special Considerations – Audits of Group
Financial Statements (Including the Work of Component Auditors), IAASB,
October 2007.
EXAMINING EVIDENCE
Relevant to Professional Scheme Papers 2.6 and 3.1 and new ACCA
Qualification Papers F8 and P7 Questions in auditing exams on audit
procedures are very common. This article considers the difference between
audit procedures and audit evidence and techniques for deciding on
relevant audit evidence in a variety of circumstances.
Audit procedures versus audit evidence
Audit procedures are actions that auditors carry out during the audit. Paper 2.6
questions typically ask candidates to describe audit procedures, also known as
‘audit tests’ or ‘audit work’.
Audit evidence is obtained by the auditor as a result of the audit procedure. For
example, ‘performing a circularisation of receivables/debtors’ is an audit
procedure, whereas ‘replies from customers’ is audit evidence. It is very
important to be aware of the difference. If a question asks for audit evidence and
candidates state audit procedures, then the question hasn’t been answered, and
gains no marks.
Which of the following are procedures and which are evidence?
Inspecting non-current/fixed assets for signs of obsolescence
An item of inventory/stock that is present at the inventory/stock count
A bank statement
Counting petty cash
A working paper showing a re-calculation of depreciation
A sales invoice
Attending a wages pay out.
Answer
Items 1, 4 and 7 are procedures (because procedures are actions, notice the use
of verbs such as ‘inspecting’, ‘counting’, and ‘attending’). The other items are
187

lOMoARcPSD|2981706
evidence, as they are the result of audit procedures.

However, note that the phrasing is ‘state the audit evidence that you should
expect to find in undertaking your review of the audit working papers and
financial statements’. Item 5 meets this criterion because it is a working paper,
but items 3 and 6 are not necessarily included in audit working papers, so one
would need to phrase the answer in such a way as to make this clear. For
example, one could say ‘a copy sales invoice’ and ‘a copy bank statement with
the balance cross-referenced to the bank reconciliation’.
Item 2 is definitely not evidence normally seen in working papers, since it is an
item of physical inventory/stock. This could be rephrased as ‘a schedule showing
items test-counted at the inventory/stock count’ to make it into a correct answer.
Identifying appropriate audit evidence
Substantive testing questions can be quite tricky, as they can cover a range of
accounting standards, and therefore are more varied than questions on topics
such as inventory/stock, receivables/debtors, payables/creditors, or
non-current/fixed assets.
Candidates need to be able to think on their feet and develop a ‘sensible answer’
approach to a wide variety of questions, even if they have never considered the
subject previously. One way to do this is to use the financial statement assertions
as a starting point.
The financial statement assertions are those assertions that are implicit or
implied when the directors make an explicit statement that the financial
statements give a true and fair view. In other words, they are attributes of the
financial statements that must be true if the financial statements are to give a true
and fair view.
Assertions include completeness (all assets, liabilities, transactions, and events
are included) and valuation (assets and liabilities are included at an appropriate
carrying value). Auditors design their audit programmes to ensure – as far as
possible – that each of these assertions are true, in order to gain evidence that
proves that the financial statements give a true and fair view.
Using the assertions as a starting point to answer a question can be useful if the
question is general – for example ‘describe how you would audit leases’.
Candidates could consider what assertions are relevant to leases and then
describe audit tests and/or evidence (depending on the question) to prove each
of these assertions.
Example
You are the manager in charge of the audit of Yummy Mummy Co., a listed
company with a European-wide chain of fashion stores for babies and expectant
mothers. The audit for the year ended 30 September 2006 is nearing completion.
The draft financial statements show a profit before tax of $50.6m (2005: $95.3m).
The audit senior has produced a schedule of ‘Points for the attention of the audit
manager’ as follows:
(a) Due to the falling birth rate, the performance of the stores in Italy has been
worse than expected. An impairment review was performed on 15 October 2006,
treating the Italian stores as a single cash-generating unit, which indicated that
the recoverable amount of the assets (based on value in use) was $23m lower
188

lOMoARcPSD|2981706
than the carrying value. (6 marks)

(b) The company self-manufactures many of its clothing lines, and has a factory
in Manchester, UK. Research has shown that the company could achieve
substantial cost savings by outsourcing to south east Asia, and the factory in
Manchester is to be closed. A provision of $3.2m to cover redundancy costs has
been included in the 2006 draft financial statements. (7 marks)
(c) The company is planning to open 20 new stores in south east Asia in the next
year. To assist in financing the expansion, the company sold a number of its
properties on 28 September 2006 for $200m and leased them back under
operating leases. (7 marks)
Required:
For each of the above points: (i) Comment on the matters that you should
consider; and (ii) State the audit evidence that you should expect to find, in
undertaking your review of the audit working papers and financial statements of
Yummy Mummy Co. (20 marks)
The mark allocation is shown against each of the three points.
Formulating an answer
Note the format of the question. There are three mini-case studies, and for each
the candidate has to (i) comment on the matters that should be considered and
(ii) state audit evidence. As this article is about audit evidence, we will only
consider Part (ii) of the question. However, the examiner has given guidance on
how she wants candidates to answer Part (i), and has said that matters to
consider will normally include risk, materiality, and accounting treatment. In many
answers, there is also a requirement to comment on the type of audit report that
would be needed if the company refuses to amend an erroneous treatment.
Deciding on audit evidence
For each scenario:
Think about how the accountant would have calculated the numbers in the
financial statements, the source documents used and the systems
followed, and then write about the documents etc, that one would expect
to see.
Think about how to verify the other relevant facts in each case.
Consider the accounting/disclosure requirements of each scenario, and say
how one can check if they are being met.
Remember, as the question is about evidence, not procedures, I would advise
candidates to begin their answers to each part with the words ‘I would expect to
see’, and then list out the evidence as bullet points. This should stop candidates
talking about procedures. Here is an example answer – the bracketed text in
italics is not part of the answer, but simply explanation where required. (a)
(Accounting issues in this scenario are subsequent events (adjusting) and
impairment.) I would expect to see:
extracts from the management accounts showing the performance
of the Italian stores compared to budget, and the most recent budget for
2007
a copy of the board minutes detailing management’s plans to
improve performance or to sell the stores (if performance continues to be
189

lOMoARcPSD|2981706
poor it could affect going concern, if stores are to be sold they may need
to be re-categorised as assets held for sale)
a schedule comparing the carrying value of the assets with the
recoverable amount, annotated to show that carrying value has been
agreed to the non-current/fixed assets register, and that any allocation of
central assets and goodwill was reasonable
a completed audit programme for non-current/fixed assets (as the
appropriateness of the value of the assets has already been checked
during the audit of non-current/fixed assets, there is no need to check it
again)
a calculation of value in use, annotated to show that the cash flows
have been compared with budgets for 2007 and beyond, and with actual
cash flows (to see if they are reasonable).
(b) (The obvious accounting issue is provisions, but issues which are not
mentioned – but which are potentially relevant – include assets held for sale and
discontinued operations.) I would expect to see:
a copy of the announcement of the restructuring (has to be before
the year end in order for a provision to be made)
a working paper detailing whether redundancy payments are being
made in accordance with contractual, statutory, or constructive
obligations, and how the constructive obligations, if any, have been
derived (in some countries, companies are required under statute to pay
certain levels of compensation to redundant employees)
a schedule detailing the amount to be paid to each redundant
employee. This schedule should be annotated to show that all relevant
employees have been included and that the calculations have been
checked for a sample of employees, including agreement of their
pay/service to their contracts where relevant
a point in the management representation letter as to any other
costs to be provided for in closing the factory (eg penalties for cancellation
of leases) a point in the management representation letter detailing
whether the factory is to be sold or abandoned (if a decision is made to
sell, then assets are valued as assets held for sale, but not if it is to be
abandoned)
a copy of the invitation to tender for the outsourcing contract, and
notes of discussions with management as to how the manufacturer was
selected and how quality is to be assured.
(c) (Candidates need to focus on checking whether the leaseback is really an
operating lease rather than a finance lease.) I would expect to see:
a copy of the leasing contract
a schedule comparing the present value of the minimum lease
payments with the fair value of the leased assets
a note comparing the length of the lease with the estimated useful
life of the assets, and stating whether Yummy Mummy Co. is responsible
for maintenance and insurance
a schedule calculating the amounts that should appear in the
190

lOMoARcPSD|2981706
financial statements, if the audit team believes this to be a finance lease

an estimate of the carrying value of the assets at the date of sale, if
the lease is an operating lease (if selling price is not fair value, it affects
how profit on sale is recognised)
a point in the management representation letter on the purchaser of
these properties, and whether they are related to Yummy Mummy Co.
and, if necessary, a draft of the related party disclosures that will appear in
This is just one possible answer – there are many other valid points that could be
made. Notice that this sample answer reflects the three points mentioned above:
Evidence to show that the accountant has worked out the figures correctly (eg
the calculation of the redundancy payment, the calculation of value in
use).
Evidence to prove other relevant facts (eg performance in Italy, outsourcing
contract, lease agreement).
Evidence to prove that accounting standards have been complied with (eg date
of closure announcement, comparison of payments, fair value of leased
assets).
Connie Richardson is a lecturer at FTC Kaplan in Singapore
AUDIT WORKING PAPERS

This article is about audit working papers. Auditors should prepare and organise
their working papers in a manner that helps the auditor carry out an appropriate
audit service. The auditor should avoid preparing or accumulating unnecessary
working papers, and should therefore avoid making extensive copies of the
client’s accounting records. It is worth noting at this stage that it is neither
necessary nor practicable for the auditor to document every matter considered
during the audit. Audit documentation needs to be understood for both Audit and
Assurance (AA) and Advanced Audit and Assurance (AAA).
The auditing standards
ISA 230, Audit Documentation states that the objective (1) of the auditor is to
prepare documentation that provides:
A sufficient and appropriate record of the basis for the auditor’s report, and
Evidence that the audit was planned and performed in accordance with ISAs
and applicable legal and regulatory requirements.
The auditor should prepare the audit documentation on a timely basis and in
such a way so as to enable an experienced auditor, having no previous
connection with the audit, to understand:
The nature, timing, and extent of the audit procedures performed to comply
with ISAs and applicable legal and regulatory requirements
The results of the audit procedures and the audit evidence obtained, and
Significant matters arising during the audit, the conclusions reached and
significant judgments made in reaching those conclusions.
In documenting the nature, timing, and extent of audit procedures performed, the
auditor should record the identifying characteristics of the specific items or
191

lOMoARcPSD|2981706
matters being tested. The auditor should document discussions of significant

matters with management and others on a timely basis. If the auditor has
identified information that contradicts or is inconsistent with the auditor’s final
conclusion regarding a significant matter, the auditor should document how the
auditor addressed the contradictions or inconsistency in forming the final
conclusion. Where, in exceptional circumstances, the auditor judges it necessary
to depart from a basic principle or an essential procedure that is relevant in the
circumstances of the audit, the auditor should document how the alternative audit
procedures performed achieve the objective of the audit, and, unless otherwise
clear, the reasons for the departure. In documenting the nature, timing, and
extent of audit procedures performed, the auditor must record:
The identifying characteristics of the specific items or matters tested
Who performed the audit work and the date such work was completed, and
Who reviewed the audit work and the date and extent of such review (2).
The auditor should complete the assembly of the final audit file on a timely basis
after the date of the auditor’s report. After the assembly of the final audit file has
been completed, the auditor should not delete or discard audit documentation
before the end of its retention period. When the auditor finds it necessary to
modify existing audit documentation or add new audit documentation after the
assembly of the final file has been completed, the auditor should, regardless of
the nature of the modifications or additions, document:
The specific reasons for making them, and
When and by whom they were made and reviewed.
When exceptional circumstances arise after the date of the auditor’s report that
require the auditor to perform new or additional audit procedures, or that lead the
auditor to reach new conclusions, the auditor should document:
The circumstances encountered
The new or additional audit procedures performed, audit evidence obtained,
and conclusions reached, and their effect on the auditor’s report
When and by whom the resulting changes to audit documentation were made,
and (where applicable) reviewed.
The requirements of the ISA guide the auditor to produce audit documentation
that is of an acceptable standard. Understanding and applying the requirements
will protect the auditor from unwelcome and unnecessary litigation.
Importance of working papers
Working papers are important because they:
are necessary for audit quality control purposes
provide assurance that the work delegated by the audit partner has
been properly completed
provide evidence that an effective audit has been carried out
increase the economy, efficiency, and effectiveness of the audit
contain sufficiently detailed and
up-to-date facts which justify the reasonableness of the auditor’s
conclusions
retain a record of matters of continuing significance to future audits.
Avoiding unnecessary papers
192

lOMoARcPSD|2981706
Before deciding to prepare a particular audit working paper, the auditor should be
satisfied that it is:
necessary either because it will serve an essential or useful
purpose in support of the auditor’s report, or because it will provide
information needed for tax or other client-related statutory/regulatory
purposes
not practicable for the client staff to prepare the working paper, or
for the auditor to make copies of papers that the client staff (including
internal auditors) have prepared as part of their normal regular duties.
Content
Typically each audit working paper must be headed with the following
information:
The name of the client
The period covered by the audit
The subject matter
The file reference (3)
The initials (signature) of the member of staff who prepared the
working paper, and the date on which it was prepared
In the case of audit papers prepared by client staff, the date the
working papers were received, and the initials of the audit team member
who carried out the audit work
The initials of the member of staff who reviewed the working papers
and the date on which the review was carried out
Each audit paper should meet the characteristics of a good working
paper, as detailed later in this article.
Papers prepared by client
Certain working papers required by the auditor may have already been prepared
by client staff. The auditor should make arrangements, whenever possible, for
copies of these to be made available to the audit team. If client staff prepare
working papers which are to be retained by the auditor, the auditor should agree
the form of the working papers with client staff at an early stage in the audit, and
include this information in the audit timetable.
When arranging for working papers to be prepared, the auditor should take care
to ensure that the working papers will give all the information required. All such
working papers should normally be clearly identified as having been prepared by
the client. The member of audit staff directly responsible for an audit area in
which working papers prepared by client staff are included should sign those
papers – this will show that they have been checked and that they can be
reviewed by the manager and the partner, and by subsequent reviewers. The
signature of the audit team member indicates that the working paper (prepared
by client staff) has been ‘audited’.
Some characteristics of a good working paper
On the basis of the discussion above, a good working paper should meet the
requirements of ISA 230 by displaying the following characteristics:
It should state a clear audit objective, usually in terms of an audit
assertion (for example, ‘to ensure the completeness of trade payables’).
193

lOMoARcPSD|2981706
It should fully state the year/period end (eg 31 October 20X9), so

that the working paper is not confused with documentation belonging to a
different year/period.
It should state the full extent of the test (ie how many items were
tested and how this number was determined). This will enable the
preparer, and any subsequent reviewers, to determine the sufficiency of
the audit evidence provided by the working paper.
Where there is necessary reference to another working paper, the
full reference of that other working paper must be given. A statement that
details of testing can be found on ‘another working paper’ is insufficient.
The working paper should clearly and objectively state the results
of the test, without bias, and based on the facts documented.
The conclusions reached should be consistent with the results of
the test and should be able to withstand independent scrutiny.
The working paper should be clearly referenced so that it can be
filed appropriately and found easily when required at a later date.
It should be signed by the person who prepares it so that queries
can be directed to the appropriate person.
It should be signed and dated by any person who reviews it, in
order to meet the quality control requirements of the review.
The reviewer of audit working papers should ensure that every paper has these
characteristics. If any relevant characteristic is judged absent, then this should
result in an audit review point (ie a comment by the reviewer directing the original
preparer to rectify the fault on the working paper).
Conclusion
Working papers provide evidence that an effective, efficient, and economic audit
has been carried out. They should therefore be prepared with care and skill.
They should be sufficiently detailed and complete so that an auditor with no
previous experience of that audit can understand the working papers in terms of
the work completed, the conclusions reached, and the reasoning behind these
conclusions.
Notes
ISA 230 paragraph 5.
Paragraph 17 of ISA 220 establishes the requirement for the engagement
partner to be satisfied that sufficient appropriate audit evidence has been
obtained through a review of the audit documentation (and discussion with
the engagement team). This does not imply that each specific working
paper must include evidence of review, however there must be
documentation of what work was reviewed, who reviewed the work and
when it was reviewed.
Each audit firm has its own file numbering and referencing system. Within each
system, the best way of numbering working papers is to file them serially in each
section and to cross-reference them. Where papers are intended to agree with or
support items appearing in the financial statements, or in other working papers in
the file, the auditor should normally prepare them so as to make such
agreements obvious without the necessity of further investigation and
194

lOMoARcPSD|2981706
reconciliation.
ADVANCED AUDIT AND ASSURANCE – EXAMINER’S

APPROACH
This article outlines the approach that will be used to examine Advanced Audit
and Assurance (AAA), effective from the September 2018 exam session. The
article should be read in conjunction with the relevant Study Guide and Syllabus
and list of examinable documents.
Format of the exam
A new format is being introduced from September 2018. Please refer to the
specimen paper for an example of the format. All questions in the exam will be
compulsory from September 2018.
Section A Section A will consist of one compulsory Case Study question, for a
total of 50 marks, broken down into several requirements. The question scenario
will provide a range of detailed information in the form of “exhibits”, and could
relate to one or more client companies. The information will come from a variety
of sources, and may include, for example, background information about a client,
notes of meetings or phone calls held with management of the client company,
extracts from financial statements, and extracts from audit working papers.
While the question scenario will be set in the planning phase of an audit,
requirements could cover a range of topics, for example relating to evidence,
audit quality or ethics. The aim is to place candidates in a 'real world' situation
where they would be faced with several very different issues in relation to the one
or more clients.
Four professional marks will be available in Section A and will be awarded based
on the level of professionalism with which a candidate’s answer is presented,
including the structure and clarity of the answer provided.
Section B Section B will contain two compulsory questions of 25 marks each.
Shorter scenarios will be provided as a basis for the Section B requirements.
Candidates should ensure that they study the whole syllabus and practice as
wide a range of past questions as possible in preparation for the exam, as
questions and syllabus topics can no longer be avoided.
One of the Section B questions will always be set in the completion stage of an
audit, and could focus on topics including the final review of audit evidence,
including evaluation of matters and evidence to support the audit opinion, the
audit of going concern and subsequent events, the auditor’s report, and reports
to those charged with governance.
The other section B question could cover a range of topics – the only exclusion is
that it will not be based on an audit completion scenario.
Key objectives of the syllabus
Audit planning and risk assessment will continue to be examined in every sitting,
in Section A. Candidates should be aware that 'planning' covers a wide variety of
topics, and does not just mean 'risk assessment'. For more clarity in this area it is
essential to read the Syllabus and Study Guide in order to appreciate the breadth
of the syllabus in relation to 'planning'. As explained above, planning questions
195

lOMoARcPSD|2981706
will include wider issues, so candidates might be expected to deal with ethical
matters which arise when planning an audit, or issues such as accepting a new
audit client.
At each sitting, candidates should also be prepared to tackle requirements
relating to obtaining audit evidence. Requirements are likely to focus on specific
financial statement balances or transactions, for which candidates will be asked
to design the relevant audit procedures. Candidates should ensure that when
asked to ‘design’ procedures that they provide the source and purpose for each
relevant procedure.
When asked to comment on the 'matters to consider' in the completion phase of
an audit, candidates should be aware that one of the key matters to consider is
whether the relevant accounting standard has been adhered to, as well as the
materiality of the matter, and to consider and explain the audit evidence which
should have been obtained in relation to the issue.
Auditor’s reports and reporting to those charged with governance are both
important areas. There have been changes in the last few years in relation to
auditor’s reports, and it is important that candidates familiarise themselves with
the most up to date requirements. It is essential that candidates are confident
answering questions on this topic as Syllabus section E will form one of the
Section B questions every session.
Ethics and related professional issues are likely to feature in every session,
either in Section A or Section B. It is important to appreciate that ethics is not just
about independence but also covers ethical issues such as conflicts of interest
and confidentiality, as well as fraud and error, and professional liability. Matters
such as audit quality and professional scepticism are also important syllabus
areas, and candidates should be prepared to evaluate whether an audit has been
conducted suitably, including whether the auditor has applied an appropriate
level of professional scepticism in a specific situation.
In respect of current issues, candidates should be ready to discuss a current
issues topic in the context of the client scenario provided. As current issues can
impact on any stage of an audit or assurance engagement, a current issues
requirement could feature in either Section A or Section B of the exam.
Candidates should appreciate that they are expected to read around current
issues and not rely on manuals from tuition providers. Good quality newspapers,
professional journals, as well as ACCA's website, provide sources of information
on current developments in audit and assurance. Candidates must not rote learn
a provided piece of information on a current issue and then proceed to
regurgitate this information verbatim as an answer to an exam requirement. By
the time candidates have reached this stage in their professional studies they
should take responsibility for developing their own opinion on a current issue,
and be able to reach their own conclusion.
Syllabus changes
As part of the transition to AAA, the syllabus has been amended. However, no
significant syllabus amendments or additions have been made; the syllabus has
just been restructured to allow for the proposed coverage as discussed above.
Some learning outcomes have been reworded streamline the study guide and
196

lOMoARcPSD|2981706
make it more user-friendly.

In addition, some of the learning outcome verbs and other wordings have been
changed, to better reflect the level of knowledge or application skill that is being
tested. For example, candidates will be asked to evaluate audit risks, and to
design audit procedures, requirements which better indicate the practical and
applied nature of what is required.
Specific competencies
AAA is a challenging and mostly practical exam. Candidates must consider
carefully whether they have the required competencies when deciding whether to
take this option exam. The competencies necessary for a candidate to achieve a
clear pass in AAA include:
a thorough understanding of the relevant audit, assurance and
financial reporting regulations that fall within the syllabus
the ability to apply knowledge to specific client scenarios
the ability to have an independent opinion, backed up by reasoned
argument
an appreciation of commercial factors which influence practice
management
an appreciation of the fast-moving developments in audit and
assurance practices.
Candidates would be ill-advised to choose AAA as an Options exam if they:
have little or no practical audit experience
struggled with preceding audit exams
are unwilling to take responsibility for their own opinions by reading
around current issues
are uncomfortable discussing arguments or reaching opinions.
Information sources
Candidates should ensure they are familiar with the wide range of materials
available to help them with their studies. In addition to material provided by tuition
providers, and ACCA's website, candidates are encouraged, as discussed
above, to regularly read up on current issues.
Candidates are encouraged to practise past questions to ensure that that they
have good knowledge of the syllabus, are familiar with question requirements
and have strong exam technique.
Student Accountant will notify you via email from time to time when new technical
articles for AAA have been published. Such articles should be considered
essential reading, and will cover both exam approach and technical issues from
the syllabus. These articles are also available on the ACCA website and
candidates are reminded to visit the site regularly to ensure they are aware of
additional resources.
Conclusion
Candidates who have practised plenty of past exam questions, who have taken
time to read around the syllabus, and who use sensible exam technique on the
day of the exam are very likely to secure a pass. This exam should not be
approached as a rote learning exercise, but as a chance to show the ability to
think logically and practically, reach an opinion, and demonstrate the application
197

lOMoARcPSD|2981706
of technical issues to a real-world scenario.

Written by a member of the AAA examining team
HOW TO TACKLE AUDIT AND ASSURANCE CASE STUDY QUESTIONS

This article provides an insight into the recommended approach for Section A
questions in Paper P7, Advanced Audit and Assurance. Paper P7 is one of the
final options papers, and, as such, will be a demanding and challenging exam,
aiming to test whether candidates have the necessary knowledge, application,
skills, and judgement to complete their professional qualification. Using good
exam technique and having a sensible approach to questions will do much to
help secure a clear pass mark. This is the first of a two-part series on
approaching Section A questions. The next article – which will be published in
the September 2007 issue of student accountant – will include elements of a
typical question and illustrate how these should be approached.
The exam will include two questions in Section A, with a combined mark
allocation of between 50 and 70 marks. It is likely that the combined total of the
two questions will be towards the higher end of this range.
Both Section A questions will be case studies. Detailed information will be
provided about a business for which the candidate’s firm is providing an audit or
assurance service. The aim of the case study question is to place the candidate
in a real-world situation, facing the real-world requirements that an audit or
assurance provider would have to deal with. The questions will therefore be
practical in nature.
Case study requirements
Each case study question will include several separate requirements taken from
separate syllabus areas. This mirrors what happens in the real world when, for
example, an audit manager planning an assignment needs to consider not only
how to plan the work, but also assess the implications of any ethical, practice
management, quality control, or current professional issues raised from
information provided by the client. At least one of the requirements could be to
provide a response to a specific enquiry raised by the client or potential client in
the scenario.
The first stage, when attempting a case study question, is to carefully read the
requirements and understand exactly what is being asked for. By the time a
candidate reaches this final stage in their professional studies it is hoped that
they are familiar with the general style of question requirements. However, the
wording used is such an important issue that it is worth repeating for the sake of
clarity. At the Professional level, requirements are at the highest intellectual level
and it is imperative that candidates understand exactly what is being asked.
Generally, requirements ask the candidate to perform an action, as follows:
Requirement Meaning
198

lOMoARcPSD|2981706
Identify Pick out a relevant issue/point from the scenario
Offer an opinion, debate a topic, express a

Comment on
reaction
Clarify and provide extra details on a subject

Explain
matter
Weigh up advantages and disadvantages and

Evaluate/assess
make a judgement
Consider a subject in depth and come to an

Critically discuss
opinion
Come to a conclusion and provide a strong

Justify
argument for a decision
Block: Text
Candidates should familiarise themselves with exam terminology and tailor their
answers accordingly. Taking time to consider the exact wording of the
requirement will result in a focused answer which satisfies the question set.
Note that very few marks will be available in Paper P7 for rote-learning and the
listing of facts, rules, or pieces of information. Instead, the application of
knowledge to the specific scenario provided will score well. For example, a
requirement may ask for the identification and explanation of matters (such as
business or financial statement risks). As a general rule, a maximum of one-third
of the available marks would be available for identification; the remaining two-
thirds would be for the explanation of the matter. It is therefore not possible to
pass the question requirement without application to the question scenario.
Professional marks
The ACCA Qualification features a core theme of ‘ethics and professionalism’,
and all Professional level exams will contain some marks on this topic. In Paper
P7, the professional marks will be allocated between the two Section A
questions, with a maximum of five marks being available across the two
questions. The requirements will clearly state how many marks are available and
which question requirement they relate to.
It is likely that Section A requirements containing professional marks will ask for
the answer in a particular format, such as a report or briefing notes. The
199

lOMoARcPSD|2981706
professional marks will be awarded for the following:

structure and presentation
clarity of explanation
use of language appropriate to the addressee
use of professional judgement
discussion of both sides of a debate
appreciation of relevant current professional issues.
Case study information
Having read the requirements and understood exactly what has been asked for,
the next step is to carefully read through the information provided, all the time
bearing in mind the specific instructions given in the requirements.
The information provided in the scenario is likely to be both numeric and
narrative, and could come from many different sources, such as:
extracts from financial statements
information from management systems
details taken from working papers
verbal representations from the client or members of the
audit/assurance team
statements from third parties.
The information in the question will need to be carefully read and it is important
that sufficient time is spent digesting and understanding the information provided.
Candidates who skim read the information and do not take time to stop and think
about the issues raised in the scenario are likely to produce a poorly focused
answer which fails to identify the main points.
When reading the case study scenario it is important, therefore, to identify the
following:
What is your role? For example, are you the manager responsible
for the audit, or responsible for company-wide matters such as ethics or
quality control?
What is the time scale? Are you planning an assignment prior to the
client’s year end, or reviewing working papers at the conclusion of the
audit?
What does the company do? Is it involved in manufacturing, a
service industry, or financial services? Does the company operate in a
highly-regulated industry?
What is the key relationship in the scenario? Is the company a long
standing or potential client? Is this a one-off or a recurring engagement?
Understanding these basic facts will ensure that candidates approach the
question requirements from the correct viewpoint.
When reading through the scenario it is useful to highlight or underline important
pieces of information. A lot of time can be wasted by continually re-reading the
scenario, so thoroughly reading and annotating the question paper should
improve time management. Remember, with reading and planning time now
being given at the start of the exam, there should be plenty of time to read the
entire scenario carefully.
Planning and time allocation
200

lOMoARcPSD|2981706
The case study questions will contain at least three discrete requirements. Time
must be allocated between the requirements to ensure that each is addressed in
sufficient depth. Failing to deal with a requirement obviously reduces the overall
mark available for a question, but it also detracts from the quality of the answer
as a whole. Remember, within each requirement there will be some relatively
easy marks to gain, so by not attempting a requirement these marks are lost.
Is it worthwhile planning the answer? The simple answer is yes, as long as the
plan is not too detailed and is then followed. A brief plan of the main points to be
covered will keep the focus on the key elements of the requirements, and should
avoid digressions into irrelevant matters. A good plan should prioritise the most
significant issues. This is important, because if time runs short, key issues will
still have been covered. A good plan will also draw out links between different
pieces of information provided in the scenario. However, a plan is only worth
doing if it enhances the answer. Spending too long on a very detailed plan,
resulting in a lack of time to deal with the question requirements in detail, is not a
good use of time in the exam. Plans should be very brief, no more than bullet
points, and clearly labelled so they can not be confused with the actual answer.
A general comment on time allocation: a common error is to spend too long on
the first two questions, leaving very little time for the remaining questions. It is
imperative that each question is properly attempted, and that sufficient time is left
towards the end of the exam to attempt the final question. Candidates are
advised that the quality of the overall script will be reviewed, and students are
reminded to attempt the correct number of questions.
Take time to think
This may sound obvious, but it is important to take time to think about the
requirements, the scenario, and how to answer the question. Rushing to put pen
to paper without sitting back to think an answer through is a frequent mistake in
exams. The following are common examples of errors caused by not thinking
about the facts in the scenario or the question requirement.
Failing to properly read and understand the question requirements could result
in:
not thinking properly about the actual question requirement and
then proceeding to answer the requirement inappropriately. Not answering
the question set is a major reason for failure. Linked to this, it is apparent
that a question requirement is often only read briefly, and that the
candidate then goes on to assume that the requirement is identical to
requirements from previous exam questions. This will mean failing to
answer the specific question set.
making comments that belong to a different question requirement is
a mistake which comes from not looking at the question requirements in
their entirety. It is important to look at how the requirements relate to each
other to ensure that an answer is logical and comments made do not refer
to the wrong answer requirement.
Failing to read the scenario carefully, or failing to think it through, could result in:
making inappropriate suggestions, as a result of not thinking clearly
and professionally about the relationship between the audit/assurance
201

lOMoARcPSD|2981706
provider and the client. It is imperative that candidates appreciate that

Paper P7 examines not just technical concepts, but also the ability to
make commercial and professional comments and recommendations. This
is one area where stopping and thinking about the relationships between
individuals within the scenario is crucial. For example, if the candidate is
given the role of an audit manager or partner, it is important not to defer to
more junior members of the team. Equally, inappropriate comments to the
client must be avoided. For example, the management of the client
company should not be ‘asked if they are corrupt’ or ‘asked to prove their
technical ability to prepare accounts’. Clearly, such comments detract
heavily from the quality of any answer, but can be avoided by thinking
carefully about relationships and how they should be managed.
making wholly inappropriate practical suggestions. For example,
asking, as part of audit evidence, to physically verify an asset that has
been sold, or requesting sight of a purchase invoice for an item bought
many years ago. Think carefully about requests or recommendations and
ask whether the request could actually be carried out.
seeing a word and assuming it means something, when really it
means something entirely different – this is a common mistake and results
purely from not thinking before writing an answer. For example, if a
scenario includes information about fines or penalties, it is important to
think about whether the amount has been paid before the year end, and
not to automatically assume, without taking time to think about the facts
from the scenario, that a provision would be necessary.
when performing calculations, it is crucial to think about the figures
provided in the scenario and to use the correct figure in the right way. For
example, when calculating materiality, make sure that the correct
benchmark is used. If calculating the materiality of an asset, the materiality
calculation should be based on the balance sheet, rather than on revenue
as this is totally inappropriate.
Presenting the answer
It should go without saying that answers should be clearly presented, as this
makes marking much easier. In particular, the following points should be noted:
Use headings and sub-headings to give the answer a logical flow.
Bullet points are only appropriate when listing facts which require
little explanation, which will be rare in Paper P7.
Illegible handwriting is a major problem for markers. If handwriting
is a particular area of concern, leave a blank line between each line of
writing, and write more slowly.
Start each answer on a new page of the answer booklet.
Remember that some requirements contain professional marks, as discussed
earlier, and in these requirements the presentation and layout of the answer is
particularly important.
Conclusion
This article has focused on the case study questions which will appear in Section
A of the Paper P7 exam, but many of the points made could equally apply to the
202

lOMoARcPSD|2981706
Section B questions. It is hoped that candidates will have already developed

good exam technique in order to reach this final stage in their professional
exams. However, in every sitting, many relatively easy marks are not gained
because of a poor approach to answering questions. It is recommended that
candidates practise as many questions as possible in preparation for the exam;
bearing in mind the points made in this article while practising questions should
improve performance significantly.
AUDIT AND ASSURANCE CASE STUDY QUESTIONS

The first article in this series of two on Paper P7 case study questions discussed
question style, what to look for in the requirements, how higher-level skills are
tested, and the meaning of professional marks within a question requirement.
This second article goes through part of a typical Section A case study question,
applying the recommended approach described in the previous article. This
approach comprises four stages.
Stage 1 – understanding the requirement
The first thing to do is to read and fully understand the question requirement.
Here is the requirement we will be looking at in this article:
‘Prepare a report, to be used by a partner in your firm, in which you identify and
evaluate the professional, ethical, and other issues raised in deciding whether to
accept the appointment as provider of an assurance opinion as requested by
Petsupply Co.’ (12 marks)
Note: this requirement includes two professional marks.
Having read the requirement, break it down. You are asked to do two things:
identify, ie state from the information provided
evaluate, ie discuss from a critical point of view.
The requirement asks you to consider ‘professional, ethical, and other issues’.
This could cover a wide range of considerations, such as:
ethics: independence, competence, conflicts of interest,
confidentiality, assessing integrity
professional issues: the risk profile of the work requested, the fee –
and whether it is sufficient to compensate for high risk, availability of staff,
managing client expectations, logistical matters such as timing, legal and
regulatory matters – such as money laundering, and (in some cases)
obtaining professional clearance
other issues: whether the work ‘fits’ with the commercial strategy of
the audit firm, the potential knock-on effect of taking on the work – such as
the impact on other clients, or on other work performed for this client.
You are asked to produce a report, so remember that the professional marks
available will be awarded for using the correct format, the use of professional
business language, and for presenting your comments as a logical flow
culminating in a conclusion.
From reading the requirement, you know that the question scenario will be based
on a potential assurance assignment and will be broadly based around
203

lOMoARcPSD|2981706
acceptance issues.
Stage 2 – reading the scenario
When reading through the detail of the scenario, you should now be alert to
information relevant to this requirement. Highlight important points that you think
are relevant to the scenario and remember to focus on issues that could affect
your acceptance of a potential assurance assignment.
Now read the following extract from the scenario and highlight the salient points –
remember to look out for any factors relevant to the ethical, professional, and
other issues described above.
Extract: You are a senior manager in Dyke & Co, a small firm of Chartered
Certified Accountants, which specialises in providing audits and financial
statement reviews for small to medium-sized companies. You are responsible for
evaluating potential assurance engagements, and for producing a brief report on
each prospective piece of work to be used by the partners in your firm when
deciding whether to accept or decline the engagement. Dyke & Co is keen to
expand the assurance services offered, as a replacement for revenue lost from
the many small-company clients choosing not to have a statutory audit in recent
years. It is currently May 2007.
Petsupply Co has been an audit client of Dyke & Co for the past three years. The
company owns and operates a chain of retail outlets selling pet supplies. The
finance director of Petsupply Co recently communicated with your firm to enquire
about the provision of an assurance report on data provided in the Environmental
Report published on the company’s website. The following is an extract from the
e-mail sent to your firm from the finance director of Petsupply Co:
‘At the last board meeting, my fellow directors discussed the content of the
Environmental Report. They are keen to ensure that the data contained in the
report is credible, and they have asked whether your firm would be willing to
provide some kind of opinion verifying the disclosures made. Petsupply Co is
strongly committed to disclosing environmental data, and information gathered
from our website indicates that our customers are very interested in
environmental matters. It is therefore important to us that Petsupply Co reports
positive information which should help to retain existing customers, and to attract
new customers. I am keen to hear your views on this matter at your earliest
convenience. We would like verification of the data as soon as possible.’
You have looked at Petsupply Co’s Environmental Report on the company
website, and found a great deal of numerical data provided, some of which is
shown below in Table 1.
Table 1: Petsupply Co's environmental report – numerical data
Petsupply Co: Actual KPI Actual KPI Reason for

environment year to 30 year to 30 variance/tren
al key April 2007 April 2006 d
performance
204

lOMoARcPSD|2981706
indicator
(KPI)/target
To spend $1m Petsupply Co has

per annum on more liquid funds
$0.75m
developing $1.1m spent available in the
spent on
environmentally- on relevant year to 2007 to
relevant
friendly development spend on
development
packaging and development
bags projects
Petsupply Co has
doubled the
To increase the amount of waste
50 tonnes of 25 tonnes of
amount of waste recycled due to
waste waste
recycled by 10% installation of
recycled recycled
per annum recycling bins at
all
stores
Customers
complete surveys
To ensure that at
in store to rate
least 90% of our
our policies; data
customers are
95% ‘very 70% ‘very shows that
‘very happy’ with
happy’ happy’ customers are
Petsupply Co’s
extremely happy
environmental
with our progress
policies
on environmental
matters
Block: Text
Stage 3 – take time to think about the requirement and the
scenario
As discussed in the previous article, you must take time and not rush to answer.
When evaluating this particular scenario try to think widely about the information
provided. Your answer should cover a broad range of issues rather than
concentrating on one or two. Your comments must be tailored to the scenario. It
is pointless, for example, to write about a general acceptance issue which is not
specifically related to Petsupply Co.
It is important to appreciate that few marks will be available for stating the issue.
205

lOMoARcPSD|2981706
The higher-level skill marks in this question will be awarded for a discussion of
why the issue is relevant to the decision about whether or not to provide the
assurance service to Petsupply Co. The requirement is to evaluate the scenario
and therefore it is crucial to demonstrate an appreciation that there may be two
conflicting sides to the discussion.
Table 2 shows an example of a thought process which identifies the issues and
explains why each issue is relevant to the requirement; the issues are shown in
the order in which they appear in the question.
Table 2: Example of a thought process which identifies issues
and shows relevance to the requirement
Issue from
the Why relevant to the requirement
scenario
The engagement will provide an extra source of

Your firm is revenue, and accepting the assignment fits the
keen to commercial strategy of Dyke & Co. But, the firm
provide more should not put the fact that it wants more revenue
assurance from providing assurance services above the more
services due important consideration of ethical and professional
to loss of issues, and the overall assessment of the risk
income from attached to the assignment. It will also be important
audit services to consider whether the assignment is a one-off
engagement or is likely to be an ongoing service.
Your firm will already possess good business

understanding, which will reduce the risk
associated with the engagement, and should also
cut down on planning time. However, Dyke & Co
must consider various ethical matters, as Petsupply
Petsupply Co
Co is already an audit client, including the
has been a
appropriateness of providing a non-audit service,
client for three
and the impact on the level of fees received from
years
an existing client. It is irrelevant to discuss whether
there are general threats, such as financial
interests in Petsupply Co, as Dyke & Co already
provides the audit service, and should therefore
already have conducted general ethical clearance.
206

lOMoARcPSD|2981706
This appears to be a very specialist assignment

and it is questionable whether a small firm of
accountants would possess relevant skills and
The assurance experience. However, the firm could either spend
service time and money training staff to perform the
requested is to assignment, or bring in specialists to perform the
provide an work. This would enable Dyke & Co to build up
opinion on experience in this area, enabling it to provide
environmental further services of this type, which fits in with the
key firm’s commercial strategy. However, whether the
performance skills are developed in house, or bought in, there
indicators will be considerable expense involved; Dyke & Co
would need to carefully consider the fee charged
as the firm will want to recover as much cost as
possible.
There is a high inherent risk attached to the

Petsupply Co
environmental data. Petsupply Co has a clear
is keen to
reason to manipulate the data in order to disclose
disclose
that targets are being met. In deciding whether to
positive data
accept the assignment, Dyke & Co must consider
in order to
whether this risk can be reduced to an acceptable
maintain
level. It may be difficult for Dyke & Co to challenge
customer
the directors with confidence about the data, given
satisfaction
its lack of experience in this area.
The client appears to have an unrealistic

Petsupply Co expectation of what an assurance service can
requires a provide. Before any decision is made about
‘verification’ of acceptance, Dyke & Co must explain to the client
the that its report will not verify or certify the data, and
environmental is likely to provide at best ‘limited assurance’ over
data the data – the expectation of the client clearly
needs to be managed.
Petsupply Co As discussed above, Dyke & Co will need to either

wants the develop or buy-in expertise in this area, and due to
work the high inherent risk identified above, the firm will
performed as want to spend plenty of time gathering evidence.
quickly as The client again may have unrealistic expectations
possible about the timeframe in which the opinion could be
207

lOMoARcPSD|2981706
provided.
It would be relatively easy to gather evidence on

the amount spent on development, as this is similar
to a substantive audit procedure but it may be hard
for Dyke & Co to substantiate if the money has
really been spent on environmentally-friendly
packaging.
Some of the Quantifying how much waste has been recycled
data shown in will depend on the strength of the system put in
the place by Petsupply Co to capture the data. Equally,
environmental it would be difficult to gather detailed evidence to
report is not reach an opinion on customer satisfaction as it is a
well defined very subjective measure, not suitable for
quantification. All of the above points suggest that
the engagement will involve testing some
subjective issues, and possibly relying on the
controls put in place by the client, both of which
have an impact on the overall risk assessment of
the work requested.
Block: Text
Table 2 is not an answer, it is a thought process. This is what you should be
thinking about after reading through the scenario. The previous article stressed
the importance of thinking through the scenario. It may help to jot these ideas
down in an answer plan before making a start on your written answer, as this will
help you to prioritise the points and give the report a logical flow.
Stage 4 – writing the report
The requirement states that two professional marks are available. As discussed
in the previous article, these marks are not for the technical content of the
answer, but for the way the relevant points are communicated. The report will be
evaluated on the following:
Use of a report format – a brief introduction, clear separate sections
each discussing a different point, and a final conclusion.
Style of writing – the report is addressed to the partner and so
language should be appropriate. You do not need to explain things that
would be obvious to a partner, and you must be tactful.
Clarity of explanation – make sure that each point is explained
simply and precisely, and avoid ambiguity.
Evaluation skills – demonstrate that each point may have a positive
and a negative side.
Remember, when answering any question requirement it is quality not quantity
that counts. You should make each point succinctly and remain focused on the
208

lOMoARcPSD|2981706
specific requirement. Questions can be time pressured, but it is important to

remember that you should be able to read the requirement, think about it, and
write an answer in the time available. This means that there is only a limited
amount of time available for actually writing the answer, so keep it short and to
the point. Irrelevant waffle earns no marks and will detract from the professional
skills evaluation. What follows is an outline report format for this requirement:
Introduction
Report is internal, addressed to a partner, covering proposed
assurance service for existing audit client
Section 1 – ethical matters
Provision of non-audit service
Impact on total fee from client
Competence to perform work – specialised engagement
Section 2 – risk-related matters
High inherent risk – figures prone to manipulation
Data highly subjective
Need to rely on systems put in place by client
Section 3 – commercial matters
Fee will have to be high enough to compensate for high risk
Fee may need to compensate for specialists if used
Strategic fit – assignment in line with commercial goals of Dyke &
Co
Build up experience in non-audit service
Ascertain whether assignment will be recurring
Section 4 – other matters
Managing client expectation regarding type of opinion sought
Managing client expectation regarding timeframe
Conclusion
Summary of key issues and decision on acceptance
Note: not all of the above points are necessary to secure a pass mark; the
marking scheme is also flexible enough to cater for comments that may not
appear in the ‘model answer’.
Summary
This article shows how to approach one requirement from a typical Section A
question in Paper P7. It is important to practise technique by attempting as many
questions as possible, starting with the Pilot Paper for Paper P7.
209

Acca p7 Aaa Technical Articles

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Acca p7 Aaa Technical Articles

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|2981706

ACCA P7 AAA Technical Articles

Applied Business Ethics (Mit Univerzitet)

StuDocu is not sponsored or endorsed by any college or university

IAASB exposure draft – Proposed International Standard on Auditing 540

Responding to non-compliance with laws and regulations (NOCLAR)

Corporate governance and its impact on audit practice

THE AUDITOR'S REPORT

AUDITING DISCLOSURES IN FINANCIAL STATEMENTS

PERFORMANCE INFORMATION IN THE PUBLIC SECTOR 67

LAWS AND REGULATIONS 71

AUDIT QUALITY – A PERPETUAL CURRENT ISSUE 75

USING THE WORK OF INTERNAL AUDITORS

THE CONTROL ENVIRONMENT OF A COMPANY 103

Downloaded by Arlinda Martinaj ([email protected])

CONTINUE TO BE REST ASSURED 109

SA 315 (REVISED), IDENTIFYING AND ASSESSING THE RISKS OF

PLANNING AN AUDIT OF FINANCIAL STATEMENTS 117

COMPLETING THE AUDIT 200

AUDIT AND INSOLVENCY 124

GROUP AUDITING 127

ACCEPTANCE DECISIONS FOR AUDIT AND ASSURANCE ENGAGEMENTS

AUDITING IN A COMPUTER-BASED ENVIRONMENT 136

AUDIT OF ESTIMATES AND FAIR VALUES

ANALYTICAL PROCEDURES 145

AUDIT RISK 153

AUDITING IN A COMPUTER-BASED ENVIRONMENT (2) 157

MASSAGING THE FIGURES

ISA 240 (REDRAFTED) - AUDITORS AND FRAUD 165

THE IMPORTANCE OF FINANCIAL REPORTING STANDARDS TO

AUDITORS' REPORTS TO THOSE CHARGED WITH GOVERNANCE 176

GROUP AUDIT ISSUES 178

Downloaded by Arlinda Martinaj ([email protected])

EXAMINING EVIDENCE 182

AUDIT WORKING PAPERS 186

ADVANCED AUDIT AND ASSURANCE – EXAMINER’S APPROACH 190

HOW TO TACKLE AUDIT AND ASSURANCE CASE STUDY QUESTIONS

EXAM TECHNIQUE FOR ADVANCED AUDIT AND ASSURANCE

In addition, for the UK exam candidates will be examined on the Financial

Downloaded by Arlinda Martinaj ([email protected])

Downloaded by Arlinda Martinaj ([email protected])

In this example, we are asked to provide an additional service to an audit client –

The design of systems and controls is a management responsibility so a

Downloaded by Arlinda Martinaj ([email protected])

The code states that the threat to independence of undertaking management

Management responsibility can be avoided if the client takes responsibility for

As such we must decline the additional work. (1 mark)

In other circumstances, the safeguard of using separate teams to overcome self-

Downloaded by Arlinda Martinaj ([email protected])

In this example we have additional services and pressure relating to existing

Downloaded by Arlinda Martinaj ([email protected])

Assuming a management responsibility can be avoided if the directors confirm in

The self-review threat can be reduced by having an independent partner review

The intimidation threat should be reported to those charged with governance. (1

Last updated: 2 Feb 2018

Downloaded by Arlinda Martinaj ([email protected])

Downloaded by Arlinda Martinaj ([email protected])

2015 sample questions:

Dali Co was established 20 years ago and has become known as a

The machines and equipment made by Dali Co are mostly made to

Downloaded by Arlinda Martinaj ([email protected])

Identification only – worth ½ mark

The company manufactures bespoke machines for clients which may